npm - @equinor/fusion-framework-vite-plugin-spa - Versions diffs - 3.1.5 → 3.1.6 - Mend

@equinor/fusion-framework-vite-plugin-spa 3.1.5 → 3.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/CHANGELOG.md +7 -0
package/dist/esm/version.js +1 -1
package/dist/html/bootstrap.js +93 -6
package/dist/html/bootstrap.js.map +1 -1
package/dist/tsconfig.tsbuildinfo +1 -1
package/dist/types/html/index.html.d.ts +1 -1
package/dist/types/version.d.ts +1 -1
package/package.json +2 -2
package/src/version.ts +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,12 @@
 # @equinor/fusion-framework-vite-plugin-spa
+## 3.1.6
+### Patch Changes
+- Updated dependencies [[`0b34d5d`](https://github.com/equinor/fusion-framework/commit/0b34d5d895c740a77fc995abeca910fdca1cf633)]:
+  - @equinor/fusion-framework-module-msal@7.1.0
 ## 3.1.5
 ### Patch Changes

package/dist/esm/version.js CHANGED Viewed

@@ -1,3 +1,3 @@
 // Generated by genversion.
-export const version = '3.1.5';
+export const version = '3.1.6';
 //# sourceMappingURL=version.js.map

package/dist/html/bootstrap.js CHANGED Viewed

@@ -153,8 +153,8 @@ function requireRe () {
 		// ## Pre-release Version Identifier
 		// A numeric identifier, or a non-numeric identifier.
-		// Non-numberic identifiers include numberic identifiers but can be longer.
-		// Therefore non-numberic identifiers must go first.
+		// Non-numeric identifiers include numeric identifiers but can be longer.
+		// Therefore non-numeric identifiers must go first.
 		createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NONNUMERICIDENTIFIER]
 		}|${src[t.NUMERICIDENTIFIER]})`);
@@ -850,7 +850,7 @@ function requireDiff () {
 	    return prefix + 'patch'
 	  }
-	  // high and low are preleases
+	  // high and low are prereleases
 	  return 'prerelease'
 	};
@@ -2409,7 +2409,7 @@ function requireSubset () {
 	// - If LT
 	//   - If LT.semver is greater than any < or <= comp in C, return false
 	//   - If LT is <=, and LT.semver does not satisfy every C, return false
-	//   - If GT.semver has a prerelease, and not in prerelease mode
+	//   - If LT.semver has a prerelease, and not in prerelease mode
 	//     - If no C has a prerelease and the LT.semver tuple, return false
 	// - Else return true
@@ -40463,7 +40463,7 @@ const createClientLogCallback = (provider, metadata, scope) => {
 };
 // Generated by genversion.
-const version$2 = '7.0.0';
+const version$2 = '7.1.0';
 /**
  * Zod schema for telemetry configuration validation.
@@ -40488,6 +40488,7 @@ const MsalConfigSchema = z.object({
     provider: z.custom().optional(),
     requiresAuth: z.boolean().optional(),
     redirectUri: z.string().optional(),
+    authCode: z.string().optional(),
     version: z.string().transform((x) => String(semver.coerce(x))),
     telemetry: TelemetryConfigSchema,
 });
@@ -40555,6 +40556,37 @@ class MsalConfigurator extends BaseConfigBuilder {
         this.#msalConfig = config;
         return this;
     }
+    /**
+     * Sets a backend-issued authorization code for token exchange.
+     *
+     * This enables the MSAL module to exchange a backend-generated auth code for tokens
+     * during initialization, allowing users to be automatically signed in without triggering
+     * an interactive MSAL login flow. The auth code is exchanged before the requiresAuth check,
+     * so tokens are cached and no login prompt appears.
+     *
+     * This follows Microsoft's standard SPA Auth Code Flow pattern and is compatible with
+     * MSAL Browser's acquireTokenByCode() method.
+     *
+     * @param authCode - The authorization code issued by the backend
+     * @returns The configurator instance for method chaining
+     *
+     * @example
+     * ```typescript
+     * // Backend provides auth code in HTML/config
+     * const config = { auth: { code: getAuthCodeFromBackend() } };
+     * configurator.setAuthCode(config.auth.code);
+     * ```
+     *
+     * @remarks
+     * - Auth codes are single-use and short-lived (typically 5-10 minutes)
+     * - The exchange happens during module initialization before requiresAuth check
+     * - If exchange fails, the provider falls back to standard MSAL authentication flows
+     * - Requires backend to be configured with SPA Auth Code support
+     */
+    setAuthCode(authCode) {
+        this._set('authCode', async () => authCode);
+        return this;
+    }
     /**
      * Sets whether authentication is required for the application.
      *
@@ -41441,6 +41473,7 @@ class MsalProvider extends BaseModuleProvider {
     #client;
     #telemetry;
     #requiresAuth;
+    #authCode;
     /**
      * The MSAL module version enum value indicating the API compatibility level.
      *
@@ -41498,6 +41531,9 @@ class MsalProvider extends BaseModuleProvider {
         });
         this.#requiresAuth = config.requiresAuth;
         this.#telemetry = config.telemetry;
+        // Extract auth code from config if present
+        // This will be used during initialize to exchange for tokens
+        this.#authCode = config.authCode;
         // Validate required client configuration
         if (!config.client) {
             const error = new Error('Client is required, please provide a valid client in the configuration');
@@ -41513,12 +41549,17 @@ class MsalProvider extends BaseModuleProvider {
      *
      * This method must be called before using any authentication operations. It performs:
      * - Client initialization
+     * - Auth code exchange (if backend-issued code provided)
      * - Redirect result handling (if returning from auth flow)
      * - Automatic login attempt if requiresAuth is enabled and no valid session exists
      *
      * @returns Promise that resolves when initialization is complete
      *
      * @remarks
+     * Auth code exchange happens before the requiresAuth check, allowing automatic sign-in
+     * without user interaction when a valid backend-issued code is provided. If exchange fails,
+     * the provider falls back to standard MSAL authentication flows.
+     *
      * The provider will attempt automatic login with empty scopes if requiresAuth is true.
      * Apps should call acquireToken with actual scopes after initialization completes.
      */
@@ -41526,6 +41567,52 @@ class MsalProvider extends BaseModuleProvider {
         const measurement = this._trackMeasurement('initialize', TelemetryLevel.Debug);
         // Initialize the underlying MSAL client first
         await this.#client.initialize();
+        // Priority 0: Exchange auth code if provided by backend
+        // This must happen before the requiresAuth check so tokens are cached
+        if (this.#authCode) {
+            try {
+                this._trackEvent('initialize.exchanging-auth-code', TelemetryLevel.Information);
+                // Use MSAL's acquireTokenByCode to exchange backend auth code for tokens
+                // This follows Microsoft's standard SPA Auth Code Flow pattern
+                const clientId = this.#client.clientId;
+                if (!clientId) {
+                    throw new Error('Client ID is required for auth code exchange');
+                }
+                // Exchange the auth code for tokens using the client ID's default scope.
+                // The `/.default` scope represents all permissions configured for this app in Entra ID,
+                // ensuring the exchanged tokens have the correct app-level permissions without requiring
+                // the caller to specify scopes. This follows MSAL's recommended SPA auth code pattern.
+                // This method is inherited from PublicClientApplication (MSAL Browser v4+)
+                const result = await this.#client.acquireTokenByCode({
+                    code: this.#authCode,
+                    scopes: [`${clientId}/.default`],
+                });
+                // Successfully exchanged auth code - set active account
+                if (result.account) {
+                    this.#client.setActiveAccount(result.account);
+                    this._trackEvent('initialize.auth-code-exchanged-account', TelemetryLevel.Information, {
+                        properties: {
+                            username: result.account.username,
+                        },
+                    });
+                }
+            }
+            catch (error) {
+                // Auth code exchange failed - log and fall back to standard flows
+                this._trackException('initialize.auth-code-exchange-failed', TelemetryLevel.Warning, {
+                    exception: error instanceof Error ? error : new Error(String(error)),
+                    properties: {
+                        message: error instanceof Error ? error.message : String(error),
+                        reason: 'Auth code exchange failed, falling back to standard authentication flows',
+                    },
+                });
+                // Continue to requiresAuth check - will trigger standard login if needed
+            }
+            finally {
+                // Clear auth code to avoid repeated attempts
+                this.#authCode = undefined;
+            }
+        }
         // Only attempt authentication if this provider requires it
         if (this.#requiresAuth) {
             // Priority 1: Check if returning from redirect-based authentication
@@ -44818,7 +44905,7 @@ async function registerServiceWorker(framework) {
 }
 // Generated by genversion.
-const version = '3.1.5';
+const version = '3.1.6';
 // Allow dynamic import without vite
 const importWithoutVite = (path) => import(/* @vite-ignore */ path);