@azure/msal-common
Advanced tools
Comparing version 1.0.0-beta.2 to 1.0.0-beta.3
@@ -0,1 +1,12 @@ | ||
# 1.0.0-beta.3 | ||
- Initialization of B2cTrustedHostList (#1646) | ||
- Unified Cache support (#1444, #1471, #1519, #1520, #1522, #1609, #1622, #1624, #1655, #1680, #1762) | ||
- `Request` update in msal-common (#1682, #1771) | ||
- SilentFlow support (#1711) | ||
- Utilize `Scopeset` across all libraries (#1770) | ||
- AccountInfo interface (#1789) | ||
- `state` support in msal-common (#1790) | ||
- Removal of SPA Client (#1793) | ||
- EndSessionRequest (#1802) | ||
# 1.0.0-beta.2 | ||
@@ -14,3 +25,3 @@ - Fixed an issue where types were not being exported from the correct location (#1613) | ||
- Fixed issue with caching for multiple resources (#1553) | ||
- Adding support for node classes | ||
- Adding support for node classes | ||
- Refresh token client (#1496) | ||
@@ -17,0 +28,0 @@ - Device code client (#1550, #1434) |
@@ -38,2 +38,3 @@ import { AuthorityType } from "./AuthorityType"; | ||
get tokenEndpoint(): string; | ||
get deviceCodeEndpoint(): string; | ||
/** | ||
@@ -40,0 +41,0 @@ * OAuth logout endpoint for requests |
@@ -5,10 +5,29 @@ import { Authority } from "./Authority"; | ||
/** | ||
* Parse the url and determine the type of authority | ||
* Create an authority object of the correct type based on the url | ||
* Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs) | ||
* | ||
* Also performs endpoint discovery. | ||
* | ||
* @param defaultAuthority | ||
* @param networkClient | ||
* @param authorityUri | ||
* @param adfsDisabled | ||
*/ | ||
private static detectAuthorityFromUrl; | ||
static createDiscoveredInstance(authorityUri: string, networkClient: INetworkModule): Promise<Authority>; | ||
/** | ||
* Create an authority object of the correct type based on the url | ||
* Performs basic authority validation - checks to see if the authority is of a valid type (eg aad, b2c) | ||
* Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs) | ||
* | ||
* Does not perform endpoint discovery. | ||
* | ||
* @param authorityUrl | ||
* @param networkInterface | ||
*/ | ||
static createInstance(authorityUrl: string, networkInterface: INetworkModule): Authority; | ||
/** | ||
* Parse the url and determine the type of authority. | ||
* @param authorityString | ||
* @param networkInterface | ||
*/ | ||
private static detectAuthorityFromUrl; | ||
} |
import { BaseClient } from "./BaseClient"; | ||
import { AuthorizationCodeUrlRequest } from "../request/AuthorizationCodeUrlRequest"; | ||
import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest"; | ||
import { AuthorizationCodeRequest } from "../request/AuthorizationCodeRequest"; | ||
import { ClientConfiguration } from "../config/ClientConfiguration"; | ||
import { AuthenticationResult } from "../response/AuthenticationResult"; | ||
import { EndSessionRequest } from "../request/EndSessionRequest"; | ||
/** | ||
@@ -20,9 +22,22 @@ * Oauth2.0 Authorization Code client | ||
*/ | ||
getAuthCodeUrl(request: AuthorizationCodeUrlRequest): Promise<string>; | ||
getAuthCodeUrl(request: AuthorizationUrlRequest): Promise<string>; | ||
/** | ||
* API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the authorization_code_grant | ||
* API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the | ||
* authorization_code_grant | ||
* @param request | ||
*/ | ||
acquireToken(request: AuthorizationCodeRequest): Promise<string>; | ||
acquireToken(request: AuthorizationCodeRequest, cachedNonce?: string, cachedState?: string): Promise<AuthenticationResult>; | ||
/** | ||
* Handles the hash fragment response from public client code request. Returns a code response used by | ||
* the client to exchange for a token in acquireToken. | ||
* @param hashFragment | ||
*/ | ||
handleFragmentResponse(hashFragment: string, cachedState: string): string; | ||
/** | ||
* Use to log out the current user, and redirect the user to the postLogoutRedirectUri. | ||
* Default behaviour is to redirect the user to `window.location.href`. | ||
* @param authorityUri | ||
*/ | ||
getLogoutUri(logoutRequest: EndSessionRequest): string; | ||
/** | ||
* Executes POST request to token endpoint | ||
@@ -29,0 +44,0 @@ * @param authority |
import { ClientConfiguration } from "../config/ClientConfiguration"; | ||
import { ICacheStorage } from "../cache/ICacheStorage"; | ||
import { CacheHelpers } from "../cache/CacheHelpers"; | ||
import { INetworkModule } from "../network/INetworkModule"; | ||
import { ICrypto } from "../crypto/ICrypto"; | ||
import { Account } from "../account/Account"; | ||
import { Authority } from "../authority/Authority"; | ||
@@ -11,2 +8,3 @@ import { Logger } from "../logger/Logger"; | ||
import { ServerAuthorizationTokenResponse } from "../server/ServerAuthorizationTokenResponse"; | ||
import { CacheManager } from "../cache/CacheManager"; | ||
/** | ||
@@ -19,14 +17,7 @@ * Base application class which will construct requests to send to and handle responses from the Microsoft STS using the authorization code flow. | ||
protected cryptoUtils: ICrypto; | ||
protected cacheStorage: ICacheStorage; | ||
protected cacheManager: CacheManager; | ||
protected networkClient: INetworkModule; | ||
protected cacheManager: CacheHelpers; | ||
protected account: Account; | ||
protected defaultAuthorityInstance: Authority; | ||
protected authority: Authority; | ||
protected constructor(configuration: ClientConfiguration); | ||
/** | ||
* Create authority instance if not set already, resolve well-known-endpoint | ||
* @param authorityString | ||
*/ | ||
protected createAuthority(authorityString: string): Promise<Authority>; | ||
/** | ||
* Creates default headers for requests to token endpoint | ||
@@ -33,0 +24,0 @@ */ |
@@ -8,3 +8,2 @@ import { BaseClient } from "./BaseClient"; | ||
export declare class DeviceCodeClient extends BaseClient { | ||
private authority; | ||
constructor(configuration: ClientConfiguration); | ||
@@ -23,13 +22,9 @@ /** | ||
/** | ||
* Executes GET request to device code endpoint | ||
* @param deviceCodeUrl | ||
* Executes POST request to device code endpoint | ||
* @param deviceCodeEndpoint | ||
* @param queryString | ||
* @param headers | ||
*/ | ||
private executeGetRequestToDeviceCodeEndpoint; | ||
private executePostRequestToDeviceCodeEndpoint; | ||
/** | ||
* Create device code endpoint url | ||
* @param request | ||
*/ | ||
private createDeviceCodeUrl; | ||
/** | ||
* Create device code endpoint query parameters and returns string | ||
@@ -36,0 +31,0 @@ */ |
import { ClientConfiguration } from "../config/ClientConfiguration"; | ||
import { BaseClient } from "./BaseClient"; | ||
import { RefreshTokenRequest } from "../request/RefreshTokenRequest"; | ||
import { AuthenticationResult } from "../response/AuthenticationResult"; | ||
/** | ||
@@ -9,5 +10,5 @@ * OAuth2.0 refresh token client | ||
constructor(configuration: ClientConfiguration); | ||
acquireToken(request: RefreshTokenRequest): Promise<string>; | ||
acquireToken(request: RefreshTokenRequest): Promise<AuthenticationResult>; | ||
private executeTokenRequest; | ||
private createTokenRequestBody; | ||
} |
@@ -1,5 +0,6 @@ | ||
import { ICacheStorage } from "../cache/ICacheStorage"; | ||
import { INetworkModule } from "../network/INetworkModule"; | ||
import { ICrypto } from "../crypto/ICrypto"; | ||
import { ILoggerCallback, LogLevel } from "../logger/Logger"; | ||
import { Authority } from "../authority/Authority"; | ||
import { CacheManager } from "../cache/CacheManager"; | ||
/** | ||
@@ -15,6 +16,6 @@ * Use the configuration object to configure MSAL Modules and initialize the base interfaces for MSAL. | ||
export declare type ClientConfiguration = { | ||
authOptions?: AuthOptions; | ||
authOptions: AuthOptions; | ||
systemOptions?: SystemOptions; | ||
loggerOptions?: LoggerOptions; | ||
storageInterface?: ICacheStorage; | ||
storageInterface?: CacheManager; | ||
networkInterface?: INetworkModule; | ||
@@ -32,6 +33,4 @@ cryptoInterface?: ICrypto; | ||
clientId: string; | ||
authority?: string; | ||
authority?: Authority; | ||
knownAuthorities?: Array<string>; | ||
redirectUri?: string | (() => string); | ||
postLogoutRedirectUri?: string | (() => string); | ||
}; | ||
@@ -38,0 +37,0 @@ /** |
@@ -24,6 +24,2 @@ import { AuthError } from "./AuthError"; | ||
}; | ||
tokenRequestCacheError: { | ||
code: string; | ||
desc: string; | ||
}; | ||
endpointResolutionError: { | ||
@@ -45,2 +41,6 @@ code: string; | ||
}; | ||
invalidStateError: { | ||
code: string; | ||
desc: string; | ||
}; | ||
stateMismatchError: { | ||
@@ -78,2 +78,6 @@ code: string; | ||
}; | ||
multipleMatchingAccounts: { | ||
code: string; | ||
desc: string; | ||
}; | ||
tokenRequestCannotBeMade: { | ||
@@ -107,2 +111,22 @@ code: string; | ||
}; | ||
NoAccountInSilentRequest: { | ||
code: string; | ||
desc: string; | ||
}; | ||
invalidCacheRecord: { | ||
code: string; | ||
desc: string; | ||
}; | ||
noAccountFound: { | ||
code: string; | ||
desc: string; | ||
}; | ||
CachePluginError: { | ||
code: string; | ||
desc: string; | ||
}; | ||
noCryptoObj: { | ||
code: string; | ||
desc: string; | ||
}; | ||
}; | ||
@@ -135,7 +159,2 @@ /** | ||
/** | ||
* Creates an error thrown when the token request could not be retrieved from the cache | ||
* @param errDetail | ||
*/ | ||
static createTokenRequestCacheError(errDetail: string): ClientAuthError; | ||
/** | ||
* Creates an error thrown when the endpoint discovery doesn't complete correctly. | ||
@@ -155,2 +174,7 @@ */ | ||
/** | ||
* Creates an error thrown when the state cannot be parsed. | ||
* @param invalidState | ||
*/ | ||
static createInvalidStateError(invalidState: string, errorString?: string): ClientAuthError; | ||
/** | ||
* Creates an error thrown when two states do not match. | ||
@@ -175,3 +199,3 @@ */ | ||
*/ | ||
static createNoTokensFoundError(scopes: string): ClientAuthError; | ||
static createNoTokensFoundError(): ClientAuthError; | ||
/** | ||
@@ -191,2 +215,7 @@ * Creates an error in cache parsing. | ||
/** | ||
* Throws error when multiple tokens are in cache for the given scope. | ||
* @param scope | ||
*/ | ||
static createMultipleMatchingAccountsInCacheError(): ClientAuthError; | ||
/** | ||
* Throws error when no auth code or refresh token is given to ServerTokenRequestParameters. | ||
@@ -223,2 +252,23 @@ */ | ||
static createDeviceCodeExpiredError(): ClientAuthError; | ||
/** | ||
* Throws error when silent requests are made without an account object | ||
*/ | ||
static createNoAccountInSilentRequestError(): ClientAuthError; | ||
/** | ||
* Throws error when cache record is null or undefined. | ||
*/ | ||
static createNullOrUndefinedCacheRecord(): ClientAuthError; | ||
/** | ||
* Throws error when account is not found in cache. | ||
*/ | ||
static createNoAccountFoundError(): ClientAuthError; | ||
/** | ||
* Throws error if ICachePlugin not set on CacheManager. | ||
*/ | ||
static createCachePluginError(): ClientAuthError; | ||
/** | ||
* Throws error if crypto object not found. | ||
* @param operationName | ||
*/ | ||
static createNoCryptoObjectError(operationName: string): ClientAuthError; | ||
} |
@@ -50,2 +50,6 @@ import { ClientAuthError } from "./ClientAuthError"; | ||
}; | ||
logoutRequestEmptyError: { | ||
code: string; | ||
desc: string; | ||
}; | ||
invalidCodeChallengeMethod: { | ||
@@ -123,2 +127,6 @@ code: string; | ||
*/ | ||
static createEmptyLogoutRequestError(): ClientConfigurationError; | ||
/** | ||
* Throws error when token request is empty and nothing cached in storage. | ||
*/ | ||
static createEmptyTokenRequestError(): ClientConfigurationError; | ||
@@ -125,0 +133,0 @@ /** |
@@ -1,12 +0,22 @@ | ||
export { SPAClient } from "./client/SPAClient"; | ||
export { AuthorizationCodeClient } from "./client/AuthorizationCodeClient"; | ||
export { DeviceCodeClient } from "./client/DeviceCodeClient"; | ||
export { RefreshTokenClient } from "./client/RefreshTokenClient"; | ||
export { SilentFlowClient } from "./client/SilentFlowClient"; | ||
export { AuthOptions, SystemOptions, LoggerOptions, TelemetryOptions, DEFAULT_SYSTEM_OPTIONS } from "./config/ClientConfiguration"; | ||
export { ClientConfiguration } from "./config/ClientConfiguration"; | ||
export { Account } from "./account/Account"; | ||
export { AccountInfo } from "./account/AccountInfo"; | ||
export { IdToken } from "./account/IdToken"; | ||
export { IdTokenClaims } from "./account/IdTokenClaims"; | ||
export { Authority } from "./authority/Authority"; | ||
export { B2cAuthority } from "./authority/B2cAuthority"; | ||
export { AuthorityFactory } from "./authority/AuthorityFactory"; | ||
export { ICacheStorage } from "./cache/ICacheStorage"; | ||
export { AuthorityType } from "./authority/AuthorityType"; | ||
export { CacheManager } from "./cache/CacheManager"; | ||
export { AccountCache, AccessTokenCache, IdTokenCache, RefreshTokenCache, AppMetadataCache } from "./cache/utils/CacheTypes"; | ||
export { CredentialEntity } from "./cache/entities/CredentialEntity"; | ||
export { AppMetadataEntity } from "./cache/entities/AppMetadataEntity"; | ||
export { AccountEntity } from "./cache/entities/AccountEntity"; | ||
export { IdTokenEntity } from "./cache/entities/IdTokenEntity"; | ||
export { AccessTokenEntity } from "./cache/entities/AccessTokenEntity"; | ||
export { RefreshTokenEntity } from "./cache/entities/RefreshTokenEntity"; | ||
export { INetworkModule, NetworkRequestOptions } from "./network/INetworkModule"; | ||
@@ -17,13 +27,10 @@ export { NetworkResponse } from "./network/NetworkManager"; | ||
export { ICrypto, PkceCodes } from "./crypto/ICrypto"; | ||
export { AuthenticationParameters } from "./request/AuthenticationParameters"; | ||
export { AuthorizationCodeUrlRequest } from "./request/AuthorizationCodeUrlRequest"; | ||
export { BaseAuthRequest } from "./request/BaseAuthRequest"; | ||
export { AuthorizationUrlRequest } from "./request/AuthorizationUrlRequest"; | ||
export { AuthorizationCodeRequest } from "./request/AuthorizationCodeRequest"; | ||
export { RefreshTokenRequest } from "./request/RefreshTokenRequest"; | ||
export { SilentFlowRequest } from "./request/SilentFlowRequest"; | ||
export { DeviceCodeRequest } from "./request/DeviceCodeRequest"; | ||
export { EndSessionRequest } from "./request/EndSessionRequest"; | ||
export { AuthenticationResult } from "./response/AuthenticationResult"; | ||
export { TokenExchangeParameters } from "./request/TokenExchangeParameters"; | ||
export { TokenRenewParameters } from "./request/TokenRenewParameters"; | ||
export { AuthResponse, buildResponseStateOnly } from "./response/AuthResponse"; | ||
export { TokenResponse } from "./response/TokenResponse"; | ||
export { CodeResponse } from "./response/CodeResponse"; | ||
export { DeviceCodeRequest } from "./request/DeviceCodeRequest"; | ||
export { ILoggerCallback, LogLevel, Logger } from "./logger/Logger"; | ||
@@ -35,3 +42,6 @@ export { InteractionRequiredAuthError } from "./error/InteractionRequiredAuthError"; | ||
export { ClientConfigurationError, ClientConfigurationErrorMessage } from "./error/ClientConfigurationError"; | ||
export { Constants, PromptValue, TemporaryCacheKeys, PersistentCacheKeys } from "./utils/Constants"; | ||
export { Constants, PromptValue, PersistentCacheKeys, ResponseMode, CacheSchemaType, CredentialType } from "./utils/Constants"; | ||
export { StringUtils } from "./utils/StringUtils"; | ||
export { StringDict } from "./utils/MsalTypes"; | ||
export { ProtocolUtils } from "./utils/ProtocolUtils"; | ||
export { TimeUtils } from "./utils/TimeUtils"; |
@@ -0,1 +1,2 @@ | ||
import { BaseAuthRequest } from "./BaseAuthRequest"; | ||
/** | ||
@@ -7,3 +8,7 @@ * @type AuthorizationCodeRequest: Request object passed by user to acquire a token from the server exchanging a valid authorization code | ||
* | ||
* | ||
* authority: URL of the authority, the security token service (STS) from which MSAL will acquire tokens. | ||
* If authority is set on client application object, this will override that value. Overriding | ||
* the value will cause for authority validation to happen each time. If the same authority | ||
* will be used for all request, set on the application object instead of the requests. | ||
* | ||
@@ -22,9 +27,7 @@ * redirectUri: The redirect URI of your app, where the authority will redirect to after the user inputs credentials | ||
*/ | ||
export declare type AuthorizationCodeRequest = { | ||
scopes: Array<string>; | ||
export declare type AuthorizationCodeRequest = BaseAuthRequest & { | ||
redirectUri: string; | ||
code: string; | ||
authority?: string; | ||
codeVerifier?: string; | ||
correlationId?: string; | ||
}; |
import { DeviceCodeResponse } from "../response/DeviceCodeResponse"; | ||
import { BaseAuthRequest } from "./BaseAuthRequest"; | ||
/** | ||
* Parameters for Oauth2 device code flow. | ||
*/ | ||
export declare type DeviceCodeRequest = { | ||
export declare type DeviceCodeRequest = BaseAuthRequest & { | ||
/** | ||
@@ -12,6 +13,2 @@ * Callback containing device code response. Message should be shown to end user. End user can then navigate to the verification_uri, | ||
/** | ||
* Scopes to which the application is requesting access to. | ||
*/ | ||
scopes: Array<string>; | ||
/** | ||
* Boolean to cancel polling of device code endpoint. | ||
@@ -22,8 +19,3 @@ * | ||
*/ | ||
cancel?: false; | ||
/** | ||
* URI of the authority from which MSAL will acquire the tokens from. If this value is not set, MSAL defaults | ||
* to the authority used when configuring the PublicClientApplication. | ||
*/ | ||
authority?: string; | ||
cancel?: boolean; | ||
}; |
@@ -0,1 +1,2 @@ | ||
import { BaseAuthRequest } from "./BaseAuthRequest"; | ||
/** | ||
@@ -7,7 +8,7 @@ * @type RefreshTokenRequest | ||
* refreshToken: A refresh token returned from a previous request to the Identity provider. | ||
* redirectUri: The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. | ||
*/ | ||
export declare class RefreshTokenRequest { | ||
scopes: Array<string>; | ||
export declare type RefreshTokenRequest = BaseAuthRequest & { | ||
refreshToken: string; | ||
authority?: string; | ||
} | ||
redirectUri?: string; | ||
}; |
@@ -0,1 +1,2 @@ | ||
import { StringDict } from "../utils/MsalTypes"; | ||
/** | ||
@@ -26,2 +27,7 @@ * Validates server consumable params from the "request" objects | ||
static validateCodeChallengeMethod(codeChallengeMethod: string): void; | ||
/** | ||
* Removes unnecessary or duplicate query parameters from extraQueryParameters | ||
* @param request | ||
*/ | ||
static sanitizeEQParams(eQParams: StringDict, queryParams: Map<string, string>): StringDict; | ||
} |
@@ -6,7 +6,4 @@ /** | ||
export declare class ScopeSet { | ||
private clientId; | ||
private scopes; | ||
private originalScopes; | ||
private scopesRequired; | ||
constructor(inputScopes: Array<string>, clientId: string, scopesRequired: boolean); | ||
constructor(inputScopes: Array<string>); | ||
/** | ||
@@ -18,8 +15,4 @@ * Factory method to create ScopeSet from space-delimited string | ||
*/ | ||
static fromString(inputScopeString: string, appClientId: string, scopesRequired: boolean): ScopeSet; | ||
static fromString(inputScopeString: string): ScopeSet; | ||
/** | ||
* Replace client id with the default scopes used for token acquisition. | ||
*/ | ||
private replaceDefaultScopes; | ||
/** | ||
* Used to validate the scopes input parameter requested by the developer. | ||
@@ -70,6 +63,2 @@ * @param {Array<string>} inputScopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned. | ||
/** | ||
* Returns true if the set of original scopes only contained client-id | ||
*/ | ||
isLoginScopeSet(): boolean; | ||
/** | ||
* Returns the scopes as an array of string values | ||
@@ -79,6 +68,2 @@ */ | ||
/** | ||
* Returns the original scopes as an array (no extra scopes to consent) | ||
*/ | ||
getOriginalScopesAsArray(): Array<string>; | ||
/** | ||
* Prints scopes into a space-delimited string | ||
@@ -85,0 +70,0 @@ */ |
@@ -0,9 +1,19 @@ | ||
import { StringDict } from "../utils/MsalTypes"; | ||
import { AccountInfo } from "../account/AccountInfo"; | ||
/** | ||
* Result returned from the authority's token endpoint. | ||
*/ | ||
export declare type AuthenticationResult = { | ||
export declare class AuthenticationResult { | ||
uniqueId: string; | ||
tenantId: string; | ||
scopes: Array<string>; | ||
account: AccountInfo; | ||
idToken: string; | ||
idTokenClaims: StringDict; | ||
accessToken: string; | ||
refreshToken: string; | ||
idToken: string; | ||
expiresOn: string; | ||
}; | ||
fromCache: boolean; | ||
expiresOn: Date; | ||
extExpiresOn?: Date; | ||
state?: string; | ||
familyId?: string; | ||
} |
@@ -1,10 +0,12 @@ | ||
import { IdToken } from "../account/IdToken"; | ||
import { CacheHelpers } from "../cache/CacheHelpers"; | ||
import { ServerAuthorizationTokenResponse } from "../server/ServerAuthorizationTokenResponse"; | ||
import { ICrypto } from "../crypto/ICrypto"; | ||
import { ICacheStorage } from "../cache/ICacheStorage"; | ||
import { TokenResponse } from "./TokenResponse"; | ||
import { ServerAuthorizationCodeResponse } from "../server/ServerAuthorizationCodeResponse"; | ||
import { CodeResponse } from "./CodeResponse"; | ||
import { Logger } from "../logger/Logger"; | ||
import { IdToken } from "../account/IdToken"; | ||
import { AuthenticationResult } from "./AuthenticationResult"; | ||
import { AccountEntity } from "../cache/entities/AccountEntity"; | ||
import { Authority } from "../authority/Authority"; | ||
import { CacheRecord } from "../cache/entities/CacheRecord"; | ||
import { CacheManager } from "../cache/CacheManager"; | ||
import { LibraryStateObject } from "../utils/ProtocolUtils"; | ||
/** | ||
@@ -16,22 +18,8 @@ * Class that handles response parsing. | ||
private cacheStorage; | ||
private cacheManager; | ||
private cryptoObj; | ||
private logger; | ||
constructor(clientId: string, cacheStorage: ICacheStorage, cacheManager: CacheHelpers, cryptoObj: ICrypto, logger: Logger); | ||
private clientInfo; | ||
private homeAccountIdentifier; | ||
constructor(clientId: string, cacheStorage: CacheManager, cryptoObj: ICrypto, logger: Logger); | ||
/** | ||
* Returns a new response with the data from original response filled with the relevant IdToken data. | ||
* - raw id token | ||
* - id token claims | ||
* - unique id (oid or sub claim of token) | ||
* - tenant id (tid claim of token) | ||
* @param originalResponse | ||
* @param idTokenObj | ||
*/ | ||
static setResponseIdToken(originalResponse: TokenResponse, idTokenObj: IdToken): TokenResponse; | ||
/** | ||
* Validates and handles a response from the server, and returns a constructed object with the authorization code and state. | ||
* @param serverParams | ||
*/ | ||
handleServerCodeResponse(serverParams: ServerAuthorizationCodeResponse): CodeResponse; | ||
/** | ||
* Function which validates server authorization code response. | ||
@@ -42,3 +30,3 @@ * @param serverResponseHash | ||
*/ | ||
private validateServerAuthorizationCodeResponse; | ||
validateServerAuthorizationCodeResponse(serverResponseHash: ServerAuthorizationCodeResponse, cachedState: string, cryptoObj: ICrypto): void; | ||
/** | ||
@@ -48,25 +36,23 @@ * Function which validates server authorization token response. | ||
*/ | ||
validateServerAuthorizationTokenResponse(serverResponse: ServerAuthorizationTokenResponse): void; | ||
validateTokenResponse(serverResponse: ServerAuthorizationTokenResponse): void; | ||
/** | ||
* Helper function which saves or updates the token in the cache and constructs the final token response to send back to the user. | ||
* @param originalTokenResponse | ||
* Returns a constructed token response based on given string. Also manages the cache updates and cleanups. | ||
* @param serverTokenResponse | ||
* @param authority | ||
* @param resource | ||
* @param serverTokenResponse | ||
* @param clientInfo | ||
*/ | ||
private saveToken; | ||
generateAuthenticationResult(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, cachedNonce?: string, cachedState?: string): AuthenticationResult; | ||
/** | ||
* Gets account cached with given key. Returns null if parsing could not be completed. | ||
* @param accountKey | ||
* Generate Account | ||
* @param serverTokenResponse | ||
* @param idToken | ||
* @param authority | ||
*/ | ||
private getCachedAccount; | ||
generateAccountEntity(serverTokenResponse: ServerAuthorizationTokenResponse, idToken: IdToken, authority: Authority): AccountEntity; | ||
/** | ||
* Returns a constructed token response based on given string. Also manages the cache updates and cleanups. | ||
* Generates CacheRecord | ||
* @param serverTokenResponse | ||
* @param authorityString | ||
* @param resource | ||
* @param state | ||
* @param idTokenObj | ||
* @param authority | ||
*/ | ||
createTokenResponse(serverTokenResponse: ServerAuthorizationTokenResponse, authorityString: string, resource: string, state?: string): TokenResponse; | ||
generateCacheRecord(serverTokenResponse: ServerAuthorizationTokenResponse, idTokenObj: IdToken, authority: Authority, libraryState?: LibraryStateObject): CacheRecord; | ||
} |
@@ -0,2 +1,5 @@ | ||
import { ResponseMode } from "../utils/Constants"; | ||
import { ScopeSet } from "../request/ScopeSet"; | ||
import { StringDict } from "../utils/MsalTypes"; | ||
import { LibraryInfo } from "../config/ClientConfiguration"; | ||
export declare class RequestParameterBuilder { | ||
@@ -13,3 +16,3 @@ private parameters; | ||
*/ | ||
addResponseMode(responseMode?: string): void; | ||
addResponseMode(responseMode?: ResponseMode): void; | ||
/** | ||
@@ -51,2 +54,7 @@ * add scopes | ||
/** | ||
* add library info query params | ||
* @param libraryInfo | ||
*/ | ||
addLibraryInfo(libraryInfo: LibraryInfo): void; | ||
/** | ||
* add prompt | ||
@@ -103,2 +111,12 @@ * @param prompt | ||
/** | ||
* add client info | ||
* | ||
*/ | ||
addClientInfo(): void; | ||
/** | ||
* add extraQueryParams | ||
* @param eQparams | ||
*/ | ||
addExtraQueryParameters(eQparams: StringDict): void; | ||
/** | ||
* Utility to create a URL from the params map | ||
@@ -105,0 +123,0 @@ */ |
@@ -27,2 +27,4 @@ /** | ||
id_token?: string; | ||
client_info?: string; | ||
foci?: string; | ||
error?: string; | ||
@@ -29,0 +31,0 @@ error_description?: string; |
@@ -8,3 +8,2 @@ export declare const Constants: { | ||
AAD_INSTANCE_DISCOVERY_ENDPT: string; | ||
DEVICE_CODE_ENDPOINT_PATH: string; | ||
RESOURCE_DELIM: string; | ||
@@ -21,6 +20,6 @@ NO_ACCOUNT: string; | ||
FRAGMENT_RESPONSE_MODE: string; | ||
QUERY_RESPONSE_MODE: string; | ||
S256_CODE_CHALLENGE_METHOD: string; | ||
URL_FORM_CONTENT_TYPE: string; | ||
AUTHORIZATION_PENDING: string; | ||
NOT_DEFINED: string; | ||
}; | ||
@@ -34,17 +33,2 @@ /** | ||
/** | ||
* Temporary cache keys for MSAL, deleted after any request. | ||
*/ | ||
export declare enum TemporaryCacheKeys { | ||
AUTHORITY = "authority", | ||
ACQUIRE_TOKEN_ACCOUNT = "acquireToken.account", | ||
SESSION_STATE = "session.state", | ||
REQUEST_STATE = "request.state", | ||
NONCE_IDTOKEN = "nonce.idtoken", | ||
ORIGIN_URI = "request.origin", | ||
RENEW_STATUS = "token.renew.status", | ||
URL_HASH = "urlHash", | ||
REQUEST_PARAMS = "request.params", | ||
SCOPES = "scopes" | ||
} | ||
/** | ||
* Persistent cache keys MSAL which stay while user is logged in. | ||
@@ -64,2 +48,7 @@ */ | ||
/** | ||
* TODO: placeholder for discovery endpoint call. dynamically generate preferredCache and cacheAliases per cloud | ||
*/ | ||
export declare const EnvironmentAliases: string[]; | ||
export declare const PreferredCacheEnvironment: string; | ||
/** | ||
* String constants related to AAD Authority | ||
@@ -77,3 +66,2 @@ */ | ||
CLIENT_ID = "client_id", | ||
RESOURCE = "resource", | ||
REDIRECT_URI = "redirect_uri", | ||
@@ -162,3 +150,5 @@ RESPONSE_TYPE = "response_type", | ||
/** | ||
* | ||
* The method used to encode the code verifier for the code challenge parameter. can be one | ||
* of plain or s256. if excluded, code challenge is assumed to be plaintext. for more | ||
* information, see the pkce rcf: https://tools.ietf.org/html/rfc7636 | ||
*/ | ||
@@ -185,1 +175,52 @@ export declare const CodeChallengeMethodValuesArray: string[]; | ||
} | ||
/** | ||
* Account types in Cache | ||
*/ | ||
export declare enum CacheAccountType { | ||
MSSTS_ACCOUNT_TYPE = "MSSTS", | ||
ADFS_ACCOUNT_TYPE = "ADFS", | ||
MSAV1_ACCOUNT_TYPE = "MSA", | ||
GENERIC_ACCOUNT_TYPE = "Generic" | ||
} | ||
/** | ||
* Separators used in cache | ||
*/ | ||
export declare enum Separators { | ||
CACHE_KEY_SEPARATOR = "-", | ||
CLIENT_INFO_SEPARATOR = "." | ||
} | ||
/** | ||
* Credentail Type stored in the cache | ||
*/ | ||
export declare enum CredentialType { | ||
ID_TOKEN = "IdToken", | ||
ACCESS_TOKEN = "AccessToken", | ||
REFRESH_TOKEN = "RefreshToken" | ||
} | ||
/** | ||
* Credentail Type stored in the cache | ||
*/ | ||
export declare enum CacheSchemaType { | ||
ACCOUNT = "Account", | ||
CREDENTIAL = "Credential", | ||
APP_META_DATA = "AppMetadata", | ||
TEMPORARY = "TempCache" | ||
} | ||
/** | ||
* Combine all cache types | ||
*/ | ||
export declare enum CacheType { | ||
ADFS = 1001, | ||
MSA = 1002, | ||
MSSTS = 1003, | ||
GENERIC = 1004, | ||
ACCESS_TOKEN = 2001, | ||
REFRESH_TOKEN = 2002, | ||
ID_TOKEN = 2003, | ||
APP_META_DATA = 3001 | ||
} | ||
/** | ||
* More Cache related constants | ||
*/ | ||
export declare const APP_META_DATA = "appmetadata"; | ||
export declare const ClientInfo = "client_info"; |
@@ -0,2 +1,20 @@ | ||
import { ICrypto } from "../crypto/ICrypto"; | ||
/** | ||
* Type which defines the object that is stringified, encoded and sent in the state value. | ||
* Contains the following: | ||
* - id - unique identifier for this request | ||
* - ts - timestamp for the time the request was made. Used to ensure that token expiration is not calculated incorrectly. | ||
*/ | ||
export declare type LibraryStateObject = { | ||
id: string; | ||
ts: number; | ||
}; | ||
/** | ||
* Type which defines the stringified and encoded object sent to the service in the authorize request. | ||
*/ | ||
export declare type RequestStateObject = { | ||
userRequestState: string; | ||
libraryState: LibraryStateObject; | ||
}; | ||
/** | ||
* Class which provides helpers for OAuth 2.0 protocol specific values | ||
@@ -10,10 +28,15 @@ */ | ||
*/ | ||
static setRequestState(userState: string, randomGuid: string): string; | ||
static setRequestState(userState: string, cryptoObj: ICrypto): string; | ||
/** | ||
* | ||
* Extracts user state value from the state sent with the authentication request. | ||
* @returns {string} scope. | ||
* @ignore | ||
* Generates the state value used by the library. | ||
* @param randomGuid | ||
* @param cryptoObj | ||
*/ | ||
static getUserRequestState(serverResponseState: string): string; | ||
static generateLibraryState(cryptoObj: ICrypto): string; | ||
/** | ||
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user. | ||
* @param state | ||
* @param cryptoObj | ||
*/ | ||
static parseRequestState(state: string, cryptoObj: ICrypto): RequestStateObject; | ||
} |
@@ -13,3 +13,3 @@ { | ||
}, | ||
"version": "1.0.0-beta.2", | ||
"version": "1.0.0-beta.3", | ||
"description": "Microsoft Authentication Library for js", | ||
@@ -16,0 +16,0 @@ "keywords": [ |
@@ -5,3 +5,3 @@ # (Preview) Microsoft Authentication Library for JavaScript (MSAL.js) Common Package | ||
| <a href="https://docs.microsoft.com/azure/active-directory/develop/guidedsetups/active-directory-javascriptspa" target="_blank">Getting Started</a> | <a href="https://aka.ms/aaddevv2" target="_blank">AAD Docs</a> | <a href="https://azuread.github.io/microsoft-authentication-library-for-js/ref/msal-core/" target="_blank">Library Reference</a> | | ||
| --- | --- | --- | --- | --- | | ||
| --- | --- | --- | | ||
@@ -11,8 +11,7 @@ 1. [About](#about) | ||
3. [Releases](#releases) | ||
4. [Prerequisites](#prerequisites) | ||
4. [Prerequisites and Usage](#prerequisites-and-usage) | ||
5. [Installation](#installation) | ||
6. [Usage](#usage) | ||
9. [Security Reporting](#security-reporting) | ||
10. [License](#license) | ||
11. [Code of Conduct](#we-value-and-adhere-to-the-microsoft-open-source-code-of-conduct) | ||
6. [Security Reporting](#security-reporting) | ||
7. [License](#license) | ||
8. [Code of Conduct](#we-value-and-adhere-to-the-microsoft-open-source-code-of-conduct) | ||
@@ -19,0 +18,0 @@ ## About |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
13443
1137515
56