@azure/msal-common
Advanced tools
@azure/msal-common - npm Package Compare versions
Comparing version 1.0.0-beta.3 to 1.0.0-beta.4
@@ -0,10 +1,23 @@ | ||
| # 1.0.0-beta.4 | ||
| ## Breaking Changes | ||
| - None | ||
| ## Features and Fixes | ||
| - Fix an issue where state may be encoded twice on the server-side (#1852) | ||
| - Fix an issue where extraScopesToConsent was not appending scopes correctly (#1854) | ||
| - Fix an issue where the expiration was not being calculated correctly (#1860) | ||
| - Add correlationId to all requests (#1868) | ||
| # 1.0.0-beta.3 | ||
| ## Breaking Changes | ||
| - `Request` update in msal-common (#1682, #1771) | ||
| - AccountInfo interface (#1789) | ||
| - Removal of SPA Client (#1793) | ||
| - Unified Cache support (#1444, #1471, #1519, #1520, #1522, #1609, #1622, #1624, #1655, #1680, #1762) | ||
| ## Features and Fixes | ||
| - Initialization of B2cTrustedHostList (#1646) | ||
| - Unified Cache support (#1444, #1471, #1519, #1520, #1522, #1609, #1622, #1624, #1655, #1680, #1762) | ||
| - `Request` update in msal-common (#1682, #1771) | ||
| - SilentFlow support (#1711) | ||
| - Utilize `Scopeset` across all libraries (#1770) | ||
| - AccountInfo interface (#1789) | ||
| - `state` support in msal-common (#1790) | ||
| - Removal of SPA Client (#1793) | ||
| - EndSessionRequest (#1802) | ||
@@ -11,0 +24,0 @@ |
@@ -0,1 +1,8 @@ | ||
| /** | ||
| * Account object with the following signature: | ||
| * - homeAccountId - Home account identifier for this account object | ||
| * - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com) | ||
| * - tenantId - Full tenant or organizational id that this account belongs to | ||
| * - username - preferred_username claim of the id_token that represents this account | ||
| */ | ||
| export declare type AccountInfo = { | ||
@@ -2,0 +9,0 @@ homeAccountId: string; |
@@ -8,3 +8,3 @@ import { AuthorityType } from "./AuthorityType"; | ||
| */ | ||
| export declare abstract class Authority { | ||
| export declare class Authority { | ||
| private _canonicalAuthority; | ||
@@ -14,3 +14,3 @@ private _canonicalAuthorityUrlComponents; | ||
| protected networkInterface: INetworkModule; | ||
| abstract get authorityType(): AuthorityType; | ||
| get authorityType(): AuthorityType; | ||
| /** | ||
@@ -68,7 +68,5 @@ * A URL that is the authority set by the developer | ||
| private discoverEndpoints; | ||
| private get aadInstanceDiscoveryEndpointUrl(); | ||
| private validateAndSetPreferredNetwork; | ||
| /** | ||
| * Abstract function which will get the OpenID configuration endpoint. | ||
| */ | ||
| abstract getOpenIdConfigurationEndpointAsync(): Promise<string>; | ||
| /** | ||
| * Perform endpoint discovery to discover the /authorize, /token and logout endpoints. | ||
@@ -75,0 +73,0 @@ */ |
@@ -10,6 +10,4 @@ import { Authority } from "./Authority"; | ||
| * | ||
| * @param defaultAuthority | ||
| * @param authorityUri | ||
| * @param networkClient | ||
| * @param authorityUri | ||
| * @param adfsDisabled | ||
| */ | ||
@@ -27,8 +25,2 @@ static createDiscoveredInstance(authorityUri: string, networkClient: INetworkModule): Promise<Authority>; | ||
| static createInstance(authorityUrl: string, networkInterface: INetworkModule): Authority; | ||
| /** | ||
| * Parse the url and determine the type of authority. | ||
| * @param authorityString | ||
| * @param networkInterface | ||
| */ | ||
| private static detectAuthorityFromUrl; | ||
| } |
@@ -5,5 +5,4 @@ /** | ||
| export declare enum AuthorityType { | ||
| Aad = 0, | ||
| Adfs = 1, | ||
| B2C = 2 | ||
| Default = 0, | ||
| Adfs = 1 | ||
| } |
| /** | ||
| * The OpenID Configuration Endpoint Response interface. Used by the authority class to get relevant OAuth endpoints. | ||
| * Tenant Discovery Response which contains the relevant OAuth endpoints and data needed for authentication and authorization. | ||
| */ | ||
| export interface OpenIdConfigResponse { | ||
| tenant_discovery_endpoint: string; | ||
| } | ||
| export declare type OpenIdConfigResponse = { | ||
| authorization_endpoint: string; | ||
| token_endpoint: string; | ||
| end_session_endpoint: string; | ||
| issuer: string; | ||
| }; |
| import { AccountCache, AccountFilter, CredentialFilter, CredentialCache } from "./utils/CacheTypes"; | ||
| import { CacheRecord } from "./entities/CacheRecord"; | ||
| import { CredentialEntity } from "./entities/CredentialEntity"; | ||
| import { ScopeSet } from "../request/ScopeSet"; | ||
| import { AccountEntity } from "./entities/AccountEntity"; | ||
@@ -49,3 +48,3 @@ import { ICacheManager } from "./interface/ICacheManager"; | ||
| */ | ||
| saveCacheRecord(cacheRecord: CacheRecord, responseScopes?: ScopeSet): void; | ||
| saveCacheRecord(cacheRecord: CacheRecord): void; | ||
| /** | ||
@@ -137,3 +136,2 @@ * saves account into cache | ||
| * @param environment | ||
| * // TODO: Add Cloud specific aliases based on current cloud | ||
| */ | ||
@@ -140,0 +138,0 @@ private matchEnvironment; |
@@ -65,3 +65,3 @@ import { Authority } from "../../authority/Authority"; | ||
| */ | ||
| static createAccount(clientInfo: string, authority: Authority, idToken: IdToken, policy: string, crypto: ICrypto): AccountEntity; | ||
| static createAccount(clientInfo: string, authority: Authority, idToken: IdToken, crypto: ICrypto): AccountEntity; | ||
| /** | ||
@@ -68,0 +68,0 @@ * Build ADFS account type |
| import { CredentialEntity } from "../entities/CredentialEntity"; | ||
| import { AccountCache, CredentialCache, AccountFilter, CredentialFilter } from "../utils/CacheTypes"; | ||
| import { CacheRecord } from "../entities/CacheRecord"; | ||
| import { ScopeSet } from "../../request/ScopeSet"; | ||
| import { AccountEntity } from "../entities/AccountEntity"; | ||
@@ -16,3 +15,3 @@ import { AccountInfo } from "../../account/AccountInfo"; | ||
| */ | ||
| saveCacheRecord(cacheRecord: CacheRecord, responseScopes: ScopeSet): void; | ||
| saveCacheRecord(cacheRecord: CacheRecord): void; | ||
| /** | ||
@@ -19,0 +18,0 @@ * Given account key retrieve an account |
@@ -6,17 +6,7 @@ import { AccountEntity } from "../entities/AccountEntity"; | ||
| import { AppMetadataEntity } from "../entities/AppMetadataEntity"; | ||
| export declare type AccountCache = { | ||
| [key: string]: AccountEntity; | ||
| }; | ||
| export declare type IdTokenCache = { | ||
| [key: string]: IdTokenEntity; | ||
| }; | ||
| export declare type AccessTokenCache = { | ||
| [key: string]: AccessTokenEntity; | ||
| }; | ||
| export declare type RefreshTokenCache = { | ||
| [key: string]: RefreshTokenEntity; | ||
| }; | ||
| export declare type AppMetadataCache = { | ||
| [key: string]: AppMetadataEntity; | ||
| }; | ||
| export declare type AccountCache = Record<string, AccountEntity>; | ||
| export declare type IdTokenCache = Record<string, IdTokenEntity>; | ||
| export declare type AccessTokenCache = Record<string, AccessTokenEntity>; | ||
| export declare type RefreshTokenCache = Record<string, RefreshTokenEntity>; | ||
| export declare type AppMetadataCache = Record<string, AppMetadataEntity>; | ||
| export declare type CredentialCache = { | ||
@@ -23,0 +13,0 @@ idTokens: IdTokenCache; |
@@ -10,6 +10,9 @@ import { INetworkModule } from "../network/INetworkModule"; | ||
| * This object allows you to configure important elements of MSAL functionality: | ||
| * - logger: logging for application | ||
| * - storage: this is where you configure storage implementation. | ||
| * - network: this is where you can configure network implementation. | ||
| * - crypto: implementation of crypto functions | ||
| * - authOptions - Authentication for application | ||
| * - cryptoInterface - Implementation of crypto functions | ||
| * - libraryInfo - Library metadata | ||
| * - loggerOptions - Logging for application | ||
| * - networkInterface - Network implementation | ||
| * - storageInterface - Storage implementation | ||
| * - systemOptions - Additional library options | ||
| */ | ||
@@ -26,6 +29,8 @@ export declare type ClientConfiguration = { | ||
| /** | ||
| * @type AuthOptions: Use this to configure the auth options in the Configuration object | ||
| * Use this to configure the auth options in the Configuration object | ||
| * | ||
| * - clientId - Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform | ||
| * - authority - You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common" | ||
| * - clientId - Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform | ||
| * - authority - You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common" | ||
| * - knownAuthorities - An array of URIs that are known to be valid. Used in B2C scenarios. | ||
| * - cloudDiscoveryMetadata - A string containing the cloud discovery response. Used in AAD scenarios. | ||
| */ | ||
@@ -36,8 +41,9 @@ export declare type AuthOptions = { | ||
| knownAuthorities?: Array<string>; | ||
| cloudDiscoveryMetadata?: string; | ||
| }; | ||
| /** | ||
| * Telemetry Config Options | ||
| * Use this to configure the telemetry options in the Configuration object | ||
| * | ||
| * - applicationName - Name of the consuming apps application | ||
| * - applicationVersion - Version of the consuming application | ||
| * - telemetryEmitter - Function where telemetry events are flushed to | ||
| */ | ||
@@ -49,5 +55,5 @@ export declare type TelemetryOptions = { | ||
| /** | ||
| * Library Specific Options | ||
| * Use this to configure token renewal and telemetry info in the Configuration object | ||
| * | ||
| * - tokenRenewalOffsetSeconds - sets the window of offset needed to renew the token before expiry | ||
| * - tokenRenewalOffsetSeconds - Sets the window of offset needed to renew the token before expiry | ||
| * - telemetry - Telemetry options for library network requests | ||
@@ -60,3 +66,7 @@ */ | ||
| /** | ||
| * Logger options to configure the logging that MSAL does. | ||
| * Use this to configure the logging that MSAL does, by configuring logger options in the Configuration object | ||
| * | ||
| * - loggerCallback - Callback for logger | ||
| * - piiLoggingEnabled - Sets whether pii logging is enabled | ||
| * - logLevel - Sets the level at which logging happens | ||
| */ | ||
@@ -69,3 +79,3 @@ export declare type LoggerOptions = { | ||
| /** | ||
| * Telemetry info about library | ||
| * Library-specific options | ||
| */ | ||
@@ -72,0 +82,0 @@ export declare type LibraryInfo = { |
@@ -116,2 +116,6 @@ import { AuthError } from "./AuthError"; | ||
| }; | ||
| invalidCacheEnvironment: { | ||
| code: string; | ||
| desc: string; | ||
| }; | ||
| noAccountFound: { | ||
@@ -129,2 +133,14 @@ code: string; | ||
| }; | ||
| invalidCacheType: { | ||
| code: string; | ||
| desc: string; | ||
| }; | ||
| unexpectedAccountType: { | ||
| code: string; | ||
| desc: string; | ||
| }; | ||
| unexpectedCredentialType: { | ||
| code: string; | ||
| desc: string; | ||
| }; | ||
| }; | ||
@@ -255,2 +271,6 @@ /** | ||
| /** | ||
| * Throws error when provided environment is not part of the CloudDiscoveryMetadata object | ||
| */ | ||
| static createInvalidCacheEnvironmentError(): ClientAuthError; | ||
| /** | ||
| * Throws error when account is not found in cache. | ||
@@ -268,2 +288,14 @@ */ | ||
| static createNoCryptoObjectError(operationName: string): ClientAuthError; | ||
| /** | ||
| * Throws error if cache type is invalid. | ||
| */ | ||
| static createInvalidCacheTypeError(): ClientAuthError; | ||
| /** | ||
| * Throws error if unexpected account type. | ||
| */ | ||
| static createUnexpectedAccountTypeError(): ClientAuthError; | ||
| /** | ||
| * Throws error if unexpected credential type. | ||
| */ | ||
| static createUnexpectedCredentialTypeError(): ClientAuthError; | ||
| } |
@@ -62,6 +62,10 @@ import { ClientAuthError } from "./ClientAuthError"; | ||
| }; | ||
| b2cKnownAuthoritiesNotSet: { | ||
| knownAuthoritiesAndCloudDiscoveryMetadata: { | ||
| code: string; | ||
| desc: string; | ||
| }; | ||
| invalidCloudDiscoveryMetadata: { | ||
| code: string; | ||
| desc: string; | ||
| }; | ||
| untrustedAuthority: { | ||
@@ -141,6 +145,10 @@ code: string; | ||
| /** | ||
| * Throws an error when the user passes B2C authority and does not set knownAuthorities | ||
| * Throws an error when the user passes both knownAuthorities and cloudDiscoveryMetadata | ||
| */ | ||
| static createKnownAuthoritiesNotSetError(): ClientConfigurationError; | ||
| static createKnownAuthoritiesCloudDiscoveryMetadataError(): ClientConfigurationError; | ||
| /** | ||
| * Throws an error when the user passes invalid cloudDiscoveryMetadata | ||
| */ | ||
| static createInvalidCloudDiscoveryMetadataError(): ClientConfigurationError; | ||
| /** | ||
| * Throws error when provided authority is not a member of the trusted host list | ||
@@ -147,0 +155,0 @@ */ |
@@ -11,3 +11,4 @@ export { AuthorizationCodeClient } from "./client/AuthorizationCodeClient"; | ||
| export { Authority } from "./authority/Authority"; | ||
| export { B2cAuthority } from "./authority/B2cAuthority"; | ||
| export { CloudDiscoveryMetadata } from "./authority/CloudDiscoveryMetadata"; | ||
| export { TrustedAuthority } from "./authority/TrustedAuthority"; | ||
| export { AuthorityFactory } from "./authority/AuthorityFactory"; | ||
@@ -14,0 +15,0 @@ export { AuthorityType } from "./authority/AuthorityType"; |
| import { BaseAuthRequest } from "./BaseAuthRequest"; | ||
| /** | ||
| * @type AuthorizationCodeRequest: Request object passed by user to acquire a token from the server exchanging a valid authorization code | ||
| * (second leg of OAuth2.0 Authorization Code flow) | ||
| * Request object passed by user to acquire a token from the server exchanging a valid authorization code (second leg of OAuth2.0 Authorization Code flow) | ||
| * | ||
| * scopes: A space-separated array of scopes for the same resource. | ||
| * | ||
| * | ||
| * authority: URL of the authority, the security token service (STS) from which MSAL will acquire tokens. | ||
| * If authority is set on client application object, this will override that value. Overriding | ||
| * the value will cause for authority validation to happen each time. If the same authority | ||
| * will be used for all request, set on the application object instead of the requests. | ||
| * | ||
| * redirectUri: The redirect URI of your app, where the authority will redirect to after the user inputs credentials | ||
| * and consents. It must exactly match one of the redirect URIs you registered in the portal. | ||
| * | ||
| * code: The authorization_code that the user acquired in the first leg of the flow. | ||
| * | ||
| * codeVerifier: The same code_verifier that was used to obtain the authorization_code. | ||
| * Required if PKCE was used in the authorization code grant request. | ||
| * For more information, see the PKCE RFC: https://tools.ietf.org/html/rfc7636 | ||
| * | ||
| * correlationId: Unique GUID set per request to trace a request end-to-end for telemetry purposes | ||
| * | ||
| * - scopes - Array of scopes the application is requesting access to. | ||
| * - authority: - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests. | ||
| * - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. | ||
| * - redirectUri - The redirect URI of your app, where the authority will redirect to after the user inputs credentials and consents. It must exactly match one of the redirect URIs you registered in the portal. | ||
| * - code - The authorization_code that the user acquired in the first leg of the flow. | ||
| * - codeVerifier - The same code_verifier that was used to obtain the authorization_code. Required if PKCE was used in the authorization code grant request.For more information, see the PKCE RFC: https://tools.ietf.org/html/rfc7636 | ||
| */ | ||
@@ -30,3 +16,2 @@ export declare type AuthorizationCodeRequest = BaseAuthRequest & { | ||
| codeVerifier?: string; | ||
| correlationId?: string; | ||
| }; |
@@ -5,81 +5,37 @@ import { ResponseMode } from "../utils/Constants"; | ||
| /** | ||
| * @type AuthorizationCodeUrlRequest: Request object passed by user to retrieve a Code from the | ||
| * server (first leg of authorization code grant flow) | ||
| * Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow) | ||
| * | ||
| * - scopes - Array of scopes the application is requesting access to. | ||
| * - authority - Url of the authority which the application acquires tokens from. | ||
| * - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. | ||
| * - redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. | ||
| * - extraScopesToConsent - Scopes for a different resource when the user needs consent upfront. | ||
| * - responseMode - Specifies the method that should be used to send the authentication result to your app. Can be query, form_post, or fragment. If no value is passed in, it defaults to query. | ||
| * - codeChallenge - Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE). For more information, see the PKCE RCF:https://tools.ietf.org/html/rfc7636 | ||
| * - codeChallengeMethod - The method used to encode the code verifier for the code challenge parameter. Can be "plain" or "S256". If excluded, code challenge is assumed to be plaintext. For more information, see the PKCE RCF: https://tools.ietf.org/html/rfc7636 | ||
| * - state - A value included in the request that is also returned in the token response. A randomly generated unique value is typically used for preventing cross site request forgery attacks. The state is also used to encode information about the user's state in the app before the authentication request occurred. | ||
| * - prompt - Indicates the type of user interaction that is required. | ||
| * login: will force the user to enter their credentials on that request, negating single-sign on | ||
| * none: will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error | ||
| * consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app | ||
| * select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in session or any remembered accounts or an option to choose to use a different account | ||
| * - loginHint - Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know the username/email address ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim. | ||
| * - domainHint - Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain hint is a registered domain for the tenant. | ||
| * - extraQueryParameters - String to string map of custom query parameters. | ||
| * - claims - In cases where Azure AD tenant admin has enabled conditional access policies, and the policy has not been met, exceptions will contain claims that need to be consented to. | ||
| * - nonce - A value included in the request that is returned in the id token. A randomly generated unique value is typically used to mitigate replay attacks. | ||
| */ | ||
| export declare type AuthorizationUrlRequest = BaseAuthRequest & { | ||
| /** | ||
| * The redirect URI where authentication responses can be received by your application. It | ||
| * must exactly match one of the redirect URIs registered in the Azure portal. | ||
| */ | ||
| redirectUri: string; | ||
| /** | ||
| * Scopes for a different resource when the user needs consent upfront | ||
| */ | ||
| redirectUri?: string; | ||
| extraScopesToConsent?: Array<string>; | ||
| /** | ||
| * Specifies the method that should be used to send the authentication result to your app. | ||
| * Can be query, form_post, or fragment. If no value is passed in, it defaults to query. | ||
| */ | ||
| responseMode?: ResponseMode; | ||
| /** | ||
| * Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE). | ||
| * For more information, see the PKCE RCF:https://tools.ietf.org/html/rfc7636 | ||
| */ | ||
| codeChallenge?: string; | ||
| /** | ||
| * The method used to encode the code verifier for the code challenge parameter. Can be | ||
| * "plain" or "S256". If excluded, code challenge is assumed to be plaintext. For more | ||
| * information, see the PKCE RCF: https://tools.ietf.org/html/rfc7636 | ||
| */ | ||
| codeChallengeMethod?: string; | ||
| /** | ||
| * A value included in the request that is also returned in the token response. A randomly | ||
| * generated unique value is typically used for preventing cross site request forgery attacks. | ||
| * The state is also used to encode information about the user's state in the app before the | ||
| * authentication request occurred. | ||
| */ | ||
| state?: string; | ||
| /** | ||
| * Indicates the type of user interaction that is required. | ||
| * | ||
| * login: will force the user to enter their credentials on that request, negating single-sign on | ||
| * | ||
| * none: will ensure that the user isn't presented with any interactive prompt. if request can't be completed via | ||
| * single-sign on, the endpoint will return an interaction_required error | ||
| * consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions | ||
| * to the app | ||
| * select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in | ||
| * session or any remembered accounts or an option to choose to use a different account | ||
| */ | ||
| prompt?: string; | ||
| /** | ||
| * Can be used to pre-fill the username/email address field of the sign-in page for the user, | ||
| * if you know the username/email address ahead of time. Often apps use this parameter during | ||
| * re-authentication, having already extracted the username from a previous sign-in using the | ||
| * preferred_username claim. | ||
| */ | ||
| loginHint?: string; | ||
| /** | ||
| * Provides a hint about the tenant or domain that the user should use to sign in. The value | ||
| * of the domain hint is a registered domain for the tenant. | ||
| */ | ||
| domainHint?: string; | ||
| /** | ||
| * string to string map of custom query parameters | ||
| */ | ||
| extraQueryParameters?: StringDict; | ||
| /** | ||
| * In cases where Azure AD tenant admin has enabled conditional access policies, and the | ||
| * policy has not been met, exceptions will contain claims that need to be consented to. | ||
| */ | ||
| claims?: string; | ||
| /** | ||
| * A value included in the request that is returned in the id token. A randomly | ||
| * generated unique value is typically used to mitigate replay attacks. | ||
| */ | ||
| nonce?: string; | ||
| /** | ||
| * Unique GUID set per request to trace a request end-to-end for telemetry purposes | ||
| */ | ||
| correlationId?: string; | ||
| }; |
@@ -0,12 +1,11 @@ | ||
| /** | ||
| * BaseAuthRequest | ||
| * - scopes - Array of scopes the application is requesting access to. | ||
| * - authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. Defaults to https://login.microsoftonline.com/common. If using the same authority for all request, authority should set on client application object and not request, to avoid resolving authority endpoints multiple times. | ||
| * - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. | ||
| */ | ||
| export declare type BaseAuthRequest = { | ||
| /** | ||
| * Scopes the application is requesting access to. | ||
| */ | ||
| scopes: Array<string>; | ||
| /** | ||
| * Url of the authority which the application acquires tokens from. Defaults to | ||
| * https://login.microsoftonline.com/common. If using the same authority for all request, authority should set | ||
| * on client application object and not request, to avoid resolving authority endpoints multiple times. | ||
| */ | ||
| authority?: string; | ||
| correlationId?: string; | ||
| }; |
@@ -5,16 +5,11 @@ import { DeviceCodeResponse } from "../response/DeviceCodeResponse"; | ||
| * Parameters for Oauth2 device code flow. | ||
| * - scopes - Array of scopes the application is requesting access to. | ||
| * - authority: - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests. | ||
| * - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. | ||
| * - deviceCodeCallback - Callback containing device code response. Message should be shown to end user. End user can then navigate to the verification_uri, input the user_code, and input credentials. | ||
| * - cancel - Boolean to cancel polling of device code endpoint. While the user authenticates on a separate device, MSAL polls the the token endpoint of security token service for the interval specified in the device code response (usually 15 minutes). To stop polling and cancel the request, set cancel=true. | ||
| */ | ||
| export declare type DeviceCodeRequest = BaseAuthRequest & { | ||
| /** | ||
| * Callback containing device code response. Message should be shown to end user. End user can then navigate to the verification_uri, | ||
| * input the user_code, and input credentials. | ||
| */ | ||
| deviceCodeCallback: (response: DeviceCodeResponse) => void; | ||
| /** | ||
| * Boolean to cancel polling of device code endpoint. | ||
| * | ||
| * While the user authenticates on a separate device, MSAL polls the the token endpoint of security token service for the interval | ||
| * specified in the device code response (usually 15 minutes). To stop polling and cancel the request, set cancel=true; | ||
| */ | ||
| cancel?: boolean; | ||
| }; |
| import { BaseAuthRequest } from "./BaseAuthRequest"; | ||
| /** | ||
| * @type RefreshTokenRequest | ||
| * | ||
| * scopes: A space-separated array of scopes for the same resource. | ||
| * authority: URL of the authority, the security token service (STS) from which MSAL will acquire tokens. | ||
| * refreshToken: A refresh token returned from a previous request to the Identity provider. | ||
| * redirectUri: The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. | ||
| * RefreshTokenRequest | ||
| * - scopes - Array of scopes the application is requesting access to. | ||
| * - authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. | ||
| * - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. | ||
| * - refreshToken - A refresh token returned from a previous request to the Identity provider. | ||
| * - redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. | ||
| */ | ||
| export declare type RefreshTokenRequest = BaseAuthRequest & { | ||
| refreshToken: string; | ||
| redirectUri?: string; | ||
| }; |
@@ -5,8 +5,8 @@ import { AccountInfo } from "../account/AccountInfo"; | ||
| * SilentFlow parameters passed by the user to retrieve credentials silently | ||
| * - scopes: Scopes the application is requesting access to | ||
| * - authority: Url of the authority which the application acquires tokens from | ||
| * - account: Account entity to lookup the credentials | ||
| * - forceRefresh: Forces silent requests to make network calls if true | ||
| * - correlationId: GUID set by the user to trace the request | ||
| * - redirectUri: The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. | ||
| * - scopes - Array of scopes the application is requesting access to. | ||
| * - authority - Url of the authority which the application acquires tokens from. | ||
| * - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. | ||
| * - account - Account entity to lookup the credentials. | ||
| * - forceRefresh - Forces silent requests to make network calls if true. | ||
| * - redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. | ||
| */ | ||
@@ -16,4 +16,2 @@ export declare type SilentFlowRequest = BaseAuthRequest & { | ||
| forceRefresh?: boolean; | ||
| correlationId?: string; | ||
| redirectUri?: string; | ||
| }; |
@@ -5,2 +5,14 @@ import { StringDict } from "../utils/MsalTypes"; | ||
| * Result returned from the authority's token endpoint. | ||
| * - uniqueId - `oid` or `sub` claim from ID token | ||
| * - tenantId - `tid` claim from ID token | ||
| * - scopes - Scopes that are validated for the respective token | ||
| * - account - An account object representation of the currently signed-in user | ||
| * - idToken - Id token received as part of the response | ||
| * - idTokenClaims - MSAL-relevant ID token claims | ||
| * - accessToken - Access token received as part of the response | ||
| * - fromCache - Boolean denoting whether token came from cache | ||
| * - expiresOn - Javascript Date object representing relative expiration of access token | ||
| * - extExpiresOn - Javascript Date object representing extended relative expiration of access token in case of server outage | ||
| * - state - Value passed in by user in request | ||
| * - familyId - Family ID identifier, usually only used for refresh tokens | ||
| */ | ||
@@ -7,0 +19,0 @@ export declare class AuthenticationResult { |
@@ -7,7 +7,5 @@ import { ServerAuthorizationTokenResponse } from "../server/ServerAuthorizationTokenResponse"; | ||
| import { AuthenticationResult } from "./AuthenticationResult"; | ||
| import { AccountEntity } from "../cache/entities/AccountEntity"; | ||
| import { Authority } from "../authority/Authority"; | ||
| import { CacheRecord } from "../cache/entities/CacheRecord"; | ||
| import { CacheManager } from "../cache/CacheManager"; | ||
| import { LibraryStateObject } from "../utils/ProtocolUtils"; | ||
| /** | ||
@@ -41,4 +39,11 @@ * Class that handles response parsing. | ||
| */ | ||
| generateAuthenticationResult(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, cachedNonce?: string, cachedState?: string): AuthenticationResult; | ||
| handleServerTokenResponse(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, cachedNonce?: string, cachedState?: string): AuthenticationResult; | ||
| /** | ||
| * Generates CacheRecord | ||
| * @param serverTokenResponse | ||
| * @param idTokenObj | ||
| * @param authority | ||
| */ | ||
| private generateCacheRecord; | ||
| /** | ||
| * Generate Account | ||
@@ -49,10 +54,14 @@ * @param serverTokenResponse | ||
| */ | ||
| generateAccountEntity(serverTokenResponse: ServerAuthorizationTokenResponse, idToken: IdToken, authority: Authority): AccountEntity; | ||
| private generateAccountEntity; | ||
| /** | ||
| * Generates CacheRecord | ||
| * @param serverTokenResponse | ||
| * Creates an @AuthenticationResult from @CacheRecord , @IdToken , and a boolean that states whether or not the result is from cache. | ||
| * | ||
| * Optionally takes a state string that is set as-is in the response. | ||
| * | ||
| * @param cacheRecord | ||
| * @param idTokenObj | ||
| * @param authority | ||
| * @param fromTokenCache | ||
| * @param stateString | ||
| */ | ||
| generateCacheRecord(serverTokenResponse: ServerAuthorizationTokenResponse, idTokenObj: IdToken, authority: Authority, libraryState?: LibraryStateObject): CacheRecord; | ||
| static generateAuthenticationResult(cacheRecord: CacheRecord, idTokenObj: IdToken, fromTokenCache: boolean, stateString?: string): AuthenticationResult; | ||
| } |
@@ -24,2 +24,3 @@ import { IUri } from "./IUri"; | ||
| urlRemoveQueryStringParameter(name: string): string; | ||
| static removeHashFromUrl(url: string): string; | ||
| /** | ||
@@ -26,0 +27,0 @@ * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d |
@@ -6,2 +6,3 @@ export declare const Constants: { | ||
| DEFAULT_AUTHORITY: string; | ||
| DEFAULT_AUTHORITY_HOST: string; | ||
| ADFS: string; | ||
@@ -42,11 +43,2 @@ AAD_INSTANCE_DISCOVERY_ENDPT: string; | ||
| /** | ||
| * List of pre-established trusted host URLs. | ||
| */ | ||
| export declare const AADTrustedHostList: string[]; | ||
| /** | ||
| * TODO: placeholder for discovery endpoint call. dynamically generate preferredCache and cacheAliases per cloud | ||
| */ | ||
| export declare const EnvironmentAliases: string[]; | ||
| export declare const PreferredCacheEnvironment: string; | ||
| /** | ||
| * String constants related to AAD Authority | ||
@@ -53,0 +45,0 @@ */ |
@@ -18,2 +18,4 @@ import { DecodedJwt } from "../account/DecodedJwt"; | ||
| static isEmpty(str: string): boolean; | ||
| static startsWith(str: string, search: string): boolean; | ||
| static endsWith(str: string, search: string): boolean; | ||
| /** | ||
@@ -20,0 +22,0 @@ * Parses string into an object. |
@@ -13,3 +13,3 @@ { | ||
| }, | ||
| "version": "1.0.0-beta.3", | ||
| "version": "1.0.0-beta.4", | ||
| "description": "Microsoft Authentication Library for js", | ||
@@ -46,2 +46,5 @@ "keywords": [ | ||
| "clean:coverage": "rimraf ../../.nyc_output/*", | ||
| "doc": "npm run doc:generate && npm run doc:deploy", | ||
| "doc:generate": "typedoc --mode modules --excludePrivate --excludeProtected --excludeNotExported --out ./ref ./src/ --gitRevision dev", | ||
| "doc:deploy": "gh-pages -d ref -a -e ref/msal-common", | ||
| "lint": "eslint src --ext .ts", | ||
@@ -78,2 +81,3 @@ "test": "mocha", | ||
| "eslint": "^6.5.1", | ||
| "gh-pages": "^3.1.0", | ||
| "husky": "^3.0.9", | ||
@@ -90,2 +94,3 @@ "mocha": "^6.2.2", | ||
| "tslint": "^5.20.0", | ||
| "typedoc": "^0.17.8", | ||
| "typescript": "^3.7.5" | ||
@@ -92,0 +97,0 @@ }, |
| # (Preview) Microsoft Authentication Library for JavaScript (MSAL.js) Common Package | ||
| [](https://www.npmjs.com/package/@azure/msal-common/)[](https://nodei.co/npm/@azure/msal-common/)[](https://coveralls.io/github/AzureAD/microsoft-authentication-library-for-js?branch=dev) | ||
| | <a href="https://docs.microsoft.com/azure/active-directory/develop/guidedsetups/active-directory-javascriptspa" target="_blank">Getting Started</a> | <a href="https://aka.ms/aaddevv2" target="_blank">AAD Docs</a> | <a href="https://azuread.github.io/microsoft-authentication-library-for-js/ref/msal-core/" target="_blank">Library Reference</a> | | ||
| | <a href="https://docs.microsoft.com/azure/active-directory/develop/guidedsetups/active-directory-javascriptspa" target="_blank">Getting Started</a> | <a href="https://aka.ms/aaddevv2" target="_blank">AAD Docs</a> | <a href="https://azuread.github.io/microsoft-authentication-library-for-js/ref/msal-common/" target="_blank">Library Reference</a> | | ||
| | --- | --- | --- | | ||
@@ -32,3 +32,4 @@ | ||
| | ------| ------- | ---------| --------- | | ||
| | | @azure/msal-common v2.0.0-beta | Beta version of the `@azure/msal-common` package | | ||
| | July 13, 2020 (Tentative) | @azure/msal-common v2.0.0 | Full release version of the `@azure/msal-common` | | ||
| | May 11, 2020 | @azure/msal-common v2.0.0-beta | Beta version of the `@azure/msal-common` package | | ||
| | January 17, 2020 | @azure/msal-common v1.0.0-alpha | No release notes yet | Alpha version of the `@azure/msal-common` package with authorization code flow for SPAs working in dev. | | ||
@@ -35,0 +36,0 @@ |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.19%
1173829
- Lines of code
- increased by1.35%
13624
- Number of lines in readme file
- increased by1.79%
57
Worsened metrics
- Dev dependency count
- increased by6.06%
35
No dependency changes