@azure/msal-common
Advanced tools
Comparing version 14.2.0 to 14.3.0
@@ -0,1 +1,4 @@ | ||
import { Logger } from "../logger/Logger"; | ||
import { AuthorityMetadataSource } from "../utils/Constants"; | ||
import { StaticAuthorityOptions } from "./AuthorityOptions"; | ||
import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata"; | ||
@@ -231,83 +234,9 @@ export declare const rawMetdataJSON: { | ||
instanceDiscoveryMetadata: { | ||
"https://login.microsoftonline.com/common/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.chinacloudapi.cn/common/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.us/common/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.com/consumers/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.chinacloudapi.cn/consumers/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.us/consumers/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.com/organizations/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.chinacloudapi.cn/organizations/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.us/organizations/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
@@ -543,98 +472,30 @@ }; | ||
export declare const InstanceDiscoveryMetadata: { | ||
"https://login.microsoftonline.com/common/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.chinacloudapi.cn/common/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.us/common/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.com/consumers/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.chinacloudapi.cn/consumers/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.us/consumers/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.com/organizations/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.chinacloudapi.cn/organizations/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
"https://login.microsoftonline.us/organizations/": { | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
tenant_discovery_endpoint: string; | ||
"api-version": string; | ||
metadata: { | ||
preferred_network: string; | ||
preferred_cache: string; | ||
aliases: string[]; | ||
}[]; | ||
}; | ||
export declare const InstanceDiscoveryMetadataAliases: Set<String>; | ||
/** | ||
* Returns aliases for the given canonical authority if found in hardcoded Instance Discovery Metadata or null if not found | ||
* @param canonicalAuthority | ||
* Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host | ||
* @param staticAuthorityOptions | ||
* @param logger | ||
* @returns | ||
*/ | ||
export declare function getHardcodedAliasesForCanonicalAuthority(canonicalAuthority?: string): string[] | null; | ||
export declare function getAliasesFromStaticSources(staticAuthorityOptions: StaticAuthorityOptions, logger?: Logger): string[]; | ||
/** | ||
* Returns aliases for from the raw cloud discovery metadata given in configuration or null if no configuration was provided | ||
* Returns aliases for from the raw cloud discovery metadata passed in | ||
* @param authorityHost | ||
* @param rawCloudDiscoveryMetadata | ||
* @returns | ||
*/ | ||
export declare function getAliasesFromConfigMetadata(canonicalAuthority?: string, cloudDiscoveryMetadata?: CloudDiscoveryMetadata[]): string[] | null; | ||
export declare function getAliasesFromMetadata(authorityHost?: string, cloudDiscoveryMetadata?: CloudDiscoveryMetadata[], source?: AuthorityMetadataSource, logger?: Logger): string[] | null; | ||
/** | ||
* Get cloud discovery metadata for common authorities | ||
*/ | ||
export declare function getCloudDiscoveryMetadataFromHardcodedValues(authorityHost: string): CloudDiscoveryMetadata | null; | ||
/** | ||
* Searches instance discovery network response for the entry that contains the host in the aliases list | ||
@@ -644,7 +505,3 @@ * @param response | ||
*/ | ||
export declare function getCloudDiscoveryMetadataFromNetworkResponse(response: CloudDiscoveryMetadata[], authority: string): CloudDiscoveryMetadata | null; | ||
/** | ||
* Get cloud discovery metadata for common authorities | ||
*/ | ||
export declare function getCloudDiscoveryMetadataFromHardcodedValues(canonicalAuthority: string): CloudDiscoveryMetadata | null; | ||
export declare function getCloudDiscoveryMetadataFromNetworkResponse(response: CloudDiscoveryMetadata[], authorityHost: string): CloudDiscoveryMetadata | null; | ||
//# sourceMappingURL=AuthorityMetadata.d.ts.map |
import { ProtocolMode } from "./ProtocolMode"; | ||
import { OIDCOptions } from "./OIDCOptions"; | ||
import { AzureRegionConfiguration } from "./AzureRegionConfiguration"; | ||
import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata"; | ||
import { CloudInstanceDiscoveryResponse } from "./CloudInstanceDiscoveryResponse"; | ||
export type AuthorityOptions = { | ||
@@ -17,3 +17,3 @@ protocolMode: ProtocolMode; | ||
canonicalAuthority?: string; | ||
cloudDiscoveryMetadata?: CloudDiscoveryMetadata[]; | ||
cloudDiscoveryMetadata?: CloudInstanceDiscoveryResponse; | ||
}; | ||
@@ -20,0 +20,0 @@ export declare const AzureCloudInstance: { |
import { CredentialEntity } from "./CredentialEntity"; | ||
import { AuthenticationScheme } from "../../utils/Constants"; | ||
import { ICrypto } from "../../crypto/ICrypto"; | ||
/** | ||
* ACCESS_TOKEN Credential Type | ||
* | ||
* Key:Value Schema: | ||
* | ||
* Key Example: uid.utid-login.microsoftonline.com-accesstoken-clientId-contoso.com-user.read | ||
* | ||
* Value Schema: | ||
* { | ||
* homeAccountId: home account identifier for the auth scheme, | ||
* environment: entity that issued the token, represented as a full host | ||
* credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other | ||
* clientId: client ID of the application | ||
* secret: Actual credential as a string | ||
* familyId: Family ID identifier, usually only used for refresh tokens | ||
* realm: Full tenant or organizational identifier that the account belongs to | ||
* target: Permissions that are included in the token, or for refresh tokens, the resource identifier. | ||
* cachedAt: Absolute device time when entry was created in the cache. | ||
* expiresOn: Token expiry time, calculated based on current UTC time in seconds. Represented as a string. | ||
* extendedExpiresOn: Additional extended expiry time until when token is valid in case of server-side outage. Represented as string in UTC seconds. | ||
* keyId: used for POP and SSH tokenTypes | ||
* tokenType: Type of the token issued. Usually "Bearer" | ||
* } | ||
* Access token cache type | ||
*/ | ||
export declare class AccessTokenEntity extends CredentialEntity { | ||
export type AccessTokenEntity = CredentialEntity & { | ||
/** Full tenant or organizational identifier that the account belongs to */ | ||
realm: string; | ||
/** Permissions that are included in the token, or for refresh tokens, the resource identifier. */ | ||
target: string; | ||
/** Absolute device time when entry was created in the cache. */ | ||
cachedAt: string; | ||
/** Token expiry time, calculated based on current UTC time in seconds. Represented as a string. */ | ||
expiresOn: string; | ||
/** Additional extended expiry time until when token is valid in case of server-side outage. Represented as string in UTC seconds. */ | ||
extendedExpiresOn?: string; | ||
/** Used for proactive refresh */ | ||
refreshOn?: string; | ||
keyId?: string; | ||
/** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */ | ||
tokenType?: AuthenticationScheme; | ||
/** Stringified claims object */ | ||
requestedClaims?: string; | ||
/** Matches the SHA 256 hash of the claims object included in the token request */ | ||
requestedClaimsHash?: string; | ||
/** | ||
* Create AccessTokenEntity | ||
* @param homeAccountId | ||
* @param environment | ||
* @param accessToken | ||
* @param clientId | ||
* @param tenantId | ||
* @param scopes | ||
* @param expiresOn | ||
* @param extExpiresOn | ||
*/ | ||
static createAccessTokenEntity(homeAccountId: string, environment: string, accessToken: string, clientId: string, tenantId: string, scopes: string, expiresOn: number, extExpiresOn: number, cryptoUtils: ICrypto, refreshOn?: number, tokenType?: AuthenticationScheme, userAssertionHash?: string, keyId?: string, requestedClaims?: string, requestedClaimsHash?: string): AccessTokenEntity; | ||
/** | ||
* Validates an entity: checks for all expected params | ||
* @param entity | ||
*/ | ||
static isAccessTokenEntity(entity: object): boolean; | ||
} | ||
}; | ||
//# sourceMappingURL=AccessTokenEntity.d.ts.map |
import { CredentialType, AuthenticationScheme } from "../../utils/Constants"; | ||
/** | ||
* Base type for credentials to be stored in the cache: eg: ACCESS_TOKEN, ID_TOKEN etc | ||
* | ||
* Key:Value Schema: | ||
* | ||
* Key: <home_account_id*>-<environment>-<credential_type>-<client_id>-<realm*>-<target*>-<requestedClaims*>-<scheme*> | ||
* | ||
* Value Schema: | ||
* { | ||
* homeAccountId: home account identifier for the auth scheme, | ||
* environment: entity that issued the token, represented as a full host | ||
* credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other | ||
* clientId: client ID of the application | ||
* secret: Actual credential as a string | ||
* familyId: Family ID identifier, usually only used for refresh tokens | ||
* realm: Full tenant or organizational identifier that the account belongs to | ||
* target: Permissions that are included in the token, or for refresh tokens, the resource identifier. | ||
* tokenType: Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) | ||
* requestedClaimsHash: Matches the SHA 256 hash of the claims object included in the token request | ||
* userAssertionHash: Matches the SHA 256 hash of the obo_assertion for the OBO flow | ||
* } | ||
* Credential Cache Type | ||
*/ | ||
export declare class CredentialEntity { | ||
export type CredentialEntity = { | ||
/** Identifier for the user in their home tenant*/ | ||
homeAccountId: string; | ||
/** Entity that issued the token, represented as a full host */ | ||
environment: string; | ||
/** Type of credential */ | ||
credentialType: CredentialType; | ||
/** Client ID of the application */ | ||
clientId: string; | ||
/** Actual credential as a string */ | ||
secret: string; | ||
/** Family ID identifier, usually only used for refresh tokens */ | ||
familyId?: string; | ||
/** Full tenant or organizational identifier that the account belongs to */ | ||
realm?: string; | ||
/** Permissions that are included in the token, or for refresh tokens, the resource identifier. */ | ||
target?: string; | ||
/** Matches the SHA 256 hash of the obo_assertion for the OBO flow */ | ||
userAssertionHash?: string; | ||
/** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */ | ||
tokenType?: AuthenticationScheme; | ||
/** KeyId for PoP and SSH tokens stored in the kid claim */ | ||
keyId?: string; | ||
/** Matches the SHA 256 hash of the claims object included in the token request */ | ||
requestedClaimsHash?: string; | ||
/** | ||
* Generate Account Id key component as per the schema: <home_account_id>-<environment> | ||
*/ | ||
generateAccountId(): string; | ||
/** | ||
* Generate Credential Id key component as per the schema: <credential_type>-<client_id>-<realm> | ||
*/ | ||
generateCredentialId(): string; | ||
/** | ||
* Generate target key component as per schema: <target> | ||
*/ | ||
generateTarget(): string; | ||
/** | ||
* generates credential key | ||
*/ | ||
generateCredentialKey(): string; | ||
/** | ||
* returns the type of the cache (in this case credential) | ||
*/ | ||
generateType(): number; | ||
/** | ||
* generates credential key | ||
* <home_account_id*>-\<environment>-<credential_type>-<client_id>-<realm\*>-<target\*>-<scheme\*> | ||
*/ | ||
static generateCredentialCacheKey(homeAccountId: string, environment: string, credentialType: CredentialType, clientId: string, realm?: string, target?: string, familyId?: string, tokenType?: AuthenticationScheme, requestedClaimsHash?: string): string; | ||
/** | ||
* generates Account Id for keys | ||
* @param homeAccountId | ||
* @param environment | ||
*/ | ||
private static generateAccountIdForCacheKey; | ||
/** | ||
* Generates Credential Id for keys | ||
* @param credentialType | ||
* @param realm | ||
* @param clientId | ||
* @param familyId | ||
*/ | ||
private static generateCredentialIdForCacheKey; | ||
/** | ||
* Generate target key component as per schema: <target> | ||
*/ | ||
private static generateTargetForCacheKey; | ||
/** | ||
* Generate requested claims key component as per schema: <requestedClaims> | ||
*/ | ||
private static generateClaimsHashForCacheKey; | ||
/** | ||
* Generate scheme key componenet as per schema: <scheme> | ||
*/ | ||
private static generateSchemeForCacheKey; | ||
} | ||
}; | ||
//# sourceMappingURL=CredentialEntity.d.ts.map |
import { CredentialEntity } from "./CredentialEntity"; | ||
/** | ||
* ID_TOKEN Cache | ||
* | ||
* Key:Value Schema: | ||
* | ||
* Key Example: uid.utid-login.microsoftonline.com-idtoken-clientId-contoso.com- | ||
* | ||
* Value Schema: | ||
* { | ||
* homeAccountId: home account identifier for the auth scheme, | ||
* environment: entity that issued the token, represented as a full host | ||
* credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other | ||
* clientId: client ID of the application | ||
* secret: Actual credential as a string | ||
* realm: Full tenant or organizational identifier that the account belongs to | ||
* } | ||
* Id Token Cache Type | ||
*/ | ||
export declare class IdTokenEntity extends CredentialEntity { | ||
export type IdTokenEntity = CredentialEntity & { | ||
/** Full tenant or organizational identifier that the account belongs to */ | ||
realm: string; | ||
/** | ||
* Create IdTokenEntity | ||
* @param homeAccountId | ||
* @param authenticationResult | ||
* @param clientId | ||
* @param authority | ||
*/ | ||
static createIdTokenEntity(homeAccountId: string, environment: string, idToken: string, clientId: string, tenantId: string): IdTokenEntity; | ||
/** | ||
* Validates an entity: checks for all expected params | ||
* @param entity | ||
*/ | ||
static isIdTokenEntity(entity: object): boolean; | ||
} | ||
}; | ||
//# sourceMappingURL=IdTokenEntity.d.ts.map |
import { CredentialEntity } from "./CredentialEntity"; | ||
/** | ||
* REFRESH_TOKEN Cache | ||
* | ||
* Key:Value Schema: | ||
* | ||
* Key Example: uid.utid-login.microsoftonline.com-refreshtoken-clientId-- | ||
* | ||
* Value: | ||
* { | ||
* homeAccountId: home account identifier for the auth scheme, | ||
* environment: entity that issued the token, represented as a full host | ||
* credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other | ||
* clientId: client ID of the application | ||
* secret: Actual credential as a string | ||
* familyId: Family ID identifier, '1' represents Microsoft Family | ||
* realm: Full tenant or organizational identifier that the account belongs to | ||
* target: Permissions that are included in the token, or for refresh tokens, the resource identifier. | ||
* } | ||
* Refresh Token Cache Type | ||
*/ | ||
export declare class RefreshTokenEntity extends CredentialEntity { | ||
familyId?: string; | ||
/** | ||
* Create RefreshTokenEntity | ||
* @param homeAccountId | ||
* @param authenticationResult | ||
* @param clientId | ||
* @param authority | ||
*/ | ||
static createRefreshTokenEntity(homeAccountId: string, environment: string, refreshToken: string, clientId: string, familyId?: string, userAssertionHash?: string): RefreshTokenEntity; | ||
/** | ||
* Validates an entity: checks for all expected params | ||
* @param entity | ||
*/ | ||
static isRefreshTokenEntity(entity: object): boolean; | ||
} | ||
export type RefreshTokenEntity = CredentialEntity; | ||
//# sourceMappingURL=RefreshTokenEntity.d.ts.map |
@@ -45,3 +45,3 @@ import { ClientConfiguration, CommonClientConfiguration } from "../config/ClientConfiguration"; | ||
*/ | ||
updateAuthority(updatedAuthority: Authority): void; | ||
updateAuthority(cloudInstanceHostname: string, correlationId: string): Promise<void>; | ||
/** | ||
@@ -48,0 +48,0 @@ * Creates query string for the /token request |
@@ -29,2 +29,3 @@ /** | ||
export { CredentialEntity } from "./cache/entities/CredentialEntity"; | ||
export * as CacheHelpers from "./cache/utils/CacheHelpers"; | ||
export { AppMetadataEntity } from "./cache/entities/AppMetadataEntity"; | ||
@@ -31,0 +32,0 @@ export { AccountEntity } from "./cache/entities/AccountEntity"; |
export declare const name = "@azure/msal-common"; | ||
export declare const version = "14.2.0"; | ||
export declare const version = "14.3.0"; | ||
//# sourceMappingURL=packageMetadata.d.ts.map |
@@ -33,6 +33,6 @@ import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse"; | ||
* @param serverResponseHash | ||
* @param cachedState | ||
* @param requestState | ||
* @param cryptoObj | ||
*/ | ||
validateServerAuthorizationCodeResponse(serverResponseHash: ServerAuthorizationCodeResponse, cachedState: string, cryptoObj: ICrypto): void; | ||
validateServerAuthorizationCodeResponse(serverResponse: ServerAuthorizationCodeResponse, requestState: string): void; | ||
/** | ||
@@ -39,0 +39,0 @@ * Function which validates server authorization token response. |
@@ -13,3 +13,3 @@ { | ||
}, | ||
"version": "14.2.0", | ||
"version": "14.3.0", | ||
"description": "Microsoft Authentication Library for js", | ||
@@ -16,0 +16,0 @@ "keywords": [ |
@@ -858,3 +858,3 @@ /* | ||
getCloudDiscoveryMetadataFromHardcodedValues( | ||
this.canonicalAuthority | ||
this.hostnameAndPort | ||
); | ||
@@ -1268,9 +1268,7 @@ if (hardcodedMetadata) { | ||
const rawCloudDiscoveryMetadata = authOptions.cloudDiscoveryMetadata; | ||
let cloudDiscoveryMetadata: CloudDiscoveryMetadata[] | undefined = | ||
let cloudDiscoveryMetadata: CloudInstanceDiscoveryResponse | undefined = | ||
undefined; | ||
if (rawCloudDiscoveryMetadata) { | ||
try { | ||
cloudDiscoveryMetadata = JSON.parse( | ||
rawCloudDiscoveryMetadata | ||
).metadata; | ||
cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata); | ||
} catch (e) { | ||
@@ -1277,0 +1275,0 @@ throw createClientConfigurationError( |
@@ -6,3 +6,6 @@ /* | ||
import { Logger } from "../logger/Logger"; | ||
import { UrlString } from "../url/UrlString"; | ||
import { AuthorityMetadataSource } from "../utils/Constants"; | ||
import { StaticAuthorityOptions } from "./AuthorityOptions"; | ||
import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata"; | ||
@@ -556,389 +559,43 @@ | ||
instanceDiscoveryMetadata: { | ||
"https://login.microsoftonline.com/common/": { | ||
tenant_discovery_endpoint: | ||
"https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
"https://login.chinacloudapi.cn/common/": { | ||
tenant_discovery_endpoint: | ||
"https://login.chinacloudapi.cn/common/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
"https://login.microsoftonline.us/common/": { | ||
tenant_discovery_endpoint: | ||
"https://login.microsoftonline.us/common/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
"https://login.microsoftonline.com/consumers/": { | ||
tenant_discovery_endpoint: | ||
"https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
"https://login.chinacloudapi.cn/consumers/": { | ||
tenant_discovery_endpoint: | ||
"https://login.chinacloudapi.cn/consumers/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
"https://login.microsoftonline.us/consumers/": { | ||
tenant_discovery_endpoint: | ||
"https://login.microsoftonline.us/consumers/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
"https://login.microsoftonline.com/organizations/": { | ||
tenant_discovery_endpoint: | ||
"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
"https://login.chinacloudapi.cn/organizations/": { | ||
tenant_discovery_endpoint: | ||
"https://login.chinacloudapi.cn/organizations/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
"https://login.microsoftonline.us/organizations/": { | ||
tenant_discovery_endpoint: | ||
"https://login.microsoftonline.us/organizations/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
tenant_discovery_endpoint: | ||
"https://{canonicalAuthority}/v2.0/.well-known/openid-configuration", | ||
"api-version": "1.1", | ||
metadata: [ | ||
{ | ||
preferred_network: "login.microsoftonline.com", | ||
preferred_cache: "login.windows.net", | ||
aliases: [ | ||
"login.microsoftonline.com", | ||
"login.windows.net", | ||
"login.microsoft.com", | ||
"sts.windows.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.partner.microsoftonline.cn", | ||
preferred_cache: "login.partner.microsoftonline.cn", | ||
aliases: [ | ||
"login.partner.microsoftonline.cn", | ||
"login.chinacloudapi.cn", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.de", | ||
preferred_cache: "login.microsoftonline.de", | ||
aliases: ["login.microsoftonline.de"], | ||
}, | ||
{ | ||
preferred_network: "login.microsoftonline.us", | ||
preferred_cache: "login.microsoftonline.us", | ||
aliases: [ | ||
"login.microsoftonline.us", | ||
"login.usgovcloudapi.net", | ||
], | ||
}, | ||
{ | ||
preferred_network: "login-us.microsoftonline.com", | ||
preferred_cache: "login-us.microsoftonline.com", | ||
aliases: ["login-us.microsoftonline.com"], | ||
}, | ||
], | ||
}, | ||
@@ -952,48 +609,73 @@ }; | ||
export const InstanceDiscoveryMetadataAliases: Set<String> = new Set(); | ||
for (const key in InstanceDiscoveryMetadata) { | ||
for (const metadata of InstanceDiscoveryMetadata[key].metadata) { | ||
for (const alias of metadata.aliases) { | ||
InstanceDiscoveryMetadata.metadata.forEach( | ||
(metadataEntry: CloudDiscoveryMetadata) => { | ||
metadataEntry.aliases.forEach((alias: string) => { | ||
InstanceDiscoveryMetadataAliases.add(alias); | ||
} | ||
}); | ||
} | ||
} | ||
); | ||
/** | ||
* Returns aliases for the given canonical authority if found in hardcoded Instance Discovery Metadata or null if not found | ||
* @param canonicalAuthority | ||
* Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host | ||
* @param staticAuthorityOptions | ||
* @param logger | ||
* @returns | ||
*/ | ||
export function getHardcodedAliasesForCanonicalAuthority( | ||
canonicalAuthority?: string | ||
): string[] | null { | ||
export function getAliasesFromStaticSources( | ||
staticAuthorityOptions: StaticAuthorityOptions, | ||
logger?: Logger | ||
): string[] { | ||
let staticAliases: string[] | undefined; | ||
const canonicalAuthority = staticAuthorityOptions.canonicalAuthority; | ||
if (canonicalAuthority) { | ||
const instanceDiscoveryMetadata = | ||
getCloudDiscoveryMetadataFromHardcodedValues(canonicalAuthority); | ||
if (instanceDiscoveryMetadata) { | ||
return instanceDiscoveryMetadata.aliases; | ||
} | ||
const authorityHost = new UrlString( | ||
canonicalAuthority | ||
).getUrlComponents().HostNameAndPort; | ||
staticAliases = | ||
getAliasesFromMetadata( | ||
authorityHost, | ||
staticAuthorityOptions.cloudDiscoveryMetadata?.metadata, | ||
AuthorityMetadataSource.CONFIG, | ||
logger | ||
) || | ||
getAliasesFromMetadata( | ||
authorityHost, | ||
InstanceDiscoveryMetadata.metadata, | ||
AuthorityMetadataSource.HARDCODED_VALUES, | ||
logger | ||
) || | ||
staticAuthorityOptions.knownAuthorities; | ||
} | ||
return null; | ||
return staticAliases || []; | ||
} | ||
/** | ||
* Returns aliases for from the raw cloud discovery metadata given in configuration or null if no configuration was provided | ||
* Returns aliases for from the raw cloud discovery metadata passed in | ||
* @param authorityHost | ||
* @param rawCloudDiscoveryMetadata | ||
* @returns | ||
*/ | ||
export function getAliasesFromConfigMetadata( | ||
canonicalAuthority?: string, | ||
cloudDiscoveryMetadata?: CloudDiscoveryMetadata[] | ||
export function getAliasesFromMetadata( | ||
authorityHost?: string, | ||
cloudDiscoveryMetadata?: CloudDiscoveryMetadata[], | ||
source?: AuthorityMetadataSource, | ||
logger?: Logger | ||
): string[] | null { | ||
if (canonicalAuthority && cloudDiscoveryMetadata) { | ||
const canonicalAuthorityUrlComponents = new UrlString( | ||
canonicalAuthority | ||
).getUrlComponents(); | ||
logger?.trace(`getAliasesFromMetadata called with source: ${source}`); | ||
if (authorityHost && cloudDiscoveryMetadata) { | ||
const metadata = getCloudDiscoveryMetadataFromNetworkResponse( | ||
cloudDiscoveryMetadata, | ||
canonicalAuthorityUrlComponents.HostNameAndPort | ||
authorityHost | ||
); | ||
if (metadata) { | ||
logger?.trace( | ||
`getAliasesFromMetadata: found cloud discovery metadata in ${source}, returning aliases` | ||
); | ||
return metadata.aliases; | ||
} else { | ||
logger?.trace( | ||
`getAliasesFromMetadata: did not find cloud discovery metadata in ${source}` | ||
); | ||
} | ||
@@ -1006,2 +688,15 @@ } | ||
/** | ||
* Get cloud discovery metadata for common authorities | ||
*/ | ||
export function getCloudDiscoveryMetadataFromHardcodedValues( | ||
authorityHost: string | ||
): CloudDiscoveryMetadata | null { | ||
const metadata = getCloudDiscoveryMetadataFromNetworkResponse( | ||
InstanceDiscoveryMetadata.metadata, | ||
authorityHost | ||
); | ||
return metadata; | ||
} | ||
/** | ||
* Searches instance discovery network response for the entry that contains the host in the aliases list | ||
@@ -1013,7 +708,7 @@ * @param response | ||
response: CloudDiscoveryMetadata[], | ||
authority: string | ||
authorityHost: string | ||
): CloudDiscoveryMetadata | null { | ||
for (let i = 0; i < response.length; i++) { | ||
const metadata = response[i]; | ||
if (metadata.aliases.includes(authority)) { | ||
if (metadata.aliases.includes(authorityHost)) { | ||
return metadata; | ||
@@ -1025,22 +720,1 @@ } | ||
} | ||
/** | ||
* Get cloud discovery metadata for common authorities | ||
*/ | ||
export function getCloudDiscoveryMetadataFromHardcodedValues( | ||
canonicalAuthority: string | ||
): CloudDiscoveryMetadata | null { | ||
const canonicalAuthorityUrlComponents = new UrlString( | ||
canonicalAuthority | ||
).getUrlComponents(); | ||
if (canonicalAuthority in InstanceDiscoveryMetadata) { | ||
const metadata = getCloudDiscoveryMetadataFromNetworkResponse( | ||
InstanceDiscoveryMetadata[canonicalAuthority].metadata, | ||
canonicalAuthorityUrlComponents.HostNameAndPort | ||
); | ||
return metadata; | ||
} | ||
return null; | ||
} |
@@ -9,3 +9,3 @@ /* | ||
import { AzureRegionConfiguration } from "./AzureRegionConfiguration"; | ||
import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata"; | ||
import { CloudInstanceDiscoveryResponse } from "./CloudInstanceDiscoveryResponse"; | ||
@@ -27,3 +27,3 @@ export type AuthorityOptions = { | ||
canonicalAuthority?: string; | ||
cloudDiscoveryMetadata?: CloudDiscoveryMetadata[]; | ||
cloudDiscoveryMetadata?: CloudInstanceDiscoveryResponse; | ||
}; | ||
@@ -30,0 +30,0 @@ |
@@ -24,2 +24,3 @@ /* | ||
import { CredentialEntity } from "./entities/CredentialEntity"; | ||
import { generateCredentialKey } from "./utils/CacheHelpers"; | ||
import { ScopeSet } from "../request/ScopeSet"; | ||
@@ -46,6 +47,3 @@ import { AccountEntity } from "./entities/AccountEntity"; | ||
import { StoreInCache } from "../request/StoreInCache"; | ||
import { | ||
getAliasesFromConfigMetadata, | ||
getHardcodedAliasesForCanonicalAuthority, | ||
} from "../authority/AuthorityMetadata"; | ||
import { getAliasesFromStaticSources } from "../authority/AuthorityMetadata"; | ||
import { StaticAuthorityOptions } from "../authority/AuthorityOptions"; | ||
@@ -264,3 +262,9 @@ import { TokenClaims } from "../account/TokenClaims"; | ||
const allAccounts = this.getAllAccounts(accountFilter); | ||
if (allAccounts.length > 0) { | ||
if (allAccounts.length > 1) { | ||
// If one or more accounts are found, further filter to the first account that has an ID token | ||
return allAccounts.filter((account) => { | ||
return !!account.idTokenClaims; | ||
})[0]; | ||
} else if (allAccounts.length === 1) { | ||
// If only one account is found, return it regardless of whether a matching ID token was found | ||
return allAccounts[0]; | ||
@@ -309,3 +313,3 @@ } else { | ||
} | ||
return null; | ||
return accountInfo; | ||
} | ||
@@ -964,3 +968,3 @@ | ||
idTokens.forEach((idToken) => { | ||
this.removeIdToken(idToken.generateCredentialKey()); | ||
this.removeIdToken(generateCredentialKey(idToken)); | ||
}); | ||
@@ -1121,5 +1125,3 @@ return null; | ||
accessTokens.forEach((accessToken) => { | ||
void this.removeAccessToken( | ||
accessToken.generateCredentialKey() | ||
); | ||
void this.removeAccessToken(generateCredentialKey(accessToken)); | ||
}); | ||
@@ -1432,13 +1434,7 @@ return null; | ||
if (this.staticAuthorityOptions) { | ||
const staticAliases = | ||
getAliasesFromConfigMetadata( | ||
this.staticAuthorityOptions.canonicalAuthority, | ||
this.staticAuthorityOptions.cloudDiscoveryMetadata | ||
) || | ||
getHardcodedAliasesForCanonicalAuthority( | ||
this.staticAuthorityOptions.canonicalAuthority | ||
) || | ||
this.staticAuthorityOptions.knownAuthorities; | ||
const staticAliases = getAliasesFromStaticSources( | ||
this.staticAuthorityOptions, | ||
this.commonLogger | ||
); | ||
if ( | ||
staticAliases && | ||
staticAliases.includes(environment) && | ||
@@ -1445,0 +1441,0 @@ staticAliases.includes(entity.environment) |
@@ -7,162 +7,26 @@ /* | ||
import { CredentialEntity } from "./CredentialEntity"; | ||
import { CredentialType, AuthenticationScheme } from "../../utils/Constants"; | ||
import { TimeUtils } from "../../utils/TimeUtils"; | ||
import { ICrypto } from "../../crypto/ICrypto"; | ||
import { TokenClaims } from "../../account/TokenClaims"; | ||
import { | ||
createClientAuthError, | ||
ClientAuthErrorCodes, | ||
} from "../../error/ClientAuthError"; | ||
import { extractTokenClaims } from "../../account/AuthToken"; | ||
import { AuthenticationScheme } from "../../utils/Constants"; | ||
/** | ||
* ACCESS_TOKEN Credential Type | ||
* | ||
* Key:Value Schema: | ||
* | ||
* Key Example: uid.utid-login.microsoftonline.com-accesstoken-clientId-contoso.com-user.read | ||
* | ||
* Value Schema: | ||
* { | ||
* homeAccountId: home account identifier for the auth scheme, | ||
* environment: entity that issued the token, represented as a full host | ||
* credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other | ||
* clientId: client ID of the application | ||
* secret: Actual credential as a string | ||
* familyId: Family ID identifier, usually only used for refresh tokens | ||
* realm: Full tenant or organizational identifier that the account belongs to | ||
* target: Permissions that are included in the token, or for refresh tokens, the resource identifier. | ||
* cachedAt: Absolute device time when entry was created in the cache. | ||
* expiresOn: Token expiry time, calculated based on current UTC time in seconds. Represented as a string. | ||
* extendedExpiresOn: Additional extended expiry time until when token is valid in case of server-side outage. Represented as string in UTC seconds. | ||
* keyId: used for POP and SSH tokenTypes | ||
* tokenType: Type of the token issued. Usually "Bearer" | ||
* } | ||
* Access token cache type | ||
*/ | ||
export class AccessTokenEntity extends CredentialEntity { | ||
export type AccessTokenEntity = CredentialEntity & { | ||
/** Full tenant or organizational identifier that the account belongs to */ | ||
realm: string; | ||
/** Permissions that are included in the token, or for refresh tokens, the resource identifier. */ | ||
target: string; | ||
/** Absolute device time when entry was created in the cache. */ | ||
cachedAt: string; | ||
/** Token expiry time, calculated based on current UTC time in seconds. Represented as a string. */ | ||
expiresOn: string; | ||
/** Additional extended expiry time until when token is valid in case of server-side outage. Represented as string in UTC seconds. */ | ||
extendedExpiresOn?: string; | ||
/** Used for proactive refresh */ | ||
refreshOn?: string; | ||
keyId?: string; // for POP and SSH tokenTypes | ||
/** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */ | ||
tokenType?: AuthenticationScheme; | ||
/** Stringified claims object */ | ||
requestedClaims?: string; | ||
/** Matches the SHA 256 hash of the claims object included in the token request */ | ||
requestedClaimsHash?: string; | ||
/** | ||
* Create AccessTokenEntity | ||
* @param homeAccountId | ||
* @param environment | ||
* @param accessToken | ||
* @param clientId | ||
* @param tenantId | ||
* @param scopes | ||
* @param expiresOn | ||
* @param extExpiresOn | ||
*/ | ||
static createAccessTokenEntity( | ||
homeAccountId: string, | ||
environment: string, | ||
accessToken: string, | ||
clientId: string, | ||
tenantId: string, | ||
scopes: string, | ||
expiresOn: number, | ||
extExpiresOn: number, | ||
cryptoUtils: ICrypto, | ||
refreshOn?: number, | ||
tokenType?: AuthenticationScheme, | ||
userAssertionHash?: string, | ||
keyId?: string, | ||
requestedClaims?: string, | ||
requestedClaimsHash?: string | ||
): AccessTokenEntity { | ||
const atEntity: AccessTokenEntity = new AccessTokenEntity(); | ||
atEntity.homeAccountId = homeAccountId; | ||
atEntity.credentialType = CredentialType.ACCESS_TOKEN; | ||
atEntity.secret = accessToken; | ||
const currentTime = TimeUtils.nowSeconds(); | ||
atEntity.cachedAt = currentTime.toString(); | ||
/* | ||
* Token expiry time. | ||
* This value should be calculated based on the current UTC time measured locally and the value expires_in Represented as a string in JSON. | ||
*/ | ||
atEntity.expiresOn = expiresOn.toString(); | ||
atEntity.extendedExpiresOn = extExpiresOn.toString(); | ||
if (refreshOn) { | ||
atEntity.refreshOn = refreshOn.toString(); | ||
} | ||
atEntity.environment = environment; | ||
atEntity.clientId = clientId; | ||
atEntity.realm = tenantId; | ||
atEntity.target = scopes; | ||
atEntity.userAssertionHash = userAssertionHash; | ||
atEntity.tokenType = tokenType || AuthenticationScheme.BEARER; | ||
if (requestedClaims) { | ||
atEntity.requestedClaims = requestedClaims; | ||
atEntity.requestedClaimsHash = requestedClaimsHash; | ||
} | ||
/* | ||
* Create Access Token With Auth Scheme instead of regular access token | ||
* Cast to lower to handle "bearer" from ADFS | ||
*/ | ||
if ( | ||
atEntity.tokenType?.toLowerCase() !== | ||
AuthenticationScheme.BEARER.toLowerCase() | ||
) { | ||
atEntity.credentialType = | ||
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME; | ||
switch (atEntity.tokenType) { | ||
case AuthenticationScheme.POP: | ||
// Make sure keyId is present and add it to credential | ||
const tokenClaims: TokenClaims | null = extractTokenClaims( | ||
accessToken, | ||
cryptoUtils.base64Decode | ||
); | ||
if (!tokenClaims?.cnf?.kid) { | ||
throw createClientAuthError( | ||
ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt | ||
); | ||
} | ||
atEntity.keyId = tokenClaims.cnf.kid; | ||
break; | ||
case AuthenticationScheme.SSH: | ||
atEntity.keyId = keyId; | ||
} | ||
} | ||
return atEntity; | ||
} | ||
/** | ||
* Validates an entity: checks for all expected params | ||
* @param entity | ||
*/ | ||
static isAccessTokenEntity(entity: object): boolean { | ||
if (!entity) { | ||
return false; | ||
} | ||
return ( | ||
entity.hasOwnProperty("homeAccountId") && | ||
entity.hasOwnProperty("environment") && | ||
entity.hasOwnProperty("credentialType") && | ||
entity.hasOwnProperty("realm") && | ||
entity.hasOwnProperty("clientId") && | ||
entity.hasOwnProperty("secret") && | ||
entity.hasOwnProperty("target") && | ||
(entity["credentialType"] === CredentialType.ACCESS_TOKEN || | ||
entity["credentialType"] === | ||
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME) | ||
); | ||
} | ||
} | ||
}; |
@@ -6,216 +6,32 @@ /* | ||
import { | ||
Separators, | ||
CredentialType, | ||
CacheType, | ||
Constants, | ||
AuthenticationScheme, | ||
} from "../../utils/Constants"; | ||
import { | ||
ClientAuthErrorCodes, | ||
createClientAuthError, | ||
} from "../../error/ClientAuthError"; | ||
import { CredentialType, AuthenticationScheme } from "../../utils/Constants"; | ||
/** | ||
* Base type for credentials to be stored in the cache: eg: ACCESS_TOKEN, ID_TOKEN etc | ||
* | ||
* Key:Value Schema: | ||
* | ||
* Key: <home_account_id*>-<environment>-<credential_type>-<client_id>-<realm*>-<target*>-<requestedClaims*>-<scheme*> | ||
* | ||
* Value Schema: | ||
* { | ||
* homeAccountId: home account identifier for the auth scheme, | ||
* environment: entity that issued the token, represented as a full host | ||
* credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other | ||
* clientId: client ID of the application | ||
* secret: Actual credential as a string | ||
* familyId: Family ID identifier, usually only used for refresh tokens | ||
* realm: Full tenant or organizational identifier that the account belongs to | ||
* target: Permissions that are included in the token, or for refresh tokens, the resource identifier. | ||
* tokenType: Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) | ||
* requestedClaimsHash: Matches the SHA 256 hash of the claims object included in the token request | ||
* userAssertionHash: Matches the SHA 256 hash of the obo_assertion for the OBO flow | ||
* } | ||
* Credential Cache Type | ||
*/ | ||
export class CredentialEntity { | ||
export type CredentialEntity = { | ||
/** Identifier for the user in their home tenant*/ | ||
homeAccountId: string; | ||
/** Entity that issued the token, represented as a full host */ | ||
environment: string; | ||
/** Type of credential */ | ||
credentialType: CredentialType; | ||
/** Client ID of the application */ | ||
clientId: string; | ||
/** Actual credential as a string */ | ||
secret: string; | ||
/** Family ID identifier, usually only used for refresh tokens */ | ||
familyId?: string; | ||
/** Full tenant or organizational identifier that the account belongs to */ | ||
realm?: string; | ||
/** Permissions that are included in the token, or for refresh tokens, the resource identifier. */ | ||
target?: string; | ||
/** Matches the SHA 256 hash of the obo_assertion for the OBO flow */ | ||
userAssertionHash?: string; | ||
/** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */ | ||
tokenType?: AuthenticationScheme; | ||
/** KeyId for PoP and SSH tokens stored in the kid claim */ | ||
keyId?: string; | ||
/** Matches the SHA 256 hash of the claims object included in the token request */ | ||
requestedClaimsHash?: string; | ||
/** | ||
* Generate Account Id key component as per the schema: <home_account_id>-<environment> | ||
*/ | ||
generateAccountId(): string { | ||
return CredentialEntity.generateAccountIdForCacheKey( | ||
this.homeAccountId, | ||
this.environment | ||
); | ||
} | ||
/** | ||
* Generate Credential Id key component as per the schema: <credential_type>-<client_id>-<realm> | ||
*/ | ||
generateCredentialId(): string { | ||
return CredentialEntity.generateCredentialIdForCacheKey( | ||
this.credentialType, | ||
this.clientId, | ||
this.realm, | ||
this.familyId | ||
); | ||
} | ||
/** | ||
* Generate target key component as per schema: <target> | ||
*/ | ||
generateTarget(): string { | ||
return CredentialEntity.generateTargetForCacheKey(this.target); | ||
} | ||
/** | ||
* generates credential key | ||
*/ | ||
generateCredentialKey(): string { | ||
return CredentialEntity.generateCredentialCacheKey( | ||
this.homeAccountId, | ||
this.environment, | ||
this.credentialType, | ||
this.clientId, | ||
this.realm, | ||
this.target, | ||
this.familyId, | ||
this.tokenType, | ||
this.requestedClaimsHash | ||
); | ||
} | ||
/** | ||
* returns the type of the cache (in this case credential) | ||
*/ | ||
generateType(): number { | ||
switch (this.credentialType) { | ||
case CredentialType.ID_TOKEN: | ||
return CacheType.ID_TOKEN; | ||
case CredentialType.ACCESS_TOKEN: | ||
case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME: | ||
return CacheType.ACCESS_TOKEN; | ||
case CredentialType.REFRESH_TOKEN: | ||
return CacheType.REFRESH_TOKEN; | ||
default: { | ||
throw createClientAuthError( | ||
ClientAuthErrorCodes.unexpectedCredentialType | ||
); | ||
} | ||
} | ||
} | ||
/** | ||
* generates credential key | ||
* <home_account_id*>-\<environment>-<credential_type>-<client_id>-<realm\*>-<target\*>-<scheme\*> | ||
*/ | ||
static generateCredentialCacheKey( | ||
homeAccountId: string, | ||
environment: string, | ||
credentialType: CredentialType, | ||
clientId: string, | ||
realm?: string, | ||
target?: string, | ||
familyId?: string, | ||
tokenType?: AuthenticationScheme, | ||
requestedClaimsHash?: string | ||
): string { | ||
const credentialKey = [ | ||
this.generateAccountIdForCacheKey(homeAccountId, environment), | ||
this.generateCredentialIdForCacheKey( | ||
credentialType, | ||
clientId, | ||
realm, | ||
familyId | ||
), | ||
this.generateTargetForCacheKey(target), | ||
this.generateClaimsHashForCacheKey(requestedClaimsHash), | ||
this.generateSchemeForCacheKey(tokenType), | ||
]; | ||
return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); | ||
} | ||
/** | ||
* generates Account Id for keys | ||
* @param homeAccountId | ||
* @param environment | ||
*/ | ||
private static generateAccountIdForCacheKey( | ||
homeAccountId: string, | ||
environment: string | ||
): string { | ||
const accountId: Array<string> = [homeAccountId, environment]; | ||
return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); | ||
} | ||
/** | ||
* Generates Credential Id for keys | ||
* @param credentialType | ||
* @param realm | ||
* @param clientId | ||
* @param familyId | ||
*/ | ||
private static generateCredentialIdForCacheKey( | ||
credentialType: CredentialType, | ||
clientId: string, | ||
realm?: string, | ||
familyId?: string | ||
): string { | ||
const clientOrFamilyId = | ||
credentialType === CredentialType.REFRESH_TOKEN | ||
? familyId || clientId | ||
: clientId; | ||
const credentialId: Array<string> = [ | ||
credentialType, | ||
clientOrFamilyId, | ||
realm || Constants.EMPTY_STRING, | ||
]; | ||
return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase(); | ||
} | ||
/** | ||
* Generate target key component as per schema: <target> | ||
*/ | ||
private static generateTargetForCacheKey(scopes?: string): string { | ||
return (scopes || Constants.EMPTY_STRING).toLowerCase(); | ||
} | ||
/** | ||
* Generate requested claims key component as per schema: <requestedClaims> | ||
*/ | ||
private static generateClaimsHashForCacheKey( | ||
requestedClaimsHash?: string | ||
): string { | ||
return (requestedClaimsHash || Constants.EMPTY_STRING).toLowerCase(); | ||
} | ||
/** | ||
* Generate scheme key componenet as per schema: <scheme> | ||
*/ | ||
private static generateSchemeForCacheKey(tokenType?: string): string { | ||
/* | ||
* PoP Tokens and SSH certs include scheme in cache key | ||
* Cast to lowercase to handle "bearer" from ADFS | ||
*/ | ||
return tokenType && | ||
tokenType.toLowerCase() !== | ||
AuthenticationScheme.BEARER.toLowerCase() | ||
? tokenType.toLowerCase() | ||
: Constants.EMPTY_STRING; | ||
} | ||
} | ||
}; |
@@ -7,69 +7,9 @@ /* | ||
import { CredentialEntity } from "./CredentialEntity"; | ||
import { CredentialType } from "../../utils/Constants"; | ||
/** | ||
* ID_TOKEN Cache | ||
* | ||
* Key:Value Schema: | ||
* | ||
* Key Example: uid.utid-login.microsoftonline.com-idtoken-clientId-contoso.com- | ||
* | ||
* Value Schema: | ||
* { | ||
* homeAccountId: home account identifier for the auth scheme, | ||
* environment: entity that issued the token, represented as a full host | ||
* credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other | ||
* clientId: client ID of the application | ||
* secret: Actual credential as a string | ||
* realm: Full tenant or organizational identifier that the account belongs to | ||
* } | ||
* Id Token Cache Type | ||
*/ | ||
export class IdTokenEntity extends CredentialEntity { | ||
export type IdTokenEntity = CredentialEntity & { | ||
/** Full tenant or organizational identifier that the account belongs to */ | ||
realm: string; | ||
/** | ||
* Create IdTokenEntity | ||
* @param homeAccountId | ||
* @param authenticationResult | ||
* @param clientId | ||
* @param authority | ||
*/ | ||
static createIdTokenEntity( | ||
homeAccountId: string, | ||
environment: string, | ||
idToken: string, | ||
clientId: string, | ||
tenantId: string | ||
): IdTokenEntity { | ||
const idTokenEntity = new IdTokenEntity(); | ||
idTokenEntity.credentialType = CredentialType.ID_TOKEN; | ||
idTokenEntity.homeAccountId = homeAccountId; | ||
idTokenEntity.environment = environment; | ||
idTokenEntity.clientId = clientId; | ||
idTokenEntity.secret = idToken; | ||
idTokenEntity.realm = tenantId; | ||
return idTokenEntity; | ||
} | ||
/** | ||
* Validates an entity: checks for all expected params | ||
* @param entity | ||
*/ | ||
static isIdTokenEntity(entity: object): boolean { | ||
if (!entity) { | ||
return false; | ||
} | ||
return ( | ||
entity.hasOwnProperty("homeAccountId") && | ||
entity.hasOwnProperty("environment") && | ||
entity.hasOwnProperty("credentialType") && | ||
entity.hasOwnProperty("realm") && | ||
entity.hasOwnProperty("clientId") && | ||
entity.hasOwnProperty("secret") && | ||
entity["credentialType"] === CredentialType.ID_TOKEN | ||
); | ||
} | ||
} | ||
}; |
@@ -7,73 +7,6 @@ /* | ||
import { CredentialEntity } from "./CredentialEntity"; | ||
import { CredentialType } from "../../utils/Constants"; | ||
/** | ||
* REFRESH_TOKEN Cache | ||
* | ||
* Key:Value Schema: | ||
* | ||
* Key Example: uid.utid-login.microsoftonline.com-refreshtoken-clientId-- | ||
* | ||
* Value: | ||
* { | ||
* homeAccountId: home account identifier for the auth scheme, | ||
* environment: entity that issued the token, represented as a full host | ||
* credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other | ||
* clientId: client ID of the application | ||
* secret: Actual credential as a string | ||
* familyId: Family ID identifier, '1' represents Microsoft Family | ||
* realm: Full tenant or organizational identifier that the account belongs to | ||
* target: Permissions that are included in the token, or for refresh tokens, the resource identifier. | ||
* } | ||
* Refresh Token Cache Type | ||
*/ | ||
export class RefreshTokenEntity extends CredentialEntity { | ||
familyId?: string; | ||
/** | ||
* Create RefreshTokenEntity | ||
* @param homeAccountId | ||
* @param authenticationResult | ||
* @param clientId | ||
* @param authority | ||
*/ | ||
static createRefreshTokenEntity( | ||
homeAccountId: string, | ||
environment: string, | ||
refreshToken: string, | ||
clientId: string, | ||
familyId?: string, | ||
userAssertionHash?: string | ||
): RefreshTokenEntity { | ||
const rtEntity = new RefreshTokenEntity(); | ||
rtEntity.clientId = clientId; | ||
rtEntity.credentialType = CredentialType.REFRESH_TOKEN; | ||
rtEntity.environment = environment; | ||
rtEntity.homeAccountId = homeAccountId; | ||
rtEntity.secret = refreshToken; | ||
rtEntity.userAssertionHash = userAssertionHash; | ||
if (familyId) rtEntity.familyId = familyId; | ||
return rtEntity; | ||
} | ||
/** | ||
* Validates an entity: checks for all expected params | ||
* @param entity | ||
*/ | ||
static isRefreshTokenEntity(entity: object): boolean { | ||
if (!entity) { | ||
return false; | ||
} | ||
return ( | ||
entity.hasOwnProperty("homeAccountId") && | ||
entity.hasOwnProperty("environment") && | ||
entity.hasOwnProperty("credentialType") && | ||
entity.hasOwnProperty("clientId") && | ||
entity.hasOwnProperty("secret") && | ||
entity["credentialType"] === CredentialType.REFRESH_TOKEN | ||
); | ||
} | ||
} | ||
export type RefreshTokenEntity = CredentialEntity; |
@@ -197,4 +197,3 @@ /* | ||
serverParams, | ||
cachedState, | ||
this.cryptoUtils | ||
cachedState | ||
); | ||
@@ -201,0 +200,0 @@ |
@@ -22,6 +22,2 @@ /* | ||
import { version, name } from "../packageMetadata"; | ||
import { | ||
createClientAuthError, | ||
ClientAuthErrorCodes, | ||
} from "../error/ClientAuthError"; | ||
import { CcsCredential, CcsCredentialType } from "../account/CcsCredential"; | ||
@@ -32,2 +28,4 @@ import { buildClientInfoFromHomeAccountId } from "../account/ClientInfo"; | ||
import { BaseAuthRequest } from "../request/BaseAuthRequest"; | ||
import { AuthorityFactory } from "../authority/AuthorityFactory"; | ||
import { PerformanceEvents } from "../telemetry/performance/PerformanceEvent"; | ||
@@ -189,9 +187,22 @@ /** | ||
*/ | ||
updateAuthority(updatedAuthority: Authority): void { | ||
if (!updatedAuthority.discoveryComplete()) { | ||
throw createClientAuthError( | ||
ClientAuthErrorCodes.endpointResolutionError | ||
async updateAuthority( | ||
cloudInstanceHostname: string, | ||
correlationId: string | ||
): Promise<void> { | ||
this.performanceClient?.addQueueMeasurement( | ||
PerformanceEvents.UpdateTokenEndpointAuthority, | ||
correlationId | ||
); | ||
const cloudInstanceAuthorityUri = `https://${cloudInstanceHostname}/${this.authority.tenant}/`; | ||
const cloudInstanceAuthority = | ||
await AuthorityFactory.createDiscoveredInstance( | ||
cloudInstanceAuthorityUri, | ||
this.networkClient, | ||
this.cacheManager, | ||
this.authority.options, | ||
this.logger, | ||
this.performanceClient, | ||
correlationId | ||
); | ||
} | ||
this.authority = updatedAuthority; | ||
this.authority = cloudInstanceAuthority; | ||
} | ||
@@ -198,0 +209,0 @@ |
@@ -74,2 +74,3 @@ /* | ||
export { CredentialEntity } from "./cache/entities/CredentialEntity"; | ||
export * as CacheHelpers from "./cache/utils/CacheHelpers"; | ||
export { AppMetadataEntity } from "./cache/entities/AppMetadataEntity"; | ||
@@ -76,0 +77,0 @@ export { AccountEntity } from "./cache/entities/AccountEntity"; |
/* eslint-disable header/header */ | ||
export const name = "@azure/msal-common"; | ||
export const version = "14.2.0"; | ||
export const version = "14.3.0"; |
@@ -7,3 +7,2 @@ /* | ||
import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse"; | ||
import { buildClientInfo } from "../account/ClientInfo"; | ||
import { ICrypto } from "../crypto/ICrypto"; | ||
@@ -49,2 +48,3 @@ import { | ||
import { AccountInfo } from "../account/AccountInfo"; | ||
import * as CacheHelpers from "../cache/utils/CacheHelpers"; | ||
@@ -86,12 +86,11 @@ /** | ||
* @param serverResponseHash | ||
* @param cachedState | ||
* @param requestState | ||
* @param cryptoObj | ||
*/ | ||
validateServerAuthorizationCodeResponse( | ||
serverResponseHash: ServerAuthorizationCodeResponse, | ||
cachedState: string, | ||
cryptoObj: ICrypto | ||
serverResponse: ServerAuthorizationCodeResponse, | ||
requestState: string | ||
): void { | ||
if (!serverResponseHash.state || !cachedState) { | ||
throw serverResponseHash.state | ||
if (!serverResponse.state || !requestState) { | ||
throw serverResponse.state | ||
? createClientAuthError( | ||
@@ -107,8 +106,8 @@ ClientAuthErrorCodes.stateNotFound, | ||
let decodedServerResponseHash: string; | ||
let decodedCachedState: string; | ||
let decodedServerResponseState: string; | ||
let decodedRequestState: string; | ||
try { | ||
decodedServerResponseHash = decodeURIComponent( | ||
serverResponseHash.state | ||
decodedServerResponseState = decodeURIComponent( | ||
serverResponse.state | ||
); | ||
@@ -118,3 +117,3 @@ } catch (e) { | ||
ClientAuthErrorCodes.invalidState, | ||
serverResponseHash.state | ||
serverResponse.state | ||
); | ||
@@ -124,11 +123,11 @@ } | ||
try { | ||
decodedCachedState = decodeURIComponent(cachedState); | ||
decodedRequestState = decodeURIComponent(requestState); | ||
} catch (e) { | ||
throw createClientAuthError( | ||
ClientAuthErrorCodes.invalidState, | ||
serverResponseHash.state | ||
serverResponse.state | ||
); | ||
} | ||
if (decodedServerResponseHash !== decodedCachedState) { | ||
if (decodedServerResponseState !== decodedRequestState) { | ||
throw createClientAuthError(ClientAuthErrorCodes.stateMismatch); | ||
@@ -139,21 +138,21 @@ } | ||
if ( | ||
serverResponseHash.error || | ||
serverResponseHash.error_description || | ||
serverResponseHash.suberror | ||
serverResponse.error || | ||
serverResponse.error_description || | ||
serverResponse.suberror | ||
) { | ||
if ( | ||
isInteractionRequiredError( | ||
serverResponseHash.error, | ||
serverResponseHash.error_description, | ||
serverResponseHash.suberror | ||
serverResponse.error, | ||
serverResponse.error_description, | ||
serverResponse.suberror | ||
) | ||
) { | ||
throw new InteractionRequiredAuthError( | ||
serverResponseHash.error || Constants.EMPTY_STRING, | ||
serverResponseHash.error_description, | ||
serverResponseHash.suberror, | ||
serverResponseHash.timestamp || Constants.EMPTY_STRING, | ||
serverResponseHash.trace_id || Constants.EMPTY_STRING, | ||
serverResponseHash.correlation_id || Constants.EMPTY_STRING, | ||
serverResponseHash.claims || Constants.EMPTY_STRING | ||
serverResponse.error || "", | ||
serverResponse.error_description, | ||
serverResponse.suberror, | ||
serverResponse.timestamp || "", | ||
serverResponse.trace_id || "", | ||
serverResponse.correlation_id || "", | ||
serverResponse.claims || "" | ||
); | ||
@@ -163,11 +162,7 @@ } | ||
throw new ServerError( | ||
serverResponseHash.error || Constants.EMPTY_STRING, | ||
serverResponseHash.error_description, | ||
serverResponseHash.suberror | ||
serverResponse.error || "", | ||
serverResponse.error_description, | ||
serverResponse.suberror | ||
); | ||
} | ||
if (serverResponseHash.client_info) { | ||
buildClientInfo(serverResponseHash.client_info, cryptoObj); | ||
} | ||
} | ||
@@ -426,3 +421,3 @@ | ||
if (serverTokenResponse.id_token && !!idTokenClaims) { | ||
cachedIdToken = IdTokenEntity.createIdTokenEntity( | ||
cachedIdToken = CacheHelpers.createIdTokenEntity( | ||
this.homeAccountIdentifier, | ||
@@ -480,6 +475,6 @@ env, | ||
// non AAD scenarios can have empty realm | ||
cachedAccessToken = AccessTokenEntity.createAccessTokenEntity( | ||
cachedAccessToken = CacheHelpers.createAccessTokenEntity( | ||
this.homeAccountIdentifier, | ||
env, | ||
serverTokenResponse.access_token || Constants.EMPTY_STRING, | ||
serverTokenResponse.access_token, | ||
this.clientId, | ||
@@ -490,3 +485,3 @@ idTokenClaims?.tid || authority.tenant, | ||
extendedTokenExpirationSeconds, | ||
this.cryptoObj, | ||
this.cryptoObj.base64Decode, | ||
refreshOnSeconds, | ||
@@ -504,6 +499,6 @@ serverTokenResponse.token_type, | ||
if (serverTokenResponse.refresh_token) { | ||
cachedRefreshToken = RefreshTokenEntity.createRefreshTokenEntity( | ||
cachedRefreshToken = CacheHelpers.createRefreshTokenEntity( | ||
this.homeAccountIdentifier, | ||
env, | ||
serverTokenResponse.refresh_token || Constants.EMPTY_STRING, | ||
serverTokenResponse.refresh_token, | ||
this.clientId, | ||
@@ -510,0 +505,0 @@ serverTokenResponse.foci, |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
1702445
456
37330