Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@azure/msal-common

Package Overview
Dependencies
Maintainers
3
Versions
122
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@azure/msal-common - npm Package Compare versions

Comparing version 14.4.1-beta.1 to 14.5.0

dist/account/AccountInfo.mjs

27

dist/account/AccountInfo.d.ts

@@ -13,2 +13,3 @@ import { TokenClaims } from "./TokenClaims";

* - nativeAccountId - The user's native account ID
* - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
*/

@@ -28,7 +29,33 @@ export type AccountInfo = {

authorityType?: string;
tenantProfiles?: Map<string, TenantProfile>;
};
/**
* Account details that vary across tenants for the same user
*/
export type TenantProfile = Pick<AccountInfo, "tenantId" | "localAccountId" | "name"> & {
/**
* - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
*/
isHomeTenant?: boolean;
};
export type ActiveAccountFilters = {
homeAccountId: string;
localAccountId: string;
tenantId?: string;
};
/**
* Returns true if tenantId matches the utid portion of homeAccountId
* @param tenantId
* @param homeAccountId
* @returns
*/
export declare function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean;
export declare function buildTenantProfileFromIdTokenClaims(homeAccountId: string, idTokenClaims: TokenClaims): TenantProfile;
/**
* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
* @param baseAccountInfo
* @param idTokenClaims
* @returns
*/
export declare function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims): AccountInfo;
//# sourceMappingURL=AccountInfo.d.ts.map

0

dist/account/AuthToken.d.ts

@@ -0,0 +0,0 @@ import { TokenClaims } from "./TokenClaims";

@@ -0,0 +0,0 @@ export type CcsCredential = {

3

dist/account/ClientInfo.d.ts

@@ -1,2 +0,1 @@

import { ICrypto } from "../crypto/ICrypto";
/**

@@ -14,3 +13,3 @@ * Client info object which consists of two IDs. Need to add more info here.

*/
export declare function buildClientInfo(rawClientInfo: string, crypto: ICrypto): ClientInfo;
export declare function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo;
/**

@@ -17,0 +16,0 @@ * Function to build a client info object from cached homeAccountId string

@@ -33,2 +33,10 @@ /**

tid?: string;
/**
* Trusted Framework Policy (B2C) The name of the policy that was used to acquire the ID token.
*/
tfp?: string;
/**
* Authentication Context Class Reference (B2C) Used only with older policies.
*/
acr?: string;
ver?: string;

@@ -67,2 +75,12 @@ upn?: string;

};
/**
* Gets tenantId from available ID token claims to set as credential realm with the following precedence:
* 1. tid - if the token is acquired from an Azure AD tenant tid will be present
* 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present
* 3. acr - if the token is acquired from a legacy B2C tenant acr should be present
* Downcased to match the realm case-insensitive comparison requirements
* @param idTokenClaims
* @returns
*/
export declare function getTenantIdFromIdTokenClaims(idTokenClaims?: TokenClaims): string | null;
//# sourceMappingURL=TokenClaims.d.ts.map

@@ -248,4 +248,8 @@ import { AuthorityType } from "./AuthorityType";

}
/**
* Extract tenantId from authority
*/
export declare function getTenantFromAuthorityString(authority: string): string | undefined;
export declare function formatAuthorityUri(authorityUri: string): string;
export declare function buildStaticAuthorityOptions(authOptions: Partial<AuthorityOptions>): StaticAuthorityOptions;
//# sourceMappingURL=Authority.d.ts.map

@@ -0,0 +0,0 @@ import { Authority } from "./Authority";

@@ -0,0 +0,0 @@ import { Logger } from "../logger/Logger";

@@ -0,0 +0,0 @@ import { ProtocolMode } from "./ProtocolMode";

export type AzureRegion = string;
//# sourceMappingURL=AzureRegion.d.ts.map

@@ -0,0 +0,0 @@ import { AzureRegion } from "./AzureRegion";

@@ -0,0 +0,0 @@ export type CloudDiscoveryMetadata = {

@@ -0,0 +0,0 @@ import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata";

@@ -0,0 +0,0 @@ export type ImdsOptions = {

@@ -0,0 +0,0 @@ import { ServerResponseType } from "../utils/Constants";

@@ -0,0 +0,0 @@ import { INetworkModule } from "../network/INetworkModule";

@@ -0,0 +0,0 @@ import { RegionDiscoveryOutcomes, RegionDiscoverySources } from "../utils/Constants";

@@ -0,0 +0,0 @@ /// <reference types="node" />

@@ -33,4 +33,8 @@ import { AccountFilter, CredentialFilter, ValidCredentialType, AppMetadataFilter, AppMetadataCache, TokenKeys } from "./utils/CacheTypes";

*/
abstract getAccount(accountKey: string): AccountEntity | null;
abstract getAccount(accountKey: string, logger?: Logger): AccountEntity | null;
/**
* Returns deserialized account if found in the cache, otherwiser returns null
*/
abstract getCachedAccountEntity(accountKey: string): AccountEntity | null;
/**
* set account entity in the platform cache

@@ -41,2 +45,6 @@ * @param account

/**
* remove account entity from the platform cache if it's outdated
*/
abstract removeOutdatedAccount(accountKey: string): void;
/**
* fetch the idToken entity from the platform cache

@@ -155,3 +163,3 @@ * @param idTokenKey

/**
* Gets accountInfo object based on provided filters
* Gets first tenanted AccountInfo object found based on provided filters
*/

@@ -165,5 +173,16 @@ getAccountInfoFilteredBy(accountFilter: AccountFilter): AccountInfo | null;

getBaseAccountInfo(accountFilter: AccountFilter): AccountInfo | null;
private getAccountInfoFromEntity;
private idTokenClaimsMatchAccountFilter;
/**
* Matches filtered account entities with cached ID tokens that match the tenant profile-specific account filters
* and builds the account info objects from the matching ID token's claims
* @param cachedAccounts
* @param accountFilter
* @returns Array of AccountInfo objects that match account and tenant profile filters
*/
private buildTenantProfiles;
private getAccountInfoForTenantProfiles;
private getTenantedAccountInfoByFilter;
private getTenantProfilesFromAccountEntity;
private tenantProfileMatchesFilter;
private idTokenClaimsMatchTenantProfileFilter;
/**
* saves a cache record

@@ -179,3 +198,3 @@ * @param cacheRecord

/**
* Retrieve accounts matching all provided filters; if no filter is set, get all accounts
* Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache
* Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared

@@ -236,2 +255,11 @@ * @param accountFilter - An object containing Account properties to filter by

/**
* Migrates a single-tenant account and all it's associated alternate cross-tenant account objects in the
* cache into a condensed multi-tenant account object with tenant profiles.
* @param accountKey
* @param accountEntity
* @param logger
* @returns
*/
protected updateOutdatedCachedAccount(accountKey: string, accountEntity: AccountEntity | null, logger?: Logger): AccountEntity | null;
/**
* returns a boolean if the given credential is removed

@@ -263,6 +291,7 @@ * @param credential

* @param tokenKeys {?TokenKeys}
* @param targetRealm {?string}
* @param performanceClient {?IPerformanceClient}
* @param correlationId {?string}
*/
getIdToken(account: AccountInfo, tokenKeys?: TokenKeys, performanceClient?: IPerformanceClient, correlationId?: string): IdTokenEntity | null;
getIdToken(account: AccountInfo, tokenKeys?: TokenKeys, targetRealm?: string, performanceClient?: IPerformanceClient, correlationId?: string): IdTokenEntity | null;
/**

@@ -273,3 +302,3 @@ * Gets all idTokens matching the given filter

*/
getIdTokensByFilter(filter: CredentialFilter, tokenKeys?: TokenKeys): IdTokenEntity[];
getIdTokensByFilter(filter: CredentialFilter, tokenKeys?: TokenKeys): Map<string, IdTokenEntity>;
/**

@@ -300,3 +329,3 @@ * Validate the cache key against filter before retrieving and parsing cache value

*/
getAccessToken(account: AccountInfo, request: BaseAuthRequest, tokenKeys?: TokenKeys, performanceClient?: IPerformanceClient, correlationId?: string): AccessTokenEntity | null;
getAccessToken(account: AccountInfo, request: BaseAuthRequest, tokenKeys?: TokenKeys, targetRealm?: string, performanceClient?: IPerformanceClient, correlationId?: string): AccessTokenEntity | null;
/**

@@ -353,4 +382,12 @@ * Validate the cache key against filter before retrieving and parsing cache value

*/
private matchLocalAccountId;
private matchLocalAccountIdFromTokenClaims;
private matchLocalAccountIdFromTenantProfile;
/**
* helper to match names
* @param entity
* @param name
* @returns true if the downcased name properties are present and match in the filter and the entity
*/
private matchName;
/**
* helper to match usernames

@@ -363,9 +400,2 @@ * @param entity

/**
* helper to match names
* @param entity
* @param name
* @returns true if the downcased name properties are present and match in the filter and the entity
*/
private matchName;
/**
* helper to match assertion

@@ -422,6 +452,6 @@ * @param value

*/
private matchLoginHint;
private matchLoginHintFromTokenClaims;
/**
* Helper to match sid
* @param idTokenClaims
* @param entity
* @param sid

@@ -475,2 +505,3 @@ * @returns true if the sid claim is present and matches the filter

getAccount(): AccountEntity;
getCachedAccountEntity(): AccountEntity | null;
setIdTokenCredential(): void;

@@ -498,3 +529,4 @@ getIdTokenCredential(): IdTokenEntity;

updateCredentialCacheKey(): string;
removeOutdatedAccount(): void;
}
//# sourceMappingURL=CacheManager.d.ts.map

@@ -0,0 +0,0 @@ import { CredentialEntity } from "./CredentialEntity";

import { Authority } from "../../authority/Authority";
import { ICrypto } from "../../crypto/ICrypto";
import { AccountInfo } from "../../account/AccountInfo";
import { AccountInfo, TenantProfile } from "../../account/AccountInfo";
import { AuthorityType } from "../../authority/AuthorityType";

@@ -25,4 +25,4 @@ import { Logger } from "../../logger/Logger";

* lastModificationApp:
* idTokenClaims: Object containing claims parsed from ID token
* nativeAccountId: Account identifier on the native device
* tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
* }

@@ -44,4 +44,4 @@ * @internal

msGraphHost?: string;
idTokenClaims?: TokenClaims;
nativeAccountId?: string;
tenantProfiles?: Array<TenantProfile>;
/**

@@ -60,2 +60,6 @@ * Generate Account Id key component as per the schema: <home_account_id>-<environment>

/**
* Returns true if the account entity is in single tenant format (outdated), false otherwise
*/
isSingleTenant(): boolean;
/**
* Generates account key from interface

@@ -77,3 +81,4 @@ * @param accountInterface

nativeAccountId?: string;
}, authority: Authority): AccountEntity;
tenantProfiles?: Array<TenantProfile>;
}, authority: Authority, base64Decode?: (input: string) => string): AccountEntity;
/**

@@ -80,0 +85,0 @@ * Creates an AccountEntity object from AccountInfo

@@ -0,0 +0,0 @@ import { CloudDiscoveryMetadata } from "../../authority/CloudDiscoveryMetadata";

@@ -0,0 +0,0 @@ import { IdTokenEntity } from "./IdTokenEntity";

@@ -0,0 +0,0 @@ import { CredentialType, AuthenticationScheme } from "../../utils/Constants";

@@ -0,0 +0,0 @@ import { CredentialEntity } from "./CredentialEntity";

@@ -5,5 +5,3 @@ import { CredentialEntity } from "./CredentialEntity";

*/
export type RefreshTokenEntity = CredentialEntity & {
expiresOn?: string;
};
export type RefreshTokenEntity = CredentialEntity;
//# sourceMappingURL=RefreshTokenEntity.d.ts.map

@@ -0,0 +0,0 @@ export type ServerTelemetryEntity = {

@@ -0,0 +0,0 @@ export declare class ThrottlingEntity {

@@ -0,0 +0,0 @@ import { AccountFilter } from "../utils/CacheTypes";

@@ -0,0 +0,0 @@ import { TokenCacheContext } from "../persistence/TokenCacheContext";

@@ -0,0 +0,0 @@ export interface ISerializableTokenCache {

@@ -0,0 +0,0 @@ import { ISerializableTokenCache } from "../interface/ISerializableTokenCache";

@@ -42,3 +42,3 @@ import { AuthenticationScheme } from "../../utils/Constants";

*/
export declare function createRefreshTokenEntity(homeAccountId: string, environment: string, refreshToken: string, clientId: string, familyId?: string, userAssertionHash?: string, expiresOn?: string): RefreshTokenEntity;
export declare function createRefreshTokenEntity(homeAccountId: string, environment: string, refreshToken: string, clientId: string, familyId?: string, userAssertionHash?: string): RefreshTokenEntity;
export declare function isCredentialEntity(entity: object): boolean;

@@ -45,0 +45,0 @@ /**

@@ -39,3 +39,5 @@ import { AccountEntity } from "../entities/AccountEntity";

sid?: string;
isHomeTenant?: boolean;
};
export type TenantProfileFilter = Pick<AccountFilter, "localAccountId" | "loginHint" | "name" | "sid" | "isHomeTenant" | "username">;
/**

@@ -42,0 +44,0 @@ * Credential: <home_account_id*>-<environment>-<credential_type>-<client_id>-<realm*>-<target*>-<scheme*>

@@ -0,0 +0,0 @@ import { BaseClient } from "./BaseClient";

@@ -0,0 +0,0 @@ import { ClientConfiguration, CommonClientConfiguration } from "../config/ClientConfiguration";

@@ -0,0 +0,0 @@ import { ClientConfiguration } from "../config/ClientConfiguration";

@@ -0,0 +0,0 @@ import { BaseClient } from "./BaseClient";

@@ -0,0 +0,0 @@ import { INetworkModule } from "../network/INetworkModule";

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "../request/BaseAuthRequest";

@@ -0,0 +0,0 @@ export interface IGuidGenerator {

@@ -0,0 +0,0 @@ import { JsonWebTokenTypes } from "../utils/Constants";

@@ -0,0 +0,0 @@ import { ICrypto, SignedHttpRequestParameters } from "./ICrypto";

@@ -0,0 +0,0 @@ import { JoseHeaderOptions } from "./JoseHeader";

@@ -0,0 +0,0 @@ import * as AuthErrorCodes from "./AuthErrorCodes";

@@ -0,0 +0,0 @@ /**

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

@@ -0,0 +0,0 @@ export declare const clientInfoDecodingError = "client_info_decoding_error";

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

@@ -0,0 +0,0 @@ export declare const redirectUriEmpty = "redirect_uri_empty";

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

export declare const noTokensFound = "no_tokens_found";
export declare const nativeAccountUnavailable = "native_account_unavailable";
export declare const refreshTokenExpired = "refresh_token_expired";
export declare const interactionRequired = "interaction_required";

@@ -5,0 +4,0 @@ export declare const consentRequired = "consent_required";

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

export declare const missingKidError = "missing_kid_error";
export declare const missingAlgError = "missing_alg_error";
//# sourceMappingURL=JoseHeaderErrorCodes.d.ts.map

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

@@ -12,5 +12,5 @@ /**

export { ClientConfiguration } from "./config/ClientConfiguration";
export { AccountInfo, ActiveAccountFilters } from "./account/AccountInfo";
export { AccountInfo, ActiveAccountFilters, TenantProfile, updateAccountTenantProfileData, tenantIdMatchesHomeTenant, buildTenantProfileFromIdTokenClaims, } from "./account/AccountInfo";
export * as AuthToken from "./account/AuthToken";
export { TokenClaims } from "./account/TokenClaims";
export { TokenClaims, getTenantIdFromIdTokenClaims, } from "./account/TokenClaims";
export { TokenClaims as IdTokenClaims } from "./account/TokenClaims";

@@ -75,3 +75,3 @@ export { CcsCredential, CcsCredentialType } from "./account/CcsCredential";

export { DeviceCodeResponse, ServerDeviceCodeResponse, } from "./response/DeviceCodeResponse";
export { ResponseHandler } from "./response/ResponseHandler";
export { ResponseHandler, buildAccountToCache, } from "./response/ResponseHandler";
export { ScopeSet } from "./request/ScopeSet";

@@ -85,3 +85,4 @@ export { AuthenticationHeaderParser } from "./request/AuthenticationHeaderParser";

export { ClientConfigurationError, ClientConfigurationErrorMessage, ClientConfigurationErrorCodes, createClientConfigurationError, } from "./error/ClientConfigurationError";
export { Constants, OIDC_DEFAULT_SCOPES, PromptValue, PersistentCacheKeys, ServerResponseType, ResponseMode, CacheOutcome, CredentialType, CacheType, CacheAccountType, AuthenticationScheme, CodeChallengeMethodValues, SSOTypes, PasswordGrantConstants, ThrottlingConstants, ClaimsRequestKeys, HeaderNames, AADServerParamKeys, Errors, THE_FAMILY_ID, ONE_DAY_IN_MS, GrantType, AADAuthorityConstants, HttpStatus, JsonWebTokenTypes, } from "./utils/Constants";
export { Constants, OIDC_DEFAULT_SCOPES, PromptValue, PersistentCacheKeys, ServerResponseType, ResponseMode, CacheOutcome, CredentialType, CacheType, CacheAccountType, AuthenticationScheme, CodeChallengeMethodValues, PasswordGrantConstants, ThrottlingConstants, ClaimsRequestKeys, HeaderNames, Errors, THE_FAMILY_ID, ONE_DAY_IN_MS, GrantType, AADAuthorityConstants, HttpStatus, JsonWebTokenTypes, } from "./utils/Constants";
export * as AADServerParamKeys from "./constants/AADServerParamKeys";
export { StringUtils } from "./utils/StringUtils";

@@ -88,0 +89,0 @@ export { StringDict } from "./utils/MsalTypes";

@@ -0,0 +0,0 @@ import { LoggerOptions } from "../config/ClientConfiguration";

@@ -0,0 +0,0 @@ import { NetworkResponse } from "./NetworkManager";

@@ -0,0 +0,0 @@ import { INetworkModule, NetworkRequestOptions } from "./INetworkModule";

@@ -0,0 +0,0 @@ import { ShrOptions } from "../crypto/SignedHttpRequest";

@@ -0,0 +0,0 @@ import { NetworkResponse } from "./NetworkManager";

export declare const name = "@azure/msal-common";
export declare const version = "14.4.1-beta.1";
export declare const version = "14.5.0";
//# sourceMappingURL=packageMetadata.d.ts.map

@@ -0,0 +0,0 @@ import { AuthenticationScheme } from "../utils/Constants";

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

@@ -0,0 +0,0 @@ import { ResponseMode } from "../utils/Constants";

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

@@ -0,0 +0,0 @@ import { DeviceCodeResponse } from "../response/DeviceCodeResponse";

@@ -0,0 +0,0 @@ import { AccountInfo } from "../account/AccountInfo";

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

@@ -18,3 +18,2 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

refreshToken: string;
expiresOn?: string;
ccsCredential?: CcsCredential;

@@ -21,0 +20,0 @@ forceCache?: boolean;

@@ -20,4 +20,3 @@ import { AccountInfo } from "../account/AccountInfo";

tokenBodyParameters?: StringDict;
enableRTExpiryCheck?: boolean;
};
//# sourceMappingURL=CommonSilentFlowRequest.d.ts.map

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

@@ -0,0 +0,0 @@ import { StringDict } from "../utils/MsalTypes";

@@ -0,0 +0,0 @@ export type NativeSignOutRequest = {

@@ -0,0 +0,0 @@ import { ResponseMode } from "../utils/Constants";

@@ -0,0 +0,0 @@ import { StringDict } from "../utils/MsalTypes";

@@ -0,0 +0,0 @@ /**

@@ -0,0 +0,0 @@ /**

@@ -0,0 +0,0 @@ import { AccountInfo } from "../account/AccountInfo";

@@ -0,0 +0,0 @@ import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse";

@@ -0,0 +0,0 @@ export type IMDSBadResponse = {

@@ -6,2 +6,3 @@ import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse";

import { AuthenticationResult } from "./AuthenticationResult";
import { AccountEntity } from "../cache/entities/AccountEntity";
import { Authority } from "../authority/Authority";

@@ -49,3 +50,3 @@ import { CacheRecord } from "../cache/entities/CacheRecord";

*/
handleServerTokenResponse(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, reqTimestamp: number, request: BaseAuthRequest, authCodePayload?: AuthorizationCodePayload, userAssertionHash?: string, handlingRefreshTokenResponse?: boolean, forceCacheRefreshTokenResponse?: boolean, serverRequestId?: string, rtExpiresOn?: string): Promise<AuthenticationResult>;
handleServerTokenResponse(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, reqTimestamp: number, request: BaseAuthRequest, authCodePayload?: AuthorizationCodePayload, userAssertionHash?: string, handlingRefreshTokenResponse?: boolean, forceCacheRefreshTokenResponse?: boolean, serverRequestId?: string): Promise<AuthenticationResult>;
/**

@@ -70,2 +71,3 @@ * Generates CacheRecord

}
export declare function buildAccountToCache(cacheStorage: CacheManager, authority: Authority, homeAccountId: string, idTokenClaims: TokenClaims, base64Decode: (input: string) => string, clientInfo?: string, claimsTenantId?: string | null, authCodePayload?: AuthorizationCodePayload, nativeAccountId?: string, logger?: Logger): AccountEntity;
//# sourceMappingURL=ResponseHandler.d.ts.map

@@ -0,0 +0,0 @@ import { AuthenticationScheme } from "../utils/Constants";

@@ -0,0 +0,0 @@ import { PerformanceEvent } from "./PerformanceEvent";

@@ -0,0 +0,0 @@ export interface IPerformanceMeasurement {

@@ -0,0 +0,0 @@ import { ApplicationTelemetry } from "../../config/ClientConfiguration";

@@ -0,0 +0,0 @@ import { IPerformanceClient, InProgressPerformanceEvent } from "./IPerformanceClient";

@@ -0,0 +0,0 @@ import { CacheOutcome } from "../../utils/Constants";

@@ -0,0 +0,0 @@ export type ServerTelemetryRequest = {

@@ -0,0 +0,0 @@ /**

@@ -0,0 +0,0 @@ import { IUri } from "./IUri";

@@ -91,56 +91,2 @@ export declare const Constants: {

/**
* Keys in the hashParams sent by AAD Server
*/
export declare const AADServerParamKeys: {
readonly CLIENT_ID: "client_id";
readonly REDIRECT_URI: "redirect_uri";
readonly RESPONSE_TYPE: "response_type";
readonly RESPONSE_MODE: "response_mode";
readonly GRANT_TYPE: "grant_type";
readonly CLAIMS: "claims";
readonly SCOPE: "scope";
readonly ERROR: "error";
readonly ERROR_DESCRIPTION: "error_description";
readonly ACCESS_TOKEN: "access_token";
readonly ID_TOKEN: "id_token";
readonly REFRESH_TOKEN: "refresh_token";
readonly EXPIRES_IN: "expires_in";
readonly STATE: "state";
readonly NONCE: "nonce";
readonly PROMPT: "prompt";
readonly SESSION_STATE: "session_state";
readonly CLIENT_INFO: "client_info";
readonly CODE: "code";
readonly CODE_CHALLENGE: "code_challenge";
readonly CODE_CHALLENGE_METHOD: "code_challenge_method";
readonly CODE_VERIFIER: "code_verifier";
readonly CLIENT_REQUEST_ID: "client-request-id";
readonly X_CLIENT_SKU: "x-client-SKU";
readonly X_CLIENT_VER: "x-client-VER";
readonly X_CLIENT_OS: "x-client-OS";
readonly X_CLIENT_CPU: "x-client-CPU";
readonly X_CLIENT_CURR_TELEM: "x-client-current-telemetry";
readonly X_CLIENT_LAST_TELEM: "x-client-last-telemetry";
readonly X_MS_LIB_CAPABILITY: "x-ms-lib-capability";
readonly X_APP_NAME: "x-app-name";
readonly X_APP_VER: "x-app-ver";
readonly POST_LOGOUT_URI: "post_logout_redirect_uri";
readonly ID_TOKEN_HINT: "id_token_hint";
readonly DEVICE_CODE: "device_code";
readonly CLIENT_SECRET: "client_secret";
readonly CLIENT_ASSERTION: "client_assertion";
readonly CLIENT_ASSERTION_TYPE: "client_assertion_type";
readonly TOKEN_TYPE: "token_type";
readonly REQ_CNF: "req_cnf";
readonly OBO_ASSERTION: "assertion";
readonly REQUESTED_TOKEN_USE: "requested_token_use";
readonly ON_BEHALF_OF: "on_behalf_of";
readonly FOCI: "foci";
readonly CCS_HEADER: "X-AnchorMailbox";
readonly RETURN_SPA_CODE: "return_spa_code";
readonly NATIVE_BROKER: "nativebroker";
readonly LOGOUT_HINT: "logout_hint";
};
export type AADServerParamKeys = (typeof AADServerParamKeys)[keyof typeof AADServerParamKeys];
/**
* Claims request keys

@@ -167,17 +113,2 @@ */

/**
* SSO Types - generated to populate hints
*/
export declare const SSOTypes: {
readonly ACCOUNT: "account";
readonly SID: "sid";
readonly LOGIN_HINT: "login_hint";
readonly ID_TOKEN: "id_token";
readonly DOMAIN_HINT: "domain_hint";
readonly ORGANIZATIONS: "organizations";
readonly CONSUMERS: "consumers";
readonly ACCOUNT_ID: "accountIdentifier";
readonly HOMEACCOUNT_ID: "homeAccountIdentifier";
};
export type SSOTypes = (typeof SSOTypes)[keyof typeof SSOTypes];
/**
* allowed values for codeVerifier

@@ -184,0 +115,0 @@ */

@@ -0,0 +0,0 @@ import { Logger } from "../logger/Logger";

@@ -0,0 +0,0 @@ /**

@@ -0,0 +0,0 @@ import { ICrypto } from "../crypto/ICrypto";

@@ -0,0 +0,0 @@ /**

@@ -0,0 +0,0 @@ /**

@@ -0,0 +0,0 @@ import { ServerAuthorizationCodeResponse } from "../response/ServerAuthorizationCodeResponse";

{
"name": "@azure/msal-common",
"author": {
"name": "Microsoft",
"email": "nugetaad@microsoft.com",
"url": "https://www.microsoft.com"
"name": "@azure/msal-common",
"author": {
"name": "Microsoft",
"email": "nugetaad@microsoft.com",
"url": "https://www.microsoft.com"
},
"license": "MIT",
"repository": {
"type": "git",
"url": "https://github.com/AzureAD/microsoft-authentication-library-for-js.git"
},
"version": "14.5.0",
"description": "Microsoft Authentication Library for js",
"keywords": [
"implicit",
"authorization code",
"PKCE",
"js",
"AAD",
"msal",
"oauth"
],
"sideEffects": false,
"module": "./dist/index.mjs",
"types": "./dist/index.d.ts",
"exports": {
".": {
"types": "./dist/index.d.ts",
"module": "./dist/index.mjs",
"import": "./dist/index.mjs",
"require": "./dist/index.cjs",
"default": "./dist/index.mjs"
},
"license": "MIT",
"repository": {
"type": "git",
"url": "https://github.com/AzureAD/microsoft-authentication-library-for-js.git"
},
"version": "14.4.1-beta.1",
"description": "Microsoft Authentication Library for js",
"keywords": [
"implicit",
"authorization code",
"PKCE",
"js",
"AAD",
"msal",
"oauth"
],
"sideEffects": false,
"module": "./dist/index.mjs",
"types": "./dist/index.d.ts",
"exports": {
".": {
"types": "./dist/index.d.ts",
"module": "./dist/index.mjs",
"import": "./dist/index.mjs",
"require": "./dist/index.cjs",
"default": "./dist/index.mjs"
},
"./package.json": "./package.json"
},
"engines": {
"node": ">=0.8.0"
},
"directories": {
"test": "test"
},
"files": [
"dist",
"src"
],
"scripts": {
"clean": "shx rm -rf dist lib",
"clean:coverage": "rimraf ../../.nyc_output/*",
"lint": "eslint src --ext .ts",
"lint:fix": "npm run lint -- --fix",
"test": "jest",
"test:coverage": "jest --coverage",
"test:coverage:only": "npm run clean:coverage && npm run test:coverage",
"build:modules": "rollup -c --strictDeprecations --bundleConfigAsCjs",
"build:modules:watch": "rollup -cw --bundleConfigAsCjs",
"build": "npm run clean && npm run build:modules",
"build:all": "npm run build",
"prepack": "npm run build",
"metadata:check": "ts-node scripts/metadata.ts",
"format:check": "npx prettier --ignore-path .gitignore --check src test",
"format:fix": "npx prettier --ignore-path .gitignore --write src test"
},
"beachball": {
"disallowedChangeTypes": [
"major"
]
},
"devDependencies": {
"@babel/core": "^7.7.2",
"@babel/plugin-proposal-class-properties": "^7.7.0",
"@babel/plugin-proposal-object-rest-spread": "^7.6.2",
"@babel/preset-env": "^7.7.1",
"@babel/preset-typescript": "^7.7.2",
"@rollup/plugin-typescript": "^11.0.0",
"@types/debug": "^4.1.5",
"@types/jest": "^29.5.0",
"@types/lodash": "^4.14.182",
"@types/node": "^20.3.1",
"@types/sinon": "^7.5.0",
"eslint-config-msal": "^0.0.0",
"jest": "^29.5.0",
"lodash": "^4.17.21",
"prettier": "2.8.7",
"rimraf": "^3.0.2",
"rollup": "^3.14.0",
"shx": "^0.3.2",
"sinon": "^7.5.0",
"ts-jest": "^29.1.0",
"ts-node": "^10.9.1",
"tslib": "^1.10.0",
"typescript": "^4.9.5",
"yargs": "^17.5.1"
}
"./package.json": "./package.json"
},
"engines": {
"node": ">=0.8.0"
},
"directories": {
"test": "test"
},
"files": [
"dist",
"src"
],
"scripts": {
"clean": "shx rm -rf dist lib",
"clean:coverage": "rimraf ../../.nyc_output/*",
"lint": "eslint src --ext .ts",
"lint:fix": "npm run lint -- --fix",
"test": "jest",
"test:coverage": "jest --coverage",
"test:coverage:only": "npm run clean:coverage && npm run test:coverage",
"build:modules": "rollup -c --strictDeprecations --bundleConfigAsCjs",
"build:modules:watch": "rollup -cw --bundleConfigAsCjs",
"build": "npm run clean && npm run build:modules",
"build:all": "npm run build",
"prepack": "npm run build",
"metadata:check": "ts-node scripts/metadata.ts",
"format:check": "npx prettier --ignore-path .gitignore --check src test",
"format:fix": "npx prettier --ignore-path .gitignore --write src test"
},
"beachball": {
"disallowedChangeTypes": [
"major"
]
},
"devDependencies": {
"@babel/core": "^7.7.2",
"@babel/plugin-proposal-class-properties": "^7.7.0",
"@babel/plugin-proposal-object-rest-spread": "^7.6.2",
"@babel/preset-env": "^7.7.1",
"@babel/preset-typescript": "^7.7.2",
"@rollup/plugin-typescript": "^11.0.0",
"@types/debug": "^4.1.5",
"@types/jest": "^29.5.0",
"@types/lodash": "^4.14.182",
"@types/node": "^20.3.1",
"@types/sinon": "^7.5.0",
"eslint-config-msal": "^0.0.0",
"msal-test-utils": "^0.0.1",
"jest": "^29.5.0",
"lodash": "^4.17.21",
"prettier": "2.8.7",
"rimraf": "^3.0.2",
"rollup": "^3.14.0",
"shx": "^0.3.2",
"sinon": "^7.5.0",
"ts-jest": "^29.1.0",
"ts-node": "^10.9.1",
"tslib": "^1.10.0",
"typescript": "^4.9.5",
"yargs": "^17.5.1"
}
}

@@ -18,2 +18,3 @@ /*

* - nativeAccountId - The user's native account ID
* - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
*/

@@ -39,7 +40,102 @@ export type AccountInfo = {

authorityType?: string;
tenantProfiles?: Map<string, TenantProfile>;
};
/**
* Account details that vary across tenants for the same user
*/
export type TenantProfile = Pick<
AccountInfo,
"tenantId" | "localAccountId" | "name"
> & {
/**
* - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
*/
isHomeTenant?: boolean;
};
export type ActiveAccountFilters = {
homeAccountId: string;
localAccountId: string;
tenantId?: string;
};
/**
* Returns true if tenantId matches the utid portion of homeAccountId
* @param tenantId
* @param homeAccountId
* @returns
*/
export function tenantIdMatchesHomeTenant(
tenantId?: string,
homeAccountId?: string
): boolean {
return (
!!tenantId &&
!!homeAccountId &&
tenantId === homeAccountId.split(".")[1]
);
}
export function buildTenantProfileFromIdTokenClaims(
homeAccountId: string,
idTokenClaims: TokenClaims
): TenantProfile {
const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
/**
* Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
* tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
* tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
* acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
*/
const tenantId = tid || tfp || acr || "";
return {
tenantId: tenantId,
localAccountId: oid || sub || "",
name: name,
isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
};
}
/**
* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
* @param baseAccountInfo
* @param idTokenClaims
* @returns
*/
export function updateAccountTenantProfileData(
baseAccountInfo: AccountInfo,
tenantProfile?: TenantProfile,
idTokenClaims?: TokenClaims
): AccountInfo {
let updatedAccountInfo = baseAccountInfo;
// Tenant Profile overrides passed in account info
if (tenantProfile) {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
}
// ID token claims override passed in account info and tenant profile
if (idTokenClaims) {
// Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { isHomeTenant, ...claimsSourcedTenantProfile } =
buildTenantProfileFromIdTokenClaims(
baseAccountInfo.homeAccountId,
idTokenClaims
);
updatedAccountInfo = {
...updatedAccountInfo,
...claimsSourcedTenantProfile,
idTokenClaims: idTokenClaims,
};
return updatedAccountInfo;
}
return updatedAccountInfo;
}

@@ -10,3 +10,2 @@ /*

} from "../error/ClientAuthError";
import { ICrypto } from "../crypto/ICrypto";
import { Separators, Constants } from "../utils/Constants";

@@ -29,3 +28,3 @@

rawClientInfo: string,
crypto: ICrypto
base64Decode: (input: string) => string
): ClientInfo {

@@ -37,3 +36,3 @@ if (!rawClientInfo) {

try {
const decodedClientInfo: string = crypto.base64Decode(rawClientInfo);
const decodedClientInfo: string = base64Decode(rawClientInfo);
return JSON.parse(decodedClientInfo) as ClientInfo;

@@ -40,0 +39,0 @@ } catch (e) {

@@ -38,2 +38,10 @@ /*

tid?: string;
/**
* Trusted Framework Policy (B2C) The name of the policy that was used to acquire the ID token.
*/
tfp?: string;
/**
* Authentication Context Class Reference (B2C) Used only with older policies.
*/
acr?: string;
ver?: string;

@@ -72,1 +80,21 @@ upn?: string;

};
/**
* Gets tenantId from available ID token claims to set as credential realm with the following precedence:
* 1. tid - if the token is acquired from an Azure AD tenant tid will be present
* 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present
* 3. acr - if the token is acquired from a legacy B2C tenant acr should be present
* Downcased to match the realm case-insensitive comparison requirements
* @param idTokenClaims
* @returns
*/
export function getTenantIdFromIdTokenClaims(
idTokenClaims?: TokenClaims
): string | null {
if (idTokenClaims) {
const tenantId =
idTokenClaims.tid || idTokenClaims.tfp || idTokenClaims.acr;
return tenantId || null;
}
return null;
}

@@ -1069,8 +1069,8 @@ /*

return (
authority &&
UrlString.getDomainFromUrl(authority).toLowerCase() ===
this.hostnameAndPort
this.hostnameAndPort
);
}
);
return matches.length > 0;

@@ -1257,2 +1257,29 @@ }

/**
* Extract tenantId from authority
*/
export function getTenantFromAuthorityString(
authority: string
): string | undefined {
const authorityUrl = new UrlString(authority);
const authorityUrlComponents = authorityUrl.getUrlComponents();
/**
* For credential matching purposes, tenantId is the last path segment of the authority URL:
* AAD Authority - domain/tenantId -> Credentials are cached with realm = tenantId
* B2C Authority - domain/{tenantId}?/.../policy -> Credentials are cached with realm = policy
* tenantId is downcased because B2C policies can have mixed case but tfp claim is downcased
*/
const tenantId =
authorityUrlComponents.PathSegments.slice(-1)[0].toLowerCase();
switch (tenantId) {
case AADAuthorityConstants.COMMON:
case AADAuthorityConstants.ORGANIZATIONS:
case AADAuthorityConstants.CONSUMERS:
return undefined;
default:
return tenantId;
}
}
export function formatAuthorityUri(authorityUri: string): string {

@@ -1259,0 +1286,0 @@ return authorityUri.endsWith(Constants.FORWARD_SLASH)

@@ -6,8 +6,12 @@ /*

import { Separators, CacheAccountType, Constants } from "../../utils/Constants";
import { CacheAccountType, Separators } from "../../utils/Constants";
import { Authority } from "../../authority/Authority";
import { ICrypto } from "../../crypto/ICrypto";
import { buildClientInfo } from "../../account/ClientInfo";
import { AccountInfo } from "../../account/AccountInfo";
import { ClientInfo, buildClientInfo } from "../../account/ClientInfo";
import {
AccountInfo,
TenantProfile,
buildTenantProfileFromIdTokenClaims,
} from "../../account/AccountInfo";
import {
createClientAuthError,

@@ -18,3 +22,6 @@ ClientAuthErrorCodes,

import { Logger } from "../../logger/Logger";
import { TokenClaims } from "../../account/TokenClaims";
import {
TokenClaims,
getTenantIdFromIdTokenClaims,
} from "../../account/TokenClaims";
import { ProtocolMode } from "../../authority/ProtocolMode";

@@ -40,4 +47,4 @@

* lastModificationApp:
* idTokenClaims: Object containing claims parsed from ID token
* nativeAccountId: Account identifier on the native device
* tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
* }

@@ -59,4 +66,4 @@ * @internal

msGraphHost?: string;
idTokenClaims?: TokenClaims;
nativeAccountId?: string;
tenantProfiles?: Array<TenantProfile>;

@@ -95,5 +102,10 @@ /**

name: this.name,
idTokenClaims: this.idTokenClaims,
nativeAccountId: this.nativeAccountId,
authorityType: this.authorityType,
// Deserialize tenant profiles array into a Map
tenantProfiles: new Map(
(this.tenantProfiles || []).map((tenantProfile) => {
return [tenantProfile.tenantId, tenantProfile];
})
),
};

@@ -103,2 +115,9 @@ }

/**
* Returns true if the account entity is in single tenant format (outdated), false otherwise
*/
isSingleTenant(): boolean {
return !this.tenantProfiles;
}
/**
* Generates account key from interface

@@ -108,6 +127,7 @@ * @param accountInterface

static generateAccountCacheKey(accountInterface: AccountInfo): string {
const homeTenantId = accountInterface.homeAccountId.split(".")[1];
const accountKey = [
accountInterface.homeAccountId,
accountInterface.environment || Constants.EMPTY_STRING,
accountInterface.tenantId || Constants.EMPTY_STRING,
accountInterface.environment || "",
homeTenantId || accountInterface.tenantId || "",
];

@@ -131,4 +151,6 @@

nativeAccountId?: string;
tenantProfiles?: Array<TenantProfile>;
},
authority: Authority
authority: Authority,
base64Decode?: (input: string) => string
): AccountEntity {

@@ -145,2 +167,11 @@ const account: AccountEntity = new AccountEntity();

let clientInfo: ClientInfo | undefined;
if (accountDetails.clientInfo && base64Decode) {
clientInfo = buildClientInfo(
accountDetails.clientInfo,
base64Decode
);
}
account.clientInfo = accountDetails.clientInfo;

@@ -163,9 +194,12 @@ account.homeAccountId = accountDetails.homeAccountId;

account.realm =
accountDetails.idTokenClaims.tid || Constants.EMPTY_STRING;
clientInfo?.utid ||
getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
"";
// How do you account for MSA CID here?
account.localAccountId =
clientInfo?.uid ||
accountDetails.idTokenClaims.oid ||
accountDetails.idTokenClaims.sub ||
Constants.EMPTY_STRING;
"";

@@ -184,3 +218,3 @@ /*

account.username = preferredUsername || email || Constants.EMPTY_STRING;
account.username = preferredUsername || email || "";
account.name = accountDetails.idTokenClaims.name;

@@ -191,2 +225,16 @@

if (accountDetails.tenantProfiles) {
account.tenantProfiles = accountDetails.tenantProfiles;
} else {
const tenantProfiles = [];
if (accountDetails.idTokenClaims) {
const tenantProfile = buildTenantProfileFromIdTokenClaims(
accountDetails.homeAccountId,
accountDetails.idTokenClaims
);
tenantProfiles.push(tenantProfile);
}
account.tenantProfiles = tenantProfiles;
}
return account;

@@ -223,2 +271,6 @@ }

account.msGraphHost = msGraphHost;
// Serialize tenant profiles map into an array
account.tenantProfiles = Array.from(
accountInfo.tenantProfiles?.values() || []
);

@@ -240,27 +292,26 @@ return account;

): string {
const accountId = idTokenClaims?.sub
? idTokenClaims.sub
: Constants.EMPTY_STRING;
// since ADFS does not have tid and does not set client_info
// since ADFS/DSTS do not have tid and does not set client_info
if (
authType === AuthorityType.Adfs ||
authType === AuthorityType.Dsts
!(
authType === AuthorityType.Adfs ||
authType === AuthorityType.Dsts
)
) {
return accountId;
// for cases where there is clientInfo
if (serverClientInfo) {
try {
const clientInfo = buildClientInfo(
serverClientInfo,
cryptoObj.base64Decode
);
if (clientInfo.uid && clientInfo.utid) {
return `${clientInfo.uid}.${clientInfo.utid}`;
}
} catch (e) {}
}
logger.warning("No client info in response");
}
// for cases where there is clientInfo
if (serverClientInfo) {
try {
const clientInfo = buildClientInfo(serverClientInfo, cryptoObj);
if (clientInfo.uid && clientInfo.utid) {
return `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`;
}
} catch (e) {}
}
// default to "sub" claim
logger.verbose("No client info in response");
return accountId;
return idTokenClaims?.sub || "";
}

@@ -267,0 +318,0 @@

@@ -11,4 +11,2 @@ /*

*/
export type RefreshTokenEntity = CredentialEntity & {
expiresOn?: string;
};
export type RefreshTokenEntity = CredentialEntity;

@@ -171,4 +171,3 @@ /*

familyId?: string,
userAssertionHash?: string,
expiresOn?: string
userAssertionHash?: string
): RefreshTokenEntity {

@@ -191,6 +190,2 @@ const rtEntity: RefreshTokenEntity = {

if (expiresOn) {
rtEntity.expiresOn = expiresOn;
}
return rtEntity;

@@ -197,0 +192,0 @@ }

@@ -63,4 +63,15 @@ /*

sid?: string;
isHomeTenant?: boolean;
};
export type TenantProfileFilter = Pick<
AccountFilter,
| "localAccountId"
| "loginHint"
| "name"
| "sid"
| "isHomeTenant"
| "username"
>;
/**

@@ -67,0 +78,0 @@ * Credential: <home_account_id*>-<environment>-<credential_type>-<client_id>-<realm*>-<target*>-<scheme*>

@@ -16,5 +16,5 @@ /*

Separators,
AADServerParamKeys,
HeaderNames,
} from "../utils/Constants";
import * as AADServerParamKeys from "../constants/AADServerParamKeys";
import {

@@ -165,4 +165,3 @@ ClientConfiguration,

undefined,
requestId,
(TimeUtils.nowSeconds() + 24 * 60 * 60).toString()
requestId
);

@@ -260,3 +259,3 @@ }

request.clientInfo,
this.cryptoUtils
this.cryptoUtils.base64Decode
);

@@ -428,3 +427,3 @@ ccsCredential = {

request.clientInfo,
this.cryptoUtils
this.cryptoUtils.base64Decode
);

@@ -431,0 +430,0 @@ ccsCred = {

@@ -20,4 +20,4 @@ /*

HeaderNames,
AADServerParamKeys,
} from "../utils/Constants";
import * as AADServerParamKeys from "../constants/AADServerParamKeys";
import { ResponseHandler } from "../response/ResponseHandler";

@@ -106,4 +106,3 @@ import { AuthenticationResult } from "../response/AuthenticationResult";

request.forceCache,
requestId,
request.expiresOn
requestId
);

@@ -146,3 +145,3 @@ }

try {
return invokeAsync(
return await invokeAsync(
this.acquireTokenWithCachedRefreshToken.bind(this),

@@ -222,12 +221,2 @@ PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken,

}
if (
request.enableRTExpiryCheck &&
refreshToken.expiresOn &&
Number(refreshToken.expiresOn) < TimeUtils.nowSeconds() + 5 * 60
) {
throw createInteractionRequiredAuthError(
InteractionRequiredAuthErrorCodes.refreshTokenExpired
);
}
// attach cached RT size to the current measurement

@@ -244,3 +233,2 @@

},
expiresOn: refreshToken.expiresOn,
};

@@ -247,0 +235,0 @@

@@ -234,3 +234,3 @@ /*

return await ResponseHandler.generateAuthenticationResult(
return ResponseHandler.generateAuthenticationResult(
this.cryptoUtils,

@@ -237,0 +237,0 @@ this.authority,

@@ -143,3 +143,3 @@ /*

const resourceUrlComponents = resourceUrlString?.getUrlComponents();
return await this.cryptoUtils.signJwt(
return this.cryptoUtils.signJwt(
{

@@ -146,0 +146,0 @@ at: payload,

@@ -31,4 +31,2 @@ /*

"No refresh token found in the cache. Please sign-in.",
[InteractionRequiredAuthErrorCodes.refreshTokenExpired]:
"Refresh token has expired.",
[InteractionRequiredAuthErrorCodes.nativeAccountUnavailable]:

@@ -35,0 +33,0 @@ "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",

@@ -9,3 +9,2 @@ /*

export const nativeAccountUnavailable = "native_account_unavailable";
export const refreshTokenExpired = "refresh_token_expired";

@@ -12,0 +11,0 @@ // Codes potentially returned by server

@@ -31,5 +31,15 @@ /*

// Account
export { AccountInfo, ActiveAccountFilters } from "./account/AccountInfo";
export {
AccountInfo,
ActiveAccountFilters,
TenantProfile,
updateAccountTenantProfileData,
tenantIdMatchesHomeTenant,
buildTenantProfileFromIdTokenClaims,
} from "./account/AccountInfo";
export * as AuthToken from "./account/AuthToken";
export { TokenClaims } from "./account/TokenClaims";
export {
TokenClaims,
getTenantIdFromIdTokenClaims,
} from "./account/TokenClaims";
export { TokenClaims as IdTokenClaims } from "./account/TokenClaims";

@@ -140,3 +150,6 @@ export { CcsCredential, CcsCredentialType } from "./account/CcsCredential";

} from "./response/DeviceCodeResponse";
export { ResponseHandler } from "./response/ResponseHandler";
export {
ResponseHandler,
buildAccountToCache,
} from "./response/ResponseHandler";
export { ScopeSet } from "./request/ScopeSet";

@@ -186,3 +199,2 @@ export { AuthenticationHeaderParser } from "./request/AuthenticationHeaderParser";

CodeChallengeMethodValues,
SSOTypes,
PasswordGrantConstants,

@@ -192,3 +204,2 @@ ThrottlingConstants,

HeaderNames,
AADServerParamKeys,
Errors,

@@ -202,2 +213,3 @@ THE_FAMILY_ID,

} from "./utils/Constants";
export * as AADServerParamKeys from "./constants/AADServerParamKeys";
export { StringUtils } from "./utils/StringUtils";

@@ -204,0 +216,0 @@ export { StringDict } from "./utils/MsalTypes";

/* eslint-disable header/header */
export const name = "@azure/msal-common";
export const version = "14.4.1-beta.1";
export const version = "14.5.0";

@@ -24,3 +24,2 @@ /*

refreshToken: string;
expiresOn?: string;
ccsCredential?: CcsCredential;

@@ -27,0 +26,0 @@ forceCache?: boolean;

@@ -26,3 +26,2 @@ /*

tokenBodyParameters?: StringDict;
enableRTExpiryCheck?: boolean;
};

@@ -7,6 +7,4 @@ /*

import {
AADServerParamKeys,
Constants,
ResponseMode,
SSOTypes,
CLIENT_INFO,

@@ -20,2 +18,3 @@ AuthenticationScheme,

} from "../utils/Constants";
import * as AADServerParamKeys from "../constants/AADServerParamKeys";
import { ScopeSet } from "./ScopeSet";

@@ -166,3 +165,3 @@ import {

this.parameters.set(
SSOTypes.DOMAIN_HINT,
AADServerParamKeys.DOMAIN_HINT,
encodeURIComponent(domainHint)

@@ -177,3 +176,6 @@ );

addLoginHint(loginHint: string): void {
this.parameters.set(SSOTypes.LOGIN_HINT, encodeURIComponent(loginHint));
this.parameters.set(
AADServerParamKeys.LOGIN_HINT,
encodeURIComponent(loginHint)
);
}

@@ -208,3 +210,3 @@

addSid(sid: string): void {
this.parameters.set(SSOTypes.SID, encodeURIComponent(sid));
this.parameters.set(AADServerParamKeys.SID, encodeURIComponent(sid));
}

@@ -211,0 +213,0 @@

@@ -45,4 +45,11 @@ /*

import { checkMaxAge, extractTokenClaims } from "../account/AuthToken";
import { TokenClaims } from "../account/TokenClaims";
import { AccountInfo } from "../account/AccountInfo";
import {
TokenClaims,
getTenantIdFromIdTokenClaims,
} from "../account/TokenClaims";
import {
AccountInfo,
buildTenantProfileFromIdTokenClaims,
updateAccountTenantProfileData,
} from "../account/AccountInfo";
import * as CacheHelpers from "../cache/utils/CacheHelpers";

@@ -249,4 +256,3 @@

forceCacheRefreshTokenResponse?: boolean,
serverRequestId?: string,
rtExpiresOn?: string
serverRequestId?: string
): Promise<AuthenticationResult> {

@@ -317,4 +323,3 @@ this.performanceClient?.addQueueMeasurement(

userAssertionHash,
authCodePayload,
rtExpiresOn
authCodePayload
);

@@ -345,3 +350,3 @@ let cacheContext;

const key = cacheRecord.account.generateAccountKey();
const account = this.cacheStorage.getAccount(key);
const account = this.cacheStorage.getAccount(key, this.logger);
if (!account) {

@@ -351,3 +356,3 @@ this.logger.warning(

);
return ResponseHandler.generateAuthenticationResult(
return await ResponseHandler.generateAuthenticationResult(
this.cryptoObj,

@@ -381,2 +386,3 @@ authority,

}
return ResponseHandler.generateAuthenticationResult(

@@ -408,4 +414,3 @@ this.cryptoObj,

userAssertionHash?: string,
authCodePayload?: AuthorizationCodePayload,
rtExpiresOn?: string
authCodePayload?: AuthorizationCodePayload
): CacheRecord {

@@ -419,2 +424,4 @@ const env = authority.getPreferredCache();

const claimsTenantId = getTenantIdFromIdTokenClaims(idTokenClaims);
// IdToken: non AAD scenarios can have empty realm

@@ -429,14 +436,16 @@ let cachedIdToken: IdTokenEntity | undefined;

this.clientId,
idTokenClaims.tid || ""
claimsTenantId || ""
);
cachedAccount = AccountEntity.createAccount(
{
homeAccountId: this.homeAccountIdentifier,
idTokenClaims: idTokenClaims,
clientInfo: serverTokenResponse.client_info,
cloudGraphHostName: authCodePayload?.cloud_graph_host_name,
msGraphHost: authCodePayload?.msgraph_host,
},
authority
cachedAccount = buildAccountToCache(
this.cacheStorage,
authority,
this.homeAccountIdentifier,
idTokenClaims,
this.cryptoObj.base64Decode,
serverTokenResponse.client_info,
claimsTenantId,
authCodePayload,
undefined,
this.logger
);

@@ -483,3 +492,3 @@ }

this.clientId,
idTokenClaims?.tid || authority.tenant,
claimsTenantId || authority.tenant,
responseScopes.printScopes(),

@@ -507,4 +516,3 @@ tokenExpirationSeconds,

serverTokenResponse.foci,
userAssertionHash,
rtExpiresOn
userAssertionHash
);

@@ -614,6 +622,7 @@ }

const accountInfo: AccountInfo | null = cacheRecord.account
? {
...cacheRecord.account.getAccountInfo(),
idTokenClaims,
}
? updateAccountTenantProfileData(
cacheRecord.account.getAccountInfo(),
undefined, // tenantProfile optional
idTokenClaims
)
: null;

@@ -652,1 +661,60 @@

}
export function buildAccountToCache(
cacheStorage: CacheManager,
authority: Authority,
homeAccountId: string,
idTokenClaims: TokenClaims,
base64Decode: (input: string) => string,
clientInfo?: string,
claimsTenantId?: string | null,
authCodePayload?: AuthorizationCodePayload,
nativeAccountId?: string,
logger?: Logger
): AccountEntity {
logger?.verbose("setCachedAccount called");
// Check if base account is already cached
const accountKeys = cacheStorage.getAccountKeys();
const baseAccountKey = accountKeys.find((accountKey: string) => {
return accountKey.startsWith(homeAccountId);
});
let cachedAccount: AccountEntity | null = null;
if (baseAccountKey) {
cachedAccount = cacheStorage.getAccount(baseAccountKey, logger);
}
const baseAccount =
cachedAccount ||
AccountEntity.createAccount(
{
homeAccountId: homeAccountId,
idTokenClaims: idTokenClaims,
clientInfo: clientInfo,
cloudGraphHostName: authCodePayload?.cloud_graph_host_name,
msGraphHost: authCodePayload?.msgraph_host,
nativeAccountId: nativeAccountId,
},
authority,
base64Decode
);
const tenantProfiles = baseAccount.tenantProfiles || [];
if (
claimsTenantId &&
!tenantProfiles.find((tenantProfile) => {
return tenantProfile.tenantId === claimsTenantId;
})
) {
const newTenantProfile = buildTenantProfileFromIdTokenClaims(
homeAccountId,
idTokenClaims
);
tenantProfiles.push(newTenantProfile);
}
baseAccount.tenantProfiles = tenantProfiles;
return baseAccount;
}

@@ -126,58 +126,2 @@ /*

/**
* Keys in the hashParams sent by AAD Server
*/
export const AADServerParamKeys = {
CLIENT_ID: "client_id",
REDIRECT_URI: "redirect_uri",
RESPONSE_TYPE: "response_type",
RESPONSE_MODE: "response_mode",
GRANT_TYPE: "grant_type",
CLAIMS: "claims",
SCOPE: "scope",
ERROR: "error",
ERROR_DESCRIPTION: "error_description",
ACCESS_TOKEN: "access_token",
ID_TOKEN: "id_token",
REFRESH_TOKEN: "refresh_token",
EXPIRES_IN: "expires_in",
STATE: "state",
NONCE: "nonce",
PROMPT: "prompt",
SESSION_STATE: "session_state",
CLIENT_INFO: "client_info",
CODE: "code",
CODE_CHALLENGE: "code_challenge",
CODE_CHALLENGE_METHOD: "code_challenge_method",
CODE_VERIFIER: "code_verifier",
CLIENT_REQUEST_ID: "client-request-id",
X_CLIENT_SKU: "x-client-SKU",
X_CLIENT_VER: "x-client-VER",
X_CLIENT_OS: "x-client-OS",
X_CLIENT_CPU: "x-client-CPU",
X_CLIENT_CURR_TELEM: "x-client-current-telemetry",
X_CLIENT_LAST_TELEM: "x-client-last-telemetry",
X_MS_LIB_CAPABILITY: "x-ms-lib-capability",
X_APP_NAME: "x-app-name",
X_APP_VER: "x-app-ver",
POST_LOGOUT_URI: "post_logout_redirect_uri",
ID_TOKEN_HINT: "id_token_hint",
DEVICE_CODE: "device_code",
CLIENT_SECRET: "client_secret",
CLIENT_ASSERTION: "client_assertion",
CLIENT_ASSERTION_TYPE: "client_assertion_type",
TOKEN_TYPE: "token_type",
REQ_CNF: "req_cnf",
OBO_ASSERTION: "assertion",
REQUESTED_TOKEN_USE: "requested_token_use",
ON_BEHALF_OF: "on_behalf_of",
FOCI: "foci",
CCS_HEADER: "X-AnchorMailbox",
RETURN_SPA_CODE: "return_spa_code",
NATIVE_BROKER: "nativebroker",
LOGOUT_HINT: "logout_hint",
} as const;
export type AADServerParamKeys =
(typeof AADServerParamKeys)[keyof typeof AADServerParamKeys];
/**
* Claims request keys

@@ -207,18 +151,2 @@ */

/**
* SSO Types - generated to populate hints
*/
export const SSOTypes = {
ACCOUNT: "account",
SID: "sid",
LOGIN_HINT: "login_hint",
ID_TOKEN: "id_token",
DOMAIN_HINT: "domain_hint",
ORGANIZATIONS: "organizations",
CONSUMERS: "consumers",
ACCOUNT_ID: "accountIdentifier",
HOMEACCOUNT_ID: "homeAccountIdentifier",
} as const;
export type SSOTypes = (typeof SSOTypes)[keyof typeof SSOTypes];
/**
* allowed values for codeVerifier

@@ -225,0 +153,0 @@ */

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc