@azure/msal-common - npm Package Compare versions

You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP →

@azure/msal-common

Package Overview

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 14.4.1-beta.1 to 14.5.0

dist/account/AccountInfo.mjs

dist/account/AccountInfo.mjs.map

dist/account/TokenClaims.mjs

dist/account/TokenClaims.mjs.map

dist/constants/AADServerParamKeys.d.ts

dist/constants/AADServerParamKeys.d.ts.map

dist/constants/AADServerParamKeys.mjs

dist/constants/AADServerParamKeys.mjs.map

src/constants/AADServerParamKeys.ts

dist/account/AccountInfo.d.ts

		@@ -13,2 +13,3 @@ import { TokenClaims } from "./TokenClaims";
		* - nativeAccountId - The user's native account ID
		* - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
		*/
		@@ -28,7 +29,33 @@ export type AccountInfo = {
		authorityType?: string;
		tenantProfiles?: Map<string, TenantProfile>;
		};
		/**
		* Account details that vary across tenants for the same user
		*/
		export type TenantProfile = Pick<AccountInfo, "tenantId" \| "localAccountId" \| "name"> & {
		/**
		* - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
		*/
		isHomeTenant?: boolean;
		};
		export type ActiveAccountFilters = {
		homeAccountId: string;
		localAccountId: string;
		tenantId?: string;
		};
		/**
		* Returns true if tenantId matches the utid portion of homeAccountId
		* @param tenantId
		* @param homeAccountId
		* @returns
		*/
		export declare function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean;
		export declare function buildTenantProfileFromIdTokenClaims(homeAccountId: string, idTokenClaims: TokenClaims): TenantProfile;
		/**
		* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
		* @param baseAccountInfo
		* @param idTokenClaims
		* @returns
		*/
		export declare function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims): AccountInfo;
		//# sourceMappingURL=AccountInfo.d.ts.map

dist/account/AuthToken.d.ts

@@ -0,0 +0,0 @@ import { TokenClaims } from "./TokenClaims";

dist/account/CcsCredential.d.ts

@@ -0,0 +0,0 @@ export type CcsCredential = {

dist/account/ClientCredentials.d.ts

@@ -0,0 +0,0 @@ /**

dist/account/ClientInfo.d.ts

		@@ -1,2 +0,1 @@
		import { ICrypto } from "../crypto/ICrypto";
		/**
		@@ -14,3 +13,3 @@ * Client info object which consists of two IDs. Need to add more info here.
		*/
		export declare function buildClientInfo(rawClientInfo: string, crypto: ICrypto): ClientInfo;
		export declare function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo;
		/**
		@@ -17,0 +16,0 @@ * Function to build a client info object from cached homeAccountId string

dist/account/TokenClaims.d.ts

		@@ -33,2 +33,10 @@ /**
		tid?: string;
		/**
		* Trusted Framework Policy (B2C) The name of the policy that was used to acquire the ID token.
		*/
		tfp?: string;
		/**
		* Authentication Context Class Reference (B2C) Used only with older policies.
		*/
		acr?: string;
		ver?: string;
		@@ -67,2 +75,12 @@ upn?: string;
		};
		/**
		* Gets tenantId from available ID token claims to set as credential realm with the following precedence:
		* 1. tid - if the token is acquired from an Azure AD tenant tid will be present
		* 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present
		* 3. acr - if the token is acquired from a legacy B2C tenant acr should be present
		* Downcased to match the realm case-insensitive comparison requirements
		* @param idTokenClaims
		* @returns
		*/
		export declare function getTenantIdFromIdTokenClaims(idTokenClaims?: TokenClaims): string \| null;
		//# sourceMappingURL=TokenClaims.d.ts.map

dist/authority/Authority.d.ts

		@@ -248,4 +248,8 @@ import { AuthorityType } from "./AuthorityType";
		}
		/**
		* Extract tenantId from authority
		*/
		export declare function getTenantFromAuthorityString(authority: string): string \| undefined;
		export declare function formatAuthorityUri(authorityUri: string): string;
		export declare function buildStaticAuthorityOptions(authOptions: Partial<AuthorityOptions>): StaticAuthorityOptions;
		//# sourceMappingURL=Authority.d.ts.map

dist/authority/AuthorityFactory.d.ts

@@ -0,0 +0,0 @@ import { Authority } from "./Authority";

dist/authority/AuthorityMetadata.d.ts

@@ -0,0 +0,0 @@ import { Logger } from "../logger/Logger";

dist/authority/AuthorityOptions.d.ts

@@ -0,0 +0,0 @@ import { ProtocolMode } from "./ProtocolMode";

dist/authority/AuthorityType.d.ts

@@ -0,0 +0,0 @@ /**

dist/authority/AzureRegion.d.ts

		export type AzureRegion = string;
		//# sourceMappingURL=AzureRegion.d.ts.map

dist/authority/AzureRegionConfiguration.d.ts

@@ -0,0 +0,0 @@ import { AzureRegion } from "./AzureRegion";

dist/authority/CloudDiscoveryMetadata.d.ts

@@ -0,0 +0,0 @@ export type CloudDiscoveryMetadata = {

dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts

@@ -0,0 +0,0 @@ /**

dist/authority/CloudInstanceDiscoveryResponse.d.ts

@@ -0,0 +0,0 @@ import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata";

dist/authority/ImdsOptions.d.ts

@@ -0,0 +0,0 @@ export type ImdsOptions = {

dist/authority/OIDCOptions.d.ts

@@ -0,0 +0,0 @@ import { ServerResponseType } from "../utils/Constants";

dist/authority/OpenIdConfigResponse.d.ts

@@ -0,0 +0,0 @@ /**

dist/authority/ProtocolMode.d.ts

@@ -0,0 +0,0 @@ /**

dist/authority/RegionDiscovery.d.ts

@@ -0,0 +0,0 @@ import { INetworkModule } from "../network/INetworkModule";

dist/authority/RegionDiscoveryMetadata.d.ts

@@ -0,0 +0,0 @@ import { RegionDiscoveryOutcomes, RegionDiscoverySources } from "../utils/Constants";

dist/broker/nativeBroker/INativeBrokerPlugin.d.ts

@@ -0,0 +0,0 @@ /// <reference types="node" />

dist/cache/CacheManager.d.ts

		@@ -33,4 +33,8 @@ import { AccountFilter, CredentialFilter, ValidCredentialType, AppMetadataFilter, AppMetadataCache, TokenKeys } from "./utils/CacheTypes";
		*/
		abstract getAccount(accountKey: string): AccountEntity \| null;
		abstract getAccount(accountKey: string, logger?: Logger): AccountEntity \| null;
		/**
		* Returns deserialized account if found in the cache, otherwiser returns null
		*/
		abstract getCachedAccountEntity(accountKey: string): AccountEntity \| null;
		/**
		* set account entity in the platform cache
		@@ -41,2 +45,6 @@ * @param account
		/**
		* remove account entity from the platform cache if it's outdated
		*/
		abstract removeOutdatedAccount(accountKey: string): void;
		/**
		* fetch the idToken entity from the platform cache
		@@ -155,3 +163,3 @@ * @param idTokenKey
		/**
		* Gets accountInfo object based on provided filters
		* Gets first tenanted AccountInfo object found based on provided filters
		*/
		@@ -165,5 +173,16 @@ getAccountInfoFilteredBy(accountFilter: AccountFilter): AccountInfo \| null;
		getBaseAccountInfo(accountFilter: AccountFilter): AccountInfo \| null;
		private getAccountInfoFromEntity;
		private idTokenClaimsMatchAccountFilter;
		/**
		* Matches filtered account entities with cached ID tokens that match the tenant profile-specific account filters
		* and builds the account info objects from the matching ID token's claims
		* @param cachedAccounts
		* @param accountFilter
		* @returns Array of AccountInfo objects that match account and tenant profile filters
		*/
		private buildTenantProfiles;
		private getAccountInfoForTenantProfiles;
		private getTenantedAccountInfoByFilter;
		private getTenantProfilesFromAccountEntity;
		private tenantProfileMatchesFilter;
		private idTokenClaimsMatchTenantProfileFilter;
		/**
		* saves a cache record
		@@ -179,3 +198,3 @@ * @param cacheRecord
		/**
		* Retrieve accounts matching all provided filters; if no filter is set, get all accounts
		* Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache
		* Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
		@@ -236,2 +255,11 @@ * @param accountFilter - An object containing Account properties to filter by
		/**
		* Migrates a single-tenant account and all it's associated alternate cross-tenant account objects in the
		* cache into a condensed multi-tenant account object with tenant profiles.
		* @param accountKey
		* @param accountEntity
		* @param logger
		* @returns
		*/
		protected updateOutdatedCachedAccount(accountKey: string, accountEntity: AccountEntity \| null, logger?: Logger): AccountEntity \| null;
		/**
		* returns a boolean if the given credential is removed
		@@ -263,6 +291,7 @@ * @param credential
		* @param tokenKeys {?TokenKeys}
		* @param targetRealm {?string}
		* @param performanceClient {?IPerformanceClient}
		* @param correlationId {?string}
		*/
		getIdToken(account: AccountInfo, tokenKeys?: TokenKeys, performanceClient?: IPerformanceClient, correlationId?: string): IdTokenEntity \| null;
		getIdToken(account: AccountInfo, tokenKeys?: TokenKeys, targetRealm?: string, performanceClient?: IPerformanceClient, correlationId?: string): IdTokenEntity \| null;
		/**
		@@ -273,3 +302,3 @@ * Gets all idTokens matching the given filter
		*/
		getIdTokensByFilter(filter: CredentialFilter, tokenKeys?: TokenKeys): IdTokenEntity[];
		getIdTokensByFilter(filter: CredentialFilter, tokenKeys?: TokenKeys): Map<string, IdTokenEntity>;
		/**
		@@ -300,3 +329,3 @@ * Validate the cache key against filter before retrieving and parsing cache value
		*/
		getAccessToken(account: AccountInfo, request: BaseAuthRequest, tokenKeys?: TokenKeys, performanceClient?: IPerformanceClient, correlationId?: string): AccessTokenEntity \| null;
		getAccessToken(account: AccountInfo, request: BaseAuthRequest, tokenKeys?: TokenKeys, targetRealm?: string, performanceClient?: IPerformanceClient, correlationId?: string): AccessTokenEntity \| null;
		/**
		@@ -353,4 +382,12 @@ * Validate the cache key against filter before retrieving and parsing cache value
		*/
		private matchLocalAccountId;
		private matchLocalAccountIdFromTokenClaims;
		private matchLocalAccountIdFromTenantProfile;
		/**
		* helper to match names
		* @param entity
		* @param name
		* @returns true if the downcased name properties are present and match in the filter and the entity
		*/
		private matchName;
		/**
		* helper to match usernames
		@@ -363,9 +400,2 @@ * @param entity
		/**
		* helper to match names
		* @param entity
		* @param name
		* @returns true if the downcased name properties are present and match in the filter and the entity
		*/
		private matchName;
		/**
		* helper to match assertion
		@@ -422,6 +452,6 @@ * @param value
		*/
		private matchLoginHint;
		private matchLoginHintFromTokenClaims;
		/**
		* Helper to match sid
		* @param idTokenClaims
		* @param entity
		* @param sid
		@@ -475,2 +505,3 @@ * @returns true if the sid claim is present and matches the filter
		getAccount(): AccountEntity;
		getCachedAccountEntity(): AccountEntity \| null;
		setIdTokenCredential(): void;
		@@ -498,3 +529,4 @@ getIdTokenCredential(): IdTokenEntity;
		updateCredentialCacheKey(): string;
		removeOutdatedAccount(): void;
		}
		//# sourceMappingURL=CacheManager.d.ts.map

dist/cache/entities/AccessTokenEntity.d.ts

@@ -0,0 +0,0 @@ import { CredentialEntity } from "./CredentialEntity";

dist/cache/entities/AccountEntity.d.ts

		import { Authority } from "../../authority/Authority";
		import { ICrypto } from "../../crypto/ICrypto";
		import { AccountInfo } from "../../account/AccountInfo";
		import { AccountInfo, TenantProfile } from "../../account/AccountInfo";
		import { AuthorityType } from "../../authority/AuthorityType";
		@@ -25,4 +25,4 @@ import { Logger } from "../../logger/Logger";
		* lastModificationApp:
		* idTokenClaims: Object containing claims parsed from ID token
		* nativeAccountId: Account identifier on the native device
		* tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
		* }
		@@ -44,4 +44,4 @@ * @internal
		msGraphHost?: string;
		idTokenClaims?: TokenClaims;
		nativeAccountId?: string;
		tenantProfiles?: Array<TenantProfile>;
		/**
		@@ -60,2 +60,6 @@ * Generate Account Id key component as per the schema: <home_account_id>-<environment>
		/**
		* Returns true if the account entity is in single tenant format (outdated), false otherwise
		*/
		isSingleTenant(): boolean;
		/**
		* Generates account key from interface
		@@ -77,3 +81,4 @@ * @param accountInterface
		nativeAccountId?: string;
		}, authority: Authority): AccountEntity;
		tenantProfiles?: Array<TenantProfile>;
		}, authority: Authority, base64Decode?: (input: string) => string): AccountEntity;
		/**
		@@ -80,0 +85,0 @@ * Creates an AccountEntity object from AccountInfo

dist/cache/entities/AppMetadataEntity.d.ts

@@ -0,0 +0,0 @@ /**

dist/cache/entities/AuthorityMetadataEntity.d.ts

@@ -0,0 +0,0 @@ import { CloudDiscoveryMetadata } from "../../authority/CloudDiscoveryMetadata";

dist/cache/entities/CacheRecord.d.ts

@@ -0,0 +0,0 @@ import { IdTokenEntity } from "./IdTokenEntity";

dist/cache/entities/CredentialEntity.d.ts

@@ -0,0 +0,0 @@ import { CredentialType, AuthenticationScheme } from "../../utils/Constants";

dist/cache/entities/IdTokenEntity.d.ts

@@ -0,0 +0,0 @@ import { CredentialEntity } from "./CredentialEntity";

dist/cache/entities/RefreshTokenEntity.d.ts

		@@ -5,5 +5,3 @@ import { CredentialEntity } from "./CredentialEntity";
		*/
		export type RefreshTokenEntity = CredentialEntity & {
		expiresOn?: string;
		};
		export type RefreshTokenEntity = CredentialEntity;
		//# sourceMappingURL=RefreshTokenEntity.d.ts.map

dist/cache/entities/ServerTelemetryEntity.d.ts

@@ -0,0 +0,0 @@ export type ServerTelemetryEntity = {

dist/cache/entities/ThrottlingEntity.d.ts

@@ -0,0 +0,0 @@ export declare class ThrottlingEntity {

dist/cache/interface/ICacheManager.d.ts

@@ -0,0 +0,0 @@ import { AccountFilter } from "../utils/CacheTypes";

dist/cache/interface/ICachePlugin.d.ts

@@ -0,0 +0,0 @@ import { TokenCacheContext } from "../persistence/TokenCacheContext";

dist/cache/interface/ISerializableTokenCache.d.ts

@@ -0,0 +0,0 @@ export interface ISerializableTokenCache {

dist/cache/persistence/TokenCacheContext.d.ts

@@ -0,0 +0,0 @@ import { ISerializableTokenCache } from "../interface/ISerializableTokenCache";

dist/cache/utils/CacheHelpers.d.ts

		@@ -42,3 +42,3 @@ import { AuthenticationScheme } from "../../utils/Constants";
		*/
		export declare function createRefreshTokenEntity(homeAccountId: string, environment: string, refreshToken: string, clientId: string, familyId?: string, userAssertionHash?: string, expiresOn?: string): RefreshTokenEntity;
		export declare function createRefreshTokenEntity(homeAccountId: string, environment: string, refreshToken: string, clientId: string, familyId?: string, userAssertionHash?: string): RefreshTokenEntity;
		export declare function isCredentialEntity(entity: object): boolean;
		@@ -45,0 +45,0 @@ /**

dist/cache/utils/CacheTypes.d.ts

		@@ -39,3 +39,5 @@ import { AccountEntity } from "../entities/AccountEntity";
		sid?: string;
		isHomeTenant?: boolean;
		};
		export type TenantProfileFilter = Pick<AccountFilter, "localAccountId" \| "loginHint" \| "name" \| "sid" \| "isHomeTenant" \| "username">;
		/**
		@@ -42,0 +44,0 @@ * Credential: <home_account_id>-<environment>-<credential_type>-<client_id>-<realm>-<target>-<scheme>

dist/client/AuthorizationCodeClient.d.ts

@@ -0,0 +0,0 @@ import { BaseClient } from "./BaseClient";

dist/client/BaseClient.d.ts

@@ -0,0 +0,0 @@ import { ClientConfiguration, CommonClientConfiguration } from "../config/ClientConfiguration";

dist/client/RefreshTokenClient.d.ts

@@ -0,0 +0,0 @@ import { ClientConfiguration } from "../config/ClientConfiguration";

dist/client/SilentFlowClient.d.ts

@@ -0,0 +0,0 @@ import { BaseClient } from "./BaseClient";

dist/config/AppTokenProvider.d.ts

@@ -0,0 +0,0 @@ /**

dist/config/ClientConfiguration.d.ts

@@ -0,0 +0,0 @@ import { INetworkModule } from "../network/INetworkModule";

dist/crypto/ICrypto.d.ts

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "../request/BaseAuthRequest";

dist/crypto/IGuidGenerator.d.ts

@@ -0,0 +0,0 @@ export interface IGuidGenerator {

dist/crypto/JoseHeader.d.ts

@@ -0,0 +0,0 @@ import { JsonWebTokenTypes } from "../utils/Constants";

dist/crypto/PopTokenGenerator.d.ts

@@ -0,0 +0,0 @@ import { ICrypto, SignedHttpRequestParameters } from "./ICrypto";

dist/crypto/SignedHttpRequest.d.ts

@@ -0,0 +0,0 @@ import { JoseHeaderOptions } from "./JoseHeader";

dist/error/AuthError.d.ts

@@ -0,0 +0,0 @@ import * as AuthErrorCodes from "./AuthErrorCodes";

dist/error/AuthErrorCodes.d.ts

@@ -0,0 +0,0 @@ /**

dist/error/ClientAuthError.d.ts

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

dist/error/ClientAuthErrorCodes.d.ts

@@ -0,0 +0,0 @@ export declare const clientInfoDecodingError = "client_info_decoding_error";

dist/error/ClientConfigurationError.d.ts

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

dist/error/ClientConfigurationErrorCodes.d.ts

@@ -0,0 +0,0 @@ export declare const redirectUriEmpty = "redirect_uri_empty";

dist/error/InteractionRequiredAuthError.d.ts

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

dist/error/InteractionRequiredAuthErrorCodes.d.ts

		export declare const noTokensFound = "no_tokens_found";
		export declare const nativeAccountUnavailable = "native_account_unavailable";
		export declare const refreshTokenExpired = "refresh_token_expired";
		export declare const interactionRequired = "interaction_required";
		@@ -5,0 +4,0 @@ export declare const consentRequired = "consent_required";

dist/error/JoseHeaderError.d.ts

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

dist/error/JoseHeaderErrorCodes.d.ts

		export declare const missingKidError = "missing_kid_error";
		export declare const missingAlgError = "missing_alg_error";
		//# sourceMappingURL=JoseHeaderErrorCodes.d.ts.map

dist/error/ServerError.d.ts

@@ -0,0 +0,0 @@ import { AuthError } from "./AuthError";

dist/index.d.ts

		@@ -12,5 +12,5 @@ /**
		export { ClientConfiguration } from "./config/ClientConfiguration";
		export { AccountInfo, ActiveAccountFilters } from "./account/AccountInfo";
		export { AccountInfo, ActiveAccountFilters, TenantProfile, updateAccountTenantProfileData, tenantIdMatchesHomeTenant, buildTenantProfileFromIdTokenClaims, } from "./account/AccountInfo";
		export * as AuthToken from "./account/AuthToken";
		export { TokenClaims } from "./account/TokenClaims";
		export { TokenClaims, getTenantIdFromIdTokenClaims, } from "./account/TokenClaims";
		export { TokenClaims as IdTokenClaims } from "./account/TokenClaims";
		@@ -75,3 +75,3 @@ export { CcsCredential, CcsCredentialType } from "./account/CcsCredential";
		export { DeviceCodeResponse, ServerDeviceCodeResponse, } from "./response/DeviceCodeResponse";
		export { ResponseHandler } from "./response/ResponseHandler";
		export { ResponseHandler, buildAccountToCache, } from "./response/ResponseHandler";
		export { ScopeSet } from "./request/ScopeSet";
		@@ -85,3 +85,4 @@ export { AuthenticationHeaderParser } from "./request/AuthenticationHeaderParser";
		export { ClientConfigurationError, ClientConfigurationErrorMessage, ClientConfigurationErrorCodes, createClientConfigurationError, } from "./error/ClientConfigurationError";
		export { Constants, OIDC_DEFAULT_SCOPES, PromptValue, PersistentCacheKeys, ServerResponseType, ResponseMode, CacheOutcome, CredentialType, CacheType, CacheAccountType, AuthenticationScheme, CodeChallengeMethodValues, SSOTypes, PasswordGrantConstants, ThrottlingConstants, ClaimsRequestKeys, HeaderNames, AADServerParamKeys, Errors, THE_FAMILY_ID, ONE_DAY_IN_MS, GrantType, AADAuthorityConstants, HttpStatus, JsonWebTokenTypes, } from "./utils/Constants";
		export { Constants, OIDC_DEFAULT_SCOPES, PromptValue, PersistentCacheKeys, ServerResponseType, ResponseMode, CacheOutcome, CredentialType, CacheType, CacheAccountType, AuthenticationScheme, CodeChallengeMethodValues, PasswordGrantConstants, ThrottlingConstants, ClaimsRequestKeys, HeaderNames, Errors, THE_FAMILY_ID, ONE_DAY_IN_MS, GrantType, AADAuthorityConstants, HttpStatus, JsonWebTokenTypes, } from "./utils/Constants";
		export * as AADServerParamKeys from "./constants/AADServerParamKeys";
		export { StringUtils } from "./utils/StringUtils";
		@@ -88,0 +89,0 @@ export { StringDict } from "./utils/MsalTypes";

dist/logger/Logger.d.ts

@@ -0,0 +0,0 @@ import { LoggerOptions } from "../config/ClientConfiguration";

dist/network/INetworkModule.d.ts

@@ -0,0 +0,0 @@ import { NetworkResponse } from "./NetworkManager";

dist/network/NetworkManager.d.ts

@@ -0,0 +0,0 @@ import { INetworkModule, NetworkRequestOptions } from "./INetworkModule";

dist/network/RequestThumbprint.d.ts

@@ -0,0 +0,0 @@ import { ShrOptions } from "../crypto/SignedHttpRequest";

dist/network/ThrottlingUtils.d.ts

@@ -0,0 +0,0 @@ import { NetworkResponse } from "./NetworkManager";

dist/packageMetadata.d.ts

		export declare const name = "@azure/msal-common";
		export declare const version = "14.4.1-beta.1";
		export declare const version = "14.5.0";
		//# sourceMappingURL=packageMetadata.d.ts.map

dist/request/AuthenticationHeaderParser.d.ts

@@ -0,0 +0,0 @@ /**

dist/request/BaseAuthRequest.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationScheme } from "../utils/Constants";

dist/request/CommonAuthorizationCodeRequest.d.ts

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

dist/request/CommonAuthorizationUrlRequest.d.ts

@@ -0,0 +0,0 @@ import { ResponseMode } from "../utils/Constants";

dist/request/CommonClientCredentialRequest.d.ts

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

dist/request/CommonDeviceCodeRequest.d.ts

@@ -0,0 +0,0 @@ import { DeviceCodeResponse } from "../response/DeviceCodeResponse";

dist/request/CommonEndSessionRequest.d.ts

@@ -0,0 +0,0 @@ import { AccountInfo } from "../account/AccountInfo";

dist/request/CommonOnBehalfOfRequest.d.ts

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

dist/request/CommonRefreshTokenRequest.d.ts

		@@ -18,3 +18,2 @@ import { BaseAuthRequest } from "./BaseAuthRequest";
		refreshToken: string;
		expiresOn?: string;
		ccsCredential?: CcsCredential;
		@@ -21,0 +20,0 @@ forceCache?: boolean;

dist/request/CommonSilentFlowRequest.d.ts

		@@ -20,4 +20,3 @@ import { AccountInfo } from "../account/AccountInfo";
		tokenBodyParameters?: StringDict;
		enableRTExpiryCheck?: boolean;
		};
		//# sourceMappingURL=CommonSilentFlowRequest.d.ts.map

dist/request/CommonUsernamePasswordRequest.d.ts

@@ -0,0 +0,0 @@ import { BaseAuthRequest } from "./BaseAuthRequest";

dist/request/NativeRequest.d.ts

@@ -0,0 +0,0 @@ import { StringDict } from "../utils/MsalTypes";

dist/request/NativeSignOutRequest.d.ts

@@ -0,0 +0,0 @@ export type NativeSignOutRequest = {

dist/request/RequestParameterBuilder.d.ts

@@ -0,0 +0,0 @@ import { ResponseMode } from "../utils/Constants";

dist/request/RequestValidator.d.ts

@@ -0,0 +0,0 @@ import { StringDict } from "../utils/MsalTypes";

dist/request/ScopeSet.d.ts

@@ -0,0 +0,0 @@ /**

dist/request/StoreInCache.d.ts

@@ -0,0 +0,0 @@ /**

dist/response/AuthenticationResult.d.ts

@@ -0,0 +0,0 @@ import { AccountInfo } from "../account/AccountInfo";

dist/response/AuthorizationCodePayload.d.ts

@@ -0,0 +0,0 @@ /**

dist/response/DeviceCodeResponse.d.ts

@@ -0,0 +0,0 @@ /**

dist/response/ExternalTokenResponse.d.ts

@@ -0,0 +0,0 @@ import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse";

dist/response/IMDSBadResponse.d.ts

@@ -0,0 +0,0 @@ export type IMDSBadResponse = {

dist/response/ResponseHandler.d.ts

		@@ -6,2 +6,3 @@ import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse";
		import { AuthenticationResult } from "./AuthenticationResult";
		import { AccountEntity } from "../cache/entities/AccountEntity";
		import { Authority } from "../authority/Authority";
		@@ -49,3 +50,3 @@ import { CacheRecord } from "../cache/entities/CacheRecord";
		*/
		handleServerTokenResponse(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, reqTimestamp: number, request: BaseAuthRequest, authCodePayload?: AuthorizationCodePayload, userAssertionHash?: string, handlingRefreshTokenResponse?: boolean, forceCacheRefreshTokenResponse?: boolean, serverRequestId?: string, rtExpiresOn?: string): Promise<AuthenticationResult>;
		handleServerTokenResponse(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, reqTimestamp: number, request: BaseAuthRequest, authCodePayload?: AuthorizationCodePayload, userAssertionHash?: string, handlingRefreshTokenResponse?: boolean, forceCacheRefreshTokenResponse?: boolean, serverRequestId?: string): Promise<AuthenticationResult>;
		/**
		@@ -70,2 +71,3 @@ * Generates CacheRecord
		}
		export declare function buildAccountToCache(cacheStorage: CacheManager, authority: Authority, homeAccountId: string, idTokenClaims: TokenClaims, base64Decode: (input: string) => string, clientInfo?: string, claimsTenantId?: string \| null, authCodePayload?: AuthorizationCodePayload, nativeAccountId?: string, logger?: Logger): AccountEntity;
		//# sourceMappingURL=ResponseHandler.d.ts.map

dist/response/ServerAuthorizationCodeResponse.d.ts

@@ -0,0 +0,0 @@ /**

dist/response/ServerAuthorizationTokenResponse.d.ts

@@ -0,0 +0,0 @@ import { AuthenticationScheme } from "../utils/Constants";

dist/telemetry/performance/IPerformanceClient.d.ts

@@ -0,0 +0,0 @@ import { PerformanceEvent } from "./PerformanceEvent";

dist/telemetry/performance/IPerformanceMeasurement.d.ts

@@ -0,0 +0,0 @@ export interface IPerformanceMeasurement {

dist/telemetry/performance/PerformanceClient.d.ts

@@ -0,0 +0,0 @@ import { ApplicationTelemetry } from "../../config/ClientConfiguration";

dist/telemetry/performance/PerformanceEvent.d.ts

@@ -0,0 +0,0 @@ /**

dist/telemetry/performance/StubPerformanceClient.d.ts

@@ -0,0 +0,0 @@ import { IPerformanceClient, InProgressPerformanceEvent } from "./IPerformanceClient";

dist/telemetry/server/ServerTelemetryManager.d.ts

@@ -0,0 +0,0 @@ import { CacheOutcome } from "../../utils/Constants";

dist/telemetry/server/ServerTelemetryRequest.d.ts

@@ -0,0 +0,0 @@ export type ServerTelemetryRequest = {

dist/url/IUri.d.ts

@@ -0,0 +0,0 @@ /**

dist/url/UrlString.d.ts

@@ -0,0 +0,0 @@ import { IUri } from "./IUri";

dist/utils/Constants.d.ts

		@@ -91,56 +91,2 @@ export declare const Constants: {
		/**
		* Keys in the hashParams sent by AAD Server
		*/
		export declare const AADServerParamKeys: {
		readonly CLIENT_ID: "client_id";
		readonly REDIRECT_URI: "redirect_uri";
		readonly RESPONSE_TYPE: "response_type";
		readonly RESPONSE_MODE: "response_mode";
		readonly GRANT_TYPE: "grant_type";
		readonly CLAIMS: "claims";
		readonly SCOPE: "scope";
		readonly ERROR: "error";
		readonly ERROR_DESCRIPTION: "error_description";
		readonly ACCESS_TOKEN: "access_token";
		readonly ID_TOKEN: "id_token";
		readonly REFRESH_TOKEN: "refresh_token";
		readonly EXPIRES_IN: "expires_in";
		readonly STATE: "state";
		readonly NONCE: "nonce";
		readonly PROMPT: "prompt";
		readonly SESSION_STATE: "session_state";
		readonly CLIENT_INFO: "client_info";
		readonly CODE: "code";
		readonly CODE_CHALLENGE: "code_challenge";
		readonly CODE_CHALLENGE_METHOD: "code_challenge_method";
		readonly CODE_VERIFIER: "code_verifier";
		readonly CLIENT_REQUEST_ID: "client-request-id";
		readonly X_CLIENT_SKU: "x-client-SKU";
		readonly X_CLIENT_VER: "x-client-VER";
		readonly X_CLIENT_OS: "x-client-OS";
		readonly X_CLIENT_CPU: "x-client-CPU";
		readonly X_CLIENT_CURR_TELEM: "x-client-current-telemetry";
		readonly X_CLIENT_LAST_TELEM: "x-client-last-telemetry";
		readonly X_MS_LIB_CAPABILITY: "x-ms-lib-capability";
		readonly X_APP_NAME: "x-app-name";
		readonly X_APP_VER: "x-app-ver";
		readonly POST_LOGOUT_URI: "post_logout_redirect_uri";
		readonly ID_TOKEN_HINT: "id_token_hint";
		readonly DEVICE_CODE: "device_code";
		readonly CLIENT_SECRET: "client_secret";
		readonly CLIENT_ASSERTION: "client_assertion";
		readonly CLIENT_ASSERTION_TYPE: "client_assertion_type";
		readonly TOKEN_TYPE: "token_type";
		readonly REQ_CNF: "req_cnf";
		readonly OBO_ASSERTION: "assertion";
		readonly REQUESTED_TOKEN_USE: "requested_token_use";
		readonly ON_BEHALF_OF: "on_behalf_of";
		readonly FOCI: "foci";
		readonly CCS_HEADER: "X-AnchorMailbox";
		readonly RETURN_SPA_CODE: "return_spa_code";
		readonly NATIVE_BROKER: "nativebroker";
		readonly LOGOUT_HINT: "logout_hint";
		};
		export type AADServerParamKeys = (typeof AADServerParamKeys)[keyof typeof AADServerParamKeys];
		/**
		* Claims request keys
		@@ -167,17 +113,2 @@ */
		/**
		* SSO Types - generated to populate hints
		*/
		export declare const SSOTypes: {
		readonly ACCOUNT: "account";
		readonly SID: "sid";
		readonly LOGIN_HINT: "login_hint";
		readonly ID_TOKEN: "id_token";
		readonly DOMAIN_HINT: "domain_hint";
		readonly ORGANIZATIONS: "organizations";
		readonly CONSUMERS: "consumers";
		readonly ACCOUNT_ID: "accountIdentifier";
		readonly HOMEACCOUNT_ID: "homeAccountIdentifier";
		};
		export type SSOTypes = (typeof SSOTypes)[keyof typeof SSOTypes];
		/**
		* allowed values for codeVerifier
		@@ -184,0 +115,0 @@ */

dist/utils/FunctionWrappers.d.ts

@@ -0,0 +0,0 @@ import { Logger } from "../logger/Logger";

dist/utils/MsalTypes.d.ts

@@ -0,0 +0,0 @@ /**

dist/utils/ProtocolUtils.d.ts

@@ -0,0 +0,0 @@ import { ICrypto } from "../crypto/ICrypto";

dist/utils/StringUtils.d.ts

@@ -0,0 +0,0 @@ /**

dist/utils/TimeUtils.d.ts

@@ -0,0 +0,0 @@ /**

dist/utils/UrlUtils.d.ts

@@ -0,0 +0,0 @@ import { ServerAuthorizationCodeResponse } from "../response/ServerAuthorizationCodeResponse";

185

package.json

		{
		"name": "@azure/msal-common",
		"author": {
		"name": "Microsoft",
		"email": "nugetaad@microsoft.com",
		"url": "https://www.microsoft.com"
		"name": "@azure/msal-common",
		"author": {
		"name": "Microsoft",
		"email": "nugetaad@microsoft.com",
		"url": "https://www.microsoft.com"
		},
		"license": "MIT",
		"repository": {
		"type": "git",
		"url": "https://github.com/AzureAD/microsoft-authentication-library-for-js.git"
		},
		"version": "14.5.0",
		"description": "Microsoft Authentication Library for js",
		"keywords": [
		"implicit",
		"authorization code",
		"PKCE",
		"js",
		"AAD",
		"msal",
		"oauth"
		],
		"sideEffects": false,
		"module": "./dist/index.mjs",
		"types": "./dist/index.d.ts",
		"exports": {
		".": {
		"types": "./dist/index.d.ts",
		"module": "./dist/index.mjs",
		"import": "./dist/index.mjs",
		"require": "./dist/index.cjs",
		"default": "./dist/index.mjs"
		},
		"license": "MIT",
		"repository": {
		"type": "git",
		"url": "https://github.com/AzureAD/microsoft-authentication-library-for-js.git"
		},
		"version": "14.4.1-beta.1",
		"description": "Microsoft Authentication Library for js",
		"keywords": [
		"implicit",
		"authorization code",
		"PKCE",
		"js",
		"AAD",
		"msal",
		"oauth"
		],
		"sideEffects": false,
		"module": "./dist/index.mjs",
		"types": "./dist/index.d.ts",
		"exports": {
		".": {
		"types": "./dist/index.d.ts",
		"module": "./dist/index.mjs",
		"import": "./dist/index.mjs",
		"require": "./dist/index.cjs",
		"default": "./dist/index.mjs"
		},
		"./package.json": "./package.json"
		},
		"engines": {
		"node": ">=0.8.0"
		},
		"directories": {
		"test": "test"
		},
		"files": [
		"dist",
		"src"
		],
		"scripts": {
		"clean": "shx rm -rf dist lib",
		"clean:coverage": "rimraf ../../.nyc_output/*",
		"lint": "eslint src --ext .ts",
		"lint:fix": "npm run lint -- --fix",
		"test": "jest",
		"test:coverage": "jest --coverage",
		"test:coverage:only": "npm run clean:coverage && npm run test:coverage",
		"build:modules": "rollup -c --strictDeprecations --bundleConfigAsCjs",
		"build:modules:watch": "rollup -cw --bundleConfigAsCjs",
		"build": "npm run clean && npm run build:modules",
		"build:all": "npm run build",
		"prepack": "npm run build",
		"metadata:check": "ts-node scripts/metadata.ts",
		"format:check": "npx prettier --ignore-path .gitignore --check src test",
		"format:fix": "npx prettier --ignore-path .gitignore --write src test"
		},
		"beachball": {
		"disallowedChangeTypes": [
		"major"
		]
		},
		"devDependencies": {
		"@babel/core": "^7.7.2",
		"@babel/plugin-proposal-class-properties": "^7.7.0",
		"@babel/plugin-proposal-object-rest-spread": "^7.6.2",
		"@babel/preset-env": "^7.7.1",
		"@babel/preset-typescript": "^7.7.2",
		"@rollup/plugin-typescript": "^11.0.0",
		"@types/debug": "^4.1.5",
		"@types/jest": "^29.5.0",
		"@types/lodash": "^4.14.182",
		"@types/node": "^20.3.1",
		"@types/sinon": "^7.5.0",
		"eslint-config-msal": "^0.0.0",
		"jest": "^29.5.0",
		"lodash": "^4.17.21",
		"prettier": "2.8.7",
		"rimraf": "^3.0.2",
		"rollup": "^3.14.0",
		"shx": "^0.3.2",
		"sinon": "^7.5.0",
		"ts-jest": "^29.1.0",
		"ts-node": "^10.9.1",
		"tslib": "^1.10.0",
		"typescript": "^4.9.5",
		"yargs": "^17.5.1"
		}
		"./package.json": "./package.json"
		},
		"engines": {
		"node": ">=0.8.0"
		},
		"directories": {
		"test": "test"
		},
		"files": [
		"dist",
		"src"
		],
		"scripts": {
		"clean": "shx rm -rf dist lib",
		"clean:coverage": "rimraf ../../.nyc_output/*",
		"lint": "eslint src --ext .ts",
		"lint:fix": "npm run lint -- --fix",
		"test": "jest",
		"test:coverage": "jest --coverage",
		"test:coverage:only": "npm run clean:coverage && npm run test:coverage",
		"build:modules": "rollup -c --strictDeprecations --bundleConfigAsCjs",
		"build:modules:watch": "rollup -cw --bundleConfigAsCjs",
		"build": "npm run clean && npm run build:modules",
		"build:all": "npm run build",
		"prepack": "npm run build",
		"metadata:check": "ts-node scripts/metadata.ts",
		"format:check": "npx prettier --ignore-path .gitignore --check src test",
		"format:fix": "npx prettier --ignore-path .gitignore --write src test"
		},
		"beachball": {
		"disallowedChangeTypes": [
		"major"
		]
		},
		"devDependencies": {
		"@babel/core": "^7.7.2",
		"@babel/plugin-proposal-class-properties": "^7.7.0",
		"@babel/plugin-proposal-object-rest-spread": "^7.6.2",
		"@babel/preset-env": "^7.7.1",
		"@babel/preset-typescript": "^7.7.2",
		"@rollup/plugin-typescript": "^11.0.0",
		"@types/debug": "^4.1.5",
		"@types/jest": "^29.5.0",
		"@types/lodash": "^4.14.182",
		"@types/node": "^20.3.1",
		"@types/sinon": "^7.5.0",
		"eslint-config-msal": "^0.0.0",
		"msal-test-utils": "^0.0.1",
		"jest": "^29.5.0",
		"lodash": "^4.17.21",
		"prettier": "2.8.7",
		"rimraf": "^3.0.2",
		"rollup": "^3.14.0",
		"shx": "^0.3.2",
		"sinon": "^7.5.0",
		"ts-jest": "^29.1.0",
		"ts-node": "^10.9.1",
		"tslib": "^1.10.0",
		"typescript": "^4.9.5",
		"yargs": "^17.5.1"
		}
		}

src/account/AccountInfo.ts

		@@ -18,2 +18,3 @@ /*
		* - nativeAccountId - The user's native account ID
		* - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
		*/
		@@ -39,7 +40,102 @@ export type AccountInfo = {
		authorityType?: string;
		tenantProfiles?: Map<string, TenantProfile>;
		};

		/**
		* Account details that vary across tenants for the same user
		*/
		export type TenantProfile = Pick<
		AccountInfo,
		"tenantId" \| "localAccountId" \| "name"
		> & {
		/**
		* - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
		*/
		isHomeTenant?: boolean;
		};

		export type ActiveAccountFilters = {
		homeAccountId: string;
		localAccountId: string;
		tenantId?: string;
		};

		/**
		* Returns true if tenantId matches the utid portion of homeAccountId
		* @param tenantId
		* @param homeAccountId
		* @returns
		*/
		export function tenantIdMatchesHomeTenant(
		tenantId?: string,
		homeAccountId?: string
		): boolean {
		return (
		!!tenantId &&
		!!homeAccountId &&
		tenantId === homeAccountId.split(".")[1]
		);
		}

		export function buildTenantProfileFromIdTokenClaims(
		homeAccountId: string,
		idTokenClaims: TokenClaims
		): TenantProfile {
		const { oid, sub, tid, name, tfp, acr } = idTokenClaims;

		/**
		* Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
		* tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
		* tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
		* acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
		*/
		const tenantId = tid \|\| tfp \|\| acr \|\| "";

		return {
		tenantId: tenantId,
		localAccountId: oid \|\| sub \|\| "",
		name: name,
		isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
		};
		}

		/**
		* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
		* @param baseAccountInfo
		* @param idTokenClaims
		* @returns
		*/
		export function updateAccountTenantProfileData(
		baseAccountInfo: AccountInfo,
		tenantProfile?: TenantProfile,
		idTokenClaims?: TokenClaims
		): AccountInfo {
		let updatedAccountInfo = baseAccountInfo;
		// Tenant Profile overrides passed in account info
		if (tenantProfile) {
		// eslint-disable-next-line @typescript-eslint/no-unused-vars
		const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
		updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
		}

		// ID token claims override passed in account info and tenant profile
		if (idTokenClaims) {
		// Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
		// eslint-disable-next-line @typescript-eslint/no-unused-vars
		const { isHomeTenant, ...claimsSourcedTenantProfile } =
		buildTenantProfileFromIdTokenClaims(
		baseAccountInfo.homeAccountId,
		idTokenClaims
		);

		updatedAccountInfo = {
		...updatedAccountInfo,
		...claimsSourcedTenantProfile,
		idTokenClaims: idTokenClaims,
		};

		return updatedAccountInfo;
		}

		return updatedAccountInfo;
		}

src/account/ClientInfo.ts

		@@ -10,3 +10,2 @@ /*
		} from "../error/ClientAuthError";
		import { ICrypto } from "../crypto/ICrypto";
		import { Separators, Constants } from "../utils/Constants";
		@@ -29,3 +28,3 @@
		rawClientInfo: string,
		crypto: ICrypto
		base64Decode: (input: string) => string
		): ClientInfo {
		@@ -37,3 +36,3 @@ if (!rawClientInfo) {
		try {
		const decodedClientInfo: string = crypto.base64Decode(rawClientInfo);
		const decodedClientInfo: string = base64Decode(rawClientInfo);
		return JSON.parse(decodedClientInfo) as ClientInfo;
		@@ -40,0 +39,0 @@ } catch (e) {

src/account/TokenClaims.ts

		@@ -38,2 +38,10 @@ /*
		tid?: string;
		/**
		* Trusted Framework Policy (B2C) The name of the policy that was used to acquire the ID token.
		*/
		tfp?: string;
		/**
		* Authentication Context Class Reference (B2C) Used only with older policies.
		*/
		acr?: string;
		ver?: string;
		@@ -72,1 +80,21 @@ upn?: string;
		};

		/**
		* Gets tenantId from available ID token claims to set as credential realm with the following precedence:
		* 1. tid - if the token is acquired from an Azure AD tenant tid will be present
		* 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present
		* 3. acr - if the token is acquired from a legacy B2C tenant acr should be present
		* Downcased to match the realm case-insensitive comparison requirements
		* @param idTokenClaims
		* @returns
		*/
		export function getTenantIdFromIdTokenClaims(
		idTokenClaims?: TokenClaims
		): string \| null {
		if (idTokenClaims) {
		const tenantId =
		idTokenClaims.tid \|\| idTokenClaims.tfp \|\| idTokenClaims.acr;
		return tenantId \|\| null;
		}
		return null;
		}

src/authority/Authority.ts

		@@ -1069,8 +1069,8 @@ /*
		return (
		authority &&
		UrlString.getDomainFromUrl(authority).toLowerCase() ===
		this.hostnameAndPort
		this.hostnameAndPort
		);
		}
		);

		return matches.length > 0;
		@@ -1257,2 +1257,29 @@ }

		/**
		* Extract tenantId from authority
		*/
		export function getTenantFromAuthorityString(
		authority: string
		): string \| undefined {
		const authorityUrl = new UrlString(authority);
		const authorityUrlComponents = authorityUrl.getUrlComponents();
		/**
		* For credential matching purposes, tenantId is the last path segment of the authority URL:
		* AAD Authority - domain/tenantId -> Credentials are cached with realm = tenantId
		* B2C Authority - domain/{tenantId}?/.../policy -> Credentials are cached with realm = policy
		* tenantId is downcased because B2C policies can have mixed case but tfp claim is downcased
		*/
		const tenantId =
		authorityUrlComponents.PathSegments.slice(-1)[0].toLowerCase();

		switch (tenantId) {
		case AADAuthorityConstants.COMMON:
		case AADAuthorityConstants.ORGANIZATIONS:
		case AADAuthorityConstants.CONSUMERS:
		return undefined;
		default:
		return tenantId;
		}
		}

		export function formatAuthorityUri(authorityUri: string): string {
		@@ -1259,0 +1286,0 @@ return authorityUri.endsWith(Constants.FORWARD_SLASH)

117

src/cache/entities/AccountEntity.ts

		@@ -6,8 +6,12 @@ /*

		import { Separators, CacheAccountType, Constants } from "../../utils/Constants";
		import { CacheAccountType, Separators } from "../../utils/Constants";
		import { Authority } from "../../authority/Authority";
		import { ICrypto } from "../../crypto/ICrypto";
		import { buildClientInfo } from "../../account/ClientInfo";
		import { AccountInfo } from "../../account/AccountInfo";
		import { ClientInfo, buildClientInfo } from "../../account/ClientInfo";
		import {
		AccountInfo,
		TenantProfile,
		buildTenantProfileFromIdTokenClaims,
		} from "../../account/AccountInfo";
		import {
		createClientAuthError,
		@@ -18,3 +22,6 @@ ClientAuthErrorCodes,
		import { Logger } from "../../logger/Logger";
		import { TokenClaims } from "../../account/TokenClaims";
		import {
		TokenClaims,
		getTenantIdFromIdTokenClaims,
		} from "../../account/TokenClaims";
		import { ProtocolMode } from "../../authority/ProtocolMode";
		@@ -40,4 +47,4 @@
		* lastModificationApp:
		* idTokenClaims: Object containing claims parsed from ID token
		* nativeAccountId: Account identifier on the native device
		* tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
		* }
		@@ -59,4 +66,4 @@ * @internal
		msGraphHost?: string;
		idTokenClaims?: TokenClaims;
		nativeAccountId?: string;
		tenantProfiles?: Array<TenantProfile>;

		@@ -95,5 +102,10 @@ /**
		name: this.name,
		idTokenClaims: this.idTokenClaims,
		nativeAccountId: this.nativeAccountId,
		authorityType: this.authorityType,
		// Deserialize tenant profiles array into a Map
		tenantProfiles: new Map(
		(this.tenantProfiles \|\| []).map((tenantProfile) => {
		return [tenantProfile.tenantId, tenantProfile];
		})
		),
		};
		@@ -103,2 +115,9 @@ }
		/**
		* Returns true if the account entity is in single tenant format (outdated), false otherwise
		*/
		isSingleTenant(): boolean {
		return !this.tenantProfiles;
		}

		/**
		* Generates account key from interface
		@@ -108,6 +127,7 @@ * @param accountInterface
		static generateAccountCacheKey(accountInterface: AccountInfo): string {
		const homeTenantId = accountInterface.homeAccountId.split(".")[1];
		const accountKey = [
		accountInterface.homeAccountId,
		accountInterface.environment \|\| Constants.EMPTY_STRING,
		accountInterface.tenantId \|\| Constants.EMPTY_STRING,
		accountInterface.environment \|\| "",
		homeTenantId \|\| accountInterface.tenantId \|\| "",
		];
		@@ -131,4 +151,6 @@
		nativeAccountId?: string;
		tenantProfiles?: Array<TenantProfile>;
		},
		authority: Authority
		authority: Authority,
		base64Decode?: (input: string) => string
		): AccountEntity {
		@@ -145,2 +167,11 @@ const account: AccountEntity = new AccountEntity();

		let clientInfo: ClientInfo \| undefined;

		if (accountDetails.clientInfo && base64Decode) {
		clientInfo = buildClientInfo(
		accountDetails.clientInfo,
		base64Decode
		);
		}

		account.clientInfo = accountDetails.clientInfo;
		@@ -163,9 +194,12 @@ account.homeAccountId = accountDetails.homeAccountId;
		account.realm =
		accountDetails.idTokenClaims.tid \|\| Constants.EMPTY_STRING;
		clientInfo?.utid \|\|
		getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) \|\|
		"";

		// How do you account for MSA CID here?
		account.localAccountId =
		clientInfo?.uid \|\|
		accountDetails.idTokenClaims.oid \|\|
		accountDetails.idTokenClaims.sub \|\|
		Constants.EMPTY_STRING;
		"";

		@@ -184,3 +218,3 @@ /*

		account.username = preferredUsername \|\| email \|\| Constants.EMPTY_STRING;
		account.username = preferredUsername \|\| email \|\| "";
		account.name = accountDetails.idTokenClaims.name;
		@@ -191,2 +225,16 @@

		if (accountDetails.tenantProfiles) {
		account.tenantProfiles = accountDetails.tenantProfiles;
		} else {
		const tenantProfiles = [];
		if (accountDetails.idTokenClaims) {
		const tenantProfile = buildTenantProfileFromIdTokenClaims(
		accountDetails.homeAccountId,
		accountDetails.idTokenClaims
		);
		tenantProfiles.push(tenantProfile);
		}
		account.tenantProfiles = tenantProfiles;
		}

		return account;
		@@ -223,2 +271,6 @@ }
		account.msGraphHost = msGraphHost;
		// Serialize tenant profiles map into an array
		account.tenantProfiles = Array.from(
		accountInfo.tenantProfiles?.values() \|\| []
		);

		@@ -240,27 +292,26 @@ return account;
		): string {
		const accountId = idTokenClaims?.sub
		? idTokenClaims.sub
		: Constants.EMPTY_STRING;

		// since ADFS does not have tid and does not set client_info
		// since ADFS/DSTS do not have tid and does not set client_info
		if (
		authType === AuthorityType.Adfs \|\|
		authType === AuthorityType.Dsts
		!(
		authType === AuthorityType.Adfs \|\|
		authType === AuthorityType.Dsts
		)
		) {
		return accountId;
		// for cases where there is clientInfo
		if (serverClientInfo) {
		try {
		const clientInfo = buildClientInfo(
		serverClientInfo,
		cryptoObj.base64Decode
		);
		if (clientInfo.uid && clientInfo.utid) {
		return `${clientInfo.uid}.${clientInfo.utid}`;
		}
		} catch (e) {}
		}
		logger.warning("No client info in response");
		}

		// for cases where there is clientInfo
		if (serverClientInfo) {
		try {
		const clientInfo = buildClientInfo(serverClientInfo, cryptoObj);
		if (clientInfo.uid && clientInfo.utid) {
		return `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`;
		}
		} catch (e) {}
		}

		// default to "sub" claim
		logger.verbose("No client info in response");
		return accountId;
		return idTokenClaims?.sub \|\| "";
		}
		@@ -267,0 +318,0 @@

src/cache/entities/RefreshTokenEntity.ts

		@@ -11,4 +11,2 @@ /*
		*/
		export type RefreshTokenEntity = CredentialEntity & {
		expiresOn?: string;
		};
		export type RefreshTokenEntity = CredentialEntity;

src/cache/utils/CacheHelpers.ts

		@@ -171,4 +171,3 @@ /*
		familyId?: string,
		userAssertionHash?: string,
		expiresOn?: string
		userAssertionHash?: string
		): RefreshTokenEntity {
		@@ -191,6 +190,2 @@ const rtEntity: RefreshTokenEntity = {

		if (expiresOn) {
		rtEntity.expiresOn = expiresOn;
		}

		return rtEntity;
		@@ -197,0 +192,0 @@ }

src/cache/utils/CacheTypes.ts

		@@ -63,4 +63,15 @@ /*
		sid?: string;
		isHomeTenant?: boolean;
		};

		export type TenantProfileFilter = Pick<
		AccountFilter,
		\| "localAccountId"
		\| "loginHint"
		\| "name"
		\| "sid"
		\| "isHomeTenant"
		\| "username"
		>;

		/**
		@@ -67,0 +78,0 @@ * Credential: <home_account_id>-<environment>-<credential_type>-<client_id>-<realm>-<target>-<scheme>

src/client/AuthorizationCodeClient.ts

		@@ -16,5 +16,5 @@ /*
		Separators,
		AADServerParamKeys,
		HeaderNames,
		} from "../utils/Constants";
		import * as AADServerParamKeys from "../constants/AADServerParamKeys";
		import {
		@@ -165,4 +165,3 @@ ClientConfiguration,
		undefined,
		requestId,
		(TimeUtils.nowSeconds() + 24 * 60 * 60).toString()
		requestId
		);
		@@ -260,3 +259,3 @@ }
		request.clientInfo,
		this.cryptoUtils
		this.cryptoUtils.base64Decode
		);
		@@ -428,3 +427,3 @@ ccsCredential = {
		request.clientInfo,
		this.cryptoUtils
		this.cryptoUtils.base64Decode
		);
		@@ -431,0 +430,0 @@ ccsCred = {

src/client/RefreshTokenClient.ts

		@@ -20,4 +20,4 @@ /*
		HeaderNames,
		AADServerParamKeys,
		} from "../utils/Constants";
		import * as AADServerParamKeys from "../constants/AADServerParamKeys";
		import { ResponseHandler } from "../response/ResponseHandler";
		@@ -106,4 +106,3 @@ import { AuthenticationResult } from "../response/AuthenticationResult";
		request.forceCache,
		requestId,
		request.expiresOn
		requestId
		);
		@@ -146,3 +145,3 @@ }
		try {
		return invokeAsync(
		return await invokeAsync(
		this.acquireTokenWithCachedRefreshToken.bind(this),
		@@ -222,12 +221,2 @@ PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken,
		}

		if (
		request.enableRTExpiryCheck &&
		refreshToken.expiresOn &&
		Number(refreshToken.expiresOn) < TimeUtils.nowSeconds() + 5 * 60
		) {
		throw createInteractionRequiredAuthError(
		InteractionRequiredAuthErrorCodes.refreshTokenExpired
		);
		}
		// attach cached RT size to the current measurement
		@@ -244,3 +233,2 @@
		},
		expiresOn: refreshToken.expiresOn,
		};
		@@ -247,0 +235,0 @@

src/client/SilentFlowClient.ts

		@@ -234,3 +234,3 @@ /*

		return await ResponseHandler.generateAuthenticationResult(
		return ResponseHandler.generateAuthenticationResult(
		this.cryptoUtils,
		@@ -237,0 +237,0 @@ this.authority,

src/crypto/PopTokenGenerator.ts

		@@ -143,3 +143,3 @@ /*
		const resourceUrlComponents = resourceUrlString?.getUrlComponents();
		return await this.cryptoUtils.signJwt(
		return this.cryptoUtils.signJwt(
		{
		@@ -146,0 +146,0 @@ at: payload,

src/error/InteractionRequiredAuthError.ts

		@@ -31,4 +31,2 @@ /*
		"No refresh token found in the cache. Please sign-in.",
		[InteractionRequiredAuthErrorCodes.refreshTokenExpired]:
		"Refresh token has expired.",
		[InteractionRequiredAuthErrorCodes.nativeAccountUnavailable]:
		@@ -35,0 +33,0 @@ "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",

src/error/InteractionRequiredAuthErrorCodes.ts

		@@ -9,3 +9,2 @@ /*
		export const nativeAccountUnavailable = "native_account_unavailable";
		export const refreshTokenExpired = "refresh_token_expired";

		@@ -12,0 +11,0 @@ // Codes potentially returned by server

src/index.ts

		@@ -31,5 +31,15 @@ /*
		// Account
		export { AccountInfo, ActiveAccountFilters } from "./account/AccountInfo";
		export {
		AccountInfo,
		ActiveAccountFilters,
		TenantProfile,
		updateAccountTenantProfileData,
		tenantIdMatchesHomeTenant,
		buildTenantProfileFromIdTokenClaims,
		} from "./account/AccountInfo";
		export * as AuthToken from "./account/AuthToken";
		export { TokenClaims } from "./account/TokenClaims";
		export {
		TokenClaims,
		getTenantIdFromIdTokenClaims,
		} from "./account/TokenClaims";
		export { TokenClaims as IdTokenClaims } from "./account/TokenClaims";
		@@ -140,3 +150,6 @@ export { CcsCredential, CcsCredentialType } from "./account/CcsCredential";
		} from "./response/DeviceCodeResponse";
		export { ResponseHandler } from "./response/ResponseHandler";
		export {
		ResponseHandler,
		buildAccountToCache,
		} from "./response/ResponseHandler";
		export { ScopeSet } from "./request/ScopeSet";
		@@ -186,3 +199,2 @@ export { AuthenticationHeaderParser } from "./request/AuthenticationHeaderParser";
		CodeChallengeMethodValues,
		SSOTypes,
		PasswordGrantConstants,
		@@ -192,3 +204,2 @@ ThrottlingConstants,
		HeaderNames,
		AADServerParamKeys,
		Errors,
		@@ -202,2 +213,3 @@ THE_FAMILY_ID,
		} from "./utils/Constants";
		export * as AADServerParamKeys from "./constants/AADServerParamKeys";
		export { StringUtils } from "./utils/StringUtils";
		@@ -204,0 +216,0 @@ export { StringDict } from "./utils/MsalTypes";

src/packageMetadata.ts

		/* eslint-disable header/header */
		export const name = "@azure/msal-common";
		export const version = "14.4.1-beta.1";
		export const version = "14.5.0";

src/request/CommonRefreshTokenRequest.ts

		@@ -24,3 +24,2 @@ /*
		refreshToken: string;
		expiresOn?: string;
		ccsCredential?: CcsCredential;
		@@ -27,0 +26,0 @@ forceCache?: boolean;

src/request/CommonSilentFlowRequest.ts

		@@ -26,3 +26,2 @@ /*
		tokenBodyParameters?: StringDict;
		enableRTExpiryCheck?: boolean;
		};

src/request/RequestParameterBuilder.ts

		@@ -7,6 +7,4 @@ /*
		import {
		AADServerParamKeys,
		Constants,
		ResponseMode,
		SSOTypes,
		CLIENT_INFO,
		@@ -20,2 +18,3 @@ AuthenticationScheme,
		} from "../utils/Constants";
		import * as AADServerParamKeys from "../constants/AADServerParamKeys";
		import { ScopeSet } from "./ScopeSet";
		@@ -166,3 +165,3 @@ import {
		this.parameters.set(
		SSOTypes.DOMAIN_HINT,
		AADServerParamKeys.DOMAIN_HINT,
		encodeURIComponent(domainHint)
		@@ -177,3 +176,6 @@ );
		addLoginHint(loginHint: string): void {
		this.parameters.set(SSOTypes.LOGIN_HINT, encodeURIComponent(loginHint));
		this.parameters.set(
		AADServerParamKeys.LOGIN_HINT,
		encodeURIComponent(loginHint)
		);
		}
		@@ -208,3 +210,3 @@
		addSid(sid: string): void {
		this.parameters.set(SSOTypes.SID, encodeURIComponent(sid));
		this.parameters.set(AADServerParamKeys.SID, encodeURIComponent(sid));
		}
		@@ -211,0 +213,0 @@

122

src/response/ResponseHandler.ts

		@@ -45,4 +45,11 @@ /*
		import { checkMaxAge, extractTokenClaims } from "../account/AuthToken";
		import { TokenClaims } from "../account/TokenClaims";
		import { AccountInfo } from "../account/AccountInfo";
		import {
		TokenClaims,
		getTenantIdFromIdTokenClaims,
		} from "../account/TokenClaims";
		import {
		AccountInfo,
		buildTenantProfileFromIdTokenClaims,
		updateAccountTenantProfileData,
		} from "../account/AccountInfo";
		import * as CacheHelpers from "../cache/utils/CacheHelpers";
		@@ -249,4 +256,3 @@
		forceCacheRefreshTokenResponse?: boolean,
		serverRequestId?: string,
		rtExpiresOn?: string
		serverRequestId?: string
		): Promise<AuthenticationResult> {
		@@ -317,4 +323,3 @@ this.performanceClient?.addQueueMeasurement(
		userAssertionHash,
		authCodePayload,
		rtExpiresOn
		authCodePayload
		);
		@@ -345,3 +350,3 @@ let cacheContext;
		const key = cacheRecord.account.generateAccountKey();
		const account = this.cacheStorage.getAccount(key);
		const account = this.cacheStorage.getAccount(key, this.logger);
		if (!account) {
		@@ -351,3 +356,3 @@ this.logger.warning(
		);
		return ResponseHandler.generateAuthenticationResult(
		return await ResponseHandler.generateAuthenticationResult(
		this.cryptoObj,
		@@ -381,2 +386,3 @@ authority,
		}

		return ResponseHandler.generateAuthenticationResult(
		@@ -408,4 +414,3 @@ this.cryptoObj,
		userAssertionHash?: string,
		authCodePayload?: AuthorizationCodePayload,
		rtExpiresOn?: string
		authCodePayload?: AuthorizationCodePayload
		): CacheRecord {
		@@ -419,2 +424,4 @@ const env = authority.getPreferredCache();

		const claimsTenantId = getTenantIdFromIdTokenClaims(idTokenClaims);

		// IdToken: non AAD scenarios can have empty realm
		@@ -429,14 +436,16 @@ let cachedIdToken: IdTokenEntity \| undefined;
		this.clientId,
		idTokenClaims.tid \|\| ""
		claimsTenantId \|\| ""
		);

		cachedAccount = AccountEntity.createAccount(
		{
		homeAccountId: this.homeAccountIdentifier,
		idTokenClaims: idTokenClaims,
		clientInfo: serverTokenResponse.client_info,
		cloudGraphHostName: authCodePayload?.cloud_graph_host_name,
		msGraphHost: authCodePayload?.msgraph_host,
		},
		authority
		cachedAccount = buildAccountToCache(
		this.cacheStorage,
		authority,
		this.homeAccountIdentifier,
		idTokenClaims,
		this.cryptoObj.base64Decode,
		serverTokenResponse.client_info,
		claimsTenantId,
		authCodePayload,
		undefined,
		this.logger
		);
		@@ -483,3 +492,3 @@ }
		this.clientId,
		idTokenClaims?.tid \|\| authority.tenant,
		claimsTenantId \|\| authority.tenant,
		responseScopes.printScopes(),
		@@ -507,4 +516,3 @@ tokenExpirationSeconds,
		serverTokenResponse.foci,
		userAssertionHash,
		rtExpiresOn
		userAssertionHash
		);
		@@ -614,6 +622,7 @@ }
		const accountInfo: AccountInfo \| null = cacheRecord.account
		? {
		...cacheRecord.account.getAccountInfo(),
		idTokenClaims,
		}
		? updateAccountTenantProfileData(
		cacheRecord.account.getAccountInfo(),
		undefined, // tenantProfile optional
		idTokenClaims
		)
		: null;
		@@ -652,1 +661,60 @@
		}

		export function buildAccountToCache(
		cacheStorage: CacheManager,
		authority: Authority,
		homeAccountId: string,
		idTokenClaims: TokenClaims,
		base64Decode: (input: string) => string,
		clientInfo?: string,
		claimsTenantId?: string \| null,
		authCodePayload?: AuthorizationCodePayload,
		nativeAccountId?: string,
		logger?: Logger
		): AccountEntity {
		logger?.verbose("setCachedAccount called");

		// Check if base account is already cached
		const accountKeys = cacheStorage.getAccountKeys();
		const baseAccountKey = accountKeys.find((accountKey: string) => {
		return accountKey.startsWith(homeAccountId);
		});

		let cachedAccount: AccountEntity \| null = null;
		if (baseAccountKey) {
		cachedAccount = cacheStorage.getAccount(baseAccountKey, logger);
		}

		const baseAccount =
		cachedAccount \|\|
		AccountEntity.createAccount(
		{
		homeAccountId: homeAccountId,
		idTokenClaims: idTokenClaims,
		clientInfo: clientInfo,
		cloudGraphHostName: authCodePayload?.cloud_graph_host_name,
		msGraphHost: authCodePayload?.msgraph_host,
		nativeAccountId: nativeAccountId,
		},
		authority,
		base64Decode
		);

		const tenantProfiles = baseAccount.tenantProfiles \|\| [];

		if (
		claimsTenantId &&
		!tenantProfiles.find((tenantProfile) => {
		return tenantProfile.tenantId === claimsTenantId;
		})
		) {
		const newTenantProfile = buildTenantProfileFromIdTokenClaims(
		homeAccountId,
		idTokenClaims
		);
		tenantProfiles.push(newTenantProfile);
		}
		baseAccount.tenantProfiles = tenantProfiles;

		return baseAccount;
		}

src/utils/Constants.ts

		@@ -126,58 +126,2 @@ /*
		/**
		* Keys in the hashParams sent by AAD Server
		*/
		export const AADServerParamKeys = {
		CLIENT_ID: "client_id",
		REDIRECT_URI: "redirect_uri",
		RESPONSE_TYPE: "response_type",
		RESPONSE_MODE: "response_mode",
		GRANT_TYPE: "grant_type",
		CLAIMS: "claims",
		SCOPE: "scope",
		ERROR: "error",
		ERROR_DESCRIPTION: "error_description",
		ACCESS_TOKEN: "access_token",
		ID_TOKEN: "id_token",
		REFRESH_TOKEN: "refresh_token",
		EXPIRES_IN: "expires_in",
		STATE: "state",
		NONCE: "nonce",
		PROMPT: "prompt",
		SESSION_STATE: "session_state",
		CLIENT_INFO: "client_info",
		CODE: "code",
		CODE_CHALLENGE: "code_challenge",
		CODE_CHALLENGE_METHOD: "code_challenge_method",
		CODE_VERIFIER: "code_verifier",
		CLIENT_REQUEST_ID: "client-request-id",
		X_CLIENT_SKU: "x-client-SKU",
		X_CLIENT_VER: "x-client-VER",
		X_CLIENT_OS: "x-client-OS",
		X_CLIENT_CPU: "x-client-CPU",
		X_CLIENT_CURR_TELEM: "x-client-current-telemetry",
		X_CLIENT_LAST_TELEM: "x-client-last-telemetry",
		X_MS_LIB_CAPABILITY: "x-ms-lib-capability",
		X_APP_NAME: "x-app-name",
		X_APP_VER: "x-app-ver",
		POST_LOGOUT_URI: "post_logout_redirect_uri",
		ID_TOKEN_HINT: "id_token_hint",
		DEVICE_CODE: "device_code",
		CLIENT_SECRET: "client_secret",
		CLIENT_ASSERTION: "client_assertion",
		CLIENT_ASSERTION_TYPE: "client_assertion_type",
		TOKEN_TYPE: "token_type",
		REQ_CNF: "req_cnf",
		OBO_ASSERTION: "assertion",
		REQUESTED_TOKEN_USE: "requested_token_use",
		ON_BEHALF_OF: "on_behalf_of",
		FOCI: "foci",
		CCS_HEADER: "X-AnchorMailbox",
		RETURN_SPA_CODE: "return_spa_code",
		NATIVE_BROKER: "nativebroker",
		LOGOUT_HINT: "logout_hint",
		} as const;
		export type AADServerParamKeys =
		(typeof AADServerParamKeys)[keyof typeof AADServerParamKeys];

		/**
		* Claims request keys
		@@ -207,18 +151,2 @@ */
		/**
		* SSO Types - generated to populate hints
		*/
		export const SSOTypes = {
		ACCOUNT: "account",
		SID: "sid",
		LOGIN_HINT: "login_hint",
		ID_TOKEN: "id_token",
		DOMAIN_HINT: "domain_hint",
		ORGANIZATIONS: "organizations",
		CONSUMERS: "consumers",
		ACCOUNT_ID: "accountIdentifier",
		HOMEACCOUNT_ID: "homeAccountIdentifier",
		} as const;
		export type SSOTypes = (typeof SSOTypes)[keyof typeof SSOTypes];

		/**
		* allowed values for codeVerifier
		@@ -225,0 +153,0 @@ */

dist/account/AccountInfo.d.ts.map