@azure/msal-node - npm Package Compare versions

Comparing version 2.10.0 to 2.11.0

dist/client/ClientAssertion.d.ts

		@@ -10,2 +10,3 @@ import { CryptoProvider } from "../crypto/CryptoProvider.js";
		private thumbprint;
		private useSha256;
		private expirationTime;
		@@ -21,2 +22,3 @@ private issuer;
		/**
		* @deprecated Use fromCertificateWithSha256Thumbprint instead, with a SHA-256 thumprint
		* Initialize the ClientAssertion class from the certificate passed by the user
		@@ -29,2 +31,9 @@ * @param thumbprint - identifier of a certificate
		/**
		* Initialize the ClientAssertion class from the certificate passed by the user
		* @param thumbprint - identifier of a certificate
		* @param privateKey - secret key
		* @param publicCertificate - electronic document provided to prove the ownership of the public key
		*/
		static fromCertificateWithSha256Thumbprint(thumbprint: string, privateKey: string, publicCertificate?: string): ClientAssertion;
		/**
		* Update JWT for certificate based clientAssertion, if passed by the user, uses it as is
		@@ -31,0 +40,0 @@ * @param cryptoProvider - library's crypto helper

dist/config/Configuration.d.ts

		@@ -13,3 +13,3 @@ /// <reference types="node" />
		* - clientAssertion - A ClientAssertion object containing an assertion string or a callback function that returns an assertion string that the application uses when requesting a token, as well as the assertion's type (urn:ietf:params:oauth:client-assertion-type:jwt-bearer). Only used in confidential client applications.
		* - clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 thumbprint of the certificiate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )
		* - clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 or SHA-256 thumbprint of the certificate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )
		* - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
		@@ -25,3 +25,8 @@ * - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.
		clientCertificate?: {
		thumbprint: string;
		/**
		* @deprecated Use thumbprintSha2 property instead. Thumbprint needs to be computed with SHA-256 algorithm.
		* SHA-1 is only needed for backwards compatibility with older versions of ADFS.
		*/
		thumbprint?: string;
		thumbprintSha256?: string;
		privateKey: string;
		@@ -28,0 +33,0 @@ x5c?: string;

dist/error/NodeAuthError.d.ts

		@@ -34,2 +34,6 @@ import { AuthError } from "@azure/msal-common";
		};
		thumbprintMissing: {
		code: string;
		desc: string;
		};
		};
		@@ -66,3 +70,7 @@ export declare class NodeAuthError extends AuthError {
		static createStateNotFoundError(): NodeAuthError;
		/**
		* Creates an error thrown when client certificate was provided, but neither the SHA-1 or SHA-256 thumbprints were provided
		*/
		static createThumbprintMissingError(): NodeAuthError;
		}
		//# sourceMappingURL=NodeAuthError.d.ts.map

dist/packageMetadata.d.ts

		export declare const name = "@azure/msal-node";
		export declare const version = "2.10.0";
		export declare const version = "2.11.0";
		//# sourceMappingURL=packageMetadata.d.ts.map

dist/utils/Constants.d.ts

		@@ -123,2 +123,3 @@ export declare const AUTHORIZATION_HEADER_NAME: string;
		RSA_256: string;
		X5T_256: string;
		X5T: string;
		@@ -125,0 +126,0 @@ X5C: string;

package.json

		{
		"$schema": "https://json.schemastore.org/package.json",
		"name": "@azure/msal-node",
		"version": "2.10.0",
		"version": "2.11.0",
		"author": {
		@@ -6,0 +6,0 @@ "name": "Microsoft",

src/client/ClientAssertion.ts

		@@ -25,2 +25,3 @@ /*
		private thumbprint: string;
		private useSha256: boolean;
		private expirationTime: number;
		@@ -42,2 +43,3 @@ private issuer: string;
		/**
		* @deprecated Use fromCertificateWithSha256Thumbprint instead, with a SHA-256 thumprint
		* Initialize the ClientAssertion class from the certificate passed by the user
		@@ -56,2 +58,3 @@ * @param thumbprint - identifier of a certificate
		clientAssertion.thumbprint = thumbprint;
		clientAssertion.useSha256 = false;
		if (publicCertificate) {
		@@ -65,2 +68,24 @@ clientAssertion.publicCertificate =
		/**
		* Initialize the ClientAssertion class from the certificate passed by the user
		* @param thumbprint - identifier of a certificate
		* @param privateKey - secret key
		* @param publicCertificate - electronic document provided to prove the ownership of the public key
		*/
		public static fromCertificateWithSha256Thumbprint(
		thumbprint: string,
		privateKey: string,
		publicCertificate?: string
		): ClientAssertion {
		const clientAssertion = new ClientAssertion();
		clientAssertion.privateKey = privateKey;
		clientAssertion.thumbprint = thumbprint;
		clientAssertion.useSha256 = true;
		if (publicCertificate) {
		clientAssertion.publicCertificate =
		this.parseCertificate(publicCertificate);
		}
		return clientAssertion;
		}

		/**
		* Update JWT for certificate based clientAssertion, if passed by the user, uses it as is
		@@ -116,8 +141,17 @@ * @param cryptoProvider - library's crypto helper
		alg: JwtConstants.RSA_256,
		x5t: EncodingUtils.base64EncodeUrl(this.thumbprint, "hex"),
		};

		const thumbprintHeader = this.useSha256
		? JwtConstants.X5T_256
		: JwtConstants.X5T;
		Object.assign(header, {
		[thumbprintHeader]: EncodingUtils.base64EncodeUrl(
		this.thumbprint,
		"hex"
		),
		} as Partial<jwt.JwtHeader>);

		if (this.publicCertificate) {
		Object.assign(header, {
		x5c: this.publicCertificate,
		[JwtConstants.X5C]: this.publicCertificate,
		} as Partial<jwt.JwtHeader>);
		@@ -124,0 +158,0 @@ }

src/client/ConfidentialClientApplication.ts

		@@ -22,3 +22,2 @@ /*
		AuthError,
		Constants,
		IAppTokenProvider,
		@@ -71,3 +70,3 @@ OIDC_DEFAULT_SCOPES,
		super(configuration);
		this.setClientCredential(this.config);
		this.setClientCredential();
		this.appTokenProvider = undefined;
		@@ -223,11 +222,9 @@ }

		private setClientCredential(configuration: Configuration): void {
		const clientSecretNotEmpty = !!configuration.auth.clientSecret;
		const clientAssertionNotEmpty = !!configuration.auth.clientAssertion;
		const certificate = configuration.auth.clientCertificate \|\| {
		thumbprint: Constants.EMPTY_STRING,
		privateKey: Constants.EMPTY_STRING,
		};
		private setClientCredential(): void {
		const clientSecretNotEmpty = !!this.config.auth.clientSecret;
		const clientAssertionNotEmpty = !!this.config.auth.clientAssertion;
		const certificateNotEmpty =
		!!certificate.thumbprint \|\| !!certificate.privateKey;
		(!!this.config.auth.clientCertificate.thumbprint \|\|
		!!this.config.auth.clientCertificate.thumbprintSha256) &&
		!!this.config.auth.clientCertificate.privateKey;

		@@ -253,10 +250,10 @@ /*

		if (configuration.auth.clientSecret) {
		this.clientSecret = configuration.auth.clientSecret;
		if (this.config.auth.clientSecret) {
		this.clientSecret = this.config.auth.clientSecret;
		return;
		}

		if (configuration.auth.clientAssertion) {
		if (this.config.auth.clientAssertion) {
		this.developerProvidedClientAssertion =
		configuration.auth.clientAssertion;
		this.config.auth.clientAssertion;
		return;
		@@ -270,9 +267,17 @@ }
		} else {
		this.clientAssertion = ClientAssertion.fromCertificate(
		certificate.thumbprint,
		certificate.privateKey,
		configuration.auth.clientCertificate?.x5c
		);
		this.clientAssertion = !!this.config.auth.clientCertificate
		.thumbprintSha256
		? ClientAssertion.fromCertificateWithSha256Thumbprint(
		this.config.auth.clientCertificate.thumbprintSha256,
		this.config.auth.clientCertificate.privateKey,
		this.config.auth.clientCertificate.x5c
		)
		: ClientAssertion.fromCertificate(
		// guaranteed to be a string, due to prior error checking in this function
		this.config.auth.clientCertificate.thumbprint as string,
		this.config.auth.clientCertificate.privateKey,
		this.config.auth.clientCertificate.x5c
		);
		}
		}
		}

src/config/Configuration.ts

		@@ -30,2 +30,3 @@ /*
		import { HttpClientWithRetries } from "../network/HttpClientWithRetries.js";
		import { NodeAuthError } from "../error/NodeAuthError.js";

		@@ -38,3 +39,3 @@ /**
		* - clientAssertion - A ClientAssertion object containing an assertion string or a callback function that returns an assertion string that the application uses when requesting a token, as well as the assertion's type (urn:ietf:params:oauth:client-assertion-type:jwt-bearer). Only used in confidential client applications.
		* - clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 thumbprint of the certificiate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )
		* - clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 or SHA-256 thumbprint of the certificate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )
		* - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
		@@ -50,3 +51,8 @@ * - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.
		clientCertificate?: {
		thumbprint: string;
		/**
		* @deprecated Use thumbprintSha2 property instead. Thumbprint needs to be computed with SHA-256 algorithm.
		* SHA-1 is only needed for backwards compatibility with older versions of ADFS.
		*/
		thumbprint?: string;
		thumbprintSha256?: string;
		privateKey: string;
		@@ -144,2 +150,3 @@ x5c?: string;
		thumbprint: Constants.EMPTY_STRING,
		thumbprintSha256: Constants.EMPTY_STRING,
		privateKey: Constants.EMPTY_STRING,
		@@ -224,2 +231,11 @@ x5c: Constants.EMPTY_STRING,

		// if client certificate was provided, ensure that at least one of the SHA-1 or SHA-256 thumbprints were provided
		if (
		!!auth.clientCertificate &&
		!!!auth.clientCertificate.thumbprint &&
		!!!auth.clientCertificate.thumbprintSha256
		) {
		throw NodeAuthError.createStateNotFoundError();
		}

		return {
		@@ -226,0 +242,0 @@ auth: { ...DEFAULT_AUTH_OPTIONS, ...auth },

src/error/NodeAuthError.ts

		@@ -40,2 +40,6 @@ /*
		},
		thumbprintMissing: {
		code: "thumbprint_missing_from_client_certificate",
		desc: "Client certificate does not contain a SHA-1 or SHA-256 thumbprint.",
		},
		};
		@@ -118,2 +122,12 @@
		}

		/**
		* Creates an error thrown when client certificate was provided, but neither the SHA-1 or SHA-256 thumbprints were provided
		*/
		static createThumbprintMissingError(): NodeAuthError {
		return new NodeAuthError(
		NodeAuthErrorMessage.thumbprintMissing.code,
		NodeAuthErrorMessage.thumbprintMissing.desc
		);
		}
		}

src/packageMetadata.ts

		/* eslint-disable header/header */
		export const name = "@azure/msal-node";
		export const version = "2.10.0";
		export const version = "2.11.0";

src/utils/Constants.ts

		@@ -149,2 +149,3 @@ /*
		RSA_256: "RS256",
		X5T_256: "x5t#S256",
		X5T: "x5t",
		@@ -151,0 +152,0 @@ X5C: "x5c",

dist/cache/distributed/DistributedCachePlugin.cjs