setup
parent
5f2b208d42
commit
74155de8f3
|
@ -0,0 +1,31 @@
|
||||||
|
cmake_minimum_required(VERSION 3.25)
|
||||||
|
project(LookAtMySuitBot)
|
||||||
|
|
||||||
|
option(ENABLE_ADDRSAN "Enable the address sanitizer" OFF)
|
||||||
|
option(ENABLE_UBSAN "Enable the ub sanitizer" OFF)
|
||||||
|
option(ENABLE_TSAN "Enable the thread data race sanitizer" OFF)
|
||||||
|
|
||||||
|
set(CMAKE_CXX_STANDARD 17)
|
||||||
|
|
||||||
|
include_directories(include/)
|
||||||
|
file(GLOB_RECURSE PROJECT_BUILD_FILES "${CMAKE_CURRENT_SOURCE_DIR}/src/*.cpp")
|
||||||
|
|
||||||
|
add_executable(LookAtMySuitBot ${PROJECT_BUILD_FILES})
|
||||||
|
|
||||||
|
target_compile_options(LookAtMySuitBot PRIVATE -Wall -Wextra -Werror -Wpedantic -Wno-comment)
|
||||||
|
target_link_options(LookAtMySuitBot PRIVATE -Wall -Wextra -Werror -Wpedantic -Wno-comment)
|
||||||
|
|
||||||
|
if (${ENABLE_ADDRSAN} MATCHES ON)
|
||||||
|
target_compile_options(LookAtMySuitBot PRIVATE -fsanitize=address)
|
||||||
|
target_link_options(LookAtMySuitBot PRIVATE -fsanitize=address)
|
||||||
|
endif ()
|
||||||
|
|
||||||
|
if (${ENABLE_UBSAN} MATCHES ON)
|
||||||
|
target_compile_options(LookAtMySuitBot PRIVATE -fsanitize=undefined)
|
||||||
|
target_link_options(LookAtMySuitBot PRIVATE -fsanitize=undefined)
|
||||||
|
endif ()
|
||||||
|
|
||||||
|
if (${ENABLE_TSAN} MATCHES ON)
|
||||||
|
target_compile_options(LookAtMySuitBot PRIVATE -fsanitize=thread)
|
||||||
|
target_link_options(LookAtMySuitBot PRIVATE -fsanitize=thread)
|
||||||
|
endif ()
|
|
@ -1 +0,0 @@
|
||||||
../nearley/bin/nearley-railroad.js
|
|
|
@ -1 +0,0 @@
|
||||||
../nearley/bin/nearley-test.js
|
|
|
@ -1 +0,0 @@
|
||||||
../nearley/bin/nearley-unparse.js
|
|
|
@ -1 +0,0 @@
|
||||||
../nearley/bin/nearleyc.js
|
|
|
@ -1 +0,0 @@
|
||||||
../protodef-validator/cli.js
|
|
|
@ -1 +0,0 @@
|
||||||
../rc/cli.js
|
|
|
@ -1 +0,0 @@
|
||||||
../resolve/bin/resolve
|
|
|
@ -1 +0,0 @@
|
||||||
../semver/bin/semver.js
|
|
|
@ -1 +0,0 @@
|
||||||
../uuid/dist/bin/uuid
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,21 +0,0 @@
|
||||||
MIT License
|
|
||||||
|
|
||||||
Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
|
||||||
in the Software without restriction, including without limitation the rights
|
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
copies of the Software, and to permit persons to whom the Software is
|
|
||||||
furnished to do so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice shall be included in all
|
|
||||||
copies or substantial portions of the Software.
|
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
SOFTWARE
|
|
|
@ -1,53 +0,0 @@
|
||||||
# Microsoft Authentication Library for JavaScript (MSAL.js) Common Protocols Package
|
|
||||||
|
|
||||||
[![npm version](https://img.shields.io/npm/v/@azure/msal-common.svg?style=flat)](https://www.npmjs.com/package/@azure/msal-common/)
|
|
||||||
[![npm version](https://img.shields.io/npm/dm/@azure/msal-common.svg)](https://nodei.co/npm/@azure/msal-common/)
|
|
||||||
[![codecov](https://codecov.io/gh/AzureAD/microsoft-authentication-library-for-js/branch/dev/graph/badge.svg?flag=msal-common)](https://codecov.io/gh/AzureAD/microsoft-authentication-library-for-js)
|
|
||||||
|
|
||||||
| <a href="https://docs.microsoft.com/azure/active-directory/develop/guidedsetups/active-directory-javascriptspa" target="_blank">Getting Started</a> | <a href="https://aka.ms/aaddevv2" target="_blank">AAD Docs</a> | <a href="https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html" target="_blank">Library Reference</a> |
|
|
||||||
| --------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
||||||
|
|
||||||
1. [About](#about)
|
|
||||||
2. [FAQ](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/FAQ.md)
|
|
||||||
3. [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/CHANGELOG.md)
|
|
||||||
4. [Releases](#releases)
|
|
||||||
5. [Prerequisites and Usage](#prerequisites-and-usage)
|
|
||||||
6. [Installation](#installation)
|
|
||||||
7. [Security Reporting](#security-reporting)
|
|
||||||
8. [License](#license)
|
|
||||||
9. [Code of Conduct](#we-value-and-adhere-to-the-microsoft-open-source-code-of-conduct)
|
|
||||||
|
|
||||||
## About
|
|
||||||
|
|
||||||
The MSAL library for JavaScript enables client-side JavaScript applications to authenticate users using [Azure AD](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview) work and school accounts (AAD), Microsoft personal accounts (MSA) and social identity providers like Facebook, Google, LinkedIn, Microsoft accounts, etc. through [Azure AD B2C](https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview#identity-providers) service. It also enables your app to get tokens to access [Microsoft Cloud](https://www.microsoft.com/enterprise) services such as [Microsoft Graph](https://graph.microsoft.io).
|
|
||||||
|
|
||||||
The `@azure/msal-common` package described by the code in this folder serves as a common package dependency for the `@azure/msal-browser` package (and in the future, the msal-node package). Be aware that this is an internal library, and is subject to frequent change. **It is not meant for production consumption by itself.**
|
|
||||||
|
|
||||||
## FAQ
|
|
||||||
|
|
||||||
See [here](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/FAQ.md).
|
|
||||||
|
|
||||||
## Prerequisites and Usage
|
|
||||||
|
|
||||||
This library is not meant for production use. Please use one of these packages specific to the platform you are developing for:
|
|
||||||
|
|
||||||
- [MSAL for Single Page Applications (SPAs)](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-browser)
|
|
||||||
- [MSAL for Node.js](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node)
|
|
||||||
|
|
||||||
## Installation
|
|
||||||
|
|
||||||
### Via NPM:
|
|
||||||
|
|
||||||
npm install @azure/msal-common
|
|
||||||
|
|
||||||
## Security Reporting
|
|
||||||
|
|
||||||
If you find a security issue with our libraries or services please report it to [secure@microsoft.com](mailto:secure@microsoft.com) with as much detail as possible. Your submission may be eligible for a bounty through the [Microsoft Bounty](http://aka.ms/bugbounty) program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting [this page](https://technet.microsoft.com/en-us/security/dd252948) and subscribing to Security Advisory Alerts.
|
|
||||||
|
|
||||||
## License
|
|
||||||
|
|
||||||
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License (the "License");
|
|
||||||
|
|
||||||
## We Value and Adhere to the Microsoft Open Source Code of Conduct
|
|
||||||
|
|
||||||
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
|
|
|
@ -1,32 +0,0 @@
|
||||||
import { TokenClaims } from "./TokenClaims";
|
|
||||||
/**
|
|
||||||
* Account object with the following signature:
|
|
||||||
* - homeAccountId - Home account identifier for this account object
|
|
||||||
* - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
|
|
||||||
* - tenantId - Full tenant or organizational id that this account belongs to
|
|
||||||
* - username - preferred_username claim of the id_token that represents this account
|
|
||||||
* - localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases
|
|
||||||
* - name - Full name for the account, including given name and family name
|
|
||||||
* - idToken - raw ID token
|
|
||||||
* - idTokenClaims - Object contains claims from ID token
|
|
||||||
* - nativeAccountId - The user's native account ID
|
|
||||||
*/
|
|
||||||
export type AccountInfo = {
|
|
||||||
homeAccountId: string;
|
|
||||||
environment: string;
|
|
||||||
tenantId: string;
|
|
||||||
username: string;
|
|
||||||
localAccountId: string;
|
|
||||||
name?: string;
|
|
||||||
idToken?: string;
|
|
||||||
idTokenClaims?: TokenClaims & {
|
|
||||||
[key: string]: string | number | string[] | object | undefined | unknown;
|
|
||||||
};
|
|
||||||
nativeAccountId?: string;
|
|
||||||
authorityType?: string;
|
|
||||||
};
|
|
||||||
export type ActiveAccountFilters = {
|
|
||||||
homeAccountId: string;
|
|
||||||
localAccountId: string;
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=AccountInfo.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AccountInfo.d.ts","sourceRoot":"","sources":["../../src/account/AccountInfo.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,WAAW,GAAG;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,WAAW,GAAG;QAC1B,CAAC,GAAG,EAAE,MAAM,GACN,MAAM,GACN,MAAM,GACN,MAAM,EAAE,GACR,MAAM,GACN,SAAS,GACT,OAAO,CAAC;KACjB,CAAC;IACF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;CAC1B,CAAC"}
|
|
|
@ -1,18 +0,0 @@
|
||||||
import { TokenClaims } from "./TokenClaims";
|
|
||||||
/**
|
|
||||||
* Extract token by decoding the rawToken
|
|
||||||
*
|
|
||||||
* @param encodedToken
|
|
||||||
*/
|
|
||||||
export declare function extractTokenClaims(encodedToken: string, base64Decode: (input: string) => string): TokenClaims;
|
|
||||||
/**
|
|
||||||
* decode a JWT
|
|
||||||
*
|
|
||||||
* @param authToken
|
|
||||||
*/
|
|
||||||
export declare function getJWSPayload(authToken: string): string;
|
|
||||||
/**
|
|
||||||
* Determine if the token's max_age has transpired
|
|
||||||
*/
|
|
||||||
export declare function checkMaxAge(authTime: number, maxAge: number): void;
|
|
||||||
//# sourceMappingURL=AuthToken.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthToken.d.ts","sourceRoot":"","sources":["../../src/account/AuthToken.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAM5C;;;;GAIG;AACH,wBAAgB,kBAAkB,CAC9B,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,GACxC,WAAW,CAWb;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAkBvD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAUlE"}
|
|
|
@ -1,66 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
import { createClientAuthError } from '../error/ClientAuthError.mjs';
|
|
||||||
import { tokenParsingError, nullOrEmptyToken, maxAgeTranspired } from '../error/ClientAuthErrorCodes.mjs';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
/**
|
|
||||||
* Extract token by decoding the rawToken
|
|
||||||
*
|
|
||||||
* @param encodedToken
|
|
||||||
*/
|
|
||||||
function extractTokenClaims(encodedToken, base64Decode) {
|
|
||||||
const jswPayload = getJWSPayload(encodedToken);
|
|
||||||
// token will be decoded to get the username
|
|
||||||
try {
|
|
||||||
// base64Decode() should throw an error if there is an issue
|
|
||||||
const base64Decoded = base64Decode(jswPayload);
|
|
||||||
return JSON.parse(base64Decoded);
|
|
||||||
}
|
|
||||||
catch (err) {
|
|
||||||
throw createClientAuthError(tokenParsingError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* decode a JWT
|
|
||||||
*
|
|
||||||
* @param authToken
|
|
||||||
*/
|
|
||||||
function getJWSPayload(authToken) {
|
|
||||||
if (!authToken) {
|
|
||||||
throw createClientAuthError(nullOrEmptyToken);
|
|
||||||
}
|
|
||||||
const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/;
|
|
||||||
const matches = tokenPartsRegex.exec(authToken);
|
|
||||||
if (!matches || matches.length < 4) {
|
|
||||||
throw createClientAuthError(tokenParsingError);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* const crackedToken = {
|
|
||||||
* header: matches[1],
|
|
||||||
* JWSPayload: matches[2],
|
|
||||||
* JWSSig: matches[3],
|
|
||||||
* };
|
|
||||||
*/
|
|
||||||
return matches[2];
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Determine if the token's max_age has transpired
|
|
||||||
*/
|
|
||||||
function checkMaxAge(authTime, maxAge) {
|
|
||||||
/*
|
|
||||||
* per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
|
||||||
* To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,
|
|
||||||
* provide a value of 0 for the max_age parameter and the AS will force a fresh login.
|
|
||||||
*/
|
|
||||||
const fiveMinuteSkew = 300000; // five minutes in milliseconds
|
|
||||||
if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {
|
|
||||||
throw createClientAuthError(maxAgeTranspired);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
export { checkMaxAge, extractTokenClaims, getJWSPayload };
|
|
||||||
//# sourceMappingURL=AuthToken.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthToken.mjs","sources":["../../src/account/AuthToken.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AAKA;AAMA;;;AAIG;AACH;AAgBA;;;;AAIG,IAAA,MAAA,UAAA,GAAA,aAAA,CAAA,YAAA,CAAA,CAAA;AACH;AAoBA,IAAA,IAAA;;AAEG,QAAA,MAAA,aAAA,GAAA,YAAA,CAAA,UAAA,CAAA,CAAA;AACH,QAAgB,OAAA,IAAA,CAAA,KAAA,CAAA,aAAY,CAAA,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
|
|
@ -1,10 +0,0 @@
|
||||||
export type CcsCredential = {
|
|
||||||
credential: string;
|
|
||||||
type: CcsCredentialType;
|
|
||||||
};
|
|
||||||
export declare const CcsCredentialType: {
|
|
||||||
readonly HOME_ACCOUNT_ID: "home_account_id";
|
|
||||||
readonly UPN: "UPN";
|
|
||||||
};
|
|
||||||
export type CcsCredentialType = (typeof CcsCredentialType)[keyof typeof CcsCredentialType];
|
|
||||||
//# sourceMappingURL=CcsCredential.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"CcsCredential.d.ts","sourceRoot":"","sources":["../../src/account/CcsCredential.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,aAAa,GAAG;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,iBAAiB,CAAC;CAC3B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;;CAGpB,CAAC;AACX,MAAM,MAAM,iBAAiB,GACzB,CAAC,OAAO,iBAAiB,CAAC,CAAC,MAAM,OAAO,iBAAiB,CAAC,CAAC"}
|
|
|
@ -1,13 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
const CcsCredentialType = {
|
|
||||||
HOME_ACCOUNT_ID: "home_account_id",
|
|
||||||
UPN: "UPN",
|
|
||||||
};
|
|
||||||
|
|
||||||
export { CcsCredentialType };
|
|
||||||
//# sourceMappingURL=CcsCredential.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"CcsCredential.mjs","sources":["../../src/account/CcsCredential.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKA;;;;AAKA,MAAA,iBAA8B,GAAA;;;;;;;"}
|
|
|
@ -1,15 +0,0 @@
|
||||||
/**
|
|
||||||
* Client Assertion credential for Confidential Clients
|
|
||||||
*/
|
|
||||||
export type ClientAssertion = {
|
|
||||||
assertion: string;
|
|
||||||
assertionType: string;
|
|
||||||
};
|
|
||||||
/**
|
|
||||||
* Client Credentials set for Confidential Clients
|
|
||||||
*/
|
|
||||||
export type ClientCredentials = {
|
|
||||||
clientSecret?: string;
|
|
||||||
clientAssertion?: ClientAssertion;
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=ClientCredentials.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"ClientCredentials.d.ts","sourceRoot":"","sources":["../../src/account/ClientCredentials.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,eAAe,CAAC;CACrC,CAAC"}
|
|
|
@ -1,20 +0,0 @@
|
||||||
import { ICrypto } from "../crypto/ICrypto";
|
|
||||||
/**
|
|
||||||
* Client info object which consists of two IDs. Need to add more info here.
|
|
||||||
*/
|
|
||||||
export type ClientInfo = {
|
|
||||||
uid: string;
|
|
||||||
utid: string;
|
|
||||||
};
|
|
||||||
/**
|
|
||||||
* Function to build a client info object from server clientInfo string
|
|
||||||
* @param rawClientInfo
|
|
||||||
* @param crypto
|
|
||||||
*/
|
|
||||||
export declare function buildClientInfo(rawClientInfo: string, crypto: ICrypto): ClientInfo;
|
|
||||||
/**
|
|
||||||
* Function to build a client info object from cached homeAccountId string
|
|
||||||
* @param homeAccountId
|
|
||||||
*/
|
|
||||||
export declare function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo;
|
|
||||||
//# sourceMappingURL=ClientInfo.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"ClientInfo.d.ts","sourceRoot":"","sources":["../../src/account/ClientInfo.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG5C;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,eAAe,CAC3B,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,OAAO,GAChB,UAAU,CAaZ;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,CAC5C,aAAa,EAAE,MAAM,GACtB,UAAU,CAiBZ"}
|
|
|
@ -1,46 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
import { createClientAuthError } from '../error/ClientAuthError.mjs';
|
|
||||||
import { Separators, Constants } from '../utils/Constants.mjs';
|
|
||||||
import { clientInfoEmptyError, clientInfoDecodingError } from '../error/ClientAuthErrorCodes.mjs';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
/**
|
|
||||||
* Function to build a client info object from server clientInfo string
|
|
||||||
* @param rawClientInfo
|
|
||||||
* @param crypto
|
|
||||||
*/
|
|
||||||
function buildClientInfo(rawClientInfo, crypto) {
|
|
||||||
if (!rawClientInfo) {
|
|
||||||
throw createClientAuthError(clientInfoEmptyError);
|
|
||||||
}
|
|
||||||
try {
|
|
||||||
const decodedClientInfo = crypto.base64Decode(rawClientInfo);
|
|
||||||
return JSON.parse(decodedClientInfo);
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
throw createClientAuthError(clientInfoDecodingError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Function to build a client info object from cached homeAccountId string
|
|
||||||
* @param homeAccountId
|
|
||||||
*/
|
|
||||||
function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
||||||
if (!homeAccountId) {
|
|
||||||
throw createClientAuthError(clientInfoDecodingError);
|
|
||||||
}
|
|
||||||
const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
|
|
||||||
return {
|
|
||||||
uid: clientInfoParts[0],
|
|
||||||
utid: clientInfoParts.length < 2
|
|
||||||
? Constants.EMPTY_STRING
|
|
||||||
: clientInfoParts[1],
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
export { buildClientInfo, buildClientInfoFromHomeAccountId };
|
|
||||||
//# sourceMappingURL=ClientInfo.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"ClientInfo.mjs","sources":["../../src/account/ClientInfo.ts"],"sourcesContent":[null],"names":["ClientAuthErrorCodes.clientInfoEmptyError"],"mappings":";;;;;;AASA;AAGA;;AAEG;;;AAMH;;;;AAIG,IAAA,IAAA,CAAA,aAAA,EAAA;AACH,QAAgB,MAAA,qBAAA,CAAAA,oBAEJ,CAAO,CAChB;AAeH,KAAA;;;AAGG,QAAA,OAAA,IAAA,CAAA,KAAA,CAAA,iBAAA,CAAA,CAAA;AACH,KAAA;;;;;;;;;;;;;;;;;;;;;;;;"}
|
|
|
@ -1,66 +0,0 @@
|
||||||
/**
|
|
||||||
* Type which describes Id Token claims known by MSAL.
|
|
||||||
*/
|
|
||||||
export type TokenClaims = {
|
|
||||||
/**
|
|
||||||
* Audience
|
|
||||||
*/
|
|
||||||
aud?: string;
|
|
||||||
/**
|
|
||||||
* Issuer
|
|
||||||
*/
|
|
||||||
iss?: string;
|
|
||||||
/**
|
|
||||||
* Issued at
|
|
||||||
*/
|
|
||||||
iat?: number;
|
|
||||||
/**
|
|
||||||
* Not valid before
|
|
||||||
*/
|
|
||||||
nbf?: number;
|
|
||||||
/**
|
|
||||||
* Immutable object identifier, this ID uniquely identifies the user across applications
|
|
||||||
*/
|
|
||||||
oid?: string;
|
|
||||||
/**
|
|
||||||
* Immutable subject identifier, this is a pairwise identifier - it is unique to a particular application ID
|
|
||||||
*/
|
|
||||||
sub?: string;
|
|
||||||
/**
|
|
||||||
* Users' tenant or '9188040d-6c67-4c5b-b112-36a304b66dad' for personal accounts.
|
|
||||||
*/
|
|
||||||
tid?: string;
|
|
||||||
ver?: string;
|
|
||||||
upn?: string;
|
|
||||||
preferred_username?: string;
|
|
||||||
login_hint?: string;
|
|
||||||
emails?: string[];
|
|
||||||
name?: string;
|
|
||||||
nonce?: string;
|
|
||||||
/**
|
|
||||||
* Expiration
|
|
||||||
*/
|
|
||||||
exp?: number;
|
|
||||||
home_oid?: string;
|
|
||||||
sid?: string;
|
|
||||||
cloud_instance_host_name?: string;
|
|
||||||
cnf?: {
|
|
||||||
kid: string;
|
|
||||||
};
|
|
||||||
x5c_ca?: string[];
|
|
||||||
ts?: number;
|
|
||||||
at?: string;
|
|
||||||
u?: string;
|
|
||||||
p?: string;
|
|
||||||
m?: string;
|
|
||||||
roles?: string[];
|
|
||||||
amr?: string[];
|
|
||||||
idp?: string;
|
|
||||||
auth_time?: number;
|
|
||||||
/**
|
|
||||||
* Region of the resource tenant
|
|
||||||
*/
|
|
||||||
tenant_region_scope?: string;
|
|
||||||
tenant_region_sub_scope?: string;
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=TokenClaims.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"TokenClaims.d.ts","sourceRoot":"","sources":["../../src/account/TokenClaims.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG;IACtB;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,GAAG,CAAC,EAAE;QACF,GAAG,EAAE,MAAM,CAAC;KACf,CAAC;IACF,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,uBAAuB,CAAC,EAAE,MAAM,CAAC;CACpC,CAAC"}
|
|
|
@ -1,250 +0,0 @@
|
||||||
import { AuthorityType } from "./AuthorityType";
|
|
||||||
import { OpenIdConfigResponse } from "./OpenIdConfigResponse";
|
|
||||||
import { IUri } from "../url/IUri";
|
|
||||||
import { INetworkModule } from "../network/INetworkModule";
|
|
||||||
import { ProtocolMode } from "./ProtocolMode";
|
|
||||||
import { ICacheManager } from "../cache/interface/ICacheManager";
|
|
||||||
import { AuthorityOptions, StaticAuthorityOptions } from "./AuthorityOptions";
|
|
||||||
import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata";
|
|
||||||
import { RegionDiscoveryMetadata } from "./RegionDiscoveryMetadata";
|
|
||||||
import { AzureCloudOptions } from "../config/ClientConfiguration";
|
|
||||||
import { Logger } from "../logger/Logger";
|
|
||||||
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
|
|
||||||
/**
|
|
||||||
* The authority class validates the authority URIs used by the user, and retrieves the OpenID Configuration Data from the
|
|
||||||
* endpoint. It will store the pertinent config data in this object for use during token calls.
|
|
||||||
* @internal
|
|
||||||
*/
|
|
||||||
export declare class Authority {
|
|
||||||
private _canonicalAuthority;
|
|
||||||
private _canonicalAuthorityUrlComponents;
|
|
||||||
protected networkInterface: INetworkModule;
|
|
||||||
protected cacheManager: ICacheManager;
|
|
||||||
private authorityOptions;
|
|
||||||
private metadata;
|
|
||||||
private regionDiscovery;
|
|
||||||
regionDiscoveryMetadata: RegionDiscoveryMetadata;
|
|
||||||
private logger;
|
|
||||||
protected performanceClient: IPerformanceClient | undefined;
|
|
||||||
protected correlationId: string | undefined;
|
|
||||||
private static reservedTenantDomains;
|
|
||||||
constructor(authority: string, networkInterface: INetworkModule, cacheManager: ICacheManager, authorityOptions: AuthorityOptions, logger: Logger, performanceClient?: IPerformanceClient, correlationId?: string);
|
|
||||||
/**
|
|
||||||
* Get {@link AuthorityType}
|
|
||||||
* @param authorityUri {@link IUri}
|
|
||||||
* @private
|
|
||||||
*/
|
|
||||||
private getAuthorityType;
|
|
||||||
get authorityType(): AuthorityType;
|
|
||||||
/**
|
|
||||||
* ProtocolMode enum representing the way endpoints are constructed.
|
|
||||||
*/
|
|
||||||
get protocolMode(): ProtocolMode;
|
|
||||||
/**
|
|
||||||
* Returns authorityOptions which can be used to reinstantiate a new authority instance
|
|
||||||
*/
|
|
||||||
get options(): AuthorityOptions;
|
|
||||||
/**
|
|
||||||
* A URL that is the authority set by the developer
|
|
||||||
*/
|
|
||||||
get canonicalAuthority(): string;
|
|
||||||
/**
|
|
||||||
* Sets canonical authority.
|
|
||||||
*/
|
|
||||||
set canonicalAuthority(url: string);
|
|
||||||
/**
|
|
||||||
* Get authority components.
|
|
||||||
*/
|
|
||||||
get canonicalAuthorityUrlComponents(): IUri;
|
|
||||||
/**
|
|
||||||
* Get hostname and port i.e. login.microsoftonline.com
|
|
||||||
*/
|
|
||||||
get hostnameAndPort(): string;
|
|
||||||
/**
|
|
||||||
* Get tenant for authority.
|
|
||||||
*/
|
|
||||||
get tenant(): string;
|
|
||||||
/**
|
|
||||||
* OAuth /authorize endpoint for requests
|
|
||||||
*/
|
|
||||||
get authorizationEndpoint(): string;
|
|
||||||
/**
|
|
||||||
* OAuth /token endpoint for requests
|
|
||||||
*/
|
|
||||||
get tokenEndpoint(): string;
|
|
||||||
get deviceCodeEndpoint(): string;
|
|
||||||
/**
|
|
||||||
* OAuth logout endpoint for requests
|
|
||||||
*/
|
|
||||||
get endSessionEndpoint(): string;
|
|
||||||
/**
|
|
||||||
* OAuth issuer for requests
|
|
||||||
*/
|
|
||||||
get selfSignedJwtAudience(): string;
|
|
||||||
/**
|
|
||||||
* Jwks_uri for token signing keys
|
|
||||||
*/
|
|
||||||
get jwksUri(): string;
|
|
||||||
/**
|
|
||||||
* Returns a flag indicating that tenant name can be replaced in authority {@link IUri}
|
|
||||||
* @param authorityUri {@link IUri}
|
|
||||||
* @private
|
|
||||||
*/
|
|
||||||
private canReplaceTenant;
|
|
||||||
/**
|
|
||||||
* Replaces tenant in url path with current tenant. Defaults to common.
|
|
||||||
* @param urlString
|
|
||||||
*/
|
|
||||||
private replaceTenant;
|
|
||||||
/**
|
|
||||||
* Replaces path such as tenant or policy with the current tenant or policy.
|
|
||||||
* @param urlString
|
|
||||||
*/
|
|
||||||
private replacePath;
|
|
||||||
/**
|
|
||||||
* The default open id configuration endpoint for any canonical authority.
|
|
||||||
*/
|
|
||||||
protected get defaultOpenIdConfigurationEndpoint(): string;
|
|
||||||
/**
|
|
||||||
* Boolean that returns whethr or not tenant discovery has been completed.
|
|
||||||
*/
|
|
||||||
discoveryComplete(): boolean;
|
|
||||||
/**
|
|
||||||
* Perform endpoint discovery to discover aliases, preferred_cache, preferred_network
|
|
||||||
* and the /authorize, /token and logout endpoints.
|
|
||||||
*/
|
|
||||||
resolveEndpointsAsync(): Promise<void>;
|
|
||||||
/**
|
|
||||||
* Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
|
|
||||||
* from the configured canonical authority
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
private getCurrentMetadataEntity;
|
|
||||||
/**
|
|
||||||
* Updates cached metadata based on metadata source and sets the instance's metadata
|
|
||||||
* property to the same value
|
|
||||||
* @param metadataEntity
|
|
||||||
* @param cloudDiscoverySource
|
|
||||||
* @param endpointMetadataResult
|
|
||||||
*/
|
|
||||||
private updateCachedMetadata;
|
|
||||||
/**
|
|
||||||
* Update AuthorityMetadataEntity with new endpoints and return where the information came from
|
|
||||||
* @param metadataEntity
|
|
||||||
*/
|
|
||||||
private updateEndpointMetadata;
|
|
||||||
/**
|
|
||||||
* Updates endpoint metadata from local sources and returns where the information was retrieved from and the metadata config
|
|
||||||
* response if the source is hardcoded metadata
|
|
||||||
* @param metadataEntity
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
private updateEndpointMetadataFromLocalSources;
|
|
||||||
/**
|
|
||||||
* Compares the number of url components after the domain to determine if the cached
|
|
||||||
* authority metadata can be used for the requested authority. Protects against same domain different
|
|
||||||
* authority such as login.microsoftonline.com/tenant and login.microsoftonline.com/tfp/tenant/policy
|
|
||||||
* @param metadataEntity
|
|
||||||
*/
|
|
||||||
private isAuthoritySameType;
|
|
||||||
/**
|
|
||||||
* Parse authorityMetadata config option
|
|
||||||
*/
|
|
||||||
private getEndpointMetadataFromConfig;
|
|
||||||
/**
|
|
||||||
* Gets OAuth endpoints from the given OpenID configuration endpoint.
|
|
||||||
*
|
|
||||||
* @param hasHardcodedMetadata boolean
|
|
||||||
*/
|
|
||||||
private getEndpointMetadataFromNetwork;
|
|
||||||
/**
|
|
||||||
* Get OAuth endpoints for common authorities.
|
|
||||||
*/
|
|
||||||
private getEndpointMetadataFromHardcodedValues;
|
|
||||||
/**
|
|
||||||
* Update the retrieved metadata with regional information.
|
|
||||||
* User selected Azure region will be used if configured.
|
|
||||||
*/
|
|
||||||
private updateMetadataWithRegionalInformation;
|
|
||||||
/**
|
|
||||||
* Updates the AuthorityMetadataEntity with new aliases, preferred_network and preferred_cache
|
|
||||||
* and returns where the information was retrieved from
|
|
||||||
* @param metadataEntity
|
|
||||||
* @returns AuthorityMetadataSource
|
|
||||||
*/
|
|
||||||
private updateCloudDiscoveryMetadata;
|
|
||||||
private updateCloudDiscoveryMetadataFromLocalSources;
|
|
||||||
/**
|
|
||||||
* Parse cloudDiscoveryMetadata config or check knownAuthorities
|
|
||||||
*/
|
|
||||||
private getCloudDiscoveryMetadataFromConfig;
|
|
||||||
/**
|
|
||||||
* Called to get metadata from network if CloudDiscoveryMetadata was not populated by config
|
|
||||||
*
|
|
||||||
* @param hasHardcodedMetadata boolean
|
|
||||||
*/
|
|
||||||
private getCloudDiscoveryMetadataFromNetwork;
|
|
||||||
/**
|
|
||||||
* Helper function to determine if this host is included in the knownAuthorities config option
|
|
||||||
*/
|
|
||||||
private isInKnownAuthorities;
|
|
||||||
/**
|
|
||||||
* helper function to populate the authority based on azureCloudOptions
|
|
||||||
* @param authorityString
|
|
||||||
* @param azureCloudOptions
|
|
||||||
*/
|
|
||||||
static generateAuthority(authorityString: string, azureCloudOptions?: AzureCloudOptions): string;
|
|
||||||
/**
|
|
||||||
* Creates cloud discovery metadata object from a given host
|
|
||||||
* @param host
|
|
||||||
*/
|
|
||||||
static createCloudDiscoveryMetadataFromHost(host: string): CloudDiscoveryMetadata;
|
|
||||||
/**
|
|
||||||
* helper function to generate environment from authority object
|
|
||||||
*/
|
|
||||||
getPreferredCache(): string;
|
|
||||||
/**
|
|
||||||
* Returns whether or not the provided host is an alias of this authority instance
|
|
||||||
* @param host
|
|
||||||
*/
|
|
||||||
isAlias(host: string): boolean;
|
|
||||||
/**
|
|
||||||
* Returns whether or not the provided host is an alias of a known Microsoft authority for purposes of endpoint discovery
|
|
||||||
* @param host
|
|
||||||
*/
|
|
||||||
isAliasOfKnownMicrosoftAuthority(host: string): boolean;
|
|
||||||
/**
|
|
||||||
* Checks whether the provided host is that of a public cloud authority
|
|
||||||
*
|
|
||||||
* @param authority string
|
|
||||||
* @returns bool
|
|
||||||
*/
|
|
||||||
static isPublicCloudAuthority(host: string): boolean;
|
|
||||||
/**
|
|
||||||
* Rebuild the authority string with the region
|
|
||||||
*
|
|
||||||
* @param host string
|
|
||||||
* @param region string
|
|
||||||
*/
|
|
||||||
static buildRegionalAuthorityString(host: string, region: string, queryString?: string): string;
|
|
||||||
/**
|
|
||||||
* Replace the endpoints in the metadata object with their regional equivalents.
|
|
||||||
*
|
|
||||||
* @param metadata OpenIdConfigResponse
|
|
||||||
* @param azureRegion string
|
|
||||||
*/
|
|
||||||
static replaceWithRegionalInformation(metadata: OpenIdConfigResponse, azureRegion: string): OpenIdConfigResponse;
|
|
||||||
/**
|
|
||||||
* Transform CIAM_AUTHORIY as per the below rules:
|
|
||||||
* If no path segments found and it is a CIAM authority (hostname ends with .ciamlogin.com), then transform it
|
|
||||||
*
|
|
||||||
* NOTE: The transformation path should go away once STS supports CIAM with the format: `tenantIdorDomain.ciamlogin.com`
|
|
||||||
* `ciamlogin.com` can also change in the future and we should accommodate the same
|
|
||||||
*
|
|
||||||
* @param authority
|
|
||||||
*/
|
|
||||||
static transformCIAMAuthority(authority: string): string;
|
|
||||||
}
|
|
||||||
export declare function formatAuthorityUri(authorityUri: string): string;
|
|
||||||
export declare function buildStaticAuthorityOptions(authOptions: Partial<AuthorityOptions>): StaticAuthorityOptions;
|
|
||||||
//# sourceMappingURL=Authority.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"Authority.d.ts","sourceRoot":"","sources":["../../src/authority/Authority.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAEH,oBAAoB,EACvB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAKnC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAiB3D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AAEjE,OAAO,EACH,gBAAgB,EAEhB,sBAAsB,EACzB,MAAM,oBAAoB,CAAC;AAS5B,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AAIjF;;;;GAIG;AACH,qBAAa,SAAS;IAElB,OAAO,CAAC,mBAAmB,CAAY;IAEvC,OAAO,CAAC,gCAAgC,CAAc;IAEtD,SAAS,CAAC,gBAAgB,EAAE,cAAc,CAAC;IAE3C,SAAS,CAAC,YAAY,EAAE,aAAa,CAAC;IAEtC,OAAO,CAAC,gBAAgB,CAAmB;IAE3C,OAAO,CAAC,QAAQ,CAA0B;IAE1C,OAAO,CAAC,eAAe,CAAkB;IAElC,uBAAuB,EAAE,uBAAuB,CAAC;IAExD,OAAO,CAAC,MAAM,CAAS;IAEvB,SAAS,CAAC,iBAAiB,EAAE,kBAAkB,GAAG,SAAS,CAAC;IAE5D,SAAS,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAE5C,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAMjC;gBAGC,SAAS,EAAE,MAAM,EACjB,gBAAgB,EAAE,cAAc,EAChC,YAAY,EAAE,aAAa,EAC3B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,EAAE,MAAM,EACd,iBAAiB,CAAC,EAAE,kBAAkB,EACtC,aAAa,CAAC,EAAE,MAAM;IAuB1B;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAqBxB,IAAW,aAAa,IAAI,aAAa,CAExC;IAED;;OAEG;IACH,IAAW,YAAY,IAAI,YAAY,CAEtC;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,gBAAgB,CAErC;IAED;;OAEG;IACH,IAAW,kBAAkB,IAAI,MAAM,CAEtC;IAED;;OAEG;IACH,IAAW,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAIxC;IAED;;OAEG;IACH,IAAW,+BAA+B,IAAI,IAAI,CAOjD;IAED;;OAEG;IACH,IAAW,eAAe,IAAI,MAAM,CAEnC;IAED;;OAEG;IACH,IAAW,MAAM,IAAI,MAAM,CAE1B;IAED;;OAEG;IACH,IAAW,qBAAqB,IAAI,MAAM,CAQzC;IAED;;OAEG;IACH,IAAW,aAAa,IAAI,MAAM,CAQjC;IAED,IAAW,kBAAkB,IAAI,MAAM,CAUtC;IAED;;OAEG;IACH,IAAW,kBAAkB,IAAI,MAAM,CActC;IAED;;OAEG;IACH,IAAW,qBAAqB,IAAI,MAAM,CAQzC;IAED;;OAEG;IACH,IAAW,OAAO,IAAI,MAAM,CAQ3B;IAED;;;;OAIG;IACH,OAAO,CAAC,gBAAgB;IAWxB;;;OAGG;IACH,OAAO,CAAC,aAAa;IAIrB;;;OAGG;IACH,OAAO,CAAC,WAAW;IA2CnB;;OAEG;IACH,SAAS,KAAK,kCAAkC,IAAI,MAAM,CAWzD;IAED;;OAEG;IACH,iBAAiB,IAAI,OAAO;IAI5B;;;OAGG;IACU,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IA+BnD;;;;OAIG;IACH,OAAO,CAAC,wBAAwB;IAYhC;;;;;;OAMG;IACH,OAAO,CAAC,oBAAoB;IAwB5B;;;OAGG;YACW,sBAAsB;IAwEpC;;;;;OAKG;IACH,OAAO,CAAC,sCAAsC;IA8D9C;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAc3B;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAgBrC;;;;OAIG;YACW,8BAA8B;IA0C5C;;OAEG;IACH,OAAO,CAAC,sCAAsC;IAQ9C;;;OAGG;YACW,qCAAqC;IAwDnD;;;;;OAKG;YACW,4BAA4B;IAiC1C,OAAO,CAAC,4CAA4C;IA8EpD;;OAEG;IACH,OAAO,CAAC,mCAAmC;IA6D3C;;;;OAIG;YACW,oCAAoC;IAqGlD;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAa5B;;;;OAIG;IACH,MAAM,CAAC,iBAAiB,CACpB,eAAe,EAAE,MAAM,EACvB,iBAAiB,CAAC,EAAE,iBAAiB,GACtC,MAAM;IAkBT;;;OAGG;IACH,MAAM,CAAC,oCAAoC,CACvC,IAAI,EAAE,MAAM,GACb,sBAAsB;IAQzB;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAU3B;;;OAGG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI9B;;;OAGG;IACH,gCAAgC,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIvD;;;;;OAKG;IACH,MAAM,CAAC,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIpD;;;;;OAKG;IACH,MAAM,CAAC,4BAA4B,CAC/B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,WAAW,CAAC,EAAE,MAAM,GACrB,MAAM;IAyBT;;;;;OAKG;IACH,MAAM,CAAC,8BAA8B,CACjC,QAAQ,EAAE,oBAAoB,EAC9B,WAAW,EAAE,MAAM,GACpB,oBAAoB;IAyBvB;;;;;;;;OAQG;IACH,MAAM,CAAC,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;CAmB3D;AAED,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAI/D;AAED,wBAAgB,2BAA2B,CACvC,WAAW,EAAE,OAAO,CAAC,gBAAgB,CAAC,GACvC,sBAAsB,CAoBxB"}
|
|
|
@ -1,812 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
import { AuthorityType } from './AuthorityType.mjs';
|
|
||||||
import { isOpenIdConfigResponse } from './OpenIdConfigResponse.mjs';
|
|
||||||
import { UrlString } from '../url/UrlString.mjs';
|
|
||||||
import { createClientAuthError } from '../error/ClientAuthError.mjs';
|
|
||||||
import { Constants, AuthorityMetadataSource, RegionDiscoveryOutcomes, AADAuthorityConstants } from '../utils/Constants.mjs';
|
|
||||||
import { EndpointMetadata, getCloudDiscoveryMetadataFromHardcodedValues, getCloudDiscoveryMetadataFromNetworkResponse, InstanceDiscoveryMetadataAliases } from './AuthorityMetadata.mjs';
|
|
||||||
import { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';
|
|
||||||
import { ProtocolMode } from './ProtocolMode.mjs';
|
|
||||||
import { AuthorityMetadataEntity } from '../cache/entities/AuthorityMetadataEntity.mjs';
|
|
||||||
import { AzureCloudInstance } from './AuthorityOptions.mjs';
|
|
||||||
import { isCloudInstanceDiscoveryResponse } from './CloudInstanceDiscoveryResponse.mjs';
|
|
||||||
import { isCloudInstanceDiscoveryErrorResponse } from './CloudInstanceDiscoveryErrorResponse.mjs';
|
|
||||||
import { RegionDiscovery } from './RegionDiscovery.mjs';
|
|
||||||
import { AuthError } from '../error/AuthError.mjs';
|
|
||||||
import { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';
|
|
||||||
import { invokeAsync } from '../utils/FunctionWrappers.mjs';
|
|
||||||
import { endpointResolutionError, endSessionEndpointNotSupported, openIdConfigError } from '../error/ClientAuthErrorCodes.mjs';
|
|
||||||
import { invalidAuthorityMetadata, untrustedAuthority, invalidCloudDiscoveryMetadata } from '../error/ClientConfigurationErrorCodes.mjs';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
/**
|
|
||||||
* The authority class validates the authority URIs used by the user, and retrieves the OpenID Configuration Data from the
|
|
||||||
* endpoint. It will store the pertinent config data in this object for use during token calls.
|
|
||||||
* @internal
|
|
||||||
*/
|
|
||||||
class Authority {
|
|
||||||
constructor(authority, networkInterface, cacheManager, authorityOptions, logger, performanceClient, correlationId) {
|
|
||||||
this.canonicalAuthority = authority;
|
|
||||||
this._canonicalAuthority.validateAsUri();
|
|
||||||
this.networkInterface = networkInterface;
|
|
||||||
this.cacheManager = cacheManager;
|
|
||||||
this.authorityOptions = authorityOptions;
|
|
||||||
this.regionDiscoveryMetadata = {
|
|
||||||
region_used: undefined,
|
|
||||||
region_source: undefined,
|
|
||||||
region_outcome: undefined,
|
|
||||||
};
|
|
||||||
this.logger = logger;
|
|
||||||
this.performanceClient = performanceClient;
|
|
||||||
this.correlationId = correlationId;
|
|
||||||
this.regionDiscovery = new RegionDiscovery(networkInterface, this.logger, this.performanceClient, this.correlationId);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Get {@link AuthorityType}
|
|
||||||
* @param authorityUri {@link IUri}
|
|
||||||
* @private
|
|
||||||
*/
|
|
||||||
getAuthorityType(authorityUri) {
|
|
||||||
// CIAM auth url pattern is being standardized as: <tenant>.ciamlogin.com
|
|
||||||
if (authorityUri.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) {
|
|
||||||
return AuthorityType.Ciam;
|
|
||||||
}
|
|
||||||
const pathSegments = authorityUri.PathSegments;
|
|
||||||
if (pathSegments.length) {
|
|
||||||
switch (pathSegments[0].toLowerCase()) {
|
|
||||||
case Constants.ADFS:
|
|
||||||
return AuthorityType.Adfs;
|
|
||||||
case Constants.DSTS:
|
|
||||||
return AuthorityType.Dsts;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return AuthorityType.Default;
|
|
||||||
}
|
|
||||||
// See above for AuthorityType
|
|
||||||
get authorityType() {
|
|
||||||
return this.getAuthorityType(this.canonicalAuthorityUrlComponents);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* ProtocolMode enum representing the way endpoints are constructed.
|
|
||||||
*/
|
|
||||||
get protocolMode() {
|
|
||||||
return this.authorityOptions.protocolMode;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Returns authorityOptions which can be used to reinstantiate a new authority instance
|
|
||||||
*/
|
|
||||||
get options() {
|
|
||||||
return this.authorityOptions;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* A URL that is the authority set by the developer
|
|
||||||
*/
|
|
||||||
get canonicalAuthority() {
|
|
||||||
return this._canonicalAuthority.urlString;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Sets canonical authority.
|
|
||||||
*/
|
|
||||||
set canonicalAuthority(url) {
|
|
||||||
this._canonicalAuthority = new UrlString(url);
|
|
||||||
this._canonicalAuthority.validateAsUri();
|
|
||||||
this._canonicalAuthorityUrlComponents = null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Get authority components.
|
|
||||||
*/
|
|
||||||
get canonicalAuthorityUrlComponents() {
|
|
||||||
if (!this._canonicalAuthorityUrlComponents) {
|
|
||||||
this._canonicalAuthorityUrlComponents =
|
|
||||||
this._canonicalAuthority.getUrlComponents();
|
|
||||||
}
|
|
||||||
return this._canonicalAuthorityUrlComponents;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Get hostname and port i.e. login.microsoftonline.com
|
|
||||||
*/
|
|
||||||
get hostnameAndPort() {
|
|
||||||
return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase();
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Get tenant for authority.
|
|
||||||
*/
|
|
||||||
get tenant() {
|
|
||||||
return this.canonicalAuthorityUrlComponents.PathSegments[0];
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* OAuth /authorize endpoint for requests
|
|
||||||
*/
|
|
||||||
get authorizationEndpoint() {
|
|
||||||
if (this.discoveryComplete()) {
|
|
||||||
return this.replacePath(this.metadata.authorization_endpoint);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw createClientAuthError(endpointResolutionError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* OAuth /token endpoint for requests
|
|
||||||
*/
|
|
||||||
get tokenEndpoint() {
|
|
||||||
if (this.discoveryComplete()) {
|
|
||||||
return this.replacePath(this.metadata.token_endpoint);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw createClientAuthError(endpointResolutionError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
get deviceCodeEndpoint() {
|
|
||||||
if (this.discoveryComplete()) {
|
|
||||||
return this.replacePath(this.metadata.token_endpoint.replace("/token", "/devicecode"));
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw createClientAuthError(endpointResolutionError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* OAuth logout endpoint for requests
|
|
||||||
*/
|
|
||||||
get endSessionEndpoint() {
|
|
||||||
if (this.discoveryComplete()) {
|
|
||||||
// ROPC policies may not have end_session_endpoint set
|
|
||||||
if (!this.metadata.end_session_endpoint) {
|
|
||||||
throw createClientAuthError(endSessionEndpointNotSupported);
|
|
||||||
}
|
|
||||||
return this.replacePath(this.metadata.end_session_endpoint);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw createClientAuthError(endpointResolutionError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* OAuth issuer for requests
|
|
||||||
*/
|
|
||||||
get selfSignedJwtAudience() {
|
|
||||||
if (this.discoveryComplete()) {
|
|
||||||
return this.replacePath(this.metadata.issuer);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw createClientAuthError(endpointResolutionError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Jwks_uri for token signing keys
|
|
||||||
*/
|
|
||||||
get jwksUri() {
|
|
||||||
if (this.discoveryComplete()) {
|
|
||||||
return this.replacePath(this.metadata.jwks_uri);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw createClientAuthError(endpointResolutionError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Returns a flag indicating that tenant name can be replaced in authority {@link IUri}
|
|
||||||
* @param authorityUri {@link IUri}
|
|
||||||
* @private
|
|
||||||
*/
|
|
||||||
canReplaceTenant(authorityUri) {
|
|
||||||
return (authorityUri.PathSegments.length === 1 &&
|
|
||||||
!Authority.reservedTenantDomains.has(authorityUri.PathSegments[0]) &&
|
|
||||||
this.getAuthorityType(authorityUri) === AuthorityType.Default &&
|
|
||||||
this.protocolMode === ProtocolMode.AAD);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Replaces tenant in url path with current tenant. Defaults to common.
|
|
||||||
* @param urlString
|
|
||||||
*/
|
|
||||||
replaceTenant(urlString) {
|
|
||||||
return urlString.replace(/{tenant}|{tenantid}/g, this.tenant);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Replaces path such as tenant or policy with the current tenant or policy.
|
|
||||||
* @param urlString
|
|
||||||
*/
|
|
||||||
replacePath(urlString) {
|
|
||||||
let endpoint = urlString;
|
|
||||||
const cachedAuthorityUrl = new UrlString(this.metadata.canonical_authority);
|
|
||||||
const cachedAuthorityUrlComponents = cachedAuthorityUrl.getUrlComponents();
|
|
||||||
const cachedAuthorityParts = cachedAuthorityUrlComponents.PathSegments;
|
|
||||||
const currentAuthorityParts = this.canonicalAuthorityUrlComponents.PathSegments;
|
|
||||||
currentAuthorityParts.forEach((currentPart, index) => {
|
|
||||||
let cachedPart = cachedAuthorityParts[index];
|
|
||||||
if (index === 0 &&
|
|
||||||
this.canReplaceTenant(cachedAuthorityUrlComponents)) {
|
|
||||||
const tenantId = new UrlString(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];
|
|
||||||
/**
|
|
||||||
* Check if AAD canonical authority contains tenant domain name, for example "testdomain.onmicrosoft.com",
|
|
||||||
* by comparing its first path segment to the corresponding authorization endpoint path segment, which is
|
|
||||||
* always resolved with tenant id by OIDC.
|
|
||||||
*/
|
|
||||||
if (cachedPart !== tenantId) {
|
|
||||||
this.logger.verbose(`Replacing tenant domain name ${cachedPart} with id ${tenantId}`);
|
|
||||||
cachedPart = tenantId;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (currentPart !== cachedPart) {
|
|
||||||
endpoint = endpoint.replace(`/${cachedPart}/`, `/${currentPart}/`);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
return this.replaceTenant(endpoint);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* The default open id configuration endpoint for any canonical authority.
|
|
||||||
*/
|
|
||||||
get defaultOpenIdConfigurationEndpoint() {
|
|
||||||
const canonicalAuthorityHost = this.hostnameAndPort;
|
|
||||||
if (this.canonicalAuthority.endsWith("v2.0/") ||
|
|
||||||
this.authorityType === AuthorityType.Adfs ||
|
|
||||||
(this.protocolMode !== ProtocolMode.AAD &&
|
|
||||||
!this.isAliasOfKnownMicrosoftAuthority(canonicalAuthorityHost))) {
|
|
||||||
return `${this.canonicalAuthority}.well-known/openid-configuration`;
|
|
||||||
}
|
|
||||||
return `${this.canonicalAuthority}v2.0/.well-known/openid-configuration`;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Boolean that returns whethr or not tenant discovery has been completed.
|
|
||||||
*/
|
|
||||||
discoveryComplete() {
|
|
||||||
return !!this.metadata;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Perform endpoint discovery to discover aliases, preferred_cache, preferred_network
|
|
||||||
* and the /authorize, /token and logout endpoints.
|
|
||||||
*/
|
|
||||||
async resolveEndpointsAsync() {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityResolveEndpointsAsync, this.correlationId);
|
|
||||||
const metadataEntity = this.getCurrentMetadataEntity();
|
|
||||||
const cloudDiscoverySource = await invokeAsync(this.updateCloudDiscoveryMetadata.bind(this), PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity);
|
|
||||||
this.canonicalAuthority = this.canonicalAuthority.replace(this.hostnameAndPort, metadataEntity.preferred_network);
|
|
||||||
const endpointSource = await invokeAsync(this.updateEndpointMetadata.bind(this), PerformanceEvents.AuthorityUpdateEndpointMetadata, this.logger, this.performanceClient, this.correlationId)(metadataEntity);
|
|
||||||
this.updateCachedMetadata(metadataEntity, cloudDiscoverySource, {
|
|
||||||
source: endpointSource,
|
|
||||||
});
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
|
|
||||||
* from the configured canonical authority
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
getCurrentMetadataEntity() {
|
|
||||||
let metadataEntity = this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);
|
|
||||||
if (!metadataEntity) {
|
|
||||||
metadataEntity = new AuthorityMetadataEntity();
|
|
||||||
metadataEntity.updateCanonicalAuthority(this.canonicalAuthority);
|
|
||||||
}
|
|
||||||
return metadataEntity;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Updates cached metadata based on metadata source and sets the instance's metadata
|
|
||||||
* property to the same value
|
|
||||||
* @param metadataEntity
|
|
||||||
* @param cloudDiscoverySource
|
|
||||||
* @param endpointMetadataResult
|
|
||||||
*/
|
|
||||||
updateCachedMetadata(metadataEntity, cloudDiscoverySource, endpointMetadataResult) {
|
|
||||||
if (cloudDiscoverySource !== AuthorityMetadataSource.CACHE &&
|
|
||||||
endpointMetadataResult?.source !== AuthorityMetadataSource.CACHE) {
|
|
||||||
// Reset the expiration time unless both values came from a successful cache lookup
|
|
||||||
metadataEntity.resetExpiresAt();
|
|
||||||
metadataEntity.updateCanonicalAuthority(this.canonicalAuthority);
|
|
||||||
}
|
|
||||||
const cacheKey = this.cacheManager.generateAuthorityMetadataCacheKey(metadataEntity.preferred_cache);
|
|
||||||
this.cacheManager.setAuthorityMetadata(cacheKey, metadataEntity);
|
|
||||||
this.metadata = metadataEntity;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Update AuthorityMetadataEntity with new endpoints and return where the information came from
|
|
||||||
* @param metadataEntity
|
|
||||||
*/
|
|
||||||
async updateEndpointMetadata(metadataEntity) {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateEndpointMetadata, this.correlationId);
|
|
||||||
const localMetadata = this.updateEndpointMetadataFromLocalSources(metadataEntity);
|
|
||||||
// Further update may be required for hardcoded metadata if regional metadata is preferred
|
|
||||||
if (localMetadata) {
|
|
||||||
if (localMetadata.source ===
|
|
||||||
AuthorityMetadataSource.HARDCODED_VALUES) {
|
|
||||||
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
||||||
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
||||||
if (localMetadata.metadata) {
|
|
||||||
const hardcodedMetadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(localMetadata.metadata);
|
|
||||||
metadataEntity.updateEndpointMetadata(hardcodedMetadata, false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return localMetadata.source;
|
|
||||||
}
|
|
||||||
// Get metadata from network if local sources aren't available
|
|
||||||
let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
||||||
if (metadata) {
|
|
||||||
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
||||||
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
||||||
metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
|
|
||||||
}
|
|
||||||
metadataEntity.updateEndpointMetadata(metadata, true);
|
|
||||||
return AuthorityMetadataSource.NETWORK;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// Metadata could not be obtained from the config, cache, network or hardcoded values
|
|
||||||
throw createClientAuthError(openIdConfigError, this.defaultOpenIdConfigurationEndpoint);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Updates endpoint metadata from local sources and returns where the information was retrieved from and the metadata config
|
|
||||||
* response if the source is hardcoded metadata
|
|
||||||
* @param metadataEntity
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
updateEndpointMetadataFromLocalSources(metadataEntity) {
|
|
||||||
this.logger.verbose("Attempting to get endpoint metadata from authority configuration");
|
|
||||||
const configMetadata = this.getEndpointMetadataFromConfig();
|
|
||||||
if (configMetadata) {
|
|
||||||
this.logger.verbose("Found endpoint metadata in authority configuration");
|
|
||||||
metadataEntity.updateEndpointMetadata(configMetadata, false);
|
|
||||||
return {
|
|
||||||
source: AuthorityMetadataSource.CONFIG,
|
|
||||||
};
|
|
||||||
}
|
|
||||||
this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.");
|
|
||||||
// skipAuthorityMetadataCache is used to bypass hardcoded authority metadata and force a network metadata cache lookup and network metadata request if no cached response is available.
|
|
||||||
if (this.authorityOptions.skipAuthorityMetadataCache) {
|
|
||||||
this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
const hardcodedMetadata = this.getEndpointMetadataFromHardcodedValues();
|
|
||||||
if (hardcodedMetadata) {
|
|
||||||
metadataEntity.updateEndpointMetadata(hardcodedMetadata, false);
|
|
||||||
return {
|
|
||||||
source: AuthorityMetadataSource.HARDCODED_VALUES,
|
|
||||||
metadata: hardcodedMetadata,
|
|
||||||
};
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// Check cached metadata entity expiration status
|
|
||||||
const metadataEntityExpired = metadataEntity.isExpired();
|
|
||||||
if (this.isAuthoritySameType(metadataEntity) &&
|
|
||||||
metadataEntity.endpointsFromNetwork &&
|
|
||||||
!metadataEntityExpired) {
|
|
||||||
// No need to update
|
|
||||||
this.logger.verbose("Found endpoint metadata in the cache.");
|
|
||||||
return { source: AuthorityMetadataSource.CACHE };
|
|
||||||
}
|
|
||||||
else if (metadataEntityExpired) {
|
|
||||||
this.logger.verbose("The metadata entity is expired.");
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Compares the number of url components after the domain to determine if the cached
|
|
||||||
* authority metadata can be used for the requested authority. Protects against same domain different
|
|
||||||
* authority such as login.microsoftonline.com/tenant and login.microsoftonline.com/tfp/tenant/policy
|
|
||||||
* @param metadataEntity
|
|
||||||
*/
|
|
||||||
isAuthoritySameType(metadataEntity) {
|
|
||||||
const cachedAuthorityUrl = new UrlString(metadataEntity.canonical_authority);
|
|
||||||
const cachedParts = cachedAuthorityUrl.getUrlComponents().PathSegments;
|
|
||||||
return (cachedParts.length ===
|
|
||||||
this.canonicalAuthorityUrlComponents.PathSegments.length);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Parse authorityMetadata config option
|
|
||||||
*/
|
|
||||||
getEndpointMetadataFromConfig() {
|
|
||||||
if (this.authorityOptions.authorityMetadata) {
|
|
||||||
try {
|
|
||||||
return JSON.parse(this.authorityOptions.authorityMetadata);
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
throw createClientConfigurationError(invalidAuthorityMetadata);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Gets OAuth endpoints from the given OpenID configuration endpoint.
|
|
||||||
*
|
|
||||||
* @param hasHardcodedMetadata boolean
|
|
||||||
*/
|
|
||||||
async getEndpointMetadataFromNetwork() {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork, this.correlationId);
|
|
||||||
const options = {};
|
|
||||||
/*
|
|
||||||
* TODO: Add a timeout if the authority exists in our library's
|
|
||||||
* hardcoded list of metadata
|
|
||||||
*/
|
|
||||||
const openIdConfigurationEndpoint = this.defaultOpenIdConfigurationEndpoint;
|
|
||||||
this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${openIdConfigurationEndpoint}`);
|
|
||||||
try {
|
|
||||||
const response = await this.networkInterface.sendGetRequestAsync(openIdConfigurationEndpoint, options);
|
|
||||||
const isValidResponse = isOpenIdConfigResponse(response.body);
|
|
||||||
if (isValidResponse) {
|
|
||||||
return response.body;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration`);
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${e}`);
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Get OAuth endpoints for common authorities.
|
|
||||||
*/
|
|
||||||
getEndpointMetadataFromHardcodedValues() {
|
|
||||||
if (this.canonicalAuthority in EndpointMetadata) {
|
|
||||||
return EndpointMetadata[this.canonicalAuthority];
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Update the retrieved metadata with regional information.
|
|
||||||
* User selected Azure region will be used if configured.
|
|
||||||
*/
|
|
||||||
async updateMetadataWithRegionalInformation(metadata) {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation, this.correlationId);
|
|
||||||
const userConfiguredAzureRegion = this.authorityOptions.azureRegionConfiguration?.azureRegion;
|
|
||||||
if (userConfiguredAzureRegion) {
|
|
||||||
if (userConfiguredAzureRegion !==
|
|
||||||
Constants.AZURE_REGION_AUTO_DISCOVER_FLAG) {
|
|
||||||
this.regionDiscoveryMetadata.region_outcome =
|
|
||||||
RegionDiscoveryOutcomes.CONFIGURED_NO_AUTO_DETECTION;
|
|
||||||
this.regionDiscoveryMetadata.region_used =
|
|
||||||
userConfiguredAzureRegion;
|
|
||||||
return Authority.replaceWithRegionalInformation(metadata, userConfiguredAzureRegion);
|
|
||||||
}
|
|
||||||
const autodetectedRegionName = await invokeAsync(this.regionDiscovery.detectRegion.bind(this.regionDiscovery), PerformanceEvents.RegionDiscoveryDetectRegion, this.logger, this.performanceClient, this.correlationId)(this.authorityOptions.azureRegionConfiguration
|
|
||||||
?.environmentRegion, this.regionDiscoveryMetadata);
|
|
||||||
if (autodetectedRegionName) {
|
|
||||||
this.regionDiscoveryMetadata.region_outcome =
|
|
||||||
RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_SUCCESSFUL;
|
|
||||||
this.regionDiscoveryMetadata.region_used =
|
|
||||||
autodetectedRegionName;
|
|
||||||
return Authority.replaceWithRegionalInformation(metadata, autodetectedRegionName);
|
|
||||||
}
|
|
||||||
this.regionDiscoveryMetadata.region_outcome =
|
|
||||||
RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_FAILED;
|
|
||||||
}
|
|
||||||
return metadata;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Updates the AuthorityMetadataEntity with new aliases, preferred_network and preferred_cache
|
|
||||||
* and returns where the information was retrieved from
|
|
||||||
* @param metadataEntity
|
|
||||||
* @returns AuthorityMetadataSource
|
|
||||||
*/
|
|
||||||
async updateCloudDiscoveryMetadata(metadataEntity) {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata, this.correlationId);
|
|
||||||
const localMetadataSource = this.updateCloudDiscoveryMetadataFromLocalSources(metadataEntity);
|
|
||||||
if (localMetadataSource) {
|
|
||||||
return localMetadataSource;
|
|
||||||
}
|
|
||||||
// Fallback to network as metadata source
|
|
||||||
const metadata = await invokeAsync(this.getCloudDiscoveryMetadataFromNetwork.bind(this), PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
||||||
if (metadata) {
|
|
||||||
metadataEntity.updateCloudDiscoveryMetadata(metadata, true);
|
|
||||||
return AuthorityMetadataSource.NETWORK;
|
|
||||||
}
|
|
||||||
// Metadata could not be obtained from the config, cache, network or hardcoded values
|
|
||||||
throw createClientConfigurationError(untrustedAuthority);
|
|
||||||
}
|
|
||||||
updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
|
|
||||||
this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration");
|
|
||||||
this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities ||
|
|
||||||
Constants.NOT_APPLICABLE}`);
|
|
||||||
this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata ||
|
|
||||||
Constants.NOT_APPLICABLE}`);
|
|
||||||
this.logger.verbosePii(`Canonical Authority: ${metadataEntity.canonical_authority || Constants.NOT_APPLICABLE}`);
|
|
||||||
const metadata = this.getCloudDiscoveryMetadataFromConfig();
|
|
||||||
if (metadata) {
|
|
||||||
this.logger.verbose("Found cloud discovery metadata in authority configuration");
|
|
||||||
metadataEntity.updateCloudDiscoveryMetadata(metadata, false);
|
|
||||||
return AuthorityMetadataSource.CONFIG;
|
|
||||||
}
|
|
||||||
// If the cached metadata came from config but that config was not passed to this instance, we must go to hardcoded values
|
|
||||||
this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.");
|
|
||||||
if (this.options.skipAuthorityMetadataCache) {
|
|
||||||
this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
const hardcodedMetadata = getCloudDiscoveryMetadataFromHardcodedValues(this.hostnameAndPort);
|
|
||||||
if (hardcodedMetadata) {
|
|
||||||
this.logger.verbose("Found cloud discovery metadata from hardcoded values.");
|
|
||||||
metadataEntity.updateCloudDiscoveryMetadata(hardcodedMetadata, false);
|
|
||||||
return AuthorityMetadataSource.HARDCODED_VALUES;
|
|
||||||
}
|
|
||||||
this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.");
|
|
||||||
}
|
|
||||||
const metadataEntityExpired = metadataEntity.isExpired();
|
|
||||||
if (this.isAuthoritySameType(metadataEntity) &&
|
|
||||||
metadataEntity.aliasesFromNetwork &&
|
|
||||||
!metadataEntityExpired) {
|
|
||||||
this.logger.verbose("Found cloud discovery metadata in the cache.");
|
|
||||||
// No need to update
|
|
||||||
return AuthorityMetadataSource.CACHE;
|
|
||||||
}
|
|
||||||
else if (metadataEntityExpired) {
|
|
||||||
this.logger.verbose("The metadata entity is expired.");
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Parse cloudDiscoveryMetadata config or check knownAuthorities
|
|
||||||
*/
|
|
||||||
getCloudDiscoveryMetadataFromConfig() {
|
|
||||||
// CIAM does not support cloud discovery metadata
|
|
||||||
if (this.authorityType === AuthorityType.Ciam) {
|
|
||||||
this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host.");
|
|
||||||
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
||||||
}
|
|
||||||
// Check if network response was provided in config
|
|
||||||
if (this.authorityOptions.cloudDiscoveryMetadata) {
|
|
||||||
this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config.");
|
|
||||||
try {
|
|
||||||
this.logger.verbose("Attempting to parse the cloud discovery metadata.");
|
|
||||||
const parsedResponse = JSON.parse(this.authorityOptions.cloudDiscoveryMetadata);
|
|
||||||
const metadata = getCloudDiscoveryMetadataFromNetworkResponse(parsedResponse.metadata, this.hostnameAndPort);
|
|
||||||
this.logger.verbose("Parsed the cloud discovery metadata.");
|
|
||||||
if (metadata) {
|
|
||||||
this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata.");
|
|
||||||
return metadata;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
this.logger.verbose("Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error.");
|
|
||||||
throw createClientConfigurationError(invalidCloudDiscoveryMetadata);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
|
|
||||||
if (this.isInKnownAuthorities()) {
|
|
||||||
this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.");
|
|
||||||
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Called to get metadata from network if CloudDiscoveryMetadata was not populated by config
|
|
||||||
*
|
|
||||||
* @param hasHardcodedMetadata boolean
|
|
||||||
*/
|
|
||||||
async getCloudDiscoveryMetadataFromNetwork() {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork, this.correlationId);
|
|
||||||
const instanceDiscoveryEndpoint = `${Constants.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`;
|
|
||||||
const options = {};
|
|
||||||
/*
|
|
||||||
* TODO: Add a timeout if the authority exists in our library's
|
|
||||||
* hardcoded list of metadata
|
|
||||||
*/
|
|
||||||
let match = null;
|
|
||||||
try {
|
|
||||||
const response = await this.networkInterface.sendGetRequestAsync(instanceDiscoveryEndpoint, options);
|
|
||||||
let typedResponseBody;
|
|
||||||
let metadata;
|
|
||||||
if (isCloudInstanceDiscoveryResponse(response.body)) {
|
|
||||||
typedResponseBody =
|
|
||||||
response.body;
|
|
||||||
metadata = typedResponseBody.metadata;
|
|
||||||
this.logger.verbosePii(`tenant_discovery_endpoint is: ${typedResponseBody.tenant_discovery_endpoint}`);
|
|
||||||
}
|
|
||||||
else if (isCloudInstanceDiscoveryErrorResponse(response.body)) {
|
|
||||||
this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${response.status}`);
|
|
||||||
typedResponseBody =
|
|
||||||
response.body;
|
|
||||||
if (typedResponseBody.error === Constants.INVALID_INSTANCE) {
|
|
||||||
this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance.");
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${typedResponseBody.error}`);
|
|
||||||
this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${typedResponseBody.error_description}`);
|
|
||||||
this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []");
|
|
||||||
metadata = [];
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse");
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request.");
|
|
||||||
match = getCloudDiscoveryMetadataFromNetworkResponse(metadata, this.hostnameAndPort);
|
|
||||||
}
|
|
||||||
catch (error) {
|
|
||||||
if (error instanceof AuthError) {
|
|
||||||
this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.\nError: ${error.errorCode}\nError Description: ${error.errorMessage}`);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
const typedError = error;
|
|
||||||
this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.\nError: ${typedError.name}\nError Description: ${typedError.message}`);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
// Custom Domain scenario, host is trusted because Instance Discovery call succeeded
|
|
||||||
if (!match) {
|
|
||||||
this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request.");
|
|
||||||
this.logger.verbose("Creating custom Authority for custom domain scenario.");
|
|
||||||
match = Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
||||||
}
|
|
||||||
return match;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Helper function to determine if this host is included in the knownAuthorities config option
|
|
||||||
*/
|
|
||||||
isInKnownAuthorities() {
|
|
||||||
const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
|
|
||||||
return (UrlString.getDomainFromUrl(authority).toLowerCase() ===
|
|
||||||
this.hostnameAndPort);
|
|
||||||
});
|
|
||||||
return matches.length > 0;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* helper function to populate the authority based on azureCloudOptions
|
|
||||||
* @param authorityString
|
|
||||||
* @param azureCloudOptions
|
|
||||||
*/
|
|
||||||
static generateAuthority(authorityString, azureCloudOptions) {
|
|
||||||
let authorityAzureCloudInstance;
|
|
||||||
if (azureCloudOptions &&
|
|
||||||
azureCloudOptions.azureCloudInstance !== AzureCloudInstance.None) {
|
|
||||||
const tenant = azureCloudOptions.tenant
|
|
||||||
? azureCloudOptions.tenant
|
|
||||||
: Constants.DEFAULT_COMMON_TENANT;
|
|
||||||
authorityAzureCloudInstance = `${azureCloudOptions.azureCloudInstance}/${tenant}/`;
|
|
||||||
}
|
|
||||||
return authorityAzureCloudInstance
|
|
||||||
? authorityAzureCloudInstance
|
|
||||||
: authorityString;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Creates cloud discovery metadata object from a given host
|
|
||||||
* @param host
|
|
||||||
*/
|
|
||||||
static createCloudDiscoveryMetadataFromHost(host) {
|
|
||||||
return {
|
|
||||||
preferred_network: host,
|
|
||||||
preferred_cache: host,
|
|
||||||
aliases: [host],
|
|
||||||
};
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* helper function to generate environment from authority object
|
|
||||||
*/
|
|
||||||
getPreferredCache() {
|
|
||||||
if (this.discoveryComplete()) {
|
|
||||||
return this.metadata.preferred_cache;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw createClientAuthError(endpointResolutionError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Returns whether or not the provided host is an alias of this authority instance
|
|
||||||
* @param host
|
|
||||||
*/
|
|
||||||
isAlias(host) {
|
|
||||||
return this.metadata.aliases.indexOf(host) > -1;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Returns whether or not the provided host is an alias of a known Microsoft authority for purposes of endpoint discovery
|
|
||||||
* @param host
|
|
||||||
*/
|
|
||||||
isAliasOfKnownMicrosoftAuthority(host) {
|
|
||||||
return InstanceDiscoveryMetadataAliases.has(host);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Checks whether the provided host is that of a public cloud authority
|
|
||||||
*
|
|
||||||
* @param authority string
|
|
||||||
* @returns bool
|
|
||||||
*/
|
|
||||||
static isPublicCloudAuthority(host) {
|
|
||||||
return Constants.KNOWN_PUBLIC_CLOUDS.indexOf(host) >= 0;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Rebuild the authority string with the region
|
|
||||||
*
|
|
||||||
* @param host string
|
|
||||||
* @param region string
|
|
||||||
*/
|
|
||||||
static buildRegionalAuthorityString(host, region, queryString) {
|
|
||||||
// Create and validate a Url string object with the initial authority string
|
|
||||||
const authorityUrlInstance = new UrlString(host);
|
|
||||||
authorityUrlInstance.validateAsUri();
|
|
||||||
const authorityUrlParts = authorityUrlInstance.getUrlComponents();
|
|
||||||
let hostNameAndPort = `${region}.${authorityUrlParts.HostNameAndPort}`;
|
|
||||||
if (this.isPublicCloudAuthority(authorityUrlParts.HostNameAndPort)) {
|
|
||||||
hostNameAndPort = `${region}.${Constants.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`;
|
|
||||||
}
|
|
||||||
// Include the query string portion of the url
|
|
||||||
const url = UrlString.constructAuthorityUriFromObject({
|
|
||||||
...authorityUrlInstance.getUrlComponents(),
|
|
||||||
HostNameAndPort: hostNameAndPort,
|
|
||||||
}).urlString;
|
|
||||||
// Add the query string if a query string was provided
|
|
||||||
if (queryString)
|
|
||||||
return `${url}?${queryString}`;
|
|
||||||
return url;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Replace the endpoints in the metadata object with their regional equivalents.
|
|
||||||
*
|
|
||||||
* @param metadata OpenIdConfigResponse
|
|
||||||
* @param azureRegion string
|
|
||||||
*/
|
|
||||||
static replaceWithRegionalInformation(metadata, azureRegion) {
|
|
||||||
const regionalMetadata = { ...metadata };
|
|
||||||
regionalMetadata.authorization_endpoint =
|
|
||||||
Authority.buildRegionalAuthorityString(regionalMetadata.authorization_endpoint, azureRegion);
|
|
||||||
regionalMetadata.token_endpoint =
|
|
||||||
Authority.buildRegionalAuthorityString(regionalMetadata.token_endpoint, azureRegion);
|
|
||||||
if (regionalMetadata.end_session_endpoint) {
|
|
||||||
regionalMetadata.end_session_endpoint =
|
|
||||||
Authority.buildRegionalAuthorityString(regionalMetadata.end_session_endpoint, azureRegion);
|
|
||||||
}
|
|
||||||
return regionalMetadata;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Transform CIAM_AUTHORIY as per the below rules:
|
|
||||||
* If no path segments found and it is a CIAM authority (hostname ends with .ciamlogin.com), then transform it
|
|
||||||
*
|
|
||||||
* NOTE: The transformation path should go away once STS supports CIAM with the format: `tenantIdorDomain.ciamlogin.com`
|
|
||||||
* `ciamlogin.com` can also change in the future and we should accommodate the same
|
|
||||||
*
|
|
||||||
* @param authority
|
|
||||||
*/
|
|
||||||
static transformCIAMAuthority(authority) {
|
|
||||||
let ciamAuthority = authority;
|
|
||||||
const authorityUrl = new UrlString(authority);
|
|
||||||
const authorityUrlComponents = authorityUrl.getUrlComponents();
|
|
||||||
// check if transformation is needed
|
|
||||||
if (authorityUrlComponents.PathSegments.length === 0 &&
|
|
||||||
authorityUrlComponents.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) {
|
|
||||||
const tenantIdOrDomain = authorityUrlComponents.HostNameAndPort.split(".")[0];
|
|
||||||
ciamAuthority = `${ciamAuthority}${tenantIdOrDomain}${Constants.AAD_TENANT_DOMAIN_SUFFIX}`;
|
|
||||||
}
|
|
||||||
return ciamAuthority;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// Reserved tenant domain names that will not be replaced with tenant id
|
|
||||||
Authority.reservedTenantDomains = new Set([
|
|
||||||
"{tenant}",
|
|
||||||
"{tenantid}",
|
|
||||||
AADAuthorityConstants.COMMON,
|
|
||||||
AADAuthorityConstants.CONSUMERS,
|
|
||||||
AADAuthorityConstants.ORGANIZATIONS,
|
|
||||||
]);
|
|
||||||
function formatAuthorityUri(authorityUri) {
|
|
||||||
return authorityUri.endsWith(Constants.FORWARD_SLASH)
|
|
||||||
? authorityUri
|
|
||||||
: `${authorityUri}${Constants.FORWARD_SLASH}`;
|
|
||||||
}
|
|
||||||
function buildStaticAuthorityOptions(authOptions) {
|
|
||||||
const rawCloudDiscoveryMetadata = authOptions.cloudDiscoveryMetadata;
|
|
||||||
let cloudDiscoveryMetadata = undefined;
|
|
||||||
if (rawCloudDiscoveryMetadata) {
|
|
||||||
try {
|
|
||||||
cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata);
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
throw createClientConfigurationError(invalidCloudDiscoveryMetadata);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return {
|
|
||||||
canonicalAuthority: authOptions.authority
|
|
||||||
? formatAuthorityUri(authOptions.authority)
|
|
||||||
: undefined,
|
|
||||||
knownAuthorities: authOptions.knownAuthorities,
|
|
||||||
cloudDiscoveryMetadata: cloudDiscoveryMetadata,
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
export { Authority, buildStaticAuthorityOptions, formatAuthorityUri };
|
|
||||||
//# sourceMappingURL=Authority.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"Authority.mjs","sources":["../../src/authority/Authority.ts"],"sourcesContent":[null],"names":["ClientAuthErrorCodes.endpointResolutionError"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAKA;AACA;AAKA;AAKA;AAuDI;AAEA;;;;AAQ8B,MAAA,SAAA,CAAA;IAE9B,qBAAuB,EAAA,gBAAA,EAAA,YAAA,EAAA,gBAAA,EAAA,MAAA,EAAA,iBAAA,EAAA,aAAA,EAAA;AAEvB,QAAA,IAAA,CAAS,kBAAkB,GAAoB,SAAA,CAAA;AAE/C,QAAA,IAAA,CAAS,mBAAsB,CAAA,eAAa,CAAA;AAE5C,QAAA,IAAQ,CAAA,gBAAO,GAAA,gBAMZ,CAAA;yBAGU,GAAQ,YACD,CAAA;AA4BpB,QAAA,IAAA,CAAA,gBAAA,GAAA,gBAAA,CAAA;;;;AAIG,YAAA,cAAA,EAAA,SAAA;AACH,SAAA,CAAA;QAqBW,IAAA,CAAA,MAAA,GAAiB,MAAA,CAAA;AAI5B,QAAA,IAAA,CAAA,iBAAA,GAAA,iBAAA,CAAA;;AAEG,QAAA,IAAA,CAAA,eAAA,GAAA,IAAA,eAAA,CAAA,gBAAA,EAAA,IAAA,CAAA,MAAA,EAAA,IAAA,CAAA,iBAAA,EAAA,IAAA,CAAA,aAAA,CAAA,CAAA;KACQ;AAIX;;AAEG;;AAKH;;AAEG;QACQ,IAAA,YAAA,CAAA,eAEV,CAAA,QAAA,CAAA,SAAA,CAAA,aAAA,CAAA,EAAA;AAED,YAAA,OAAA,aAAA,CAAA,IAAA,CAAA;;AAEG,QAAA,MAAA,YAAA,GAAA,YAAA,CAAA,YAAA,CAAA;AACH,QAAW,IAAkB,YAAA,CAAA,MAAI;AAMjC,YAAA,QAAA,YAAA,CAAA,CAAA,CAAA,CAAA,WAAA,EAAA;;AAEG,oBAAA,OAAA,aAAA,CAAA,IAAA,CAAA;gBACQ,KAAA,SAAA,CAAA,IAAA;AASX,oBAAA,OAAA,aAAA,CAAA,IAAA,CAAA;aAGW;AAIX,SAAA;;AAEG,KAAA;;AAKH,IAAA,IAAA,aAAA,GAAA;;AAEG,KAAA;;AAWH;;AAEG,IAAA,IAAA,YAAA,GAAA;QACQ,OAAA,IAAA,CAAA,gBAQV,CAAA,YAAA,CAAA;KAEU;AAYX;;AAEG;IACH,IAAW,OAAA,GAAA;AAgBX,QAAA,OAAA,IAAA,CAAA,gBAAA,CAAA;;AAEG;;AAWH;;AAEG,QAAA,OAAA,IAAA,CAAA,mBAAA,CAAA,SAAA,CAAA;KACQ;AAUX;;;;AAIG,QAAA,IAAA,CAAA,mBAAA,GAAA,IAAA,SAAA,CAAA,GAAA,CAAA,CAAA;AACH,QAAA,IAAQ,CAAgB,mBAAA,CAAA,aAAA,EAAA,CAAA;AAWxB,QAAA,IAAA,CAAA,gCAAA,GAAA,IAAA,CAAA;;;AAGG;AACH;AAIA,IAAA,IAAA,+BAAA,GAAA;;;AAGG,gBAAA,IAAA,CAAA,mBAAA,CAAA,gBAAA,EAAA,CAAA;AACH,SAAA;AA2CA,QAAA,OAAA,IAAA,CAAA,gCAAA,CAAA;;AAEG;AACH;AAaA;;AAEG,QAAA,OAAA,IAAA,CAAA,+BAAA,CAAA,eAAA,CAAA,WAAA,EAAA,CAAA;AACH,KAAA;AAIA;;;AAGG,IAAA,IAAA,MAAA,GAAA;AACU,QAAA,OAAA,IAAA,CAAA,+BAAsC,CAAA,YAAA,CAAA,CAAA,CAAA,CAAA;AA+BnD,KAAA;;;;AAIG,IAAA,IAAA,qBAAA,GAAA;AACH,QAAA,IAAQ,IAAwB,CAAA,iBAAA,EAAA,EAAA;AAYhC,YAAA,OAAA,IAAA,CAAA,WAAA,CAAA,IAAA,CAAA,QAAA,CAAA,sBAAA,CAAA,CAAA;;;;;;AAMG;AACH;AAwBA;;;AAGG,YAAA,OAAA,IAAA,CAAA,WAAA,CAAA,IAAA,CAAA,QAAA,CAAA,cAAA,CAAA,CAAA;;AAyEH,aAAA;;;;;AAKG,QAAA,IAAA,IAAA,CAAA,iBAAA,EAAA,EAAA;AACH,YAAQ,OAAsC,IAAA,CAAA,WAAA,CAAA,IAAA,CAAA,QAAA,CAAA,cAAA,CAAA,OAAA,CAAA,QAAA,EAAA,aAAA,CAAA,CAAA,CAAA;AA8D9C,SAAA;;;;;AAKG;AACH;AAcA;;AAEG,QAAA,IAAA,IAAA,CAAA,iBAAA,EAAA,EAAA;AACH;AAgBA,YAAA,IAAA,CAAA,IAAA,CAAA,QAAA,CAAA,oBAAA,EAAA;;;;AAIG,SAAA;aACyC;AA0C5C,YAAA,MAAA,qBAAA,CAAAA,uBAAA,CAAA,CAAA;;AAEG,KAAA;AACH;AAQA;;;AAGG,QAAA,IAAA,IAAA,CAAA,iBAAA,EAAA,EAAA;YACW,OAAqC,IAAA,CAAA,WAAA,CAAA,IAAA,CAAA,QAAA,CAAA,MAAA,CAAA,CAAA;AAwDnD,SAAA;;;;;AAKG;;AAkCH;AA8EA,IAAA,IAAA,OAAA,GAAA;;AAEG,YAAA,OAAA,IAAA,CAAA,WAAA,CAAA,IAAA,CAAA,QAAA,CAAA,QAAA,CAAA,CAAA;AACH,SAAA;AA6DA,aAAA;;;;AAIG;;AAsGH;;AAEG;AACH,IAAA,gBAA4B,CAAA,YAAA,EAAA;AAa5B,QAAA,QAAA,YAAA,CAAA,YAAA,CAAA,MAAA,KAAA,CAAA;;;;AAIG,KAAA;AACH;AAqBA;;;AAGG,IAAA,aAAA,CAAA,SAAA,EAAA;AACH,QAAA,OAA2C,SAAA,CAAA,OAAA,CAAA,sBACjC,EAAA,WACe,CAAA,CAAA;AAQzB,KAAA;;AAEG;AACH;AAUA;;;AAGG,QAAA,MAAA,kBAAA,GAAA,IAAA,SAAA,CAAA,IAAA,CAAA,QAAA,CAAA,mBAAA,CAAA,CAAA;AACH,QAAA,MAAQ,4BAAsB,GAAA,kBAAA,CAAA,gBAAA,EAAA,CAAA;AAI9B,QAAA,MAAA,oBAAA,GAAA,4BAAA,CAAA,YAAA,CAAA;;;AAGG,YAAA,IAAA,UAAA,GAAA,oBAAA,CAAA,KAAA,CAAA,CAAA;AACH,YAAA,IAAA,KAAA,KAAA,CAAA;AAIA,gBAAA,IAAA,CAAA,gBAAA,CAAA,4BAAA,CAAA,EAAA;;;;;AAKG;AACH;AAIA,gBAAA,IAAA,UAAA,KAAA,QAAA,EAAA;;;;;AAKG,YAAA,IAAA,WAAA,KAAA,UAAA,EAAA;AACH,gBAAmC,QAAA,GAAA,QAAA,CAAA,OAC3B,CAAA,CAAA,CAAE,YACN,CAAA,CAAM,CAAE,EAAA,CAAA,CAAA,EAAA,WACG,CAAA,CAAA,CAAA,CAAC,CAAE;AA0BlB,aAAA;;;;;AAKG;;AA6BH,IAAA,IAAA,kCAAA,GAAA;;;;;;;;AAQG,QAAA,OAAA,CAAA,EAAA,IAAA,CAAA,kBAAA,CAAA,qCAAA,CAAA,CAAA;AACH,KAAA;AAmBH;AAED;AAMA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
|
|
@ -1,32 +0,0 @@
|
||||||
import { Authority } from "./Authority";
|
|
||||||
import { INetworkModule } from "../network/INetworkModule";
|
|
||||||
import { ICacheManager } from "../cache/interface/ICacheManager";
|
|
||||||
import { AuthorityOptions } from "./AuthorityOptions";
|
|
||||||
import { Logger } from "../logger/Logger";
|
|
||||||
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
|
|
||||||
/** @internal */
|
|
||||||
export declare class AuthorityFactory {
|
|
||||||
/**
|
|
||||||
* Create an authority object of the correct type based on the url
|
|
||||||
* Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs)
|
|
||||||
*
|
|
||||||
* Also performs endpoint discovery.
|
|
||||||
*
|
|
||||||
* @param authorityUri
|
|
||||||
* @param networkClient
|
|
||||||
* @param protocolMode
|
|
||||||
*/
|
|
||||||
static createDiscoveredInstance(authorityUri: string, networkClient: INetworkModule, cacheManager: ICacheManager, authorityOptions: AuthorityOptions, logger: Logger, performanceClient?: IPerformanceClient, correlationId?: string): Promise<Authority>;
|
|
||||||
/**
|
|
||||||
* Create an authority object of the correct type based on the url
|
|
||||||
* Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs)
|
|
||||||
*
|
|
||||||
* Does not perform endpoint discovery.
|
|
||||||
*
|
|
||||||
* @param authorityUrl
|
|
||||||
* @param networkInterface
|
|
||||||
* @param protocolMode
|
|
||||||
*/
|
|
||||||
static createInstance(authorityUrl: string, networkInterface: INetworkModule, cacheManager: ICacheManager, authorityOptions: AuthorityOptions, logger: Logger, performanceClient?: IPerformanceClient, correlationId?: string): Authority;
|
|
||||||
}
|
|
||||||
//# sourceMappingURL=AuthorityFactory.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthorityFactory.d.ts","sourceRoot":"","sources":["../../src/authority/AuthorityFactory.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,SAAS,EAAsB,MAAM,aAAa,CAAC;AAK5D,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAK3D,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AAIjF,gBAAgB;AAChB,qBAAa,gBAAgB;IACzB;;;;;;;;;OASG;WACU,wBAAwB,CACjC,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,cAAc,EAC7B,YAAY,EAAE,aAAa,EAC3B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,EAAE,MAAM,EACd,iBAAiB,CAAC,EAAE,kBAAkB,EACtC,aAAa,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,SAAS,CAAC;IAuCrB;;;;;;;;;OASG;IACH,MAAM,CAAC,cAAc,CACjB,YAAY,EAAE,MAAM,EACpB,gBAAgB,EAAE,cAAc,EAChC,YAAY,EAAE,aAAa,EAC3B,gBAAgB,EAAE,gBAAgB,EAClC,MAAM,EAAE,MAAM,EACd,iBAAiB,CAAC,EAAE,kBAAkB,EACtC,aAAa,CAAC,EAAE,MAAM,GACvB,SAAS;CAkBf"}
|
|
|
@ -1,60 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
import { Authority, formatAuthorityUri } from './Authority.mjs';
|
|
||||||
import { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';
|
|
||||||
import { createClientAuthError } from '../error/ClientAuthError.mjs';
|
|
||||||
import { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';
|
|
||||||
import { invokeAsync } from '../utils/FunctionWrappers.mjs';
|
|
||||||
import { endpointResolutionError } from '../error/ClientAuthErrorCodes.mjs';
|
|
||||||
import { urlEmptyError } from '../error/ClientConfigurationErrorCodes.mjs';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
/** @internal */
|
|
||||||
class AuthorityFactory {
|
|
||||||
/**
|
|
||||||
* Create an authority object of the correct type based on the url
|
|
||||||
* Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs)
|
|
||||||
*
|
|
||||||
* Also performs endpoint discovery.
|
|
||||||
*
|
|
||||||
* @param authorityUri
|
|
||||||
* @param networkClient
|
|
||||||
* @param protocolMode
|
|
||||||
*/
|
|
||||||
static async createDiscoveredInstance(authorityUri, networkClient, cacheManager, authorityOptions, logger, performanceClient, correlationId) {
|
|
||||||
performanceClient?.addQueueMeasurement(PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance, correlationId);
|
|
||||||
const authorityUriFinal = Authority.transformCIAMAuthority(formatAuthorityUri(authorityUri));
|
|
||||||
// Initialize authority and perform discovery endpoint check.
|
|
||||||
const acquireTokenAuthority = AuthorityFactory.createInstance(authorityUriFinal, networkClient, cacheManager, authorityOptions, logger, performanceClient, correlationId);
|
|
||||||
try {
|
|
||||||
await invokeAsync(acquireTokenAuthority.resolveEndpointsAsync.bind(acquireTokenAuthority), PerformanceEvents.AuthorityResolveEndpointsAsync, logger, performanceClient, correlationId)();
|
|
||||||
return acquireTokenAuthority;
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
throw createClientAuthError(endpointResolutionError);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Create an authority object of the correct type based on the url
|
|
||||||
* Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs)
|
|
||||||
*
|
|
||||||
* Does not perform endpoint discovery.
|
|
||||||
*
|
|
||||||
* @param authorityUrl
|
|
||||||
* @param networkInterface
|
|
||||||
* @param protocolMode
|
|
||||||
*/
|
|
||||||
static createInstance(authorityUrl, networkInterface, cacheManager, authorityOptions, logger, performanceClient, correlationId) {
|
|
||||||
// Throw error if authority url is empty
|
|
||||||
if (!authorityUrl) {
|
|
||||||
throw createClientConfigurationError(urlEmptyError);
|
|
||||||
}
|
|
||||||
return new Authority(authorityUrl, networkInterface, cacheManager, authorityOptions, logger, performanceClient, correlationId);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
export { AuthorityFactory };
|
|
||||||
//# sourceMappingURL=AuthorityFactory.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthorityFactory.mjs","sources":["../../src/authority/AuthorityFactory.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;AAKA;AAKA;AAKA;AACA;;;;;;;;;AAiBO;AACU;AA+Cb;;;;;;;;;AASG,YAAA,OAAA,qBAAA,CAAA;AACH,SAAA;AA0BH,QAAA,OAAA,CAAA,EAAA;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
|
|
@ -1,504 +0,0 @@
|
||||||
import { Logger } from "../logger/Logger";
|
|
||||||
import { AuthorityMetadataSource } from "../utils/Constants";
|
|
||||||
import { StaticAuthorityOptions } from "./AuthorityOptions";
|
|
||||||
import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata";
|
|
||||||
export declare const rawMetdataJSON: {
|
|
||||||
endpointMetadata: {
|
|
||||||
"https://login.microsoftonline.com/common/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.chinacloudapi.cn/common/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.us/common/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.com/consumers/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.chinacloudapi.cn/consumers/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.us/consumers/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.com/organizations/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.chinacloudapi.cn/organizations/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.us/organizations/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
instanceDiscoveryMetadata: {
|
|
||||||
tenant_discovery_endpoint: string;
|
|
||||||
"api-version": string;
|
|
||||||
metadata: {
|
|
||||||
preferred_network: string;
|
|
||||||
preferred_cache: string;
|
|
||||||
aliases: string[];
|
|
||||||
}[];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
export declare const EndpointMetadata: {
|
|
||||||
"https://login.microsoftonline.com/common/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.chinacloudapi.cn/common/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.us/common/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.com/consumers/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.chinacloudapi.cn/consumers/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.us/consumers/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.com/organizations/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.chinacloudapi.cn/organizations/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
"https://login.microsoftonline.us/organizations/": {
|
|
||||||
token_endpoint: string;
|
|
||||||
token_endpoint_auth_methods_supported: string[];
|
|
||||||
jwks_uri: string;
|
|
||||||
response_modes_supported: string[];
|
|
||||||
subject_types_supported: string[];
|
|
||||||
id_token_signing_alg_values_supported: string[];
|
|
||||||
response_types_supported: string[];
|
|
||||||
scopes_supported: string[];
|
|
||||||
issuer: string;
|
|
||||||
request_uri_parameter_supported: boolean;
|
|
||||||
userinfo_endpoint: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
device_authorization_endpoint: string;
|
|
||||||
http_logout_supported: boolean;
|
|
||||||
frontchannel_logout_supported: boolean;
|
|
||||||
end_session_endpoint: string;
|
|
||||||
claims_supported: string[];
|
|
||||||
kerberos_endpoint: string;
|
|
||||||
tenant_region_scope: null;
|
|
||||||
cloud_instance_name: string;
|
|
||||||
cloud_graph_host_name: string;
|
|
||||||
msgraph_host: string;
|
|
||||||
rbac_url: string;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
export declare const InstanceDiscoveryMetadata: {
|
|
||||||
tenant_discovery_endpoint: string;
|
|
||||||
"api-version": string;
|
|
||||||
metadata: {
|
|
||||||
preferred_network: string;
|
|
||||||
preferred_cache: string;
|
|
||||||
aliases: string[];
|
|
||||||
}[];
|
|
||||||
};
|
|
||||||
export declare const InstanceDiscoveryMetadataAliases: Set<String>;
|
|
||||||
/**
|
|
||||||
* Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host
|
|
||||||
* @param staticAuthorityOptions
|
|
||||||
* @param logger
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
export declare function getAliasesFromStaticSources(staticAuthorityOptions: StaticAuthorityOptions, logger?: Logger): string[];
|
|
||||||
/**
|
|
||||||
* Returns aliases for from the raw cloud discovery metadata passed in
|
|
||||||
* @param authorityHost
|
|
||||||
* @param rawCloudDiscoveryMetadata
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
export declare function getAliasesFromMetadata(authorityHost?: string, cloudDiscoveryMetadata?: CloudDiscoveryMetadata[], source?: AuthorityMetadataSource, logger?: Logger): string[] | null;
|
|
||||||
/**
|
|
||||||
* Get cloud discovery metadata for common authorities
|
|
||||||
*/
|
|
||||||
export declare function getCloudDiscoveryMetadataFromHardcodedValues(authorityHost: string): CloudDiscoveryMetadata | null;
|
|
||||||
/**
|
|
||||||
* Searches instance discovery network response for the entry that contains the host in the aliases list
|
|
||||||
* @param response
|
|
||||||
* @param authority
|
|
||||||
*/
|
|
||||||
export declare function getCloudDiscoveryMetadataFromNetworkResponse(response: CloudDiscoveryMetadata[], authorityHost: string): CloudDiscoveryMetadata | null;
|
|
||||||
//# sourceMappingURL=AuthorityMetadata.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthorityMetadata.d.ts","sourceRoot":"","sources":["../../src/authority/AuthorityMetadata.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4kB1B,CAAC;AAEF,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAAkC,CAAC;AAChE,eAAO,MAAM,yBAAyB;;;;;;;;CACM,CAAC;AAE7C,eAAO,MAAM,gCAAgC,EAAE,GAAG,CAAC,MAAM,CAAa,CAAC;AASvE;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACvC,sBAAsB,EAAE,sBAAsB,EAC9C,MAAM,CAAC,EAAE,MAAM,GAChB,MAAM,EAAE,CAwBV;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAClC,aAAa,CAAC,EAAE,MAAM,EACtB,sBAAsB,CAAC,EAAE,sBAAsB,EAAE,EACjD,MAAM,CAAC,EAAE,uBAAuB,EAChC,MAAM,CAAC,EAAE,MAAM,GAChB,MAAM,EAAE,GAAG,IAAI,CAqBjB;AAED;;GAEG;AACH,wBAAgB,4CAA4C,CACxD,aAAa,EAAE,MAAM,GACtB,sBAAsB,GAAG,IAAI,CAM/B;AAED;;;;GAIG;AACH,wBAAgB,4CAA4C,CACxD,QAAQ,EAAE,sBAAsB,EAAE,EAClC,aAAa,EAAE,MAAM,GACtB,sBAAsB,GAAG,IAAI,CAS/B"}
|
|
|
@ -1,611 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
import { UrlString } from '../url/UrlString.mjs';
|
|
||||||
import { AuthorityMetadataSource } from '../utils/Constants.mjs';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
const rawMetdataJSON = {
|
|
||||||
endpointMetadata: {
|
|
||||||
"https://login.microsoftonline.com/common/": {
|
|
||||||
token_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.microsoftonline.com/common/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.microsoftonline.com/{tenantid}/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.microsoftonline.com/common/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "microsoftonline.com",
|
|
||||||
cloud_graph_host_name: "graph.windows.net",
|
|
||||||
msgraph_host: "graph.microsoft.com",
|
|
||||||
rbac_url: "https://pas.windows.net",
|
|
||||||
},
|
|
||||||
"https://login.chinacloudapi.cn/common/": {
|
|
||||||
token_endpoint: "https://login.chinacloudapi.cn/common/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.chinacloudapi.cn/common/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.partner.microsoftonline.cn/{tenantid}/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://microsoftgraph.chinacloudapi.cn/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.chinacloudapi.cn/common/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.chinacloudapi.cn/common/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.chinacloudapi.cn/common/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.chinacloudapi.cn/common/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "partner.microsoftonline.cn",
|
|
||||||
cloud_graph_host_name: "graph.chinacloudapi.cn",
|
|
||||||
msgraph_host: "microsoftgraph.chinacloudapi.cn",
|
|
||||||
rbac_url: "https://pas.chinacloudapi.cn",
|
|
||||||
},
|
|
||||||
"https://login.microsoftonline.us/common/": {
|
|
||||||
token_endpoint: "https://login.microsoftonline.us/common/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.microsoftonline.us/common/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.microsoftonline.us/{tenantid}/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.microsoftonline.us/common/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.microsoftonline.us/common/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.microsoftonline.us/common/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.microsoftonline.us/common/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "microsoftonline.us",
|
|
||||||
cloud_graph_host_name: "graph.windows.net",
|
|
||||||
msgraph_host: "graph.microsoft.com",
|
|
||||||
rbac_url: "https://pasff.usgovcloudapi.net",
|
|
||||||
},
|
|
||||||
"https://login.microsoftonline.com/consumers/": {
|
|
||||||
token_endpoint: "https://login.microsoftonline.com/consumers/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.microsoftonline.com/consumers/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.microsoftonline.com/consumers/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.microsoftonline.com/consumers/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "microsoftonline.com",
|
|
||||||
cloud_graph_host_name: "graph.windows.net",
|
|
||||||
msgraph_host: "graph.microsoft.com",
|
|
||||||
rbac_url: "https://pas.windows.net",
|
|
||||||
},
|
|
||||||
"https://login.chinacloudapi.cn/consumers/": {
|
|
||||||
token_endpoint: "https://login.chinacloudapi.cn/consumers/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.chinacloudapi.cn/consumers/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.partner.microsoftonline.cn/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://microsoftgraph.chinacloudapi.cn/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.chinacloudapi.cn/consumers/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.chinacloudapi.cn/consumers/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.chinacloudapi.cn/consumers/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.chinacloudapi.cn/consumers/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "partner.microsoftonline.cn",
|
|
||||||
cloud_graph_host_name: "graph.chinacloudapi.cn",
|
|
||||||
msgraph_host: "microsoftgraph.chinacloudapi.cn",
|
|
||||||
rbac_url: "https://pas.chinacloudapi.cn",
|
|
||||||
},
|
|
||||||
"https://login.microsoftonline.us/consumers/": {
|
|
||||||
token_endpoint: "https://login.microsoftonline.us/consumers/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.microsoftonline.us/consumers/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.microsoftonline.us/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.microsoftonline.us/consumers/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.microsoftonline.us/consumers/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.microsoftonline.us/consumers/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.microsoftonline.us/consumers/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "microsoftonline.us",
|
|
||||||
cloud_graph_host_name: "graph.windows.net",
|
|
||||||
msgraph_host: "graph.microsoft.com",
|
|
||||||
rbac_url: "https://pasff.usgovcloudapi.net",
|
|
||||||
},
|
|
||||||
"https://login.microsoftonline.com/organizations/": {
|
|
||||||
token_endpoint: "https://login.microsoftonline.com/organizations/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.microsoftonline.com/organizations/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.microsoftonline.com/{tenantid}/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.microsoftonline.com/organizations/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.microsoftonline.com/organizations/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "microsoftonline.com",
|
|
||||||
cloud_graph_host_name: "graph.windows.net",
|
|
||||||
msgraph_host: "graph.microsoft.com",
|
|
||||||
rbac_url: "https://pas.windows.net",
|
|
||||||
},
|
|
||||||
"https://login.chinacloudapi.cn/organizations/": {
|
|
||||||
token_endpoint: "https://login.chinacloudapi.cn/organizations/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.chinacloudapi.cn/organizations/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.partner.microsoftonline.cn/{tenantid}/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://microsoftgraph.chinacloudapi.cn/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.chinacloudapi.cn/organizations/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.chinacloudapi.cn/organizations/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.chinacloudapi.cn/organizations/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.chinacloudapi.cn/organizations/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "partner.microsoftonline.cn",
|
|
||||||
cloud_graph_host_name: "graph.chinacloudapi.cn",
|
|
||||||
msgraph_host: "microsoftgraph.chinacloudapi.cn",
|
|
||||||
rbac_url: "https://pas.chinacloudapi.cn",
|
|
||||||
},
|
|
||||||
"https://login.microsoftonline.us/organizations/": {
|
|
||||||
token_endpoint: "https://login.microsoftonline.us/organizations/oauth2/v2.0/token",
|
|
||||||
token_endpoint_auth_methods_supported: [
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt",
|
|
||||||
"client_secret_basic",
|
|
||||||
],
|
|
||||||
jwks_uri: "https://login.microsoftonline.us/organizations/discovery/v2.0/keys",
|
|
||||||
response_modes_supported: ["query", "fragment", "form_post"],
|
|
||||||
subject_types_supported: ["pairwise"],
|
|
||||||
id_token_signing_alg_values_supported: ["RS256"],
|
|
||||||
response_types_supported: [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"code id_token",
|
|
||||||
"id_token token",
|
|
||||||
],
|
|
||||||
scopes_supported: ["openid", "profile", "email", "offline_access"],
|
|
||||||
issuer: "https://login.microsoftonline.us/{tenantid}/v2.0",
|
|
||||||
request_uri_parameter_supported: false,
|
|
||||||
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo",
|
|
||||||
authorization_endpoint: "https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize",
|
|
||||||
device_authorization_endpoint: "https://login.microsoftonline.us/organizations/oauth2/v2.0/devicecode",
|
|
||||||
http_logout_supported: true,
|
|
||||||
frontchannel_logout_supported: true,
|
|
||||||
end_session_endpoint: "https://login.microsoftonline.us/organizations/oauth2/v2.0/logout",
|
|
||||||
claims_supported: [
|
|
||||||
"sub",
|
|
||||||
"iss",
|
|
||||||
"cloud_instance_name",
|
|
||||||
"cloud_instance_host_name",
|
|
||||||
"cloud_graph_host_name",
|
|
||||||
"msgraph_host",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"auth_time",
|
|
||||||
"acr",
|
|
||||||
"nonce",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"tid",
|
|
||||||
"ver",
|
|
||||||
"at_hash",
|
|
||||||
"c_hash",
|
|
||||||
"email",
|
|
||||||
],
|
|
||||||
kerberos_endpoint: "https://login.microsoftonline.us/organizations/kerberos",
|
|
||||||
tenant_region_scope: null,
|
|
||||||
cloud_instance_name: "microsoftonline.us",
|
|
||||||
cloud_graph_host_name: "graph.windows.net",
|
|
||||||
msgraph_host: "graph.microsoft.com",
|
|
||||||
rbac_url: "https://pasff.usgovcloudapi.net",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
instanceDiscoveryMetadata: {
|
|
||||||
tenant_discovery_endpoint: "https://{canonicalAuthority}/v2.0/.well-known/openid-configuration",
|
|
||||||
"api-version": "1.1",
|
|
||||||
metadata: [
|
|
||||||
{
|
|
||||||
preferred_network: "login.microsoftonline.com",
|
|
||||||
preferred_cache: "login.windows.net",
|
|
||||||
aliases: [
|
|
||||||
"login.microsoftonline.com",
|
|
||||||
"login.windows.net",
|
|
||||||
"login.microsoft.com",
|
|
||||||
"sts.windows.net",
|
|
||||||
],
|
|
||||||
},
|
|
||||||
{
|
|
||||||
preferred_network: "login.partner.microsoftonline.cn",
|
|
||||||
preferred_cache: "login.partner.microsoftonline.cn",
|
|
||||||
aliases: [
|
|
||||||
"login.partner.microsoftonline.cn",
|
|
||||||
"login.chinacloudapi.cn",
|
|
||||||
],
|
|
||||||
},
|
|
||||||
{
|
|
||||||
preferred_network: "login.microsoftonline.de",
|
|
||||||
preferred_cache: "login.microsoftonline.de",
|
|
||||||
aliases: ["login.microsoftonline.de"],
|
|
||||||
},
|
|
||||||
{
|
|
||||||
preferred_network: "login.microsoftonline.us",
|
|
||||||
preferred_cache: "login.microsoftonline.us",
|
|
||||||
aliases: [
|
|
||||||
"login.microsoftonline.us",
|
|
||||||
"login.usgovcloudapi.net",
|
|
||||||
],
|
|
||||||
},
|
|
||||||
{
|
|
||||||
preferred_network: "login-us.microsoftonline.com",
|
|
||||||
preferred_cache: "login-us.microsoftonline.com",
|
|
||||||
aliases: ["login-us.microsoftonline.com"],
|
|
||||||
},
|
|
||||||
],
|
|
||||||
},
|
|
||||||
};
|
|
||||||
const EndpointMetadata = rawMetdataJSON.endpointMetadata;
|
|
||||||
const InstanceDiscoveryMetadata = rawMetdataJSON.instanceDiscoveryMetadata;
|
|
||||||
const InstanceDiscoveryMetadataAliases = new Set();
|
|
||||||
InstanceDiscoveryMetadata.metadata.forEach((metadataEntry) => {
|
|
||||||
metadataEntry.aliases.forEach((alias) => {
|
|
||||||
InstanceDiscoveryMetadataAliases.add(alias);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
/**
|
|
||||||
* Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host
|
|
||||||
* @param staticAuthorityOptions
|
|
||||||
* @param logger
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
function getAliasesFromStaticSources(staticAuthorityOptions, logger) {
|
|
||||||
let staticAliases;
|
|
||||||
const canonicalAuthority = staticAuthorityOptions.canonicalAuthority;
|
|
||||||
if (canonicalAuthority) {
|
|
||||||
const authorityHost = new UrlString(canonicalAuthority).getUrlComponents().HostNameAndPort;
|
|
||||||
staticAliases =
|
|
||||||
getAliasesFromMetadata(authorityHost, staticAuthorityOptions.cloudDiscoveryMetadata?.metadata, AuthorityMetadataSource.CONFIG, logger) ||
|
|
||||||
getAliasesFromMetadata(authorityHost, InstanceDiscoveryMetadata.metadata, AuthorityMetadataSource.HARDCODED_VALUES, logger) ||
|
|
||||||
staticAuthorityOptions.knownAuthorities;
|
|
||||||
}
|
|
||||||
return staticAliases || [];
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Returns aliases for from the raw cloud discovery metadata passed in
|
|
||||||
* @param authorityHost
|
|
||||||
* @param rawCloudDiscoveryMetadata
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
function getAliasesFromMetadata(authorityHost, cloudDiscoveryMetadata, source, logger) {
|
|
||||||
logger?.trace(`getAliasesFromMetadata called with source: ${source}`);
|
|
||||||
if (authorityHost && cloudDiscoveryMetadata) {
|
|
||||||
const metadata = getCloudDiscoveryMetadataFromNetworkResponse(cloudDiscoveryMetadata, authorityHost);
|
|
||||||
if (metadata) {
|
|
||||||
logger?.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${source}, returning aliases`);
|
|
||||||
return metadata.aliases;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
logger?.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${source}`);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Get cloud discovery metadata for common authorities
|
|
||||||
*/
|
|
||||||
function getCloudDiscoveryMetadataFromHardcodedValues(authorityHost) {
|
|
||||||
const metadata = getCloudDiscoveryMetadataFromNetworkResponse(InstanceDiscoveryMetadata.metadata, authorityHost);
|
|
||||||
return metadata;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Searches instance discovery network response for the entry that contains the host in the aliases list
|
|
||||||
* @param response
|
|
||||||
* @param authority
|
|
||||||
*/
|
|
||||||
function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
||||||
for (let i = 0; i < response.length; i++) {
|
|
||||||
const metadata = response[i];
|
|
||||||
if (metadata.aliases.includes(authorityHost)) {
|
|
||||||
return metadata;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
export { EndpointMetadata, InstanceDiscoveryMetadata, InstanceDiscoveryMetadataAliases, getAliasesFromMetadata, getAliasesFromStaticSources, getCloudDiscoveryMetadataFromHardcodedValues, getCloudDiscoveryMetadataFromNetworkResponse, rawMetdataJSON };
|
|
||||||
//# sourceMappingURL=AuthorityMetadata.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthorityMetadata.mjs","sources":["../../src/authority/AuthorityMetadata.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AAKA;AAEA;AACA;AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YA8kBE,gBAAA,EAAA,CAAA,QAAA,EAAA,SAAA,EAAA,OAAA,EAAA,gBAAA,CAAA;AAEF,YAAA,4FAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gBAAmC,KAAA;AAChE,qCAAsC;;;;;;;;gBACO,KAAA;AAE7C,uBAA6C;AAS7C,gBAAA,oBAAA;;;;;AAKG,gBAAA,QAAA;AACH,gBAAA,OAAA;AA6BA,aAAA;;;;;AAKG,YAAA,YAAA,EAAA,qBAAA;AACH,YAAgB,QAAA,EAAA,iCACZ;AA2BJ,SAAA;;AAEG,IAAA,yBAAA,EAAA;AACH,QAAgB,yBAAA,EAAA,oEAEb;AAQH,QAAA,aAAA,EAAA,KAAA;;;;AAIG,gBAAA,eAAA,EAAA,mBAAA;AACH,gBAAA,OAAA,EAA4D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
|
|
@ -1,28 +0,0 @@
|
||||||
import { ProtocolMode } from "./ProtocolMode";
|
|
||||||
import { OIDCOptions } from "./OIDCOptions";
|
|
||||||
import { AzureRegionConfiguration } from "./AzureRegionConfiguration";
|
|
||||||
import { CloudInstanceDiscoveryResponse } from "./CloudInstanceDiscoveryResponse";
|
|
||||||
export type AuthorityOptions = {
|
|
||||||
protocolMode: ProtocolMode;
|
|
||||||
OIDCOptions?: OIDCOptions | null;
|
|
||||||
knownAuthorities: Array<string>;
|
|
||||||
cloudDiscoveryMetadata: string;
|
|
||||||
authorityMetadata: string;
|
|
||||||
skipAuthorityMetadataCache?: boolean;
|
|
||||||
azureRegionConfiguration?: AzureRegionConfiguration;
|
|
||||||
authority?: string;
|
|
||||||
};
|
|
||||||
export type StaticAuthorityOptions = Partial<Pick<AuthorityOptions, "knownAuthorities">> & {
|
|
||||||
canonicalAuthority?: string;
|
|
||||||
cloudDiscoveryMetadata?: CloudInstanceDiscoveryResponse;
|
|
||||||
};
|
|
||||||
export declare const AzureCloudInstance: {
|
|
||||||
readonly None: "none";
|
|
||||||
readonly AzurePublic: "https://login.microsoftonline.com";
|
|
||||||
readonly AzurePpe: "https://login.windows-ppe.net";
|
|
||||||
readonly AzureChina: "https://login.chinacloudapi.cn";
|
|
||||||
readonly AzureGermany: "https://login.microsoftonline.de";
|
|
||||||
readonly AzureUsGovernment: "https://login.microsoftonline.us";
|
|
||||||
};
|
|
||||||
export type AzureCloudInstance = (typeof AzureCloudInstance)[keyof typeof AzureCloudInstance];
|
|
||||||
//# sourceMappingURL=AuthorityOptions.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthorityOptions.d.ts","sourceRoot":"","sources":["../../src/authority/AuthorityOptions.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,8BAA8B,EAAE,MAAM,kCAAkC,CAAC;AAElF,MAAM,MAAM,gBAAgB,GAAG;IAC3B,YAAY,EAAE,YAAY,CAAC;IAC3B,WAAW,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;IACjC,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,wBAAwB,CAAC,EAAE,wBAAwB,CAAC;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG,OAAO,CACxC,IAAI,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAC7C,GAAG;IACA,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;CAC3D,CAAC;AAEF,eAAO,MAAM,kBAAkB;;;;;;;CAkBrB,CAAC;AACX,MAAM,MAAM,kBAAkB,GAC1B,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,OAAO,kBAAkB,CAAC,CAAC"}
|
|
|
@ -1,23 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
const AzureCloudInstance = {
|
|
||||||
// AzureCloudInstance is not specified.
|
|
||||||
None: "none",
|
|
||||||
// Microsoft Azure public cloud
|
|
||||||
AzurePublic: "https://login.microsoftonline.com",
|
|
||||||
// Microsoft PPE
|
|
||||||
AzurePpe: "https://login.windows-ppe.net",
|
|
||||||
// Microsoft Chinese national/regional cloud
|
|
||||||
AzureChina: "https://login.chinacloudapi.cn",
|
|
||||||
// Microsoft German national/regional cloud ("Black Forest")
|
|
||||||
AzureGermany: "https://login.microsoftonline.de",
|
|
||||||
// US Government cloud
|
|
||||||
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
||||||
};
|
|
||||||
|
|
||||||
export { AzureCloudInstance };
|
|
||||||
//# sourceMappingURL=AuthorityOptions.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthorityOptions.mjs","sources":["../../src/authority/AuthorityOptions.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKA;AACA;AACA;AACA;AAEY,wBAAmB,GAAA;;AAE3B,IAAA,IAAA,EAAA,MAAY;AACZ;IACA,WAAsB,EAAA,mCAAS;;IAE/B,QAA0B,EAAA,+BAAW;;IAErC,UAAU,EAAE,gCAAO;;AAGvB,IAAA,YAAY,EAAA,kCACH;;IAGL,iBAAsB,EAAA,kCAAG;;;;;"}
|
|
|
@ -1,11 +0,0 @@
|
||||||
/**
|
|
||||||
* Authority types supported by MSAL.
|
|
||||||
*/
|
|
||||||
export declare const AuthorityType: {
|
|
||||||
readonly Default: 0;
|
|
||||||
readonly Adfs: 1;
|
|
||||||
readonly Dsts: 2;
|
|
||||||
readonly Ciam: 3;
|
|
||||||
};
|
|
||||||
export type AuthorityType = (typeof AuthorityType)[keyof typeof AuthorityType];
|
|
||||||
//# sourceMappingURL=AuthorityType.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthorityType.d.ts","sourceRoot":"","sources":["../../src/authority/AuthorityType.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;CAKhB,CAAC;AACX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,OAAO,aAAa,CAAC,CAAC"}
|
|
|
@ -1,18 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
/**
|
|
||||||
* Authority types supported by MSAL.
|
|
||||||
*/
|
|
||||||
const AuthorityType = {
|
|
||||||
Default: 0,
|
|
||||||
Adfs: 1,
|
|
||||||
Dsts: 2,
|
|
||||||
Ciam: 3,
|
|
||||||
};
|
|
||||||
|
|
||||||
export { AuthorityType };
|
|
||||||
//# sourceMappingURL=AuthorityType.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AuthorityType.mjs","sources":["../../src/authority/AuthorityType.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKA;;AAEG;AACH;;;;;IAKW,OAAA,EAAA,CAAA;AACX,IAAA,IAAY,EAAA,CAAA;;;;;;;"}
|
|
|
@ -1,2 +0,0 @@
|
||||||
export type AzureRegion = string;
|
|
||||||
//# sourceMappingURL=AzureRegion.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AzureRegion.d.ts","sourceRoot":"","sources":["../../src/authority/AzureRegion.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC"}
|
|
6
js/node_modules/@azure/msal-common/dist/authority/AzureRegionConfiguration.d.ts
generated
vendored
6
js/node_modules/@azure/msal-common/dist/authority/AzureRegionConfiguration.d.ts
generated
vendored
|
@ -1,6 +0,0 @@
|
||||||
import { AzureRegion } from "./AzureRegion";
|
|
||||||
export type AzureRegionConfiguration = {
|
|
||||||
azureRegion?: AzureRegion;
|
|
||||||
environmentRegion: string | undefined;
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=AzureRegionConfiguration.d.ts.map
|
|
1
js/node_modules/@azure/msal-common/dist/authority/AzureRegionConfiguration.d.ts.map
generated
vendored
1
js/node_modules/@azure/msal-common/dist/authority/AzureRegionConfiguration.d.ts.map
generated
vendored
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AzureRegionConfiguration.d.ts","sourceRoot":"","sources":["../../src/authority/AzureRegionConfiguration.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAO5C,MAAM,MAAM,wBAAwB,GAAG;IACnC,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,iBAAiB,EAAE,MAAM,GAAG,SAAS,CAAC;CACzC,CAAC"}
|
|
|
@ -1,6 +0,0 @@
|
||||||
export type CloudDiscoveryMetadata = {
|
|
||||||
preferred_network: string;
|
|
||||||
preferred_cache: string;
|
|
||||||
aliases: Array<string>;
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=CloudDiscoveryMetadata.d.ts.map
|
|
1
js/node_modules/@azure/msal-common/dist/authority/CloudDiscoveryMetadata.d.ts.map
generated
vendored
1
js/node_modules/@azure/msal-common/dist/authority/CloudDiscoveryMetadata.d.ts.map
generated
vendored
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"CloudDiscoveryMetadata.d.ts","sourceRoot":"","sources":["../../src/authority/CloudDiscoveryMetadata.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,sBAAsB,GAAG;IACjC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAC1B,CAAC"}
|
|
|
@ -1,14 +0,0 @@
|
||||||
/**
|
|
||||||
* The OpenID Configuration Endpoint Response type. Used by the authority class to get relevant OAuth endpoints.
|
|
||||||
*/
|
|
||||||
export type CloudInstanceDiscoveryErrorResponse = {
|
|
||||||
error: String;
|
|
||||||
error_description: String;
|
|
||||||
error_codes?: Array<Number>;
|
|
||||||
timestamp?: String;
|
|
||||||
trace_id?: String;
|
|
||||||
correlation_id?: String;
|
|
||||||
error_uri?: String;
|
|
||||||
};
|
|
||||||
export declare function isCloudInstanceDiscoveryErrorResponse(response: object): boolean;
|
|
||||||
//# sourceMappingURL=CloudInstanceDiscoveryErrorResponse.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"CloudInstanceDiscoveryErrorResponse.d.ts","sourceRoot":"","sources":["../../src/authority/CloudInstanceDiscoveryErrorResponse.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,wBAAgB,qCAAqC,CACjD,QAAQ,EAAE,MAAM,GACjB,OAAO,CAKT"}
|
|
|
@ -1,13 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
||||||
return (response.hasOwnProperty("error") &&
|
|
||||||
response.hasOwnProperty("error_description"));
|
|
||||||
}
|
|
||||||
|
|
||||||
export { isCloudInstanceDiscoveryErrorResponse };
|
|
||||||
//# sourceMappingURL=CloudInstanceDiscoveryErrorResponse.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"CloudInstanceDiscoveryErrorResponse.mjs","sources":["../../src/authority/CloudInstanceDiscoveryErrorResponse.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKA;;AAEG;AACH;AACS,8CAAS,CAAA,QAAA,EAAA;IACd,QAAiB,QAAA,CAAA,cAAS,CAAA,OAAA,CAAA;AAC1B,QAAA,QAAY,CAAE,cAAa,CAAC,mBAAA,CAAA,EAAA;;;;;"}
|
|
10
js/node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryResponse.d.ts
generated
vendored
10
js/node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryResponse.d.ts
generated
vendored
|
@ -1,10 +0,0 @@
|
||||||
import { CloudDiscoveryMetadata } from "./CloudDiscoveryMetadata";
|
|
||||||
/**
|
|
||||||
* The OpenID Configuration Endpoint Response type. Used by the authority class to get relevant OAuth endpoints.
|
|
||||||
*/
|
|
||||||
export type CloudInstanceDiscoveryResponse = {
|
|
||||||
tenant_discovery_endpoint: string;
|
|
||||||
metadata: Array<CloudDiscoveryMetadata>;
|
|
||||||
};
|
|
||||||
export declare function isCloudInstanceDiscoveryResponse(response: object): boolean;
|
|
||||||
//# sourceMappingURL=CloudInstanceDiscoveryResponse.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"CloudInstanceDiscoveryResponse.d.ts","sourceRoot":"","sources":["../../src/authority/CloudInstanceDiscoveryResponse.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE;;GAEG;AACH,MAAM,MAAM,8BAA8B,GAAG;IACzC,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,EAAE,KAAK,CAAC,sBAAsB,CAAC,CAAC;CAC3C,CAAC;AAEF,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAK1E"}
|
|
13
js/node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryResponse.mjs
generated
vendored
13
js/node_modules/@azure/msal-common/dist/authority/CloudInstanceDiscoveryResponse.mjs
generated
vendored
|
@ -1,13 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
function isCloudInstanceDiscoveryResponse(response) {
|
|
||||||
return (response.hasOwnProperty("tenant_discovery_endpoint") &&
|
|
||||||
response.hasOwnProperty("metadata"));
|
|
||||||
}
|
|
||||||
|
|
||||||
export { isCloudInstanceDiscoveryResponse };
|
|
||||||
//# sourceMappingURL=CloudInstanceDiscoveryResponse.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"CloudInstanceDiscoveryResponse.mjs","sources":["../../src/authority/CloudInstanceDiscoveryResponse.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKA;AAEA;;AAEG;AACG,yCAAuC,CAAA,QAAA,EAAA;IACzC,QAAyB,QAAA,CAAA,0CAAS,CAAA;AAClC,QAAA,QAAU,CAAA,cAAM,CAAA,UAAsB,CAAC,EAAC;;;;;"}
|
|
|
@ -1,6 +0,0 @@
|
||||||
export type ImdsOptions = {
|
|
||||||
headers?: {
|
|
||||||
Metadata: string;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=ImdsOptions.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"ImdsOptions.d.ts","sourceRoot":"","sources":["../../src/authority/ImdsOptions.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,WAAW,GAAG;IACtB,OAAO,CAAC,EAAE;QACN,QAAQ,EAAE,MAAM,CAAC;KACpB,CAAC;CACL,CAAC"}
|
|
|
@ -1,9 +0,0 @@
|
||||||
import { ServerResponseType } from "../utils/Constants";
|
|
||||||
/**
|
|
||||||
* Options for the OIDC protocol mode.
|
|
||||||
*/
|
|
||||||
export type OIDCOptions = {
|
|
||||||
serverResponseType?: ServerResponseType;
|
|
||||||
defaultScopes?: Array<string>;
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=OIDCOptions.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"OIDCOptions.d.ts","sourceRoot":"","sources":["../../src/authority/OIDCOptions.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG;IACtB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,aAAa,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACjC,CAAC"}
|
|
|
@ -1,12 +0,0 @@
|
||||||
/**
|
|
||||||
* Tenant Discovery Response which contains the relevant OAuth endpoints and data needed for authentication and authorization.
|
|
||||||
*/
|
|
||||||
export type OpenIdConfigResponse = {
|
|
||||||
authorization_endpoint: string;
|
|
||||||
token_endpoint: string;
|
|
||||||
end_session_endpoint?: string;
|
|
||||||
issuer: string;
|
|
||||||
jwks_uri: string;
|
|
||||||
};
|
|
||||||
export declare function isOpenIdConfigResponse(response: object): boolean;
|
|
||||||
//# sourceMappingURL=OpenIdConfigResponse.d.ts.map
|
|
1
js/node_modules/@azure/msal-common/dist/authority/OpenIdConfigResponse.d.ts.map
generated
vendored
1
js/node_modules/@azure/msal-common/dist/authority/OpenIdConfigResponse.d.ts.map
generated
vendored
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"OpenIdConfigResponse.d.ts","sourceRoot":"","sources":["../../src/authority/OpenIdConfigResponse.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IAC/B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAOhE"}
|
|
|
@ -1,15 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
function isOpenIdConfigResponse(response) {
|
|
||||||
return (response.hasOwnProperty("authorization_endpoint") &&
|
|
||||||
response.hasOwnProperty("token_endpoint") &&
|
|
||||||
response.hasOwnProperty("issuer") &&
|
|
||||||
response.hasOwnProperty("jwks_uri"));
|
|
||||||
}
|
|
||||||
|
|
||||||
export { isOpenIdConfigResponse };
|
|
||||||
//# sourceMappingURL=OpenIdConfigResponse.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"OpenIdConfigResponse.mjs","sources":["../../src/authority/OpenIdConfigResponse.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKA;;AAEG;AACH;AAC0B,SAAA,sBAAS,CAAA,QAAA,EAAA;IAC/B,QAAc,QAAE,eAAO,CAAA,wBAAA,CAAA;QACH,QAAA,CAAA,cAAG,CAAA,gBAAO,CAAA;QACxB,uBAAS,CAAA,QAAA,CAAA;QACP,uBAAS,CAAA,UAAA,CAAA,EAAA;;;;;"}
|
|
|
@ -1,9 +0,0 @@
|
||||||
/**
|
|
||||||
* Protocol modes supported by MSAL.
|
|
||||||
*/
|
|
||||||
export declare const ProtocolMode: {
|
|
||||||
readonly AAD: "AAD";
|
|
||||||
readonly OIDC: "OIDC";
|
|
||||||
};
|
|
||||||
export type ProtocolMode = (typeof ProtocolMode)[keyof typeof ProtocolMode];
|
|
||||||
//# sourceMappingURL=ProtocolMode.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"ProtocolMode.d.ts","sourceRoot":"","sources":["../../src/authority/ProtocolMode.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,eAAO,MAAM,YAAY;;;CAGf,CAAC;AACX,MAAM,MAAM,YAAY,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,OAAO,YAAY,CAAC,CAAC"}
|
|
|
@ -1,16 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
/**
|
|
||||||
* Protocol modes supported by MSAL.
|
|
||||||
*/
|
|
||||||
const ProtocolMode = {
|
|
||||||
AAD: "AAD",
|
|
||||||
OIDC: "OIDC",
|
|
||||||
};
|
|
||||||
|
|
||||||
export { ProtocolMode };
|
|
||||||
//# sourceMappingURL=ProtocolMode.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"ProtocolMode.mjs","sources":["../../src/authority/ProtocolMode.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKA;;AAEG;AACH;;;;AAIY,MAAA,YAAe,GAAC;;;;;;;"}
|
|
|
@ -1,33 +0,0 @@
|
||||||
import { INetworkModule } from "../network/INetworkModule";
|
|
||||||
import { RegionDiscoveryMetadata } from "./RegionDiscoveryMetadata";
|
|
||||||
import { ImdsOptions } from "./ImdsOptions";
|
|
||||||
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
|
|
||||||
import { Logger } from "../logger/Logger";
|
|
||||||
export declare class RegionDiscovery {
|
|
||||||
protected networkInterface: INetworkModule;
|
|
||||||
private logger;
|
|
||||||
protected performanceClient: IPerformanceClient | undefined;
|
|
||||||
protected correlationId: string | undefined;
|
|
||||||
protected static IMDS_OPTIONS: ImdsOptions;
|
|
||||||
constructor(networkInterface: INetworkModule, logger: Logger, performanceClient?: IPerformanceClient, correlationId?: string);
|
|
||||||
/**
|
|
||||||
* Detect the region from the application's environment.
|
|
||||||
*
|
|
||||||
* @returns Promise<string | null>
|
|
||||||
*/
|
|
||||||
detectRegion(environmentRegion: string | undefined, regionDiscoveryMetadata: RegionDiscoveryMetadata): Promise<string | null>;
|
|
||||||
/**
|
|
||||||
* Make the call to the IMDS endpoint
|
|
||||||
*
|
|
||||||
* @param imdsEndpointUrl
|
|
||||||
* @returns Promise<NetworkResponse<string>>
|
|
||||||
*/
|
|
||||||
private getRegionFromIMDS;
|
|
||||||
/**
|
|
||||||
* Get the most recent version of the IMDS endpoint available
|
|
||||||
*
|
|
||||||
* @returns Promise<string | null>
|
|
||||||
*/
|
|
||||||
private getCurrentVersion;
|
|
||||||
}
|
|
||||||
//# sourceMappingURL=RegionDiscovery.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"RegionDiscovery.d.ts","sourceRoot":"","sources":["../../src/authority/RegionDiscovery.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAQ3D,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AAGjF,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,qBAAa,eAAe;IAExB,SAAS,CAAC,gBAAgB,EAAE,cAAc,CAAC;IAE3C,OAAO,CAAC,MAAM,CAAS;IAEvB,SAAS,CAAC,iBAAiB,EAAE,kBAAkB,GAAG,SAAS,CAAC;IAE5D,SAAS,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAE5C,SAAS,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAIxC;gBAGE,gBAAgB,EAAE,cAAc,EAChC,MAAM,EAAE,MAAM,EACd,iBAAiB,CAAC,EAAE,kBAAkB,EACtC,aAAa,CAAC,EAAE,MAAM;IAQ1B;;;;OAIG;IACU,YAAY,CACrB,iBAAiB,EAAE,MAAM,GAAG,SAAS,EACrC,uBAAuB,EAAE,uBAAuB,GACjD,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAoFzB;;;;;OAKG;YACW,iBAAiB;IAe/B;;;;OAIG;YACW,iBAAiB;CA6BlC"}
|
|
|
@ -1,115 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
import { Constants, ResponseCodes, RegionDiscoverySources } from '../utils/Constants.mjs';
|
|
||||||
import { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';
|
|
||||||
import { invokeAsync } from '../utils/FunctionWrappers.mjs';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
class RegionDiscovery {
|
|
||||||
constructor(networkInterface, logger, performanceClient, correlationId) {
|
|
||||||
this.networkInterface = networkInterface;
|
|
||||||
this.logger = logger;
|
|
||||||
this.performanceClient = performanceClient;
|
|
||||||
this.correlationId = correlationId;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Detect the region from the application's environment.
|
|
||||||
*
|
|
||||||
* @returns Promise<string | null>
|
|
||||||
*/
|
|
||||||
async detectRegion(environmentRegion, regionDiscoveryMetadata) {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryDetectRegion, this.correlationId);
|
|
||||||
// Initialize auto detected region with the region from the envrionment
|
|
||||||
let autodetectedRegionName = environmentRegion;
|
|
||||||
// Check if a region was detected from the environment, if not, attempt to get the region from IMDS
|
|
||||||
if (!autodetectedRegionName) {
|
|
||||||
const options = RegionDiscovery.IMDS_OPTIONS;
|
|
||||||
try {
|
|
||||||
const localIMDSVersionResponse = await invokeAsync(this.getRegionFromIMDS.bind(this), PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.logger, this.performanceClient, this.correlationId)(Constants.IMDS_VERSION, options);
|
|
||||||
if (localIMDSVersionResponse.status ===
|
|
||||||
ResponseCodes.httpSuccess) {
|
|
||||||
autodetectedRegionName = localIMDSVersionResponse.body;
|
|
||||||
regionDiscoveryMetadata.region_source =
|
|
||||||
RegionDiscoverySources.IMDS;
|
|
||||||
}
|
|
||||||
// If the response using the local IMDS version failed, try to fetch the current version of IMDS and retry.
|
|
||||||
if (localIMDSVersionResponse.status ===
|
|
||||||
ResponseCodes.httpBadRequest) {
|
|
||||||
const currentIMDSVersion = await invokeAsync(this.getCurrentVersion.bind(this), PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.logger, this.performanceClient, this.correlationId)(options);
|
|
||||||
if (!currentIMDSVersion) {
|
|
||||||
regionDiscoveryMetadata.region_source =
|
|
||||||
RegionDiscoverySources.FAILED_AUTO_DETECTION;
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
const currentIMDSVersionResponse = await invokeAsync(this.getRegionFromIMDS.bind(this), PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.logger, this.performanceClient, this.correlationId)(currentIMDSVersion, options);
|
|
||||||
if (currentIMDSVersionResponse.status ===
|
|
||||||
ResponseCodes.httpSuccess) {
|
|
||||||
autodetectedRegionName =
|
|
||||||
currentIMDSVersionResponse.body;
|
|
||||||
regionDiscoveryMetadata.region_source =
|
|
||||||
RegionDiscoverySources.IMDS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
regionDiscoveryMetadata.region_source =
|
|
||||||
RegionDiscoverySources.FAILED_AUTO_DETECTION;
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
regionDiscoveryMetadata.region_source =
|
|
||||||
RegionDiscoverySources.ENVIRONMENT_VARIABLE;
|
|
||||||
}
|
|
||||||
// If no region was auto detected from the environment or from the IMDS endpoint, mark the attempt as a FAILED_AUTO_DETECTION
|
|
||||||
if (!autodetectedRegionName) {
|
|
||||||
regionDiscoveryMetadata.region_source =
|
|
||||||
RegionDiscoverySources.FAILED_AUTO_DETECTION;
|
|
||||||
}
|
|
||||||
return autodetectedRegionName || null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Make the call to the IMDS endpoint
|
|
||||||
*
|
|
||||||
* @param imdsEndpointUrl
|
|
||||||
* @returns Promise<NetworkResponse<string>>
|
|
||||||
*/
|
|
||||||
async getRegionFromIMDS(version, options) {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetRegionFromIMDS, this.correlationId);
|
|
||||||
return this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?api-version=${version}&format=text`, options, Constants.IMDS_TIMEOUT);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Get the most recent version of the IMDS endpoint available
|
|
||||||
*
|
|
||||||
* @returns Promise<string | null>
|
|
||||||
*/
|
|
||||||
async getCurrentVersion(options) {
|
|
||||||
this.performanceClient?.addQueueMeasurement(PerformanceEvents.RegionDiscoveryGetCurrentVersion, this.correlationId);
|
|
||||||
try {
|
|
||||||
const response = await this.networkInterface.sendGetRequestAsync(`${Constants.IMDS_ENDPOINT}?format=json`, options);
|
|
||||||
// When IMDS endpoint is called without the api version query param, bad request response comes back with latest version.
|
|
||||||
if (response.status === ResponseCodes.httpBadRequest &&
|
|
||||||
response.body &&
|
|
||||||
response.body["newest-versions"] &&
|
|
||||||
response.body["newest-versions"].length > 0) {
|
|
||||||
return response.body["newest-versions"][0];
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
catch (e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// Options for the IMDS endpoint request
|
|
||||||
RegionDiscovery.IMDS_OPTIONS = {
|
|
||||||
headers: {
|
|
||||||
Metadata: "true",
|
|
||||||
},
|
|
||||||
};
|
|
||||||
|
|
||||||
export { RegionDiscovery };
|
|
||||||
//# sourceMappingURL=RegionDiscovery.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"RegionDiscovery.mjs","sources":["../../src/authority/RegionDiscovery.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;AAKA;AAQA;AACA;AACA;AASW,qBAAgB,CAAA;AAEvB,IAAA,WAA2B,CAAA,gBAAA,EAAoB,MAAA,EAAA,gCAAa,EAAA;AAE5D,QAAA,IAAA,CAAS,gBAAgB,GAAM,gBAAa,CAAA;AAE5C,QAAA,IAAA,CAAS,MAAO,GAAa,MAAA,CAAA;AAOzB,QAAA,IAAA,CAAA,iBAAA,GAAkB,iBAClB,CAAA;AAUJ,QAAA,IAAA,CAAA,aAAA,GAAA,aAAA,CAAA;;;;AAIG;AACU;AAuFb;;;;;AAKG;YACW,CAAiB,sBAAA,EAAA;AAe/B,YAAA,MAAA,OAAA,GAAA,eAAA,CAAA,YAAA,CAAA;;;;AAIG,oBAAA,aAAA,CAAA,WAAA,EAAA;oBAC4B,sBAAA,GAAA,wBAAA,CAAA,IAAA,CAAA;AA6BlC,oBAAA,uBAAA,CAAA,aAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
|
|
@ -1,7 +0,0 @@
|
||||||
import { RegionDiscoveryOutcomes, RegionDiscoverySources } from "../utils/Constants";
|
|
||||||
export type RegionDiscoveryMetadata = {
|
|
||||||
region_used?: string;
|
|
||||||
region_source?: RegionDiscoverySources;
|
|
||||||
region_outcome?: RegionDiscoveryOutcomes;
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=RegionDiscoveryMetadata.d.ts.map
|
|
1
js/node_modules/@azure/msal-common/dist/authority/RegionDiscoveryMetadata.d.ts.map
generated
vendored
1
js/node_modules/@azure/msal-common/dist/authority/RegionDiscoveryMetadata.d.ts.map
generated
vendored
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"RegionDiscoveryMetadata.d.ts","sourceRoot":"","sources":["../../src/authority/RegionDiscoveryMetadata.ts"],"names":[],"mappings":"AAKA,OAAO,EACH,uBAAuB,EACvB,sBAAsB,EACzB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,MAAM,uBAAuB,GAAG;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,sBAAsB,CAAC;IACvC,cAAc,CAAC,EAAE,uBAAuB,CAAC;CAC5C,CAAC"}
|
|
16
js/node_modules/@azure/msal-common/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts
generated
vendored
16
js/node_modules/@azure/msal-common/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts
generated
vendored
|
@ -1,16 +0,0 @@
|
||||||
/// <reference types="node" />
|
|
||||||
import { AccountInfo } from "../../account/AccountInfo";
|
|
||||||
import { LoggerOptions } from "../../config/ClientConfiguration";
|
|
||||||
import { NativeRequest } from "../../request/NativeRequest";
|
|
||||||
import { NativeSignOutRequest } from "../../request/NativeSignOutRequest";
|
|
||||||
import { AuthenticationResult } from "../../response/AuthenticationResult";
|
|
||||||
export interface INativeBrokerPlugin {
|
|
||||||
isBrokerAvailable: boolean;
|
|
||||||
setLogger(loggerOptions: LoggerOptions): void;
|
|
||||||
getAccountById(accountId: string, correlationId: string): Promise<AccountInfo>;
|
|
||||||
getAllAccounts(clientId: string, correlationId: string): Promise<AccountInfo[]>;
|
|
||||||
acquireTokenSilent(request: NativeRequest): Promise<AuthenticationResult>;
|
|
||||||
acquireTokenInteractive(request: NativeRequest, windowHandle?: Buffer): Promise<AuthenticationResult>;
|
|
||||||
signOut(request: NativeSignOutRequest): Promise<void>;
|
|
||||||
}
|
|
||||||
//# sourceMappingURL=INativeBrokerPlugin.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"INativeBrokerPlugin.d.ts","sourceRoot":"","sources":["../../../src/broker/nativeBroker/INativeBrokerPlugin.ts"],"names":[],"mappings":";AAKA,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAE3E,MAAM,WAAW,mBAAmB;IAChC,iBAAiB,EAAE,OAAO,CAAC;IAC3B,SAAS,CAAC,aAAa,EAAE,aAAa,GAAG,IAAI,CAAC;IAC9C,cAAc,CACV,SAAS,EAAE,MAAM,EACjB,aAAa,EAAE,MAAM,GACtB,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB,cAAc,CACV,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,GACtB,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC1B,kBAAkB,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAC1E,uBAAuB,CACnB,OAAO,EAAE,aAAa,EACtB,YAAY,CAAC,EAAE,MAAM,GACtB,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACjC,OAAO,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACzD"}
|
|
|
@ -1,486 +0,0 @@
|
||||||
import { AccountFilter, CredentialFilter, ValidCredentialType, AppMetadataFilter, AppMetadataCache, TokenKeys } from "./utils/CacheTypes";
|
|
||||||
import { CacheRecord } from "./entities/CacheRecord";
|
|
||||||
import { AccountEntity } from "./entities/AccountEntity";
|
|
||||||
import { AccessTokenEntity } from "./entities/AccessTokenEntity";
|
|
||||||
import { IdTokenEntity } from "./entities/IdTokenEntity";
|
|
||||||
import { RefreshTokenEntity } from "./entities/RefreshTokenEntity";
|
|
||||||
import { ICacheManager } from "./interface/ICacheManager";
|
|
||||||
import { AccountInfo } from "../account/AccountInfo";
|
|
||||||
import { AppMetadataEntity } from "./entities/AppMetadataEntity";
|
|
||||||
import { ServerTelemetryEntity } from "./entities/ServerTelemetryEntity";
|
|
||||||
import { ThrottlingEntity } from "./entities/ThrottlingEntity";
|
|
||||||
import { ICrypto } from "../crypto/ICrypto";
|
|
||||||
import { AuthorityMetadataEntity } from "./entities/AuthorityMetadataEntity";
|
|
||||||
import { BaseAuthRequest } from "../request/BaseAuthRequest";
|
|
||||||
import { Logger } from "../logger/Logger";
|
|
||||||
import { StoreInCache } from "../request/StoreInCache";
|
|
||||||
import { StaticAuthorityOptions } from "../authority/AuthorityOptions";
|
|
||||||
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
|
|
||||||
/**
|
|
||||||
* Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.
|
|
||||||
* @internal
|
|
||||||
*/
|
|
||||||
export declare abstract class CacheManager implements ICacheManager {
|
|
||||||
protected clientId: string;
|
|
||||||
protected cryptoImpl: ICrypto;
|
|
||||||
private commonLogger;
|
|
||||||
private staticAuthorityOptions?;
|
|
||||||
constructor(clientId: string, cryptoImpl: ICrypto, logger: Logger, staticAuthorityOptions?: StaticAuthorityOptions);
|
|
||||||
/**
|
|
||||||
* fetch the account entity from the platform cache
|
|
||||||
* @param accountKey
|
|
||||||
*/
|
|
||||||
abstract getAccount(accountKey: string): AccountEntity | null;
|
|
||||||
/**
|
|
||||||
* set account entity in the platform cache
|
|
||||||
* @param account
|
|
||||||
*/
|
|
||||||
abstract setAccount(account: AccountEntity): void;
|
|
||||||
/**
|
|
||||||
* fetch the idToken entity from the platform cache
|
|
||||||
* @param idTokenKey
|
|
||||||
*/
|
|
||||||
abstract getIdTokenCredential(idTokenKey: string): IdTokenEntity | null;
|
|
||||||
/**
|
|
||||||
* set idToken entity to the platform cache
|
|
||||||
* @param idToken
|
|
||||||
*/
|
|
||||||
abstract setIdTokenCredential(idToken: IdTokenEntity): void;
|
|
||||||
/**
|
|
||||||
* fetch the idToken entity from the platform cache
|
|
||||||
* @param accessTokenKey
|
|
||||||
*/
|
|
||||||
abstract getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null;
|
|
||||||
/**
|
|
||||||
* set idToken entity to the platform cache
|
|
||||||
* @param accessToken
|
|
||||||
*/
|
|
||||||
abstract setAccessTokenCredential(accessToken: AccessTokenEntity): void;
|
|
||||||
/**
|
|
||||||
* fetch the idToken entity from the platform cache
|
|
||||||
* @param refreshTokenKey
|
|
||||||
*/
|
|
||||||
abstract getRefreshTokenCredential(refreshTokenKey: string): RefreshTokenEntity | null;
|
|
||||||
/**
|
|
||||||
* set idToken entity to the platform cache
|
|
||||||
* @param refreshToken
|
|
||||||
*/
|
|
||||||
abstract setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void;
|
|
||||||
/**
|
|
||||||
* fetch appMetadata entity from the platform cache
|
|
||||||
* @param appMetadataKey
|
|
||||||
*/
|
|
||||||
abstract getAppMetadata(appMetadataKey: string): AppMetadataEntity | null;
|
|
||||||
/**
|
|
||||||
* set appMetadata entity to the platform cache
|
|
||||||
* @param appMetadata
|
|
||||||
*/
|
|
||||||
abstract setAppMetadata(appMetadata: AppMetadataEntity): void;
|
|
||||||
/**
|
|
||||||
* fetch server telemetry entity from the platform cache
|
|
||||||
* @param serverTelemetryKey
|
|
||||||
*/
|
|
||||||
abstract getServerTelemetry(serverTelemetryKey: string): ServerTelemetryEntity | null;
|
|
||||||
/**
|
|
||||||
* set server telemetry entity to the platform cache
|
|
||||||
* @param serverTelemetryKey
|
|
||||||
* @param serverTelemetry
|
|
||||||
*/
|
|
||||||
abstract setServerTelemetry(serverTelemetryKey: string, serverTelemetry: ServerTelemetryEntity): void;
|
|
||||||
/**
|
|
||||||
* fetch cloud discovery metadata entity from the platform cache
|
|
||||||
* @param key
|
|
||||||
*/
|
|
||||||
abstract getAuthorityMetadata(key: string): AuthorityMetadataEntity | null;
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
abstract getAuthorityMetadataKeys(): Array<string>;
|
|
||||||
/**
|
|
||||||
* set cloud discovery metadata entity to the platform cache
|
|
||||||
* @param key
|
|
||||||
* @param value
|
|
||||||
*/
|
|
||||||
abstract setAuthorityMetadata(key: string, value: AuthorityMetadataEntity): void;
|
|
||||||
/**
|
|
||||||
* fetch throttling entity from the platform cache
|
|
||||||
* @param throttlingCacheKey
|
|
||||||
*/
|
|
||||||
abstract getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null;
|
|
||||||
/**
|
|
||||||
* set throttling entity to the platform cache
|
|
||||||
* @param throttlingCacheKey
|
|
||||||
* @param throttlingCache
|
|
||||||
*/
|
|
||||||
abstract setThrottlingCache(throttlingCacheKey: string, throttlingCache: ThrottlingEntity): void;
|
|
||||||
/**
|
|
||||||
* Function to remove an item from cache given its key.
|
|
||||||
* @param key
|
|
||||||
*/
|
|
||||||
abstract removeItem(key: string): void;
|
|
||||||
/**
|
|
||||||
* Function which returns boolean whether cache contains a specific key.
|
|
||||||
* @param key
|
|
||||||
*/
|
|
||||||
abstract containsKey(key: string, type?: string): boolean;
|
|
||||||
/**
|
|
||||||
* Function which retrieves all current keys from the cache.
|
|
||||||
*/
|
|
||||||
abstract getKeys(): string[];
|
|
||||||
/**
|
|
||||||
* Function which retrieves all account keys from the cache
|
|
||||||
*/
|
|
||||||
abstract getAccountKeys(): string[];
|
|
||||||
/**
|
|
||||||
* Function which retrieves all token keys from the cache
|
|
||||||
*/
|
|
||||||
abstract getTokenKeys(): TokenKeys;
|
|
||||||
/**
|
|
||||||
* Function which clears cache.
|
|
||||||
*/
|
|
||||||
abstract clear(): Promise<void>;
|
|
||||||
/**
|
|
||||||
* Function which updates an outdated credential cache key
|
|
||||||
*/
|
|
||||||
abstract updateCredentialCacheKey(currentCacheKey: string, credential: ValidCredentialType): string;
|
|
||||||
/**
|
|
||||||
* Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
|
|
||||||
* @param accountFilter - (Optional) filter to narrow down the accounts returned
|
|
||||||
* @returns Array of AccountInfo objects in cache
|
|
||||||
*/
|
|
||||||
getAllAccounts(accountFilter?: AccountFilter): AccountInfo[];
|
|
||||||
/**
|
|
||||||
* Gets accountInfo object based on provided filters
|
|
||||||
*/
|
|
||||||
getAccountInfoFilteredBy(accountFilter: AccountFilter): AccountInfo | null;
|
|
||||||
/**
|
|
||||||
* Returns a single matching
|
|
||||||
* @param accountFilter
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
getBaseAccountInfo(accountFilter: AccountFilter): AccountInfo | null;
|
|
||||||
private getAccountInfoFromEntity;
|
|
||||||
private idTokenClaimsMatchAccountFilter;
|
|
||||||
/**
|
|
||||||
* saves a cache record
|
|
||||||
* @param cacheRecord
|
|
||||||
*/
|
|
||||||
saveCacheRecord(cacheRecord: CacheRecord, storeInCache?: StoreInCache): Promise<void>;
|
|
||||||
/**
|
|
||||||
* saves access token credential
|
|
||||||
* @param credential
|
|
||||||
*/
|
|
||||||
private saveAccessToken;
|
|
||||||
/**
|
|
||||||
* Retrieve accounts matching all provided filters; if no filter is set, get all accounts
|
|
||||||
* Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
|
|
||||||
* @param accountFilter - An object containing Account properties to filter by
|
|
||||||
*/
|
|
||||||
getAccountsFilteredBy(accountFilter: AccountFilter): AccountEntity[];
|
|
||||||
/**
|
|
||||||
* Returns true if the given key matches our account key schema. Also matches homeAccountId and/or tenantId if provided
|
|
||||||
* @param key
|
|
||||||
* @param homeAccountId
|
|
||||||
* @param tenantId
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
isAccountKey(key: string, homeAccountId?: string, tenantId?: string): boolean;
|
|
||||||
/**
|
|
||||||
* Returns true if the given key matches our credential key schema.
|
|
||||||
* @param key
|
|
||||||
*/
|
|
||||||
isCredentialKey(key: string): boolean;
|
|
||||||
/**
|
|
||||||
* Returns whether or not the given credential entity matches the filter
|
|
||||||
* @param entity
|
|
||||||
* @param filter
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
credentialMatchesFilter(entity: ValidCredentialType, filter: CredentialFilter): boolean;
|
|
||||||
/**
|
|
||||||
* retrieve appMetadata matching all provided filters; if no filter is set, get all appMetadata
|
|
||||||
* @param filter
|
|
||||||
*/
|
|
||||||
getAppMetadataFilteredBy(filter: AppMetadataFilter): AppMetadataCache;
|
|
||||||
/**
|
|
||||||
* Support function to help match appMetadata
|
|
||||||
* @param environment
|
|
||||||
* @param clientId
|
|
||||||
*/
|
|
||||||
private getAppMetadataFilteredByInternal;
|
|
||||||
/**
|
|
||||||
* retrieve authorityMetadata that contains a matching alias
|
|
||||||
* @param filter
|
|
||||||
*/
|
|
||||||
getAuthorityMetadataByAlias(host: string): AuthorityMetadataEntity | null;
|
|
||||||
/**
|
|
||||||
* Removes all accounts and related tokens from cache.
|
|
||||||
*/
|
|
||||||
removeAllAccounts(): Promise<void>;
|
|
||||||
/**
|
|
||||||
* Removes the account and related tokens for a given account key
|
|
||||||
* @param account
|
|
||||||
*/
|
|
||||||
removeAccount(accountKey: string): Promise<void>;
|
|
||||||
/**
|
|
||||||
* Removes credentials associated with the provided account
|
|
||||||
* @param account
|
|
||||||
*/
|
|
||||||
removeAccountContext(account: AccountEntity): Promise<void>;
|
|
||||||
/**
|
|
||||||
* returns a boolean if the given credential is removed
|
|
||||||
* @param credential
|
|
||||||
*/
|
|
||||||
removeAccessToken(key: string): Promise<void>;
|
|
||||||
/**
|
|
||||||
* Removes all app metadata objects from cache.
|
|
||||||
*/
|
|
||||||
removeAppMetadata(): boolean;
|
|
||||||
/**
|
|
||||||
* Retrieve the cached credentials into a cacherecord
|
|
||||||
* @param account {AccountInfo}
|
|
||||||
* @param request {BaseAuthRequest}
|
|
||||||
* @param environment {string}
|
|
||||||
* @param performanceClient {?IPerformanceClient}
|
|
||||||
* @param correlationId {?string}
|
|
||||||
*/
|
|
||||||
readCacheRecord(account: AccountInfo, request: BaseAuthRequest, environment: string, performanceClient?: IPerformanceClient, correlationId?: string): CacheRecord;
|
|
||||||
/**
|
|
||||||
* Retrieve AccountEntity from cache
|
|
||||||
* @param account
|
|
||||||
*/
|
|
||||||
readAccountFromCache(account: AccountInfo): AccountEntity | null;
|
|
||||||
/**
|
|
||||||
* Retrieve IdTokenEntity from cache
|
|
||||||
* @param account {AccountInfo}
|
|
||||||
* @param tokenKeys {?TokenKeys}
|
|
||||||
* @param performanceClient {?IPerformanceClient}
|
|
||||||
* @param correlationId {?string}
|
|
||||||
*/
|
|
||||||
getIdToken(account: AccountInfo, tokenKeys?: TokenKeys, performanceClient?: IPerformanceClient, correlationId?: string): IdTokenEntity | null;
|
|
||||||
/**
|
|
||||||
* Gets all idTokens matching the given filter
|
|
||||||
* @param filter
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
getIdTokensByFilter(filter: CredentialFilter, tokenKeys?: TokenKeys): IdTokenEntity[];
|
|
||||||
/**
|
|
||||||
* Validate the cache key against filter before retrieving and parsing cache value
|
|
||||||
* @param key
|
|
||||||
* @param filter
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
idTokenKeyMatchesFilter(inputKey: string, filter: CredentialFilter): boolean;
|
|
||||||
/**
|
|
||||||
* Removes idToken from the cache
|
|
||||||
* @param key
|
|
||||||
*/
|
|
||||||
removeIdToken(key: string): void;
|
|
||||||
/**
|
|
||||||
* Removes refresh token from the cache
|
|
||||||
* @param key
|
|
||||||
*/
|
|
||||||
removeRefreshToken(key: string): void;
|
|
||||||
/**
|
|
||||||
* Retrieve AccessTokenEntity from cache
|
|
||||||
* @param account {AccountInfo}
|
|
||||||
* @param request {BaseAuthRequest}
|
|
||||||
* @param tokenKeys {?TokenKeys}
|
|
||||||
* @param performanceClient {?IPerformanceClient}
|
|
||||||
* @param correlationId {?string}
|
|
||||||
*/
|
|
||||||
getAccessToken(account: AccountInfo, request: BaseAuthRequest, tokenKeys?: TokenKeys, performanceClient?: IPerformanceClient, correlationId?: string): AccessTokenEntity | null;
|
|
||||||
/**
|
|
||||||
* Validate the cache key against filter before retrieving and parsing cache value
|
|
||||||
* @param key
|
|
||||||
* @param filter
|
|
||||||
* @param keyMustContainAllScopes
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
accessTokenKeyMatchesFilter(inputKey: string, filter: CredentialFilter, keyMustContainAllScopes: boolean): boolean;
|
|
||||||
/**
|
|
||||||
* Gets all access tokens matching the filter
|
|
||||||
* @param filter
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
getAccessTokensByFilter(filter: CredentialFilter): AccessTokenEntity[];
|
|
||||||
/**
|
|
||||||
* Helper to retrieve the appropriate refresh token from cache
|
|
||||||
* @param account {AccountInfo}
|
|
||||||
* @param familyRT {boolean}
|
|
||||||
* @param tokenKeys {?TokenKeys}
|
|
||||||
* @param performanceClient {?IPerformanceClient}
|
|
||||||
* @param correlationId {?string}
|
|
||||||
*/
|
|
||||||
getRefreshToken(account: AccountInfo, familyRT: boolean, tokenKeys?: TokenKeys, performanceClient?: IPerformanceClient, correlationId?: string): RefreshTokenEntity | null;
|
|
||||||
/**
|
|
||||||
* Validate the cache key against filter before retrieving and parsing cache value
|
|
||||||
* @param key
|
|
||||||
* @param filter
|
|
||||||
*/
|
|
||||||
refreshTokenKeyMatchesFilter(inputKey: string, filter: CredentialFilter): boolean;
|
|
||||||
/**
|
|
||||||
* Retrieve AppMetadataEntity from cache
|
|
||||||
*/
|
|
||||||
readAppMetadataFromCache(environment: string): AppMetadataEntity | null;
|
|
||||||
/**
|
|
||||||
* Return the family_id value associated with FOCI
|
|
||||||
* @param environment
|
|
||||||
* @param clientId
|
|
||||||
*/
|
|
||||||
isAppMetadataFOCI(environment: string): boolean;
|
|
||||||
/**
|
|
||||||
* helper to match account ids
|
|
||||||
* @param value
|
|
||||||
* @param homeAccountId
|
|
||||||
*/
|
|
||||||
private matchHomeAccountId;
|
|
||||||
/**
|
|
||||||
* helper to match account ids
|
|
||||||
* @param entity
|
|
||||||
* @param localAccountId
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
private matchLocalAccountId;
|
|
||||||
/**
|
|
||||||
* helper to match usernames
|
|
||||||
* @param entity
|
|
||||||
* @param username
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
private matchUsername;
|
|
||||||
/**
|
|
||||||
* helper to match names
|
|
||||||
* @param entity
|
|
||||||
* @param name
|
|
||||||
* @returns true if the downcased name properties are present and match in the filter and the entity
|
|
||||||
*/
|
|
||||||
private matchName;
|
|
||||||
/**
|
|
||||||
* helper to match assertion
|
|
||||||
* @param value
|
|
||||||
* @param oboAssertion
|
|
||||||
*/
|
|
||||||
private matchUserAssertionHash;
|
|
||||||
/**
|
|
||||||
* helper to match environment
|
|
||||||
* @param value
|
|
||||||
* @param environment
|
|
||||||
*/
|
|
||||||
private matchEnvironment;
|
|
||||||
/**
|
|
||||||
* helper to match credential type
|
|
||||||
* @param entity
|
|
||||||
* @param credentialType
|
|
||||||
*/
|
|
||||||
private matchCredentialType;
|
|
||||||
/**
|
|
||||||
* helper to match client ids
|
|
||||||
* @param entity
|
|
||||||
* @param clientId
|
|
||||||
*/
|
|
||||||
private matchClientId;
|
|
||||||
/**
|
|
||||||
* helper to match family ids
|
|
||||||
* @param entity
|
|
||||||
* @param familyId
|
|
||||||
*/
|
|
||||||
private matchFamilyId;
|
|
||||||
/**
|
|
||||||
* helper to match realm
|
|
||||||
* @param entity
|
|
||||||
* @param realm
|
|
||||||
*/
|
|
||||||
private matchRealm;
|
|
||||||
/**
|
|
||||||
* helper to match nativeAccountId
|
|
||||||
* @param entity
|
|
||||||
* @param nativeAccountId
|
|
||||||
* @returns boolean indicating the match result
|
|
||||||
*/
|
|
||||||
private matchNativeAccountId;
|
|
||||||
/**
|
|
||||||
* helper to match loginHint which can be either:
|
|
||||||
* 1. login_hint ID token claim
|
|
||||||
* 2. username in cached account object
|
|
||||||
* 3. upn in ID token claims
|
|
||||||
* @param entity
|
|
||||||
* @param loginHint
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
private matchLoginHint;
|
|
||||||
/**
|
|
||||||
* Helper to match sid
|
|
||||||
* @param idTokenClaims
|
|
||||||
* @param sid
|
|
||||||
* @returns true if the sid claim is present and matches the filter
|
|
||||||
*/
|
|
||||||
private matchSid;
|
|
||||||
private matchAuthorityType;
|
|
||||||
/**
|
|
||||||
* Returns true if the target scopes are a subset of the current entity's scopes, false otherwise.
|
|
||||||
* @param entity
|
|
||||||
* @param target
|
|
||||||
*/
|
|
||||||
private matchTarget;
|
|
||||||
/**
|
|
||||||
* Returns true if the credential's tokenType or Authentication Scheme matches the one in the request, false otherwise
|
|
||||||
* @param entity
|
|
||||||
* @param tokenType
|
|
||||||
*/
|
|
||||||
private matchTokenType;
|
|
||||||
/**
|
|
||||||
* Returns true if the credential's keyId matches the one in the request, false otherwise
|
|
||||||
* @param entity
|
|
||||||
* @param tokenType
|
|
||||||
*/
|
|
||||||
private matchKeyId;
|
|
||||||
/**
|
|
||||||
* returns if a given cache entity is of the type appmetadata
|
|
||||||
* @param key
|
|
||||||
*/
|
|
||||||
private isAppMetadata;
|
|
||||||
/**
|
|
||||||
* returns if a given cache entity is of the type authoritymetadata
|
|
||||||
* @param key
|
|
||||||
*/
|
|
||||||
protected isAuthorityMetadata(key: string): boolean;
|
|
||||||
/**
|
|
||||||
* returns cache key used for cloud instance metadata
|
|
||||||
*/
|
|
||||||
generateAuthorityMetadataCacheKey(authority: string): string;
|
|
||||||
/**
|
|
||||||
* Helper to convert serialized data to object
|
|
||||||
* @param obj
|
|
||||||
* @param json
|
|
||||||
*/
|
|
||||||
static toObject<T>(obj: T, json: object): T;
|
|
||||||
}
|
|
||||||
/** @internal */
|
|
||||||
export declare class DefaultStorageClass extends CacheManager {
|
|
||||||
setAccount(): void;
|
|
||||||
getAccount(): AccountEntity;
|
|
||||||
setIdTokenCredential(): void;
|
|
||||||
getIdTokenCredential(): IdTokenEntity;
|
|
||||||
setAccessTokenCredential(): void;
|
|
||||||
getAccessTokenCredential(): AccessTokenEntity;
|
|
||||||
setRefreshTokenCredential(): void;
|
|
||||||
getRefreshTokenCredential(): RefreshTokenEntity;
|
|
||||||
setAppMetadata(): void;
|
|
||||||
getAppMetadata(): AppMetadataEntity;
|
|
||||||
setServerTelemetry(): void;
|
|
||||||
getServerTelemetry(): ServerTelemetryEntity;
|
|
||||||
setAuthorityMetadata(): void;
|
|
||||||
getAuthorityMetadata(): AuthorityMetadataEntity | null;
|
|
||||||
getAuthorityMetadataKeys(): Array<string>;
|
|
||||||
setThrottlingCache(): void;
|
|
||||||
getThrottlingCache(): ThrottlingEntity;
|
|
||||||
removeItem(): boolean;
|
|
||||||
containsKey(): boolean;
|
|
||||||
getKeys(): string[];
|
|
||||||
getAccountKeys(): string[];
|
|
||||||
getTokenKeys(): TokenKeys;
|
|
||||||
clear(): Promise<void>;
|
|
||||||
updateCredentialCacheKey(): string;
|
|
||||||
}
|
|
||||||
//# sourceMappingURL=CacheManager.d.ts.map
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
|
@ -1,26 +0,0 @@
|
||||||
import { CredentialEntity } from "./CredentialEntity";
|
|
||||||
import { AuthenticationScheme } from "../../utils/Constants";
|
|
||||||
/**
|
|
||||||
* Access token cache type
|
|
||||||
*/
|
|
||||||
export type AccessTokenEntity = CredentialEntity & {
|
|
||||||
/** Full tenant or organizational identifier that the account belongs to */
|
|
||||||
realm: string;
|
|
||||||
/** Permissions that are included in the token, or for refresh tokens, the resource identifier. */
|
|
||||||
target: string;
|
|
||||||
/** Absolute device time when entry was created in the cache. */
|
|
||||||
cachedAt: string;
|
|
||||||
/** Token expiry time, calculated based on current UTC time in seconds. Represented as a string. */
|
|
||||||
expiresOn: string;
|
|
||||||
/** Additional extended expiry time until when token is valid in case of server-side outage. Represented as string in UTC seconds. */
|
|
||||||
extendedExpiresOn?: string;
|
|
||||||
/** Used for proactive refresh */
|
|
||||||
refreshOn?: string;
|
|
||||||
/** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */
|
|
||||||
tokenType?: AuthenticationScheme;
|
|
||||||
/** Stringified claims object */
|
|
||||||
requestedClaims?: string;
|
|
||||||
/** Matches the SHA 256 hash of the claims object included in the token request */
|
|
||||||
requestedClaimsHash?: string;
|
|
||||||
};
|
|
||||||
//# sourceMappingURL=AccessTokenEntity.d.ts.map
|
|
1
js/node_modules/@azure/msal-common/dist/cache/entities/AccessTokenEntity.d.ts.map
generated
vendored
1
js/node_modules/@azure/msal-common/dist/cache/entities/AccessTokenEntity.d.ts.map
generated
vendored
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AccessTokenEntity.d.ts","sourceRoot":"","sources":["../../../src/cache/entities/AccessTokenEntity.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAE7D;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,gBAAgB,GAAG;IAC/C,2EAA2E;IAC3E,KAAK,EAAE,MAAM,CAAC;IACd,kGAAkG;IAClG,MAAM,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,mGAAmG;IACnG,SAAS,EAAE,MAAM,CAAC;IAClB,qIAAqI;IACrI,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iCAAiC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4FAA4F;IAC5F,SAAS,CAAC,EAAE,oBAAoB,CAAC;IACjC,gCAAgC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kFAAkF;IAClF,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC"}
|
|
|
@ -1,102 +0,0 @@
|
||||||
import { Authority } from "../../authority/Authority";
|
|
||||||
import { ICrypto } from "../../crypto/ICrypto";
|
|
||||||
import { AccountInfo } from "../../account/AccountInfo";
|
|
||||||
import { AuthorityType } from "../../authority/AuthorityType";
|
|
||||||
import { Logger } from "../../logger/Logger";
|
|
||||||
import { TokenClaims } from "../../account/TokenClaims";
|
|
||||||
/**
|
|
||||||
* Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
|
|
||||||
*
|
|
||||||
* Key : Value Schema
|
|
||||||
*
|
|
||||||
* Key: <home_account_id>-<environment>-<realm*>
|
|
||||||
*
|
|
||||||
* Value Schema:
|
|
||||||
* {
|
|
||||||
* homeAccountId: home account identifier for the auth scheme,
|
|
||||||
* environment: entity that issued the token, represented as a full host
|
|
||||||
* realm: Full tenant or organizational identifier that the account belongs to
|
|
||||||
* localAccountId: Original tenant-specific accountID, usually used for legacy cases
|
|
||||||
* username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
|
|
||||||
* authorityType: Accounts authority type as a string
|
|
||||||
* name: Full name for the account, including given name and family name,
|
|
||||||
* lastModificationTime: last time this entity was modified in the cache
|
|
||||||
* lastModificationApp:
|
|
||||||
* idTokenClaims: Object containing claims parsed from ID token
|
|
||||||
* nativeAccountId: Account identifier on the native device
|
|
||||||
* }
|
|
||||||
* @internal
|
|
||||||
*/
|
|
||||||
export declare class AccountEntity {
|
|
||||||
homeAccountId: string;
|
|
||||||
environment: string;
|
|
||||||
realm: string;
|
|
||||||
localAccountId: string;
|
|
||||||
username: string;
|
|
||||||
authorityType: string;
|
|
||||||
clientInfo?: string;
|
|
||||||
name?: string;
|
|
||||||
lastModificationTime?: string;
|
|
||||||
lastModificationApp?: string;
|
|
||||||
cloudGraphHostName?: string;
|
|
||||||
msGraphHost?: string;
|
|
||||||
idTokenClaims?: TokenClaims;
|
|
||||||
nativeAccountId?: string;
|
|
||||||
/**
|
|
||||||
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
|
|
||||||
*/
|
|
||||||
generateAccountId(): string;
|
|
||||||
/**
|
|
||||||
* Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
|
|
||||||
*/
|
|
||||||
generateAccountKey(): string;
|
|
||||||
/**
|
|
||||||
* Returns the AccountInfo interface for this account.
|
|
||||||
*/
|
|
||||||
getAccountInfo(): AccountInfo;
|
|
||||||
/**
|
|
||||||
* Generates account key from interface
|
|
||||||
* @param accountInterface
|
|
||||||
*/
|
|
||||||
static generateAccountCacheKey(accountInterface: AccountInfo): string;
|
|
||||||
/**
|
|
||||||
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
|
|
||||||
* @param accountDetails
|
|
||||||
*/
|
|
||||||
static createAccount(accountDetails: {
|
|
||||||
homeAccountId: string;
|
|
||||||
idTokenClaims: TokenClaims;
|
|
||||||
clientInfo?: string;
|
|
||||||
cloudGraphHostName?: string;
|
|
||||||
msGraphHost?: string;
|
|
||||||
environment?: string;
|
|
||||||
nativeAccountId?: string;
|
|
||||||
}, authority: Authority): AccountEntity;
|
|
||||||
/**
|
|
||||||
* Creates an AccountEntity object from AccountInfo
|
|
||||||
* @param accountInfo
|
|
||||||
* @param cloudGraphHostName
|
|
||||||
* @param msGraphHost
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
static createFromAccountInfo(accountInfo: AccountInfo, cloudGraphHostName?: string, msGraphHost?: string): AccountEntity;
|
|
||||||
/**
|
|
||||||
* Generate HomeAccountId from server response
|
|
||||||
* @param serverClientInfo
|
|
||||||
* @param authType
|
|
||||||
*/
|
|
||||||
static generateHomeAccountId(serverClientInfo: string, authType: AuthorityType, logger: Logger, cryptoObj: ICrypto, idTokenClaims?: TokenClaims): string;
|
|
||||||
/**
|
|
||||||
* Validates an entity: checks for all expected params
|
|
||||||
* @param entity
|
|
||||||
*/
|
|
||||||
static isAccountEntity(entity: object): boolean;
|
|
||||||
/**
|
|
||||||
* Helper function to determine whether 2 accountInfo objects represent the same account
|
|
||||||
* @param accountA
|
|
||||||
* @param accountB
|
|
||||||
* @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
|
|
||||||
*/
|
|
||||||
static accountInfoIsEqual(accountA: AccountInfo | null, accountB: AccountInfo | null, compareClaims?: boolean): boolean;
|
|
||||||
}
|
|
||||||
//# sourceMappingURL=AccountEntity.d.ts.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AccountEntity.d.ts","sourceRoot":"","sources":["../../../src/cache/entities/AccountEntity.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAE/C,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAKxD,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAGxD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,aAAa;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,WAAW,CAAC;IAC5B,eAAe,CAAC,EAAE,MAAM,CAAC;IAEzB;;OAEG;IACH,iBAAiB,IAAI,MAAM;IAK3B;;OAEG;IACH,kBAAkB,IAAI,MAAM;IAU5B;;OAEG;IACH,cAAc,IAAI,WAAW;IAc7B;;;OAGG;IACH,MAAM,CAAC,uBAAuB,CAAC,gBAAgB,EAAE,WAAW,GAAG,MAAM;IAUrE;;;OAGG;IACH,MAAM,CAAC,aAAa,CAChB,cAAc,EAAE;QACZ,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,WAAW,CAAC;QAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC5B,EACD,SAAS,EAAE,SAAS,GACrB,aAAa;IAyDhB;;;;;;OAMG;IACH,MAAM,CAAC,qBAAqB,CACxB,WAAW,EAAE,WAAW,EACxB,kBAAkB,CAAC,EAAE,MAAM,EAC3B,WAAW,CAAC,EAAE,MAAM,GACrB,aAAa;IAqBhB;;;;OAIG;IACH,MAAM,CAAC,qBAAqB,CACxB,gBAAgB,EAAE,MAAM,EACxB,QAAQ,EAAE,aAAa,EACvB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,OAAO,EAClB,aAAa,CAAC,EAAE,WAAW,GAC5B,MAAM;IA4BT;;;OAGG;IACH,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAe/C;;;;;OAKG;IACH,MAAM,CAAC,kBAAkB,CACrB,QAAQ,EAAE,WAAW,GAAG,IAAI,EAC5B,QAAQ,EAAE,WAAW,GAAG,IAAI,EAC5B,aAAa,CAAC,EAAE,OAAO,GACxB,OAAO;CA4Bb"}
|
|
|
@ -1,230 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
import { Separators, CacheAccountType, Constants } from '../../utils/Constants.mjs';
|
|
||||||
import { buildClientInfo } from '../../account/ClientInfo.mjs';
|
|
||||||
import { createClientAuthError } from '../../error/ClientAuthError.mjs';
|
|
||||||
import { AuthorityType } from '../../authority/AuthorityType.mjs';
|
|
||||||
import { ProtocolMode } from '../../authority/ProtocolMode.mjs';
|
|
||||||
import { invalidCacheEnvironment } from '../../error/ClientAuthErrorCodes.mjs';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
/**
|
|
||||||
* Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
|
|
||||||
*
|
|
||||||
* Key : Value Schema
|
|
||||||
*
|
|
||||||
* Key: <home_account_id>-<environment>-<realm*>
|
|
||||||
*
|
|
||||||
* Value Schema:
|
|
||||||
* {
|
|
||||||
* homeAccountId: home account identifier for the auth scheme,
|
|
||||||
* environment: entity that issued the token, represented as a full host
|
|
||||||
* realm: Full tenant or organizational identifier that the account belongs to
|
|
||||||
* localAccountId: Original tenant-specific accountID, usually used for legacy cases
|
|
||||||
* username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
|
|
||||||
* authorityType: Accounts authority type as a string
|
|
||||||
* name: Full name for the account, including given name and family name,
|
|
||||||
* lastModificationTime: last time this entity was modified in the cache
|
|
||||||
* lastModificationApp:
|
|
||||||
* idTokenClaims: Object containing claims parsed from ID token
|
|
||||||
* nativeAccountId: Account identifier on the native device
|
|
||||||
* }
|
|
||||||
* @internal
|
|
||||||
*/
|
|
||||||
class AccountEntity {
|
|
||||||
/**
|
|
||||||
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
|
|
||||||
*/
|
|
||||||
generateAccountId() {
|
|
||||||
const accountId = [this.homeAccountId, this.environment];
|
|
||||||
return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
|
|
||||||
*/
|
|
||||||
generateAccountKey() {
|
|
||||||
return AccountEntity.generateAccountCacheKey({
|
|
||||||
homeAccountId: this.homeAccountId,
|
|
||||||
environment: this.environment,
|
|
||||||
tenantId: this.realm,
|
|
||||||
username: this.username,
|
|
||||||
localAccountId: this.localAccountId,
|
|
||||||
});
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Returns the AccountInfo interface for this account.
|
|
||||||
*/
|
|
||||||
getAccountInfo() {
|
|
||||||
return {
|
|
||||||
homeAccountId: this.homeAccountId,
|
|
||||||
environment: this.environment,
|
|
||||||
tenantId: this.realm,
|
|
||||||
username: this.username,
|
|
||||||
localAccountId: this.localAccountId,
|
|
||||||
name: this.name,
|
|
||||||
idTokenClaims: this.idTokenClaims,
|
|
||||||
nativeAccountId: this.nativeAccountId,
|
|
||||||
authorityType: this.authorityType,
|
|
||||||
};
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Generates account key from interface
|
|
||||||
* @param accountInterface
|
|
||||||
*/
|
|
||||||
static generateAccountCacheKey(accountInterface) {
|
|
||||||
const accountKey = [
|
|
||||||
accountInterface.homeAccountId,
|
|
||||||
accountInterface.environment || Constants.EMPTY_STRING,
|
|
||||||
accountInterface.tenantId || Constants.EMPTY_STRING,
|
|
||||||
];
|
|
||||||
return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
|
|
||||||
* @param accountDetails
|
|
||||||
*/
|
|
||||||
static createAccount(accountDetails, authority) {
|
|
||||||
const account = new AccountEntity();
|
|
||||||
if (authority.authorityType === AuthorityType.Adfs) {
|
|
||||||
account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
|
|
||||||
}
|
|
||||||
else if (authority.protocolMode === ProtocolMode.AAD) {
|
|
||||||
account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
||||||
}
|
|
||||||
account.clientInfo = accountDetails.clientInfo;
|
|
||||||
account.homeAccountId = accountDetails.homeAccountId;
|
|
||||||
account.nativeAccountId = accountDetails.nativeAccountId;
|
|
||||||
const env = accountDetails.environment ||
|
|
||||||
(authority && authority.getPreferredCache());
|
|
||||||
if (!env) {
|
|
||||||
throw createClientAuthError(invalidCacheEnvironment);
|
|
||||||
}
|
|
||||||
account.environment = env;
|
|
||||||
// non AAD scenarios can have empty realm
|
|
||||||
account.realm =
|
|
||||||
accountDetails.idTokenClaims.tid || Constants.EMPTY_STRING;
|
|
||||||
// How do you account for MSA CID here?
|
|
||||||
account.localAccountId =
|
|
||||||
accountDetails.idTokenClaims.oid ||
|
|
||||||
accountDetails.idTokenClaims.sub ||
|
|
||||||
Constants.EMPTY_STRING;
|
|
||||||
/*
|
|
||||||
* In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
|
|
||||||
* In most cases it will contain a single email. This field should not be relied upon if a custom
|
|
||||||
* policy is configured to return more than 1 email.
|
|
||||||
*/
|
|
||||||
const preferredUsername = accountDetails.idTokenClaims.preferred_username ||
|
|
||||||
accountDetails.idTokenClaims.upn;
|
|
||||||
const email = accountDetails.idTokenClaims.emails
|
|
||||||
? accountDetails.idTokenClaims.emails[0]
|
|
||||||
: null;
|
|
||||||
account.username = preferredUsername || email || Constants.EMPTY_STRING;
|
|
||||||
account.name = accountDetails.idTokenClaims.name;
|
|
||||||
account.cloudGraphHostName = accountDetails.cloudGraphHostName;
|
|
||||||
account.msGraphHost = accountDetails.msGraphHost;
|
|
||||||
return account;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Creates an AccountEntity object from AccountInfo
|
|
||||||
* @param accountInfo
|
|
||||||
* @param cloudGraphHostName
|
|
||||||
* @param msGraphHost
|
|
||||||
* @returns
|
|
||||||
*/
|
|
||||||
static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
|
|
||||||
const account = new AccountEntity();
|
|
||||||
account.authorityType =
|
|
||||||
accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
||||||
account.homeAccountId = accountInfo.homeAccountId;
|
|
||||||
account.localAccountId = accountInfo.localAccountId;
|
|
||||||
account.nativeAccountId = accountInfo.nativeAccountId;
|
|
||||||
account.realm = accountInfo.tenantId;
|
|
||||||
account.environment = accountInfo.environment;
|
|
||||||
account.username = accountInfo.username;
|
|
||||||
account.name = accountInfo.name;
|
|
||||||
account.cloudGraphHostName = cloudGraphHostName;
|
|
||||||
account.msGraphHost = msGraphHost;
|
|
||||||
return account;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Generate HomeAccountId from server response
|
|
||||||
* @param serverClientInfo
|
|
||||||
* @param authType
|
|
||||||
*/
|
|
||||||
static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
|
|
||||||
const accountId = idTokenClaims?.sub
|
|
||||||
? idTokenClaims.sub
|
|
||||||
: Constants.EMPTY_STRING;
|
|
||||||
// since ADFS does not have tid and does not set client_info
|
|
||||||
if (authType === AuthorityType.Adfs ||
|
|
||||||
authType === AuthorityType.Dsts) {
|
|
||||||
return accountId;
|
|
||||||
}
|
|
||||||
// for cases where there is clientInfo
|
|
||||||
if (serverClientInfo) {
|
|
||||||
try {
|
|
||||||
const clientInfo = buildClientInfo(serverClientInfo, cryptoObj);
|
|
||||||
if (clientInfo.uid && clientInfo.utid) {
|
|
||||||
return `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
catch (e) { }
|
|
||||||
}
|
|
||||||
// default to "sub" claim
|
|
||||||
logger.verbose("No client info in response");
|
|
||||||
return accountId;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Validates an entity: checks for all expected params
|
|
||||||
* @param entity
|
|
||||||
*/
|
|
||||||
static isAccountEntity(entity) {
|
|
||||||
if (!entity) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return (entity.hasOwnProperty("homeAccountId") &&
|
|
||||||
entity.hasOwnProperty("environment") &&
|
|
||||||
entity.hasOwnProperty("realm") &&
|
|
||||||
entity.hasOwnProperty("localAccountId") &&
|
|
||||||
entity.hasOwnProperty("username") &&
|
|
||||||
entity.hasOwnProperty("authorityType"));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Helper function to determine whether 2 accountInfo objects represent the same account
|
|
||||||
* @param accountA
|
|
||||||
* @param accountB
|
|
||||||
* @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
|
|
||||||
*/
|
|
||||||
static accountInfoIsEqual(accountA, accountB, compareClaims) {
|
|
||||||
if (!accountA || !accountB) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
|
|
||||||
if (compareClaims) {
|
|
||||||
const accountAClaims = (accountA.idTokenClaims ||
|
|
||||||
{});
|
|
||||||
const accountBClaims = (accountB.idTokenClaims ||
|
|
||||||
{});
|
|
||||||
// issued at timestamp and nonce are expected to change each time a new id token is acquired
|
|
||||||
claimsMatch =
|
|
||||||
accountAClaims.iat === accountBClaims.iat &&
|
|
||||||
accountAClaims.nonce === accountBClaims.nonce;
|
|
||||||
}
|
|
||||||
return (accountA.homeAccountId === accountB.homeAccountId &&
|
|
||||||
accountA.localAccountId === accountB.localAccountId &&
|
|
||||||
accountA.username === accountB.username &&
|
|
||||||
accountA.tenantId === accountB.tenantId &&
|
|
||||||
accountA.environment === accountB.environment &&
|
|
||||||
accountA.nativeAccountId === accountB.nativeAccountId &&
|
|
||||||
claimsMatch);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
export { AccountEntity };
|
|
||||||
//# sourceMappingURL=AccountEntity.mjs.map
|
|
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AccountEntity.mjs","sources":["../../../src/cache/entities/AccountEntity.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;AAMA;AACA;AAEA;AAKA;;;;;;;;;;;;;;;;;;;;AA2BG;AACH;;;AAGS,mBAAS,CAAA;;;;IAId,iBAAa,GAAO;QAChB,MAAG,SAAO,GAAA,CAAA,IAAA,CAAA,aAAA,EAAA,IAAA,CAAA,WAAA,CAAA,CAAA;QACM,OAAA,SAAA,CAAC,IAAE,CAAA,UAAO,CAAA,mBAAA,CAAA,CAAA,WAAA,EAAA,CAAA;KACX;;;;IAInB,kBAAkB,GAAA;AAElB,QAAA,OAAA,aAAA,CAAA,uBAAA,CAAA;;AAEG,YAAA,WAAA,EAAA,IAAA,CAAA,WAAA;AACH,YAAA,QAAA,MAA2B,CAAA,KAAA;AAK3B,YAAA,QAAA,EAAA,IAAA,CAAA,QAAA;;AAEG,SAAA,CAAA,CAAA;AACH,KAAA;AAUA;;AAEG;AACH,IAAA,cAAc;AAcd,QAAA,OAAA;;;AAGG,YAAA,QAAA,EAAA,IAAA,CAAA,KAAA;AACH,YAA8B,QAAA,EAAA,IAAA,CAAA,QAAC;AAU/B,YAAA,cAAA,EAAA,IAAA,CAAA,cAAA;;;AAGG,YAAA,eAAA,EAAA,IAAA,CAAA,eAAA;AACH,YAAO,aACH,EAAA,IAAA,CAAA,aAAgB;SACC,CAAA;;;;;;WAME,uBAAU,CAAA,gBAAA,EAAA;AAC5B,QACQ,MAAA,UAAW,GAAA;AA0DxB,YAAA,gBAAA,CAAA,aAAA;;;;;;AAMG;AACH;AAyBA;;;;AAIG,QAAA,IAAA,SAAA,CAAA,aAAA,KAAA,aAAA,CAAA,IAAA,EAAA;YACyB,OAAA,CAAA,aACxB,GAAgB,kCACN,CAAA;AAgCd,SAAA;;;AAGG,SAAA;AACH,aAAsB;AAetB,YAAA,OAAA,CAAA,aAAA,GAAA,gBAAA,CAAA,oBAAA,CAAA;;;;;AAKG,QAAA,MAAA,GAAA,GAAA,cAAA,CAAA,WAAA;mCAEC,CAAA,iBAAqB;AA+B5B,QAAA,IAAA,CAAA,GAAA,EAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
|
|
@ -1,40 +0,0 @@
|
||||||
/**
|
|
||||||
* APP_METADATA Cache
|
|
||||||
*
|
|
||||||
* Key:Value Schema:
|
|
||||||
*
|
|
||||||
* Key: appmetadata-<environment>-<client_id>
|
|
||||||
*
|
|
||||||
* Value:
|
|
||||||
* {
|
|
||||||
* clientId: client ID of the application
|
|
||||||
* environment: entity that issued the token, represented as a full host
|
|
||||||
* familyId: Family ID identifier, '1' represents Microsoft Family
|
|
||||||
* }
|
|
||||||
*/
|
|
||||||
export declare class AppMetadataEntity {
|
|
||||||
clientId: string;
|
|
||||||
environment: string;
|
|
||||||
familyId?: string;
|
|
||||||
/**
|
|
||||||
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
||||||
*/
|
|
||||||
generateAppMetadataKey(): string;
|
|
||||||
/**
|
|
||||||
* Generate AppMetadata Cache Key
|
|
||||||
*/
|
|
||||||
static generateAppMetadataCacheKey(environment: string, clientId: string): string;
|
|
||||||
/**
|
|
||||||
* Creates AppMetadataEntity
|
|
||||||
* @param clientId
|
|
||||||
* @param environment
|
|
||||||
* @param familyId
|
|
||||||
*/
|
|
||||||
static createAppMetadataEntity(clientId: string, environment: string, familyId?: string): AppMetadataEntity;
|
|
||||||
/**
|
|
||||||
* Validates an entity: checks for all expected params
|
|
||||||
* @param entity
|
|
||||||
*/
|
|
||||||
static isAppMetadataEntity(key: string, entity: object): boolean;
|
|
||||||
}
|
|
||||||
//# sourceMappingURL=AppMetadataEntity.d.ts.map
|
|
1
js/node_modules/@azure/msal-common/dist/cache/entities/AppMetadataEntity.d.ts.map
generated
vendored
1
js/node_modules/@azure/msal-common/dist/cache/entities/AppMetadataEntity.d.ts.map
generated
vendored
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AppMetadataEntity.d.ts","sourceRoot":"","sources":["../../../src/cache/entities/AppMetadataEntity.ts"],"names":[],"mappings":"AAOA;;;;;;;;;;;;;GAaG;AACH,qBAAa,iBAAiB;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,sBAAsB,IAAI,MAAM;IAOhC;;OAEG;IACH,MAAM,CAAC,2BAA2B,CAC9B,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GACjB,MAAM;IAWT;;;;;OAKG;IACH,MAAM,CAAC,uBAAuB,CAC1B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,QAAQ,CAAC,EAAE,MAAM,GAClB,iBAAiB;IAYpB;;;OAGG;IACH,MAAM,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;CAWnE"}
|
|
|
@ -1,73 +0,0 @@
|
||||||
/*! @azure/msal-common v14.4.0 2023-11-07 */
|
|
||||||
'use strict';
|
|
||||||
import { Separators, APP_METADATA } from '../../utils/Constants.mjs';
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
||||||
* Licensed under the MIT License.
|
|
||||||
*/
|
|
||||||
/**
|
|
||||||
* APP_METADATA Cache
|
|
||||||
*
|
|
||||||
* Key:Value Schema:
|
|
||||||
*
|
|
||||||
* Key: appmetadata-<environment>-<client_id>
|
|
||||||
*
|
|
||||||
* Value:
|
|
||||||
* {
|
|
||||||
* clientId: client ID of the application
|
|
||||||
* environment: entity that issued the token, represented as a full host
|
|
||||||
* familyId: Family ID identifier, '1' represents Microsoft Family
|
|
||||||
* }
|
|
||||||
*/
|
|
||||||
class AppMetadataEntity {
|
|
||||||
/**
|
|
||||||
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
||||||
*/
|
|
||||||
generateAppMetadataKey() {
|
|
||||||
return AppMetadataEntity.generateAppMetadataCacheKey(this.environment, this.clientId);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Generate AppMetadata Cache Key
|
|
||||||
*/
|
|
||||||
static generateAppMetadataCacheKey(environment, clientId) {
|
|
||||||
const appMetaDataKeyArray = [
|
|
||||||
APP_METADATA,
|
|
||||||
environment,
|
|
||||||
clientId,
|
|
||||||
];
|
|
||||||
return appMetaDataKeyArray
|
|
||||||
.join(Separators.CACHE_KEY_SEPARATOR)
|
|
||||||
.toLowerCase();
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Creates AppMetadataEntity
|
|
||||||
* @param clientId
|
|
||||||
* @param environment
|
|
||||||
* @param familyId
|
|
||||||
*/
|
|
||||||
static createAppMetadataEntity(clientId, environment, familyId) {
|
|
||||||
const appMetadata = new AppMetadataEntity();
|
|
||||||
appMetadata.clientId = clientId;
|
|
||||||
appMetadata.environment = environment;
|
|
||||||
if (familyId) {
|
|
||||||
appMetadata.familyId = familyId;
|
|
||||||
}
|
|
||||||
return appMetadata;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Validates an entity: checks for all expected params
|
|
||||||
* @param entity
|
|
||||||
*/
|
|
||||||
static isAppMetadataEntity(key, entity) {
|
|
||||||
if (!entity) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return (key.indexOf(APP_METADATA) === 0 &&
|
|
||||||
entity.hasOwnProperty("clientId") &&
|
|
||||||
entity.hasOwnProperty("environment"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
export { AppMetadataEntity };
|
|
||||||
//# sourceMappingURL=AppMetadataEntity.mjs.map
|
|
1
js/node_modules/@azure/msal-common/dist/cache/entities/AppMetadataEntity.mjs.map
generated
vendored
1
js/node_modules/@azure/msal-common/dist/cache/entities/AppMetadataEntity.mjs.map
generated
vendored
|
@ -1 +0,0 @@
|
||||||
{"version":3,"file":"AppMetadataEntity.mjs","sources":["../../../src/cache/entities/AppMetadataEntity.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAOA;;;;;;;;;;;;AAaG;AACH;;;;AAKI;;AAEG;AACH;AAOA;;AAEG,QAAA,OAAA,iBAAA,CAAA,2BAAA,CAAA,IAAA,CAAA,WAAA,EAAA,IAAA,CAAA,QAAA,CAAA,CAAA;KACG;AAcN;;;;;AAKG,YAAA,YAAA;AACH,YAA8B,WAAA;AAgB9B,YAAA,QAAA;;;AAGG,aAAA,IAAA,CAAA,UAAA,CAAA,mBAAA,CAAA;aACuB,WAAA,EAAA,CAAA;AAW7B,KAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
|
|
49
js/node_modules/@azure/msal-common/dist/cache/entities/AuthorityMetadataEntity.d.ts
generated
vendored
49
js/node_modules/@azure/msal-common/dist/cache/entities/AuthorityMetadataEntity.d.ts
generated
vendored
|
@ -1,49 +0,0 @@
|
||||||
import { CloudDiscoveryMetadata } from "../../authority/CloudDiscoveryMetadata";
|
|
||||||
import { OpenIdConfigResponse } from "../../authority/OpenIdConfigResponse";
|
|
||||||
/** @internal */
|
|
||||||
export declare class AuthorityMetadataEntity {
|
|
||||||
aliases: Array<string>;
|
|
||||||
preferred_cache: string;
|
|
||||||
preferred_network: string;
|
|
||||||
canonical_authority: string;
|
|
||||||
authorization_endpoint: string;
|
|
||||||
token_endpoint: string;
|
|
||||||
end_session_endpoint?: string;
|
|
||||||
issuer: string;
|
|
||||||
aliasesFromNetwork: boolean;
|
|
||||||
endpointsFromNetwork: boolean;
|
|
||||||
expiresAt: number;
|
|
||||||
jwks_uri: string;
|
|
||||||
constructor();
|
|
||||||
/**
|
|
||||||
* Update the entity with new aliases, preferred_cache and preferred_network values
|
|
||||||
* @param metadata
|
|
||||||
* @param fromNetwork
|
|
||||||
*/
|
|
||||||
updateCloudDiscoveryMetadata(metadata: CloudDiscoveryMetadata, fromNetwork: boolean): void;
|
|
||||||
/**
|
|
||||||
* Update the entity with new endpoints
|
|
||||||
* @param metadata
|
|
||||||
* @param fromNetwork
|
|
||||||
*/
|
|
||||||
updateEndpointMetadata(metadata: OpenIdConfigResponse, fromNetwork: boolean): void;
|
|
||||||
/**
|
|
||||||
* Save the authority that was used to create this cache entry
|
|
||||||
* @param authority
|
|
||||||
*/
|
|
||||||
updateCanonicalAuthority(authority: string): void;
|
|
||||||
/**
|
|
||||||
* Reset the exiresAt value
|
|
||||||
*/
|
|
||||||
resetExpiresAt(): void;
|
|
||||||
/**
|
|
||||||
* Returns whether or not the data needs to be refreshed
|
|
||||||
*/
|
|
||||||
isExpired(): boolean;
|
|
||||||
/**
|
|
||||||
* Validates an entity: checks for all expected params
|
|
||||||
* @param entity
|
|
||||||
*/
|
|
||||||
static isAuthorityMetadataEntity(key: string, entity: object): boolean;
|
|
||||||
}
|
|
||||||
//# sourceMappingURL=AuthorityMetadataEntity.d.ts.map
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue