/*! @azure/msal-common v14.4.0 2023-11-07 */ 'use strict'; import { AADServerParamKeys, Constants, ResponseMode, OIDC_DEFAULT_SCOPES, SSOTypes, HeaderNames, CLIENT_INFO, ClaimsRequestKeys, PasswordGrantConstants, AuthenticationScheme, ThrottlingConstants } from '../utils/Constants.mjs'; import { ScopeSet } from './ScopeSet.mjs'; import { createClientConfigurationError } from '../error/ClientConfigurationError.mjs'; import { RequestValidator } from './RequestValidator.mjs'; import { pkceParamsMissing, invalidClaims } from '../error/ClientConfigurationErrorCodes.mjs'; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** @internal */ class RequestParameterBuilder { constructor() { this.parameters = new Map(); } /** * add response_type = code */ addResponseTypeCode() { this.parameters.set(AADServerParamKeys.RESPONSE_TYPE, encodeURIComponent(Constants.CODE_RESPONSE_TYPE)); } /** * add response_type = token id_token */ addResponseTypeForTokenAndIdToken() { this.parameters.set(AADServerParamKeys.RESPONSE_TYPE, encodeURIComponent(`${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`)); } /** * add response_mode. defaults to query. * @param responseMode */ addResponseMode(responseMode) { this.parameters.set(AADServerParamKeys.RESPONSE_MODE, encodeURIComponent(responseMode ? responseMode : ResponseMode.QUERY)); } /** * Add flag to indicate STS should attempt to use WAM if available */ addNativeBroker() { this.parameters.set(AADServerParamKeys.NATIVE_BROKER, encodeURIComponent("1")); } /** * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios * @param scopeSet * @param addOidcScopes */ addScopes(scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) { // Always add openid to the scopes when adding OIDC scopes if (addOidcScopes && !defaultScopes.includes("openid") && !scopes.includes("openid")) { defaultScopes.push("openid"); } const requestScopes = addOidcScopes ? [...(scopes || []), ...defaultScopes] : scopes || []; const scopeSet = new ScopeSet(requestScopes); this.parameters.set(AADServerParamKeys.SCOPE, encodeURIComponent(scopeSet.printScopes())); } /** * add clientId * @param clientId */ addClientId(clientId) { this.parameters.set(AADServerParamKeys.CLIENT_ID, encodeURIComponent(clientId)); } /** * add redirect_uri * @param redirectUri */ addRedirectUri(redirectUri) { RequestValidator.validateRedirectUri(redirectUri); this.parameters.set(AADServerParamKeys.REDIRECT_URI, encodeURIComponent(redirectUri)); } /** * add post logout redirectUri * @param redirectUri */ addPostLogoutRedirectUri(redirectUri) { RequestValidator.validateRedirectUri(redirectUri); this.parameters.set(AADServerParamKeys.POST_LOGOUT_URI, encodeURIComponent(redirectUri)); } /** * add id_token_hint to logout request * @param idTokenHint */ addIdTokenHint(idTokenHint) { this.parameters.set(AADServerParamKeys.ID_TOKEN_HINT, encodeURIComponent(idTokenHint)); } /** * add domain_hint * @param domainHint */ addDomainHint(domainHint) { this.parameters.set(SSOTypes.DOMAIN_HINT, encodeURIComponent(domainHint)); } /** * add login_hint * @param loginHint */ addLoginHint(loginHint) { this.parameters.set(SSOTypes.LOGIN_HINT, encodeURIComponent(loginHint)); } /** * Adds the CCS (Cache Credential Service) query parameter for login_hint * @param loginHint */ addCcsUpn(loginHint) { this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`UPN:${loginHint}`)); } /** * Adds the CCS (Cache Credential Service) query parameter for account object * @param loginHint */ addCcsOid(clientInfo) { this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`Oid:${clientInfo.uid}@${clientInfo.utid}`)); } /** * add sid * @param sid */ addSid(sid) { this.parameters.set(SSOTypes.SID, encodeURIComponent(sid)); } /** * add claims * @param claims */ addClaims(claims, clientCapabilities) { const mergedClaims = this.addClientCapabilitiesToClaims(claims, clientCapabilities); RequestValidator.validateClaims(mergedClaims); this.parameters.set(AADServerParamKeys.CLAIMS, encodeURIComponent(mergedClaims)); } /** * add correlationId * @param correlationId */ addCorrelationId(correlationId) { this.parameters.set(AADServerParamKeys.CLIENT_REQUEST_ID, encodeURIComponent(correlationId)); } /** * add library info query params * @param libraryInfo */ addLibraryInfo(libraryInfo) { // Telemetry Info this.parameters.set(AADServerParamKeys.X_CLIENT_SKU, libraryInfo.sku); this.parameters.set(AADServerParamKeys.X_CLIENT_VER, libraryInfo.version); if (libraryInfo.os) { this.parameters.set(AADServerParamKeys.X_CLIENT_OS, libraryInfo.os); } if (libraryInfo.cpu) { this.parameters.set(AADServerParamKeys.X_CLIENT_CPU, libraryInfo.cpu); } } /** * Add client telemetry parameters * @param appTelemetry */ addApplicationTelemetry(appTelemetry) { if (appTelemetry?.appName) { this.parameters.set(AADServerParamKeys.X_APP_NAME, appTelemetry.appName); } if (appTelemetry?.appVersion) { this.parameters.set(AADServerParamKeys.X_APP_VER, appTelemetry.appVersion); } } /** * add prompt * @param prompt */ addPrompt(prompt) { RequestValidator.validatePrompt(prompt); this.parameters.set(`${AADServerParamKeys.PROMPT}`, encodeURIComponent(prompt)); } /** * add state * @param state */ addState(state) { if (state) { this.parameters.set(AADServerParamKeys.STATE, encodeURIComponent(state)); } } /** * add nonce * @param nonce */ addNonce(nonce) { this.parameters.set(AADServerParamKeys.NONCE, encodeURIComponent(nonce)); } /** * add code_challenge and code_challenge_method * - throw if either of them are not passed * @param codeChallenge * @param codeChallengeMethod */ addCodeChallengeParams(codeChallenge, codeChallengeMethod) { RequestValidator.validateCodeChallengeParams(codeChallenge, codeChallengeMethod); if (codeChallenge && codeChallengeMethod) { this.parameters.set(AADServerParamKeys.CODE_CHALLENGE, encodeURIComponent(codeChallenge)); this.parameters.set(AADServerParamKeys.CODE_CHALLENGE_METHOD, encodeURIComponent(codeChallengeMethod)); } else { throw createClientConfigurationError(pkceParamsMissing); } } /** * add the `authorization_code` passed by the user to exchange for a token * @param code */ addAuthorizationCode(code) { this.parameters.set(AADServerParamKeys.CODE, encodeURIComponent(code)); } /** * add the `authorization_code` passed by the user to exchange for a token * @param code */ addDeviceCode(code) { this.parameters.set(AADServerParamKeys.DEVICE_CODE, encodeURIComponent(code)); } /** * add the `refreshToken` passed by the user * @param refreshToken */ addRefreshToken(refreshToken) { this.parameters.set(AADServerParamKeys.REFRESH_TOKEN, encodeURIComponent(refreshToken)); } /** * add the `code_verifier` passed by the user to exchange for a token * @param codeVerifier */ addCodeVerifier(codeVerifier) { this.parameters.set(AADServerParamKeys.CODE_VERIFIER, encodeURIComponent(codeVerifier)); } /** * add client_secret * @param clientSecret */ addClientSecret(clientSecret) { this.parameters.set(AADServerParamKeys.CLIENT_SECRET, encodeURIComponent(clientSecret)); } /** * add clientAssertion for confidential client flows * @param clientAssertion */ addClientAssertion(clientAssertion) { if (clientAssertion) { this.parameters.set(AADServerParamKeys.CLIENT_ASSERTION, encodeURIComponent(clientAssertion)); } } /** * add clientAssertionType for confidential client flows * @param clientAssertionType */ addClientAssertionType(clientAssertionType) { if (clientAssertionType) { this.parameters.set(AADServerParamKeys.CLIENT_ASSERTION_TYPE, encodeURIComponent(clientAssertionType)); } } /** * add OBO assertion for confidential client flows * @param clientAssertion */ addOboAssertion(oboAssertion) { this.parameters.set(AADServerParamKeys.OBO_ASSERTION, encodeURIComponent(oboAssertion)); } /** * add grant type * @param grantType */ addRequestTokenUse(tokenUse) { this.parameters.set(AADServerParamKeys.REQUESTED_TOKEN_USE, encodeURIComponent(tokenUse)); } /** * add grant type * @param grantType */ addGrantType(grantType) { this.parameters.set(AADServerParamKeys.GRANT_TYPE, encodeURIComponent(grantType)); } /** * add client info * */ addClientInfo() { this.parameters.set(CLIENT_INFO, "1"); } /** * add extraQueryParams * @param eQParams */ addExtraQueryParameters(eQParams) { const sanitizedEQParams = RequestValidator.sanitizeEQParams(eQParams, this.parameters); Object.keys(sanitizedEQParams).forEach((key) => { this.parameters.set(key, eQParams[key]); }); } addClientCapabilitiesToClaims(claims, clientCapabilities) { let mergedClaims; // Parse provided claims into JSON object or initialize empty object if (!claims) { mergedClaims = {}; } else { try { mergedClaims = JSON.parse(claims); } catch (e) { throw createClientConfigurationError(invalidClaims); } } if (clientCapabilities && clientCapabilities.length > 0) { if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) { // Add access_token key to claims object mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {}; } // Add xms_cc claim with provided clientCapabilities to access_token key mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] = { values: clientCapabilities, }; } return JSON.stringify(mergedClaims); } /** * adds `username` for Password Grant flow * @param username */ addUsername(username) { this.parameters.set(PasswordGrantConstants.username, encodeURIComponent(username)); } /** * adds `password` for Password Grant flow * @param password */ addPassword(password) { this.parameters.set(PasswordGrantConstants.password, encodeURIComponent(password)); } /** * add pop_jwk to query params * @param cnfString */ addPopToken(cnfString) { if (cnfString) { this.parameters.set(AADServerParamKeys.TOKEN_TYPE, AuthenticationScheme.POP); this.parameters.set(AADServerParamKeys.REQ_CNF, encodeURIComponent(cnfString)); } } /** * add SSH JWK and key ID to query params */ addSshJwk(sshJwkString) { if (sshJwkString) { this.parameters.set(AADServerParamKeys.TOKEN_TYPE, AuthenticationScheme.SSH); this.parameters.set(AADServerParamKeys.REQ_CNF, encodeURIComponent(sshJwkString)); } } /** * add server telemetry fields * @param serverTelemetryManager */ addServerTelemetry(serverTelemetryManager) { this.parameters.set(AADServerParamKeys.X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue()); this.parameters.set(AADServerParamKeys.X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue()); } /** * Adds parameter that indicates to the server that throttling is supported */ addThrottling() { this.parameters.set(AADServerParamKeys.X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE); } /** * Adds logout_hint parameter for "silent" logout which prevent server account picker */ addLogoutHint(logoutHint) { this.parameters.set(AADServerParamKeys.LOGOUT_HINT, encodeURIComponent(logoutHint)); } /** * Utility to create a URL from the params map */ createQueryString() { const queryParameterArray = new Array(); this.parameters.forEach((value, key) => { queryParameterArray.push(`${key}=${value}`); }); return queryParameterArray.join("&"); } } export { RequestParameterBuilder }; //# sourceMappingURL=RequestParameterBuilder.mjs.map