ScopeSet.fromString(serverTokenResponse.scope) : new ScopeSet(requestScopes || []); /* * Use timestamp calculated before request * Server may return timestamps as strings, parse to numbers if so. */ var expiresIn = (typeof serverTokenResponse.expires_in === "string" ? parseInt(serverTokenResponse.expires_in, 10) : serverTokenResponse.expires_in) || 0; var extExpiresIn = (typeof serverTokenResponse.ext_expires_in === "string" ? parseInt(serverTokenResponse.ext_expires_in, 10) : serverTokenResponse.ext_expires_in) || 0; var refreshIn = (typeof serverTokenResponse.refresh_in === "string" ? parseInt(serverTokenResponse.refresh_in, 10) : serverTokenResponse.refresh_in) || undefined; var tokenExpirationSeconds = reqTimestamp + expiresIn; var extendedTokenExpirationSeconds = tokenExpirationSeconds + extExpiresIn; var refreshOnSeconds = refreshIn && refreshIn > 0 ? reqTimestamp + refreshIn : undefined; // non AAD scenarios can have empty realm cachedAccessToken = AccessTokenEntity.createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token || Constants.EMPTY_STRING, this.clientId, idTokenObj ? idTokenObj.claims.tid || Constants.EMPTY_STRING : authority.tenant, responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj, refreshOnSeconds, serverTokenResponse.token_type, oboAssertion); } // refreshToken var cachedRefreshToken = null; if (!StringUtils.isEmpty(serverTokenResponse.refresh_token)) { cachedRefreshToken = RefreshTokenEntity.createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token || Constants.EMPTY_STRING, this.clientId, serverTokenResponse.foci, oboAssertion); } // appMetadata var cachedAppMetadata = null; if (!StringUtils.isEmpty(serverTokenResponse.foci)) { cachedAppMetadata = AppMetadataEntity.createAppMetadataEntity(this.clientId, env, serverTokenResponse.foci); } return new CacheRecord(cachedAccount, cachedIdToken, cachedAccessToken, cachedRefreshToken, cachedAppMetadata); }; /** * Generate Account * @param serverTokenResponse * @param idToken * @param authority */ ResponseHandler.prototype.generateAccountEntity = function (serverTokenResponse, idToken, authority, oboAssertion, authCodePayload) { var authorityType = authority.authorityType; var cloudGraphHostName = authCodePayload ? authCodePayload.cloud_graph_host_name : ""; var msGraphhost = authCodePayload ? authCodePayload.msgraph_host : ""; // ADFS does not require client_info in the response if (authorityType === AuthorityType.Adfs) { this.logger.verbose("Authority type is ADFS, creating ADFS account"); return AccountEntity.createGenericAccount(authority, this.homeAccountIdentifier, idToken, oboAssertion, cloudGraphHostName, msGraphhost); } // This fallback applies to B2C as well as they fall under an AAD account type. if (StringUtils.isEmpty(serverTokenResponse.client_info) && authority.protocolMode === "AAD") { throw ClientAuthError.createClientInfoEmptyError(); } return serverTokenResponse.client_info ? AccountEntity.createAccount(serverTokenResponse.client_info, this.homeAccountIdentifier, authority, idToken, oboAssertion, cloudGraphHostName, msGraphhost) : AccountEntity.createGenericAccount(authority, this.homeAccountIdentifier, idToken, oboAssertion, cloudGraphHostName, msGraphhost); }; /** * Creates an @AuthenticationResult from @CacheRecord , @IdToken , and a boolean that states whether or not the result is from cache. * * Optionally takes a state string that is set as-is in the response. * * @param cacheRecord * @param idTokenObj * @param fromTokenCache * @param stateString */ ResponseHandler.generateAuthenticationResult = function (cryptoObj, authority, cacheRecord, fromTokenCache, request, idTokenObj, requestState) { var _a, _b, _c; return __awaiter(this, void 0, void 0, function () { var accessToken, responseScopes, expiresOn, extExpiresOn, familyId, popTokenGenerator, uid, tid; return __generator(this, function (_d) { switch (_d.label) { case 0: accessToken = ""; responseScopes = []; expiresOn = null; familyId = Constants.EMPTY_STRING; if (!cacheRecord.accessToken) return [3 /*break*/, 4]; if (!(cacheRecord.accessToken.tokenType === exports.AuthenticationScheme.POP)) return [3 /*break*/, 2]; popTokenGenerator = new PopTokenGenerator(cryptoObj); return [4 /*yield*/, popTokenGenerator.signPopToken(cacheRecord.accessToken.secret, request)]; case 1: accessToken = _d.sent(); return [3 /*break*/, 3]; case 2: accessToken = cacheRecord.accessToken.secret; _d.label = 3; case 3: responseScopes = ScopeSet.fromString(cacheRecord.accessToken.target).asArray(); expiresOn = new Date(Number(cacheRecord.accessToken.expiresOn) * 1000); extExpiresOn = new Date(Number(cacheRecord.accessToken.extendedExpiresOn) * 1000); _d.label = 4; case 4: if (cacheRecord.appMetadata) { familyId = cacheRecord.appMetadata.familyId === THE_FAMILY_ID ? THE_FAMILY_ID : Constants.EMPTY_STRING; } uid = (idTokenObj === null || idTokenObj === void 0 ? void 0 : idTokenObj.claims.oid) || (idTokenObj === null || idTokenObj === void 0 ? void 0 : idTokenObj.claims.sub) || Constants.EMPTY_STRING; tid = (idTokenObj === null || idTokenObj === void 0 ? void 0 : idTokenObj.claims.tid) || Constants.EMPTY_STRING; return [2 /*return*/, { authority: authority.canonicalAuthority, uniqueId: uid, tenantId: tid, scopes: responseScopes, account: cacheRecord.account ? cacheRecord.account.getAccountInfo() : null, idToken: idTokenObj ? idTokenObj.rawToken : Constants.EMPTY_STRING, idTokenClaims: idTokenObj ? idTokenObj.claims : {}, accessToken: accessToken, fromCache: fromTokenCache, expiresOn: expiresOn, extExpiresOn: extExpiresOn, familyId: familyId, tokenType: ((_a = cacheRecord.accessToken) === null || _a === void 0 ? void 0 : _a.tokenType) || Constants.EMPTY_STRING, state: requestState ? requestState.userRequestState : Constants.EMPTY_STRING, cloudGraphHostName: ((_b = cacheRecord.account) === null || _b === void 0 ? void 0 : _b.cloudGraphHostName) || Constants.EMPTY_STRING, msGraphHost: ((_c = cacheRecord.account) === null || _c === void 0 ? void 0 : _c.msGraphHost) || Constants.EMPTY_STRING }]; } }); }); }; return ResponseHandler; }()); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Oauth2.0 Authorization Code client */ var AuthorizationCodeClient = /** @class */ (function (_super) { __extends(AuthorizationCodeClient, _super); function AuthorizationCodeClient(configuration) { return _super.call(this, configuration) || this; } /** * Creates the URL of the authorization request letting the user input credentials and consent to the * application. The URL target the /authorize endpoint of the authority configured in the * application object. * * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI * sent in the request and should contain an authorization code, which can then be used to acquire tokens via * acquireToken(AuthorizationCodeRequest) * @param request */ AuthorizationCodeClient.prototype.getAuthCodeUrl = function (request) { return __awaiter(this, void 0, void 0, function () { var queryString; return __generator(this, function (_a) { queryString = this.createAuthCodeUrlQueryString(request); return [2 /*return*/, UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString)]; }); }); }; /** * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the * authorization_code_grant * @param request */ AuthorizationCodeClient.prototype.acquireToken = function (request, authCodePayload) { return __awaiter(this, void 0, void 0, function () { var reqTimestamp, response, responseHandler; return __generator(this, function (_a) { switch (_a.label) { case 0: this.logger.info("in acquireToken call"); if (!request || StringUtils.isEmpty(request.code)) { throw ClientAuthError.createTokenRequestCannotBeMadeError(); } reqTimestamp = TimeUtils.nowSeconds(); return [4 /*yield*/, this.executeTokenRequest(this.authority, request)]; case 1: response = _a.sent(); responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin); // Validate response. This function throws a server error if an error is returned by the server. responseHandler.validateTokenResponse(response.body); return [4 /*yield*/, responseHandler.handleServerTokenResponse(response.body, this.authority, reqTimestamp, request, authCodePayload)]; case 2: return [2 /*return*/, _a.sent()]; } }); }); }; /** * Handles the hash fragment response from public client code request. Returns a code response used by * the client to exchange for a token in acquireToken. * @param hashFragment */ AuthorizationCodeClient.prototype.handleFragmentResponse = function (hashFragment, cachedState) { // Handle responses. var responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null); // Deserialize hash fragment response parameters. var hashUrlString = new UrlString(hashFragment); // Deserialize hash fragment response parameters. var serverParams = UrlString.getDeserializedHash(hashUrlString.getHash()); // Get code response responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState, this.cryptoUtils); // throw when there is no auth code in the response if (!serverParams.code) { throw ClientAuthError.createNoAuthCodeInServerResponseError(); } return __assign(__assign({}, serverParams), { // Code param is optional in ServerAuthorizationCodeResponse but required in AuthorizationCodePaylod code: serverParams.code }); }; /** * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. * Default behaviour is to redirect the user to `window.location.href`. * @param authorityUri */ AuthorizationCodeClient.prototype.getLogoutUri = function (logoutRequest) { // Throw error if logoutRequest is null/undefined if (!logoutRequest) { throw ClientConfigurationError.createEmptyLogoutRequestError(); } if (logoutRequest.account) { // Clear given account. this.cacheManager.removeAccount(AccountEntity.generateAccountCacheKey(logoutRequest.account)); } else { // Clear all accounts and tokens this.cacheManager.clear(); } var queryString = this.createLogoutUrlQueryString(logoutRequest); // Construct logout URI. return StringUtils.isEmpty(queryString) ? this.authority.endSessionEndpoint : this.authority.endSessionEndpoint + "?" + queryString; }; /** * Executes POST request to token endpoint * @param authority * @param request */ AuthorizationCodeClient.prototype.executeTokenRequest = function (authority, request) { return __awaiter(this, void 0, void 0, function () { var thumbprint, requestBody, queryParameters, ccsCredential, clientInfo, headers, endpoint; return __generator(this, function (_a) { switch (_a.label) { case 0: thumbprint = { clientId: this.config.authOptions.clientId, authority: authority.canonicalAuthority, scopes: request.scopes }; return [4 /*yield*/, this.createTokenRequestBody(request)]; case 1: requestBody = _a.sent(); queryParameters = this.createTokenQueryParameters(request); ccsCredential = undefined; if (request.clientInfo) { try { clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils); ccsCredential = { credential: "" + clientInfo.uid + Separators.CLIENT_INFO_SEPARATOR + clientInfo.utid, type: CcsCredentialType.HOME_ACCOUNT_ID }; } catch (e) { this.logger.verbose("Could not parse client info for CCS Header: " + e); } } headers = this.createTokenRequestHeaders(ccsCredential || request.ccsCredential); endpoint = StringUtils.isEmpty(queryParameters) ? authority.tokenEndpoint : authority.tokenEndpoint + "?" + queryParameters; return [2 /*return*/, this.executePostToTokenEndpoint(endpoint, requestBody, headers, thumbprint)]; } }); }); }; /** * Creates query string for the /token request * @param request */ AuthorizationCodeClient.prototype.createTokenQueryParameters = function (request) { var parameterBuilder = new RequestParameterBuilder(); if (request.tokenQueryParameters) { parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters); } return parameterBuilder.createQueryString(); }; /** * Generates a map for all the params to be sent to the service * @param request */ AuthorizationCodeClient.prototype.createTokenRequestBody = function (request) { return __awaiter(this, void 0, void 0, function () { var parameterBuilder, clientAssertion, popTokenGenerator, cnfString, correlationId, ccsCred, clientInfo, clientInfo; return __generator(this, function (_a) { switch (_a.label) { case 0: parameterBuilder = new RequestParameterBuilder(); parameterBuilder.addClientId(this.config.authOptions.clientId); // validate the redirectUri (to be a non null value) parameterBuilder.addRedirectUri(request.redirectUri); // Add scope array, parameter builder will add default scopes and dedupe parameterBuilder.addScopes(request.scopes); // add code: user set, not validated parameterBuilder.addAuthorizationCode(request.code); // Add library metadata parameterBuilder.addLibraryInfo(this.config.libraryInfo); parameterBuilder.addThrottling(); if (this.serverTelemetryManager) { parameterBuilder.addServerTelemetry(this.serverTelemetryManager); } // add code_verifier if passed if (request.codeVerifier) { parameterBuilder.addCodeVerifier(request.codeVerifier); } if (this.config.clientCredentials.clientSecret) { parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret); } if (this.config.clientCredentials.clientAssertion) { clientAssertion = this.config.clientCredentials.clientAssertion; parameterBuilder.addClientAssertion(clientAssertion.assertion); parameterBuilder.addClientAssertionType(clientAssertion.assertionType); } parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT); parameterBuilder.addClientInfo(); if (!(request.authenticationScheme === exports.AuthenticationScheme.POP)) return [3 /*break*/, 2]; popTokenGenerator = new PopTokenGenerator(this.cryptoUtils); return [4 /*yield*/, popTokenGenerator.generateCnf(request)]; case 1: cnfString = _a.sent(); parameterBuilder.addPopToken(cnfString); _a.label = 2; case 2: correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid(); parameterBuilder.addCorrelationId(correlationId); if (!StringUtils.isEmptyObj(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) { parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); } ccsCred = undefined; if (request.clientInfo) { try { clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils); ccsCred = { credential: "" + clientInfo.uid + Separators.CLIENT_INFO_SEPARATOR + clientInfo.utid, type: CcsCredentialType.HOME_ACCOUNT_ID }; } catch (e) { this.logger.verbose("Could not parse client info for CCS Header: " + e); } } else { ccsCred = request.ccsCredential; } // Adds these as parameters in the request instead of headers to prevent CORS preflight request if (this.config.systemOptions.preventCorsPreflight && ccsCred) { switch (ccsCred.type) { case CcsCredentialType.HOME_ACCOUNT_ID: try { clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential); parameterBuilder.addCcsOid(clientInfo); } catch (e) { this.logger.verbose("Could not parse home account ID for CCS Header: " + e); } break; case CcsCredentialType.UPN: parameterBuilder.addCcsUpn(ccsCred.credential); break; } } return [2 /*return*/, parameterBuilder.createQueryString()]; } }); }); }; /** * This API validates the `AuthorizationCodeUrlRequest` and creates a URL * @param request */ AuthorizationCodeClient.prototype.createAuthCodeUrlQueryString = function (request) { var parameterBuilder = new RequestParameterBuilder(); parameterBuilder.addClientId(this.config.authOptions.clientId); var requestScopes = __spreadArrays(request.scopes || [], request.extraScopesToConsent || []); parameterBuilder.addScopes(requestScopes); // validate the redirectUri (to be a non null value) parameterBuilder.addRedirectUri(request.redirectUri); // generate the correlationId if not set by the user and add var correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid(); parameterBuilder.addCorrelationId(correlationId); // add response_mode. If not passed in it defaults to query. parameterBuilder.addResponseMode(request.responseMode); // add response_type = code parameterBuilder.addResponseTypeCode(); // add library info parameters parameterBuilder.addLibraryInfo(this.config.libraryInfo); // add client_info=1 parameterBuilder.addClientInfo(); if (request.codeChallenge && request.codeChallengeMethod) { parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod); } if (request.prompt) { parameterBuilder.addPrompt(request.prompt); } if (request.domainHint) { parameterBuilder.addDomainHint(request.domainHint); } // Add sid or loginHint with preference for sid -> loginHint -> username of AccountInfo object if (request.prompt !== PromptValue.SELECT_ACCOUNT) { // AAD will throw if prompt=select_account is passed with an account hint if (request.sid && request.prompt === PromptValue.NONE) { // SessionID is only used in silent calls this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"); parameterBuilder.addSid(request.sid); } else if (request.account) { var accountSid = this.extractAccountSid(request.account); // If account and loginHint are provided, we will check account first for sid before adding loginHint if (accountSid && request.prompt === PromptValue.NONE) { // SessionId is only used in silent calls this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"); parameterBuilder.addSid(accountSid); try { var clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId); parameterBuilder.addCcsOid(clientInfo); } catch (e) { this.logger.verbose("Could not parse home account ID for CCS Header: " + e); } } else if (request.loginHint) { this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"); parameterBuilder.addLoginHint(request.loginHint); parameterBuilder.addCcsUpn(request.loginHint); } else if (request.account.username) { // Fallback to account username if provided this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"); parameterBuilder.addLoginHint(request.account.username); try { var clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId); parameterBuilder.addCcsOid(clientInfo); } catch (e) { this.logger.verbose("Could not parse home account ID for CCS Header: " + e); } } } else if (request.loginHint) { this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"); parameterBuilder.addLoginHint(request.loginHint); parameterBuilder.addCcsUpn(request.loginHint); } } else { this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints"); } if (request.nonce) { parameterBuilder.addNonce(request.nonce); } if (request.state) { parameterBuilder.addState(request.state); } if (!StringUtils.isEmpty(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) { parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); } if (request.extraQueryParameters) { parameterBuilder.addExtraQueryParameters(request.extraQueryParameters); } return parameterBuilder.createQueryString(); }; /** * This API validates the `EndSessionRequest` and creates a URL * @param request */ AuthorizationCodeClient.prototype.createLogoutUrlQueryString = function (request) { var parameterBuilder = new RequestParameterBuilder(); if (request.postLogoutRedirectUri) { parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri); } if (request.correlationId) { parameterBuilder.addCorrelationId(request.correlationId); } if (request.idTokenHint) { parameterBuilder.addIdTokenHint(request.idTokenHint); } return parameterBuilder.createQueryString(); }; /** * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present. * @param account */ AuthorizationCodeClient.prototype.extractAccountSid = function (account) { if (account.idTokenClaims) { var tokenClaims = account.idTokenClaims; return tokenClaims.sid || null; } return null; }; return AuthorizationCodeClient; }(BaseClient)); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * OAuth2.0 refresh token client */ var RefreshTokenClient = /** @class */ (function (_super) { __extends(RefreshTokenClient, _super); function RefreshTokenClient(configuration) { return _super.call(this, configuration) || this; } RefreshTokenClient.prototype.acquireToken = function (request) { return __awaiter(this, void 0, void 0, function () { var reqTimestamp, response, responseHandler; return __generator(this, function (_a) { switch (_a.label) { case 0: reqTimestamp = TimeUtils.nowSeconds(); return [4 /*yield*/, this.executeTokenRequest(request, this.authority)]; case 1: response = _a.sent(); responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin); responseHandler.validateTokenResponse(response.body); return [2 /*return*/, responseHandler.handleServerTokenResponse(response.body, this.authority, reqTimestamp, request, undefined, undefined, true)]; } }); }); }; /** * Gets cached refresh token and attaches to request, then calls acquireToken API * @param request */ RefreshTokenClient.prototype.acquireTokenByRefreshToken = function (request) { return __awaiter(this, void 0, void 0, function () { var isFOCI, noFamilyRTInCache, clientMismatchErrorWithFamilyRT; return __generator(this, function (_a) { // Cannot renew token if no request object is given. if (!request) { throw ClientConfigurationError.createEmptyTokenRequestError(); } // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases if (!request.account) { throw ClientAuthError.createNoAccountInSilentRequestError(); } isFOCI = this.cacheManager.isAppMetadataFOCI(request.account.environment, this.config.authOptions.clientId); // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest if (isFOCI) { try { return [2 /*return*/, this.acquireTokenWithCachedRefreshToken(request, true)]; } catch (e) { noFamilyRTInCache = e instanceof ClientAuthError && e.errorCode === ClientAuthErrorMessage.noTokensFoundError.code; clientMismatchErrorWithFamilyRT = e instanceof ServerError && e.errorCode === Errors.INVALID_GRANT_ERROR && e.subError === Errors.CLIENT_MISMATCH_ERROR; // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART) if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) { return [2 /*return*/, this.acquireTokenWithCachedRefreshToken(request, false)]; // throw in all other cases } else { throw e; } } } // fall back to application refresh token acquisition return [2 /*return*/, this.acquireTokenWithCachedRefreshToken(request, false)]; }); }); }; /** * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached * @param request */ RefreshTokenClient.prototype.acquireTokenWithCachedRefreshToken = function (request, foci) { return __awaiter(this, void 0, void 0, function () { var refreshToken, refreshTokenRequest; return __generator(this, function (_a) { refreshToken = this.cacheManager.readRefreshTokenFromCache(this.config.authOptions.clientId, request.account, foci); // no refresh Token if (!refreshToken) { throw ClientAuthError.createNoTokensFoundError(); } refreshTokenRequest = __assign(__assign({}, request), { refreshToken: refreshToken.secret, authenticationScheme: request.authenticationScheme || exports.AuthenticationScheme.BEARER, ccsCredential: { credential: request.account.homeAccountId, type: CcsCredentialType.HOME_ACCOUNT_ID } }); return [2 /*return*/, this.acquireToken(refreshTokenRequest)]; }); }); }; /** * Constructs the network message and makes a NW call to the underlying secure token service * @param request * @param authority */ RefreshTokenClient.prototype.executeTokenRequest = function (request, authority) { return __awaiter(this, void 0, void 0, function () { var requestBody, queryParameters, headers, thumbprint, endpoint; return __generator(this, function (_a) { switch (_a.label) { case 0: return [4 /*yield*/, this.createTokenRequestBody(request)]; case 1: requestBody = _a.sent(); queryParameters = this.createTokenQueryParameters(request); headers = this.createTokenRequestHeaders(request.ccsCredential); thumbprint = { clientId: this.config.authOptions.clientId, authority: authority.canonicalAuthority, scopes: request.scopes }; endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParameters); return [2 /*return*/, this.executePostToTokenEndpoint(endpoint, requestBody, headers, thumbprint)]; } }); }); }; /** * Creates query string for the /token request * @param request */ RefreshTokenClient.prototype.createTokenQueryParameters = function (request) { var parameterBuilder = new RequestParameterBuilder(); if (request.tokenQueryParameters) { parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters); } return parameterBuilder.createQueryString(); }; /** * Helper function to create the token request body * @param request */ RefreshTokenClient.prototype.createTokenRequestBody = function (request) { return __awaiter(this, void 0, void 0, function () { var parameterBuilder, correlationId, clientAssertion, popTokenGenerator, _a, _b, clientInfo; return __generator(this, function (_c) { switch (_c.label) { case 0: parameterBuilder = new RequestParameterBuilder(); parameterBuilder.addClientId(this.config.authOptions.clientId); parameterBuilder.addScopes(request.scopes); parameterBuilder.addGrantType(GrantType.REFRESH_TOKEN_GRANT); parameterBuilder.addClientInfo(); parameterBuilder.addLibraryInfo(this.config.libraryInfo); parameterBuilder.addThrottling(); if (this.serverTelemetryManager) { parameterBuilder.addServerTelemetry(this.serverTelemetryManager); } correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid(); parameterBuilder.addCorrelationId(correlationId); parameterBuilder.addRefreshToken(request.refreshToken); if (this.config.clientCredentials.clientSecret) { parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret); } if (this.config.clientCredentials.clientAssertion) { clientAssertion = this.config.clientCredentials.clientAssertion; parameterBuilder.addClientAssertion(clientAssertion.assertion); parameterBuilder.addClientAssertionType(clientAssertion.assertionType); } if (!(request.authenticationScheme === exports.AuthenticationScheme.POP)) return [3 /*break*/, 2]; popTokenGenerator = new PopTokenGenerator(this.cryptoUtils); _b = (_a = parameterBuilder).addPopToken; return [4 /*yield*/, popTokenGenerator.generateCnf(request)]; case 1: _b.apply(_a, [_c.sent()]); _c.label = 2; case 2: if (!StringUtils.isEmptyObj(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) { parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities); } if (this.config.systemOptions.preventCorsPreflight && request.ccsCredential) { switch (request.ccsCredential.type) { case CcsCredentialType.HOME_ACCOUNT_ID: try { clientInfo = buildClientInfoFromHomeAccountId(request.ccsCredential.credential); parameterBuilder.addCcsOid(clientInfo); } catch (e) { this.logger.verbose("Could not parse home account ID for CCS Header: " + e); } break; case CcsCredentialType.UPN: parameterBuilder.addCcsUpn(request.ccsCredential.credential); break; } } return [2 /*return*/, parameterBuilder.createQueryString()]; } }); }); }; return RefreshTokenClient; }(BaseClient)); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var SilentFlowClient = /** @class */ (function (_super) { __extends(SilentFlowClient, _super); function SilentFlowClient(configuration) { return _super.call(this, configuration) || this; } /** * Retrieves a token from cache if it is still valid, or uses the cached refresh token to renew * the given token and returns the renewed token * @param request */ SilentFlowClient.prototype.acquireToken = function (request) { return __awaiter(this, void 0, void 0, function () { var e_1, refreshTokenClient; return __generator(this, function (_a) { switch (_a.label) { case 0: _a.trys.push([0, 2, , 3]); return [4 /*yield*/, this.acquireCachedToken(request)]; case 1: return [2 /*return*/, _a.sent()]; case 2: e_1 = _a.sent(); if (e_1 instanceof ClientAuthError && e_1.errorCode === ClientAuthErrorMessage.tokenRefreshRequired.code) { refreshTokenClient = new RefreshTokenClient(this.config); return [2 /*return*/, refreshTokenClient.acquireTokenByRefreshToken(request)]; } else { throw e_1; } case 3: return [2 /*return*/]; } }); }); }; /** * Retrieves token from cache or throws an error if it must be refreshed. * @param request */ SilentFlowClient.prototype.acquireCachedToken = function (request) { return __awaiter(this, void 0, void 0, function () { var requestScopes, environment, authScheme, cacheRecord; return __generator(this, function (_a) { switch (_a.label) { case 0: // Cannot renew token if no request object is given. if (!request) { throw ClientConfigurationError.createEmptyTokenRequestError(); } // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases if (!request.account) { throw ClientAuthError.createNoAccountInSilentRequestError(); } requestScopes = new ScopeSet(request.scopes || []); environment = request.authority || this.authority.getPreferredCache(); authScheme = request.authenticationScheme || exports.AuthenticationScheme.BEARER; cacheRecord = this.cacheManager.readCacheRecord(request.account, this.config.authOptions.clientId, requestScopes, environment, authScheme); if (request.forceRefresh || !StringUtils.isEmptyObj(request.claims) || !cacheRecord.accessToken || TimeUtils.isTokenExpired(cacheRecord.accessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds) || TimeUtils.wasClockTurnedBack(cacheRecord.accessToken.cachedAt) || (cacheRecord.accessToken.refreshOn && TimeUtils.isTokenExpired(cacheRecord.accessToken.refreshOn, 0))) { // Must refresh due to request parameters, or expired or non-existent access_token throw ClientAuthError.createRefreshRequiredError(); } if (this.config.serverTelemetryManager) { this.config.serverTelemetryManager.incrementCacheHits(); } return [4 /*yield*/, this.generateResultFromCacheRecord(cacheRecord, request)]; case 1: return [2 /*return*/, _a.sent()]; } }); }); }; /** * Helper function to build response object from the CacheRecord * @param cacheRecord */ SilentFlowClient.prototype.generateResultFromCacheRecord = function (cacheRecord, request) { return __awaiter(this, void 0, void 0, function () { var idTokenObj; return __generator(this, function (_a) { switch (_a.label) { case 0: if (cacheRecord.idToken) { idTokenObj = new AuthToken(cacheRecord.idToken.secret, this.config.cryptoInterface); } return [4 /*yield*/, ResponseHandler.generateAuthenticationResult(this.cryptoUtils, this.authority, cacheRecord, true, request, idTokenObj)]; case 1: return [2 /*return*/, _a.sent()]; } }); }); }; return SilentFlowClient; }(BaseClient)); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ function isOpenIdConfigResponse(response) { return (response.hasOwnProperty("authorization_endpoint") && response.hasOwnProperty("token_endpoint") && response.hasOwnProperty("end_session_endpoint") && response.hasOwnProperty("issuer")); } /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Protocol modes supported by MSAL. */ exports.ProtocolMode = void 0; (function (ProtocolMode) { ProtocolMode["AAD"] = "AAD"; ProtocolMode["OIDC"] = "OIDC"; })(exports.ProtocolMode || (exports.ProtocolMode = {})); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var AuthorityMetadataEntity = /** @class */ (function () { function AuthorityMetadataEntity() { this.expiresAt = TimeUtils.nowSeconds() + AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS; } /** * Update the entity with new aliases, preferred_cache and preferred_network values * @param metadata * @param fromNetwork */ AuthorityMetadataEntity.prototype.updateCloudDiscoveryMetadata = function (metadata, fromNetwork) { this.aliases = metadata.aliases; this.preferred_cache = metadata.preferred_cache; this.preferred_network = metadata.preferred_network; this.aliasesFromNetwork = fromNetwork; }; /** * Update the entity with new endpoints * @param metadata * @param fromNetwork */ AuthorityMetadataEntity.prototype.updateEndpointMetadata = function (metadata, fromNetwork) { this.authorization_endpoint = metadata.authorization_endpoint; this.token_endpoint = metadata.token_endpoint; this.end_session_endpoint = metadata.end_session_endpoint; this.issuer = metadata.issuer; this.endpointsFromNetwork = fromNetwork; }; /** * Save the authority that was used to create this cache entry * @param authority */ AuthorityMetadataEntity.prototype.updateCanonicalAuthority = function (authority) { this.canonical_authority = authority; }; /** * Reset the exiresAt value */ AuthorityMetadataEntity.prototype.resetExpiresAt = function () { this.expiresAt = TimeUtils.nowSeconds() + AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS; }; /** * Returns whether or not the data needs to be refreshed */ AuthorityMetadataEntity.prototype.isExpired = function () { return this.expiresAt <= TimeUtils.nowSeconds(); }; /** * Validates an entity: checks for all expected params * @param entity */ AuthorityMetadataEntity.isAuthorityMetadataEntity = function (key, entity) { if (!entity) { return false; } return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 && entity.hasOwnProperty("aliases") && entity.hasOwnProperty("preferred_cache") && entity.hasOwnProperty("preferred_network") && entity.hasOwnProperty("canonical_authority") && entity.hasOwnProperty("authorization_endpoint") && entity.hasOwnProperty("token_endpoint") && entity.hasOwnProperty("end_session_endpoint") && entity.hasOwnProperty("issuer") && entity.hasOwnProperty("aliasesFromNetwork") && entity.hasOwnProperty("endpointsFromNetwork") && entity.hasOwnProperty("expiresAt")); }; return AuthorityMetadataEntity; }()); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ function isCloudInstanceDiscoveryResponse(response) { return (response.hasOwnProperty("tenant_discovery_endpoint") && response.hasOwnProperty("metadata")); } /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var RegionDiscovery = /** @class */ (function () { function RegionDiscovery(networkInterface) { this.networkInterface = networkInterface; } /** * Detect the region from the application's environment. * * @returns Promise */ RegionDiscovery.prototype.detectRegion = function (environmentRegion) { return __awaiter(this, void 0, void 0, function () { var autodetectedRegionName, response, latestIMDSVersion, response_1; return __generator(this, function (_a) { switch (_a.label) { case 0: autodetectedRegionName = environmentRegion; if (!!autodetectedRegionName) return [3 /*break*/, 7]; _a.label = 1; case 1: _a.trys.push([1, 6, , 7]); return [4 /*yield*/, this.getRegionFromIMDS(Constants.IMDS_VERSION)]; case 2: response = _a.sent(); if (response.status === ResponseCodes.httpSuccess) { autodetectedRegionName = response.body; } if (!(response.status === ResponseCodes.httpBadRequest)) return [3 /*break*/, 5]; return [4 /*yield*/, this.getCurrentVersion()]; case 3: latestIMDSVersion = _a.sent(); if (!latestIMDSVersion) { return [2 /*return*/, null]; } return [4 /*yield*/, this.getRegionFromIMDS(latestIMDSVersion)]; case 4: response_1 = _a.sent(); if (response_1.status === ResponseCodes.httpSuccess) { autodetectedRegionName = response_1.body; } _a.label = 5; case 5: return [3 /*break*/, 7]; case 6: _a.sent(); return [2 /*return*/, null]; case 7: return [2 /*return*/, autodetectedRegionName || null]; } }); }); }; /** * Make the call to the IMDS endpoint * * @param imdsEndpointUrl * @returns Promise> */ RegionDiscovery.prototype.getRegionFromIMDS = function (version) { return __awaiter(this, void 0, void 0, function () { return __generator(this, function (_a) { return [2 /*return*/, this.networkInterface.sendGetRequestAsync(Constants.IMDS_ENDPOINT + "?api-version=" + version + "&format=text", RegionDiscovery.IMDS_OPTIONS, Constants.IMDS_TIMEOUT)]; }); }); }; /** * Get the most recent version of the IMDS endpoint available * * @returns Promise */ RegionDiscovery.prototype.getCurrentVersion = function () { return __awaiter(this, void 0, void 0, function () { var response; return __generator(this, function (_a) { switch (_a.label) { case 0: _a.trys.push([0, 2, , 3]); return [4 /*yield*/, this.networkInterface.sendGetRequestAsync(Constants.IMDS_ENDPOINT + "?format=json", RegionDiscovery.IMDS_OPTIONS)]; case 1: response = _a.sent(); // When IMDS endpoint is called without the api version query param, bad request response comes back with latest version. if (response.status === ResponseCodes.httpBadRequest && response.body && response.body["newest-versions"] && response.body["newest-versions"].length > 0) { return [2 /*return*/, response.body["newest-versions"][0]]; } return [2 /*return*/, null]; case 2: _a.sent(); return [2 /*return*/, null]; case 3: return [2 /*return*/]; } }); }); }; // Options for the IMDS endpoint request RegionDiscovery.IMDS_OPTIONS = { headers: { "Metadata": "true" } }; return RegionDiscovery; }()); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * The authority class validates the authority URIs used by the user, and retrieves the OpenID Configuration Data from the * endpoint. It will store the pertinent config data in this object for use during token calls. */ var Authority = /** @class */ (function () { function Authority(authority, networkInterface, cacheManager, authorityOptions) { this.canonicalAuthority = authority; this._canonicalAuthority.validateAsUri(); this.networkInterface = networkInterface; this.cacheManager = cacheManager; this.authorityOptions = authorityOptions; this.regionDiscovery = new RegionDiscovery(networkInterface); } Object.defineProperty(Authority.prototype, "authorityType", { // See above for AuthorityType get: function () { var pathSegments = this.canonicalAuthorityUrlComponents.PathSegments; if (pathSegments.length && pathSegments[0].toLowerCase() === Constants.ADFS) { return AuthorityType.Adfs; } return AuthorityType.Default; }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "protocolMode", { /** * ProtocolMode enum representing the way endpoints are constructed. */ get: function () { return this.authorityOptions.protocolMode; }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "options", { /** * Returns authorityOptions which can be used to reinstantiate a new authority instance */ get: function () { return this.authorityOptions; }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "canonicalAuthority", { /** * A URL that is the authority set by the developer */ get: function () { return this._canonicalAuthority.urlString; }, /** * Sets canonical authority. */ set: function (url) { this._canonicalAuthority = new UrlString(url); this._canonicalAuthority.validateAsUri(); this._canonicalAuthorityUrlComponents = null; }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "canonicalAuthorityUrlComponents", { /** * Get authority components. */ get: function () { if (!this._canonicalAuthorityUrlComponents) { this._canonicalAuthorityUrlComponents = this._canonicalAuthority.getUrlComponents(); } return this._canonicalAuthorityUrlComponents; }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "hostnameAndPort", { /** * Get hostname and port i.e. login.microsoftonline.com */ get: function () { return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase(); }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "tenant", { /** * Get tenant for authority. */ get: function () { return this.canonicalAuthorityUrlComponents.PathSegments[0]; }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "authorizationEndpoint", { /** * OAuth /authorize endpoint for requests */ get: function () { if (this.discoveryComplete()) { var endpoint = this.replacePath(this.metadata.authorization_endpoint); return this.replaceTenant(endpoint); } else { throw ClientAuthError.createEndpointDiscoveryIncompleteError("Discovery incomplete."); } }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "tokenEndpoint", { /** * OAuth /token endpoint for requests */ get: function () { if (this.discoveryComplete()) { var endpoint = this.replacePath(this.metadata.token_endpoint); return this.replaceTenant(endpoint); } else { throw ClientAuthError.createEndpointDiscoveryIncompleteError("Discovery incomplete."); } }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "deviceCodeEndpoint", { get: function () { if (this.discoveryComplete()) { var endpoint = this.replacePath(this.metadata.token_endpoint.replace("/token", "/devicecode")); return this.replaceTenant(endpoint); } else { throw ClientAuthError.createEndpointDiscoveryIncompleteError("Discovery incomplete."); } }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "endSessionEndpoint", { /** * OAuth logout endpoint for requests */ get: function () { if (this.discoveryComplete()) { var endpoint = this.replacePath(this.metadata.end_session_endpoint); return this.replaceTenant(endpoint); } else { throw ClientAuthError.createEndpointDiscoveryIncompleteError("Discovery incomplete."); } }, enumerable: false, configurable: true }); Object.defineProperty(Authority.prototype, "selfSignedJwtAudience", { /** * OAuth issuer for requests */ get: function () { if (this.discoveryComplete()) { var endpoint = this.replacePath(this.metadata.issuer); return this.replaceTenant(endpoint); } else { throw ClientAuthError.createEndpointDiscoveryIncompleteError("Discovery incomplete."); } }, enumerable: false, configurable: true }); /** * Replaces tenant in url path with current tenant. Defaults to common. * @param urlString */ Authority.prototype.replaceTenant = function (urlString) { return urlString.replace(/{tenant}|{tenantid}/g, this.tenant); }; /** * Replaces path such as tenant or policy with the current tenant or policy. * @param urlString */ Authority.prototype.replacePath = function (urlString) { var endpoint = urlString; var cachedAuthorityUrl = new UrlString(this.metadata.canonical_authority); var cachedAuthorityParts = cachedAuthorityUrl.getUrlComponents().PathSegments; var currentAuthorityParts = this.canonicalAuthorityUrlComponents.PathSegments; currentAuthorityParts.forEach(function (currentPart, index) { var cachedPart = cachedAuthorityParts[index]; if (currentPart !== cachedPart) { endpoint = endpoint.replace("/" + cachedPart + "/", "/" + currentPart + "/"); } }); return endpoint; }; Object.defineProperty(Authority.prototype, "defaultOpenIdConfigurationEndpoint", { /** * The default open id configuration endpoint for any canonical authority. */ get: function () { if (this.authorityType === AuthorityType.Adfs || this.protocolMode === exports.ProtocolMode.OIDC) { return this.canonicalAuthority + ".well-known/openid-configuration"; } return this.canonicalAuthority + "v2.0/.well-known/openid-configuration"; }, enumerable: false, configurable: true }); /** * Boolean that returns whethr or not tenant discovery has been completed. */ Authority.prototype.discoveryComplete = function () { return !!this.metadata; }; /** * Perform endpoint discovery to discover aliases, preferred_cache, preferred_network * and the /authorize, /token and logout endpoints. */ Authority.prototype.resolveEndpointsAsync = function () { return __awaiter(this, void 0, void 0, function () { var metadataEntity, cloudDiscoverySource, endpointSource, cacheKey; return __generator(this, function (_a) { switch (_a.label) { case 0: metadataEntity = this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort); if (!metadataEntity) { metadataEntity = new AuthorityMetadataEntity(); metadataEntity.updateCanonicalAuthority(this.canonicalAuthority); } return [4 /*yield*/, this.updateCloudDiscoveryMetadata(metadataEntity)]; case 1: cloudDiscoverySource = _a.sent(); this.canonicalAuthority = this.canonicalAuthority.replace(this.hostnameAndPort, metadataEntity.preferred_network); return [4 /*yield*/, this.updateEndpointMetadata(metadataEntity)]; case 2: endpointSource = _a.sent(); if (cloudDiscoverySource !== AuthorityMetadataSource.CACHE && endpointSource !== AuthorityMetadataSource.CACHE) { // Reset the expiration time unless both values came from a successful cache lookup metadataEntity.resetExpiresAt(); metadataEntity.updateCanonicalAuthority(this.canonicalAuthority); } cacheKey = this.cacheManager.generateAuthorityMetadataCacheKey(metadataEntity.preferred_cache); this.cacheManager.setAuthorityMetadata(cacheKey, metadataEntity); this.metadata = metadataEntity; return [2 /*return*/]; } }); }); }; /** * Update AuthorityMetadataEntity with new endpoints and return where the information came from * @param metadataEntity */ Authority.prototype.updateEndpointMetadata = function (metadataEntity) { var _a; return __awaiter(this, void 0, void 0, function () { var metadata, autodetectedRegionName, azureRegion; return __generator(this, function (_b) { switch (_b.label) { case 0: metadata = this.getEndpointMetadataFromConfig(); if (metadata) { metadataEntity.updateEndpointMetadata(metadata, false); return [2 /*return*/, AuthorityMetadataSource.CONFIG]; } if (this.isAuthoritySameType(metadataEntity) && metadataEntity.endpointsFromNetwork && !metadataEntity.isExpired()) { // No need to update return [2 /*return*/, AuthorityMetadataSource.CACHE]; } return [4 /*yield*/, this.getEndpointMetadataFromNetwork()]; case 1: metadata = _b.sent(); if (!metadata) return [3 /*break*/, 4]; if (!((_a = this.authorityOptions.azureRegionConfiguration) === null || _a === void 0 ? void 0 : _a.azureRegion)) return [3 /*break*/, 3]; return [4 /*yield*/, this.regionDiscovery.detectRegion(this.authorityOptions.azureRegionConfiguration.environmentRegion)]; case 2: autodetectedRegionName = _b.sent(); azureRegion = this.authorityOptions.azureRegionConfiguration.azureRegion === Constants.AZURE_REGION_AUTO_DISCOVER_FLAG ? autodetectedRegionName : this.authorityOptions.azureRegionConfiguration.azureRegion; if (azureRegion) { metadata = Authority.replaceWithRegionalInformation(metadata, azureRegion); } _b.label = 3; case 3: metadataEntity.updateEndpointMetadata(metadata, true); return [2 /*return*/, AuthorityMetadataSource.NETWORK]; case 4: throw ClientAuthError.createUnableToGetOpenidConfigError(this.defaultOpenIdConfigurationEndpoint); } }); }); }; /** * Compares the number of url components after the domain to determine if the cached authority metadata can be used for the requested authority * Protects against same domain different authority such as login.microsoftonline.com/tenant and login.microsoftonline.com/tfp/tenant/policy * @param metadataEntity */ Authority.prototype.isAuthoritySameType = function (metadataEntity) { var cachedAuthorityUrl = new UrlString(metadataEntity.canonical_authority); var cachedParts = cachedAuthorityUrl.getUrlComponents().PathSegments; return cachedParts.length === this.canonicalAuthorityUrlComponents.PathSegments.length; }; /** * Parse authorityMetadata config option */ Authority.prototype.getEndpointMetadataFromConfig = function () { if (this.authorityOptions.authorityMetadata) { try { return JSON.parse(this.authorityOptions.authorityMetadata); } catch (e) { throw ClientConfigurationError.createInvalidAuthorityMetadataError(); } } return null; }; /** * Gets OAuth endpoints from the given OpenID configuration endpoint. */ Authority.prototype.getEndpointMetadataFromNetwork = function () { return __awaiter(this, void 0, void 0, function () { var response; return __generator(this, function (_a) { switch (_a.label) { case 0: _a.trys.push([0, 2, , 3]); return [4 /*yield*/, this.networkInterface.sendGetRequestAsync(this.defaultOpenIdConfigurationEndpoint)]; case 1: response = _a.sent(); return [2 /*return*/, isOpenIdConfigResponse(response.body) ? response.body : null]; case 2: _a.sent(); return [2 /*return*/, null]; case 3: return [2 /*return*/]; } }); }); }; /** * Updates the AuthorityMetadataEntity with new aliases, preferred_network and preferred_cache and returns where the information was retrived from * @param cachedMetadata * @param newMetadata */ Authority.prototype.updateCloudDiscoveryMetadata = function (metadataEntity) { return __awaiter(this, void 0, void 0, function () { var metadata; return __generator(this, function (_a) { switch (_a.label) { case 0: metadata = this.getCloudDiscoveryMetadataFromConfig(); if (metadata) { metadataEntity.updateCloudDiscoveryMetadata(metadata, false); return [2 /*return*/, AuthorityMetadataSource.CONFIG]; } // If The cached metadata came from config but that config was not passed to this instance, we must go to the network if (this.isAuthoritySameType(metadataEntity) && metadataEntity.aliasesFromNetwork && !metadataEntity.isExpired()) { // No need to update return [2 /*return*/, AuthorityMetadataSource.CACHE]; } return [4 /*yield*/, this.getCloudDiscoveryMetadataFromNetwork()]; case 1: metadata = _a.sent(); if (metadata) { metadataEntity.updateCloudDiscoveryMetadata(metadata, true); return [2 /*return*/, AuthorityMetadataSource.NETWORK]; } else { // Metadata could not be obtained from config, cache or network throw ClientConfigurationError.createUntrustedAuthorityError(); } } }); }); }; /** * Parse cloudDiscoveryMetadata config or check knownAuthorities */ Authority.prototype.getCloudDiscoveryMetadataFromConfig = function () { // Check if network response was provided in config if (this.authorityOptions.cloudDiscoveryMetadata) { try { var parsedResponse = JSON.parse(this.authorityOptions.cloudDiscoveryMetadata); var metadata = Authority.getCloudDiscoveryMetadataFromNetworkResponse(parsedResponse.metadata, this.hostnameAndPort); if (metadata) { return metadata; } } catch (e) { throw ClientConfigurationError.createInvalidCloudDiscoveryMetadataError(); } } // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities if (this.isInKnownAuthorities()) { return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort); } return null; }; /** * Called to get metadata from network if CloudDiscoveryMetadata was not populated by config * @param networkInterface */ Authority.prototype.getCloudDiscoveryMetadataFromNetwork = function () { return __awaiter(this, void 0, void 0, function () { var instanceDiscoveryEndpoint, match, response, metadata; return __generator(this, function (_a) { switch (_a.label) { case 0: instanceDiscoveryEndpoint = "" + Constants.AAD_INSTANCE_DISCOVERY_ENDPT + this.canonicalAuthority + "oauth2/v2.0/authorize"; match = null; _a.label = 1; case 1: _a.trys.push([1, 3, , 4]); return [4 /*yield*/, this.networkInterface.sendGetRequestAsync(instanceDiscoveryEndpoint)]; case 2: response = _a.sent(); metadata = isCloudInstanceDiscoveryResponse(response.body) ? response.body.metadata : []; if (metadata.length === 0) { // If no metadata is returned, authority is untrusted return [2 /*return*/, null]; } match = Authority.getCloudDiscoveryMetadataFromNetworkResponse(metadata, this.hostnameAndPort); return [3 /*break*/, 4]; case 3: _a.sent(); return [2 /*return*/, null]; case 4: if (!match) { // Custom Domain scenario, host is trusted because Instance Discovery call succeeded match = Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort); } return [2 /*return*/, match]; } }); }); }; /** * Helper function to determine if this host is included in the knownAuthorities config option */ Authority.prototype.isInKnownAuthorities = function () { var _this = this; var matches = this.authorityOptions.knownAuthorities.filter(function (authority) { return UrlString.getDomainFromUrl(authority).toLowerCase() === _this.hostnameAndPort; }); return matches.length > 0; }; /** * Creates cloud discovery metadata object from a given host * @param host */ Authority.createCloudDiscoveryMetadataFromHost = function (host) { return { preferred_network: host, preferred_cache: host, aliases: [host] }; }; /** * Searches instance discovery network response for the entry that contains the host in the aliases list * @param response * @param authority */ Authority.getCloudDiscoveryMetadataFromNetworkResponse = function (response, authority) { for (var i = 0; i < response.length; i++) { var metadata = response[i]; if (metadata.aliases.indexOf(authority) > -1) { return metadata; } } return null; }; /** * helper function to generate environment from authority object */ Authority.prototype.getPreferredCache = function () { if (this.discoveryComplete()) { return this.metadata.preferred_cache; } else { throw ClientAuthError.createEndpointDiscoveryIncompleteError("Discovery incomplete."); } }; /** * Returns whether or not the provided host is an alias of this authority instance * @param host */ Authority.prototype.isAlias = function (host) { return this.metadata.aliases.indexOf(host) > -1; }; /** * Checks whether the provided host is that of a public cloud authority * * @param authority string * @returns bool */ Authority.isPublicCloudAuthority = function (host) { return Constants.KNOWN_PUBLIC_CLOUDS.indexOf(host) >= 0; }; /** * Rebuild the authority string with the region * * @param host string * @param region string */ Authority.buildRegionalAuthorityString = function (host, region, queryString) { // Create and validate a Url string object with the initial authority string var authorityUrlInstance = new UrlString(host); authorityUrlInstance.validateAsUri(); var authorityUrlParts = authorityUrlInstance.getUrlComponents(); var hostNameAndPort = region + "." + authorityUrlParts.HostNameAndPort; if (this.isPublicCloudAuthority(authorityUrlParts.HostNameAndPort)) { hostNameAndPort = region + "." + Constants.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX; } // Include the query string portion of the url var url = UrlString.constructAuthorityUriFromObject(__assign(__assign({}, authorityUrlInstance.getUrlComponents()), { HostNameAndPort: hostNameAndPort })).urlString; // Add the query string if a query string was provided if (queryString) return url + "?" + queryString; return url; }; /** * Replace the endpoints in the metadata object with their regional equivalents. * * @param metadata OpenIdConfigResponse * @param azureRegion string */ Authority.replaceWithRegionalInformation = function (metadata, azureRegion) { metadata.authorization_endpoint = Authority.buildRegionalAuthorityString(metadata.authorization_endpoint, azureRegion); // TODO: Enquire on whether we should leave the query string or remove it before releasing the feature metadata.token_endpoint = Authority.buildRegionalAuthorityString(metadata.token_endpoint, azureRegion, "allowestsrnonmsi=true"); metadata.end_session_endpoint = Authority.buildRegionalAuthorityString(metadata.end_session_endpoint, azureRegion); return metadata; }; return Authority; }()); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var AuthorityFactory = /** @class */ (function () { function AuthorityFactory() { } /** * Create an authority object of the correct type based on the url * Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs) * * Also performs endpoint discovery. * * @param authorityUri * @param networkClient * @param protocolMode */ AuthorityFactory.createDiscoveredInstance = function (authorityUri, networkClient, cacheManager, authorityOptions) { return __awaiter(this, void 0, void 0, function () { var acquireTokenAuthority, e_1; return __generator(this, function (_a) { switch (_a.label) { case 0: acquireTokenAuthority = AuthorityFactory.createInstance(authorityUri, networkClient, cacheManager, authorityOptions); _a.label = 1; case 1: _a.trys.push([1, 3, , 4]); return [4 /*yield*/, acquireTokenAuthority.resolveEndpointsAsync()]; case 2: _a.sent(); return [2 /*return*/, acquireTokenAuthority]; case 3: e_1 = _a.sent(); throw ClientAuthError.createEndpointDiscoveryIncompleteError(e_1); case 4: return [2 /*return*/]; } }); }); }; /** * Create an authority object of the correct type based on the url * Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs) * * Does not perform endpoint discovery. * * @param authorityUrl * @param networkInterface * @param protocolMode */ AuthorityFactory.createInstance = function (authorityUrl, networkInterface, cacheManager, authorityOptions) { // Throw error if authority url is empty if (StringUtils.isEmpty(authorityUrl)) { throw ClientConfigurationError.createUrlEmptyError(); } return new Authority(authorityUrl, networkInterface, cacheManager, authorityOptions); }; return AuthorityFactory; }()); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var ServerTelemetryEntity = /** @class */ (function () { function ServerTelemetryEntity() { this.failedRequests = []; this.errors = []; this.cacheHits = 0; } /** * validates if a given cache entry is "Telemetry", parses * @param key * @param entity */ ServerTelemetryEntity.isServerTelemetryEntity = function (key, entity) { var validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0; var validateEntity = true; if (entity) { validateEntity = entity.hasOwnProperty("failedRequests") && entity.hasOwnProperty("errors") && entity.hasOwnProperty("cacheHits"); } return validateKey && validateEntity; }; return ServerTelemetryEntity; }()); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var ThrottlingEntity = /** @class */ (function () { function ThrottlingEntity() { } /** * validates if a given cache entry is "Throttling", parses * @param key * @param entity */ ThrottlingEntity.isThrottlingEntity = function (key, entity) { var validateKey = false; if (key) { validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0; } var validateEntity = true; if (entity) { validateEntity = entity.hasOwnProperty("throttleTime"); } return validateKey && validateEntity; }; return ThrottlingEntity; }()); /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var StubbedNetworkModule = { sendGetRequestAsync: function () { var notImplErr = "Network interface - sendGetRequestAsync() has not been implemented for the Network interface."; return Promise.reject(AuthError.createUnexpectedError(notImplErr)); }, sendPostRequestAsync: function () { var notImplErr = "Network interface - sendPostRequestAsync() has not been implemented for the Network interface."; return Promise.reject(AuthError.createUnexpectedError(notImplErr)); } }; /*! @azure/msal-common v4.4.0 2021-06-29 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var ServerTelemetryManager = /** @class */ (function () { function ServerTelemetryManager(telemetryRequest, cacheManager) { this.cacheManager = cacheManager; this.apiId = telemetryRequest.apiId; this.correlationId = telemetryRequest.correlationId; this.forceRefresh = telemetryRequest.forceRefresh || false; this.wrapperSKU = telemetryRequest.wrapperSKU || Constants.EMPTY_STRING; this.wrapperVer = telemetryRequest.wrapperVer || Constants.EMPTY_STRING; this.telemetryCacheKey = SERVER_TELEM_CONSTANTS.CACHE_KEY + Separators.CACHE_KEY_SEPARATOR + telemetryRequest.clientId; } /** * API to add MSER Telemetry to request */ ServerTelemetryManager.prototype.generateCurrentRequestHeaderValue = function () { var forceRefreshInt = this.forceRefresh ? 1 : 0; var request = "" + this.apiId + SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR + forceRefreshInt; var platformFields = [this.wrapperSKU, this.wrapperVer].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); return [SERVER_TELEM_CONSTANTS.SCHEMA_VERSION, request, platformFields].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR); }; /** * API to add MSER Telemetry for the last failed request */ ServerTelemetryManager.prototype.generateLastRequestHeaderValue = function () { var lastRequests = this.getLastRequests(); var maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests); var failedRequests = lastRequests.failedRequests.slice(0, 2 * maxErrors).join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); var errors = lastRequests.errors.slice(0, maxErrors).join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); var errorCount = lastRequests.errors.length; // Indicate whether this header contains all data or partial data var overflow = maxErrors < errorCount ? SERVER_TELEM_CONSTANTS.OVERFLOW_TRUE : SERVER_TELEM_CONSTANTS.OVERFLOW_FALSE; var platformFields = [errorCount, overflow].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR); return [SERVER_TELEM_CONSTANTS.SCHEMA_VERSION, lastRequests.cacheHits, failedRequests, errors, platformFields].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR); }; /** * API to cache token failures for MSER data capture * @param error */ ServerTelemetryManager.prototype.cacheFailedRequest = function (error) { var lastRequests = this.getLastRequests(); if (lastRequests.errors.length >= SERVER_TELEM_CONSTANTS.MAX_CACHED_ERRORS) { // Remove a cached error to make room, first in first out lastRequests.failedRequests.shift(); // apiId lastRequests.failedRequests.shift(); // correlationId lastRequests.errors.shift(); } lastRequests.failedRequests.push(this.apiId, this.correlationId); if (!StringUtils.isEmpty(error.subError)) { lastRequests.errors.push(error.subError); } else if (!StringUtils.isEmpty(error.errorCode)) { lastRequests.errors.push(error.errorCode); } else if (!!error && error.toString()) { lastRequests.errors.push(error.toString()); } else { lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR); } this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); return; }; /** * Update server telemetry cache entry by incrementing cache hit counter */ ServerTelemetryManager.prototype.incrementCacheHits = function () { var lastRequests = this.getLastRequests(); lastRequests.cacheHits += 1; this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests); return lastRequests.cacheHits; }; /** * Get the server telemetry entity from cache or initialize a new one */ ServerTelemetryManager.prototype.getLastRequests = function () { var initialValue = new ServerTelemetryEntity(); var lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey); return lastRequests || initialValue; }; /** * Remove server telemetry cache entry */ ServerTelemetryManager.prototype.clearTelemetryCache = function () { var lastRequests = this.getLastRequests(); var numErrorsFlushed = ServerTelemetryManager.maxErrorsToSend(lastRequests); var errorCount = lastRequests.errors.length; if (numErrorsFlushed === errorCount) { // All errors were sent on last request, clear Telemetry cache this.cacheManager.removeItem(this.telemetryCacheKey); } else { // Partial data was flushed to server, construct a new telemetry cache item with errors that were not flushed var serverTelemEntity = new ServerTelemetryEntity(); serverTelemEntity.failedRequests = lastRequests.failedRequests.slice(numErrorsFlushed * 2); // failedRequests contains 2 items for each error serverTelemEntity.errors = lastRequests.errors.slice(numErrorsFlushed); this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity); } }; /** * Returns the maximum number of errors that can be flushed to the server in the next network request * @param serverTelemetryEntity */ ServerTelemetryManager.maxErrorsToSend = function (serverTelemetryEntity) { var i; var maxErrors = 0; var dataSize = 0; var errorCount = serverTelemetryEntity.errors.length; for (i = 0; i < errorCount; i++) { // failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs var apiId = serverTelemetryEntity.failedRequests[2 * i] || Constants.EMPTY_STRING; var correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] || Constants.EMPTY_STRING; var errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING; // Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators dataSize += apiId.toString().length + correlationId.toString().length + errorCode.length + 3; if (dataSize < SERVER_TELEM_CONSTANTS.MAX_LAST_HEADER_BYTES) { // Adding this entry to the header would still keep header size below the limit maxErrors += 1; } else { break; } } return maxErrors; }; return ServerTelemetryManager; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Constants */ var BrowserConstants = { /** * Interaction in progress cache value */ INTERACTION_IN_PROGRESS_VALUE: "interaction_in_progress", /** * Invalid grant error code */ INVALID_GRANT_ERROR: "invalid_grant", /** * Default popup window width */ POPUP_WIDTH: 483, /** * Default popup window height */ POPUP_HEIGHT: 600, /** * Name of the popup window starts with */ POPUP_NAME_PREFIX: "msal", /** * Default popup monitor poll interval in milliseconds */ POLL_INTERVAL_MS: 50, /** * Msal-browser SKU */ MSAL_SKU: "msal.js.browser", }; exports.BrowserCacheLocation = void 0; (function (BrowserCacheLocation) { BrowserCacheLocation["LocalStorage"] = "localStorage"; BrowserCacheLocation["SessionStorage"] = "sessionStorage"; BrowserCacheLocation["MemoryStorage"] = "memoryStorage"; })(exports.BrowserCacheLocation || (exports.BrowserCacheLocation = {})); /** * HTTP Request types supported by MSAL. */ var HTTP_REQUEST_TYPE; (function (HTTP_REQUEST_TYPE) { HTTP_REQUEST_TYPE["GET"] = "GET"; HTTP_REQUEST_TYPE["POST"] = "POST"; })(HTTP_REQUEST_TYPE || (HTTP_REQUEST_TYPE = {})); /** * Temporary cache keys for MSAL, deleted after any request. */ var TemporaryCacheKeys; (function (TemporaryCacheKeys) { TemporaryCacheKeys["AUTHORITY"] = "authority"; TemporaryCacheKeys["ACQUIRE_TOKEN_ACCOUNT"] = "acquireToken.account"; TemporaryCacheKeys["SESSION_STATE"] = "session.state"; TemporaryCacheKeys["REQUEST_STATE"] = "request.state"; TemporaryCacheKeys["NONCE_IDTOKEN"] = "nonce.id_token"; TemporaryCacheKeys["ORIGIN_URI"] = "request.origin"; TemporaryCacheKeys["RENEW_STATUS"] = "token.renew.status"; TemporaryCacheKeys["URL_HASH"] = "urlHash"; TemporaryCacheKeys["REQUEST_PARAMS"] = "request.params"; TemporaryCacheKeys["SCOPES"] = "scopes"; TemporaryCacheKeys["INTERACTION_STATUS_KEY"] = "interaction.status"; TemporaryCacheKeys["CCS_CREDENTIAL"] = "ccs.credential"; })(TemporaryCacheKeys || (TemporaryCacheKeys = {})); /** * API Codes for Telemetry purposes. * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs * 0-99 Silent Flow * 800-899 Auth Code Flow */ exports.ApiId = void 0; (function (ApiId) { ApiId[ApiId["acquireTokenRedirect"] = 861] = "acquireTokenRedirect"; ApiId[ApiId["acquireTokenPopup"] = 862] = "acquireTokenPopup"; ApiId[ApiId["ssoSilent"] = 863] = "ssoSilent"; ApiId[ApiId["acquireTokenSilent_authCode"] = 864] = "acquireTokenSilent_authCode"; ApiId[ApiId["handleRedirectPromise"] = 865] = "handleRedirectPromise"; ApiId[ApiId["acquireTokenSilent_silentFlow"] = 61] = "acquireTokenSilent_silentFlow"; ApiId[ApiId["logout"] = 961] = "logout"; ApiId[ApiId["logoutPopup"] = 962] = "logoutPopup"; })(exports.ApiId || (exports.ApiId = {})); /* * Interaction type of the API - used for state and telemetry */ exports.InteractionType = void 0; (function (InteractionType) { InteractionType["Redirect"] = "redirect"; InteractionType["Popup"] = "popup"; InteractionType["Silent"] = "silent"; })(exports.InteractionType || (exports.InteractionType = {})); /** * Types of interaction currently in progress. * Used in events in wrapper libraries to invoke functions when certain interaction is in progress or all interactions are complete. */ exports.InteractionStatus = void 0; (function (InteractionStatus) { /** * Initial status before interaction occurs */ InteractionStatus["Startup"] = "startup"; /** * Status set when all login calls occuring */ InteractionStatus["Login"] = "login"; /** * Status set when logout call occuring */ InteractionStatus["Logout"] = "logout"; /** * Status set for acquireToken calls */ InteractionStatus["AcquireToken"] = "acquireToken"; /** * Status set for ssoSilent calls */ InteractionStatus["SsoSilent"] = "ssoSilent"; /** * Status set when handleRedirect in progress */ InteractionStatus["HandleRedirect"] = "handleRedirect"; /** * Status set when interaction is complete */ InteractionStatus["None"] = "none"; })(exports.InteractionStatus || (exports.InteractionStatus = {})); var DEFAULT_REQUEST = { scopes: OIDC_DEFAULT_SCOPES }; /** * JWK Key Format string (Type MUST be defined for window crypto APIs) */ var KEY_FORMAT_JWK = "jwk"; // Supported wrapper SKUs exports.WrapperSKU = void 0; (function (WrapperSKU) { WrapperSKU["React"] = "@azure/msal-react"; WrapperSKU["Angular"] = "@azure/msal-angular"; })(exports.WrapperSKU || (exports.WrapperSKU = {})); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Utility class for math specific functions in browser. */ var MathUtils = /** @class */ (function () { function MathUtils() { } /** * Decimal to Hex * * @param num */ MathUtils.decimalToHex = function (num) { var hex = num.toString(16); while (hex.length < 2) { hex = "0" + hex; } return hex; }; return MathUtils; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var GuidGenerator = /** @class */ (function () { function GuidGenerator(cryptoObj) { this.cryptoObj = cryptoObj; } /* * RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or * pseudo-random numbers. * The algorithm is as follows: * Set the two most significant bits (bits 6 and 7) of the * clock_seq_hi_and_reserved to zero and one, respectively. * Set the four most significant bits (bits 12 through 15) of the * time_hi_and_version field to the 4-bit version number from * Section 4.1.3. Version4 * Set all the other bits to randomly (or pseudo-randomly) chosen * values. * UUID = time-low "-" time-mid "-"time-high-and-version "-"clock-seq-reserved and low(2hexOctet)"-" node * time-low = 4hexOctet * time-mid = 2hexOctet * time-high-and-version = 2hexOctet * clock-seq-and-reserved = hexOctet: * clock-seq-low = hexOctet * node = 6hexOctet * Format: xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx * y could be 1000, 1001, 1010, 1011 since most significant two bits needs to be 10 * y values are 8, 9, A, B */ GuidGenerator.prototype.generateGuid = function () { try { var buffer = new Uint8Array(16); this.cryptoObj.getRandomValues(buffer); // buffer[6] and buffer[7] represents the time_hi_and_version field. We will set the four most significant bits (4 through 7) of buffer[6] to represent decimal number 4 (UUID version number). buffer[6] |= 0x40; // buffer[6] | 01000000 will set the 6 bit to 1. buffer[6] &= 0x4f; // buffer[6] & 01001111 will set the 4, 5, and 7 bit to 0 such that bits 4-7 == 0100 = "4". // buffer[8] represents the clock_seq_hi_and_reserved field. We will set the two most significant bits (6 and 7) of the clock_seq_hi_and_reserved to zero and one, respectively. buffer[8] |= 0x80; // buffer[8] | 10000000 will set the 7 bit to 1. buffer[8] &= 0xbf; // buffer[8] & 10111111 will set the 6 bit to 0. return MathUtils.decimalToHex(buffer[0]) + MathUtils.decimalToHex(buffer[1]) + MathUtils.decimalToHex(buffer[2]) + MathUtils.decimalToHex(buffer[3]) + "-" + MathUtils.decimalToHex(buffer[4]) + MathUtils.decimalToHex(buffer[5]) + "-" + MathUtils.decimalToHex(buffer[6]) + MathUtils.decimalToHex(buffer[7]) + "-" + MathUtils.decimalToHex(buffer[8]) + MathUtils.decimalToHex(buffer[9]) + "-" + MathUtils.decimalToHex(buffer[10]) + MathUtils.decimalToHex(buffer[11]) + MathUtils.decimalToHex(buffer[12]) + MathUtils.decimalToHex(buffer[13]) + MathUtils.decimalToHex(buffer[14]) + MathUtils.decimalToHex(buffer[15]); } catch (err) { var guidHolder = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx"; var hex = "0123456789abcdef"; var r = 0; var guidResponse = ""; for (var i = 0; i < 36; i++) { if (guidHolder[i] !== "-" && guidHolder[i] !== "4") { // each x and y needs to be random r = Math.random() * 16 | 0; } if (guidHolder[i] === "x") { guidResponse += hex[r]; } else if (guidHolder[i] === "y") { // clock-seq-and-reserved first hex is filtered and remaining hex values are random r &= 0x3; // bit and with 0011 to set pos 2 to zero ?0?? r |= 0x8; // set pos 3 to 1 as 1??? guidResponse += hex[r]; } else { guidResponse += guidHolder[i]; } } return guidResponse; } }; /** * verifies if a string is GUID * @param guid */ GuidGenerator.isGuid = function (guid) { var regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i; return regexGuid.test(guid); }; return GuidGenerator; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Utility functions for strings in a browser. See here for implementation details: * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64 */ var BrowserStringUtils = /** @class */ (function () { function BrowserStringUtils() { } /** * Converts string to Uint8Array * @param sDOMStr */ BrowserStringUtils.stringToUtf8Arr = function (sDOMStr) { var nChr; var nArrLen = 0; var nStrLen = sDOMStr.length; /* mapping... */ for (var nMapIdx = 0; nMapIdx < nStrLen; nMapIdx++) { nChr = sDOMStr.charCodeAt(nMapIdx); nArrLen += nChr < 0x80 ? 1 : nChr < 0x800 ? 2 : nChr < 0x10000 ? 3 : nChr < 0x200000 ? 4 : nChr < 0x4000000 ? 5 : 6; } var aBytes = new Uint8Array(nArrLen); /* transcription... */ for (var nIdx = 0, nChrIdx = 0; nIdx < nArrLen; nChrIdx++) { nChr = sDOMStr.charCodeAt(nChrIdx); if (nChr < 128) { /* one byte */ aBytes[nIdx++] = nChr; } else if (nChr < 0x800) { /* two bytes */ aBytes[nIdx++] = 192 + (nChr >>> 6); aBytes[nIdx++] = 128 + (nChr & 63); } else if (nChr < 0x10000) { /* three bytes */ aBytes[nIdx++] = 224 + (nChr >>> 12); aBytes[nIdx++] = 128 + (nChr >>> 6 & 63); aBytes[nIdx++] = 128 + (nChr & 63); } else if (nChr < 0x200000) { /* four bytes */ aBytes[nIdx++] = 240 + (nChr >>> 18); aBytes[nIdx++] = 128 + (nChr >>> 12 & 63); aBytes[nIdx++] = 128 + (nChr >>> 6 & 63); aBytes[nIdx++] = 128 + (nChr & 63); } else if (nChr < 0x4000000) { /* five bytes */ aBytes[nIdx++] = 248 + (nChr >>> 24); aBytes[nIdx++] = 128 + (nChr >>> 18 & 63); aBytes[nIdx++] = 128 + (nChr >>> 12 & 63); aBytes[nIdx++] = 128 + (nChr >>> 6 & 63); aBytes[nIdx++] = 128 + (nChr & 63); } else /* if (nChr <= 0x7fffffff) */ { /* six bytes */ aBytes[nIdx++] = 252 + (nChr >>> 30); aBytes[nIdx++] = 128 + (nChr >>> 24 & 63); aBytes[nIdx++] = 128 + (nChr >>> 18 & 63); aBytes[nIdx++] = 128 + (nChr >>> 12 & 63); aBytes[nIdx++] = 128 + (nChr >>> 6 & 63); aBytes[nIdx++] = 128 + (nChr & 63); } } return aBytes; }; /** * Converst string to ArrayBuffer * @param dataString */ BrowserStringUtils.stringToArrayBuffer = function (dataString) { var data = new ArrayBuffer(dataString.length); var dataView = new Uint8Array(data); for (var i = 0; i < dataString.length; i++) { dataView[i] = dataString.charCodeAt(i); } return data; }; /** * Converts Uint8Array to a string * @param aBytes */ BrowserStringUtils.utf8ArrToString = function (aBytes) { var sView = ""; for (var nPart = void 0, nLen = aBytes.length, nIdx = 0; nIdx < nLen; nIdx++) { nPart = aBytes[nIdx]; sView += String.fromCharCode(nPart > 251 && nPart < 254 && nIdx + 5 < nLen ? /* six bytes */ /* (nPart - 252 << 30) may be not so safe in ECMAScript! So...: */ (nPart - 252) * 1073741824 + (aBytes[++nIdx] - 128 << 24) + (aBytes[++nIdx] - 128 << 18) + (aBytes[++nIdx] - 128 << 12) + (aBytes[++nIdx] - 128 << 6) + aBytes[++nIdx] - 128 : nPart > 247 && nPart < 252 && nIdx + 4 < nLen ? /* five bytes */ (nPart - 248 << 24) + (aBytes[++nIdx] - 128 << 18) + (aBytes[++nIdx] - 128 << 12) + (aBytes[++nIdx] - 128 << 6) + aBytes[++nIdx] - 128 : nPart > 239 && nPart < 248 && nIdx + 3 < nLen ? /* four bytes */ (nPart - 240 << 18) + (aBytes[++nIdx] - 128 << 12) + (aBytes[++nIdx] - 128 << 6) + aBytes[++nIdx] - 128 : nPart > 223 && nPart < 240 && nIdx + 2 < nLen ? /* three bytes */ (nPart - 224 << 12) + (aBytes[++nIdx] - 128 << 6) + aBytes[++nIdx] - 128 : nPart > 191 && nPart < 224 && nIdx + 1 < nLen ? /* two bytes */ (nPart - 192 << 6) + aBytes[++nIdx] - 128 : /* nPart < 127 ? */ /* one byte */ nPart); } return sView; }; return BrowserStringUtils; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Class which exposes APIs to encode plaintext to base64 encoded string. See here for implementation details: * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64 */ var Base64Encode = /** @class */ (function () { function Base64Encode() { } /** * Returns URL Safe b64 encoded string from a plaintext string. * @param input */ Base64Encode.prototype.urlEncode = function (input) { return encodeURIComponent(this.encode(input) .replace(/=/g, "") .replace(/\+/g, "-") .replace(/\//g, "_")); }; /** * Returns URL Safe b64 encoded string from an int8Array. * @param inputArr */ Base64Encode.prototype.urlEncodeArr = function (inputArr) { return this.base64EncArr(inputArr) .replace(/=/g, "") .replace(/\+/g, "-") .replace(/\//g, "_"); }; /** * Returns b64 encoded string from plaintext string. * @param input */ Base64Encode.prototype.encode = function (input) { var inputUtf8Arr = BrowserStringUtils.stringToUtf8Arr(input); return this.base64EncArr(inputUtf8Arr); }; /** * Base64 encode byte array * @param aBytes */ Base64Encode.prototype.base64EncArr = function (aBytes) { var eqLen = (3 - (aBytes.length % 3)) % 3; var sB64Enc = ""; for (var nMod3 = void 0, nLen = aBytes.length, nUint24 = 0, nIdx = 0; nIdx < nLen; nIdx++) { nMod3 = nIdx % 3; /* Uncomment the following line in order to split the output in lines 76-character long: */ /* *if (nIdx > 0 && (nIdx * 4 / 3) % 76 === 0) { sB64Enc += "\r\n"; } */ nUint24 |= aBytes[nIdx] << (16 >>> nMod3 & 24); if (nMod3 === 2 || aBytes.length - nIdx === 1) { sB64Enc += String.fromCharCode(this.uint6ToB64(nUint24 >>> 18 & 63), this.uint6ToB64(nUint24 >>> 12 & 63), this.uint6ToB64(nUint24 >>> 6 & 63), this.uint6ToB64(nUint24 & 63)); nUint24 = 0; } } return eqLen === 0 ? sB64Enc : sB64Enc.substring(0, sB64Enc.length - eqLen) + (eqLen === 1 ? "=" : "=="); }; /** * Base64 string to array encoding helper * @param nUint6 */ Base64Encode.prototype.uint6ToB64 = function (nUint6) { return nUint6 < 26 ? nUint6 + 65 : nUint6 < 52 ? nUint6 + 71 : nUint6 < 62 ? nUint6 - 4 : nUint6 === 62 ? 43 : nUint6 === 63 ? 47 : 65; }; return Base64Encode; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details: * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64 */ var Base64Decode = /** @class */ (function () { function Base64Decode() { } /** * Returns a URL-safe plaintext decoded string from b64 encoded input. * @param input */ Base64Decode.prototype.decode = function (input) { var encodedString = input.replace(/-/g, "+").replace(/_/g, "/"); switch (encodedString.length % 4) { case 0: break; case 2: encodedString += "=="; break; case 3: encodedString += "="; break; default: throw new Error("Invalid base64 string"); } var inputUtf8Arr = this.base64DecToArr(encodedString); return BrowserStringUtils.utf8ArrToString(inputUtf8Arr); }; /** * Decodes base64 into Uint8Array * @param base64String * @param nBlockSize */ Base64Decode.prototype.base64DecToArr = function (base64String, nBlockSize) { var sB64Enc = base64String.replace(/[^A-Za-z0-9\+\/]/g, ""); var nInLen = sB64Enc.length; var nOutLen = nBlockSize ? Math.ceil((nInLen * 3 + 1 >>> 2) / nBlockSize) * nBlockSize : nInLen * 3 + 1 >>> 2; var aBytes = new Uint8Array(nOutLen); for (var nMod3 = void 0, nMod4 = void 0, nUint24 = 0, nOutIdx = 0, nInIdx = 0; nInIdx < nInLen; nInIdx++) { nMod4 = nInIdx & 3; nUint24 |= this.b64ToUint6(sB64Enc.charCodeAt(nInIdx)) << 18 - 6 * nMod4; if (nMod4 === 3 || nInLen - nInIdx === 1) { for (nMod3 = 0; nMod3 < 3 && nOutIdx < nOutLen; nMod3++, nOutIdx++) { aBytes[nOutIdx] = nUint24 >>> (16 >>> nMod3 & 24) & 255; } nUint24 = 0; } } return aBytes; }; /** * Base64 string to array decoding helper * @param charNum */ Base64Decode.prototype.b64ToUint6 = function (charNum) { return charNum > 64 && charNum < 91 ? charNum - 65 : charNum > 96 && charNum < 123 ? charNum - 71 : charNum > 47 && charNum < 58 ? charNum + 4 : charNum === 43 ? 62 : charNum === 47 ? 63 : 0; }; return Base64Decode; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * BrowserAuthErrorMessage class containing string constants used by error codes and messages. */ var BrowserAuthErrorMessage = { pkceNotGenerated: { code: "pkce_not_created", desc: "The PKCE code challenge and verifier could not be generated." }, cryptoDoesNotExist: { code: "crypto_nonexistent", desc: "The crypto object or function is not available." }, httpMethodNotImplementedError: { code: "http_method_not_implemented", desc: "The HTTP method given has not been implemented in this library." }, emptyNavigateUriError: { code: "empty_navigate_uri", desc: "Navigation URI is empty. Please check stack trace for more info." }, hashEmptyError: { code: "hash_empty_error", desc: "Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash." }, hashDoesNotContainStateError: { code: "no_state_in_hash", desc: "Hash does not contain state. Please verify that the request originated from msal." }, hashDoesNotContainKnownPropertiesError: { code: "hash_does_not_contain_known_properties", desc: "Hash does not contain known properites. Please verify that your redirectUri is not changing the hash." }, unableToParseStateError: { code: "unable_to_parse_state", desc: "Unable to parse state. Please verify that the request originated from msal." }, stateInteractionTypeMismatchError: { code: "state_interaction_type_mismatch", desc: "Hash contains state but the interaction type does not match the caller." }, interactionInProgress: { code: "interaction_in_progress", desc: "Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. For more visit: aka.ms/msaljs/browser-errors." }, popUpWindowError: { code: "popup_window_error", desc: "Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser." }, emptyWindowError: { code: "empty_window_error", desc: "window.open returned null or undefined window object." }, userCancelledError: { code: "user_cancelled", desc: "User cancelled the flow." }, monitorPopupTimeoutError: { code: "monitor_window_timeout", desc: "Token acquisition in popup failed due to timeout. For more visit: aka.ms/msaljs/browser-errors." }, monitorIframeTimeoutError: { code: "monitor_window_timeout", desc: "Token acquisition in iframe failed due to timeout. For more visit: aka.ms/msaljs/browser-errors." }, redirectInIframeError: { code: "redirect_in_iframe", desc: "Code flow is not supported inside an iframe. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs." }, blockTokenRequestsInHiddenIframeError: { code: "block_iframe_reload", desc: "Request was blocked inside an iframe because MSAL detected an authentication response. For more visit: aka.ms/msaljs/browser-errors" }, blockAcquireTokenInPopupsError: { code: "block_nested_popups", desc: "Request was blocked inside a popup because MSAL detected it was running in a popup." }, iframeClosedPrematurelyError: { code: "iframe_closed_prematurely", desc: "The iframe being monitored was closed prematurely." }, silentSSOInsufficientInfoError: { code: "silent_sso_error", desc: "Silent SSO could not be completed - insufficient information was provided. Please provide either a loginHint or sid." }, noAccountError: { code: "no_account_error", desc: "No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request." }, silentPromptValueError: { code: "silent_prompt_value_error", desc: "The value given for the prompt value is not valid for silent requests - must be set to 'none'." }, noTokenRequestCacheError: { code: "no_token_request_cache_error", desc: "No token request in found in cache." }, unableToParseTokenRequestCacheError: { code: "unable_to_parse_token_request_cache_error", desc: "The cached token request could not be parsed." }, noCachedAuthorityError: { code: "no_cached_authority_error", desc: "No cached authority found." }, authRequestNotSet: { code: "auth_request_not_set_error", desc: "Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler" }, invalidCacheType: { code: "invalid_cache_type", desc: "Invalid cache type" }, notInBrowserEnvironment: { code: "non_browser_environment", desc: "Login and token requests are not supported in non-browser environments." }, databaseNotOpen: { code: "database_not_open", desc: "Database is not open!" }, noNetworkConnectivity: { code: "no_network_connectivity", desc: "No network connectivity. Check your internet connection." }, postRequestFailed: { code: "post_request_failed", desc: "Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'" }, getRequestFailed: { code: "get_request_failed", desc: "Network request failed. Please check the network trace to determine root cause." }, failedToParseNetworkResponse: { code: "failed_to_parse_response", desc: "Failed to parse network response. Check network trace." } }; /** * Browser library error class thrown by the MSAL.js library for SPAs */ var BrowserAuthError = /** @class */ (function (_super) { __extends$1(BrowserAuthError, _super); function BrowserAuthError(errorCode, errorMessage) { var _this = _super.call(this, errorCode, errorMessage) || this; Object.setPrototypeOf(_this, BrowserAuthError.prototype); _this.name = "BrowserAuthError"; return _this; } /** * Creates an error thrown when PKCE is not implemented. * @param errDetail */ BrowserAuthError.createPkceNotGeneratedError = function (errDetail) { return new BrowserAuthError(BrowserAuthErrorMessage.pkceNotGenerated.code, BrowserAuthErrorMessage.pkceNotGenerated.desc + " Detail:" + errDetail); }; /** * Creates an error thrown when the crypto object is unavailable. * @param errDetail */ BrowserAuthError.createCryptoNotAvailableError = function (errDetail) { return new BrowserAuthError(BrowserAuthErrorMessage.cryptoDoesNotExist.code, BrowserAuthErrorMessage.cryptoDoesNotExist.desc + " Detail:" + errDetail); }; /** * Creates an error thrown when an HTTP method hasn't been implemented by the browser class. * @param method */ BrowserAuthError.createHttpMethodNotImplementedError = function (method) { return new BrowserAuthError(BrowserAuthErrorMessage.httpMethodNotImplementedError.code, BrowserAuthErrorMessage.httpMethodNotImplementedError.desc + " Given Method: " + method); }; /** * Creates an error thrown when the navigation URI is empty. */ BrowserAuthError.createEmptyNavigationUriError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.emptyNavigateUriError.code, BrowserAuthErrorMessage.emptyNavigateUriError.desc); }; /** * Creates an error thrown when the hash string value is unexpectedly empty. * @param hashValue */ BrowserAuthError.createEmptyHashError = function (hashValue) { return new BrowserAuthError(BrowserAuthErrorMessage.hashEmptyError.code, BrowserAuthErrorMessage.hashEmptyError.desc + " Given Url: " + hashValue); }; /** * Creates an error thrown when the hash string value is unexpectedly empty. */ BrowserAuthError.createHashDoesNotContainStateError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.hashDoesNotContainStateError.code, BrowserAuthErrorMessage.hashDoesNotContainStateError.desc); }; /** * Creates an error thrown when the hash string value does not contain known properties */ BrowserAuthError.createHashDoesNotContainKnownPropertiesError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.hashDoesNotContainKnownPropertiesError.code, BrowserAuthErrorMessage.hashDoesNotContainKnownPropertiesError.desc); }; /** * Creates an error thrown when the hash string value is unexpectedly empty. */ BrowserAuthError.createUnableToParseStateError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.unableToParseStateError.code, BrowserAuthErrorMessage.unableToParseStateError.desc); }; /** * Creates an error thrown when the state value in the hash does not match the interaction type of the API attempting to consume it. */ BrowserAuthError.createStateInteractionTypeMismatchError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.stateInteractionTypeMismatchError.code, BrowserAuthErrorMessage.stateInteractionTypeMismatchError.desc); }; /** * Creates an error thrown when a browser interaction (redirect or popup) is in progress. */ BrowserAuthError.createInteractionInProgressError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.interactionInProgress.code, BrowserAuthErrorMessage.interactionInProgress.desc); }; /** * Creates an error thrown when the popup window could not be opened. * @param errDetail */ BrowserAuthError.createPopupWindowError = function (errDetail) { var errorMessage = BrowserAuthErrorMessage.popUpWindowError.desc; errorMessage = !StringUtils.isEmpty(errDetail) ? errorMessage + " Details: " + errDetail : errorMessage; return new BrowserAuthError(BrowserAuthErrorMessage.popUpWindowError.code, errorMessage); }; /** * Creates an error thrown when window.open returns an empty window object. * @param errDetail */ BrowserAuthError.createEmptyWindowCreatedError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.emptyWindowError.code, BrowserAuthErrorMessage.emptyWindowError.desc); }; /** * Creates an error thrown when the user closes a popup. */ BrowserAuthError.createUserCancelledError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.userCancelledError.code, BrowserAuthErrorMessage.userCancelledError.desc); }; /** * Creates an error thrown when monitorPopupFromHash times out for a given popup. */ BrowserAuthError.createMonitorPopupTimeoutError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.monitorPopupTimeoutError.code, BrowserAuthErrorMessage.monitorPopupTimeoutError.desc); }; /** * Creates an error thrown when monitorIframeFromHash times out for a given iframe. */ BrowserAuthError.createMonitorIframeTimeoutError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.monitorIframeTimeoutError.code, BrowserAuthErrorMessage.monitorIframeTimeoutError.desc); }; /** * Creates an error thrown when navigateWindow is called inside an iframe. * @param windowParentCheck */ BrowserAuthError.createRedirectInIframeError = function (windowParentCheck) { return new BrowserAuthError(BrowserAuthErrorMessage.redirectInIframeError.code, BrowserAuthErrorMessage.redirectInIframeError.desc + " (window.parent !== window) => " + windowParentCheck); }; /** * Creates an error thrown when an auth reload is done inside an iframe. */ BrowserAuthError.createBlockReloadInHiddenIframeError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.blockTokenRequestsInHiddenIframeError.code, BrowserAuthErrorMessage.blockTokenRequestsInHiddenIframeError.desc); }; /** * Creates an error thrown when a popup attempts to call an acquireToken API * @returns */ BrowserAuthError.createBlockAcquireTokenInPopupsError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.blockAcquireTokenInPopupsError.code, BrowserAuthErrorMessage.blockAcquireTokenInPopupsError.desc); }; /** * Creates an error thrown when an iframe is found to be closed before the timeout is reached. */ BrowserAuthError.createIframeClosedPrematurelyError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.iframeClosedPrematurelyError.code, BrowserAuthErrorMessage.iframeClosedPrematurelyError.desc); }; /** * Creates an error thrown when the login_hint, sid or account object is not provided in the ssoSilent API. */ BrowserAuthError.createSilentSSOInsufficientInfoError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.silentSSOInsufficientInfoError.code, BrowserAuthErrorMessage.silentSSOInsufficientInfoError.desc); }; /** * Creates an error thrown when the account object is not provided in the acquireTokenSilent API. */ BrowserAuthError.createNoAccountError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.noAccountError.code, BrowserAuthErrorMessage.noAccountError.desc); }; /** * Creates an error thrown when a given prompt value is invalid for silent requests. */ BrowserAuthError.createSilentPromptValueError = function (givenPrompt) { return new BrowserAuthError(BrowserAuthErrorMessage.silentPromptValueError.code, BrowserAuthErrorMessage.silentPromptValueError.desc + " Given value: " + givenPrompt); }; /** * Creates an error thrown when the cached token request could not be retrieved from the cache */ BrowserAuthError.createUnableToParseTokenRequestCacheError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.unableToParseTokenRequestCacheError.code, BrowserAuthErrorMessage.unableToParseTokenRequestCacheError.desc); }; /** * Creates an error thrown when the token request could not be retrieved from the cache */ BrowserAuthError.createNoTokenRequestCacheError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.noTokenRequestCacheError.code, BrowserAuthErrorMessage.noTokenRequestCacheError.desc); }; /** * Creates an error thrown when handleCodeResponse is called before initiateAuthRequest (InteractionHandler) */ BrowserAuthError.createAuthRequestNotSetError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.authRequestNotSet.code, BrowserAuthErrorMessage.authRequestNotSet.desc); }; /** * Creates an error thrown when the authority could not be retrieved from the cache */ BrowserAuthError.createNoCachedAuthorityError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.noCachedAuthorityError.code, BrowserAuthErrorMessage.noCachedAuthorityError.desc); }; /** * Creates an error thrown if cache type is invalid. */ BrowserAuthError.createInvalidCacheTypeError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.invalidCacheType.code, "" + BrowserAuthErrorMessage.invalidCacheType.desc); }; /** * Create an error thrown when login and token requests are made from a non-browser environment */ BrowserAuthError.createNonBrowserEnvironmentError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.notInBrowserEnvironment.code, BrowserAuthErrorMessage.notInBrowserEnvironment.desc); }; /** * Create an error thrown when indexDB database is not open */ BrowserAuthError.createDatabaseNotOpenError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.databaseNotOpen.code, BrowserAuthErrorMessage.databaseNotOpen.desc); }; /** * Create an error thrown when token fetch fails due to no internet */ BrowserAuthError.createNoNetworkConnectivityError = function () { return new BrowserAuthError(BrowserAuthErrorMessage.noNetworkConnectivity.code, BrowserAuthErrorMessage.noNetworkConnectivity.desc); }; /** * Create an error thrown when token fetch fails due to reasons other than internet connectivity */ BrowserAuthError.createPostRequestFailedError = function (errorDesc, endpoint) { return new BrowserAuthError(BrowserAuthErrorMessage.postRequestFailed.code, BrowserAuthErrorMessage.postRequestFailed.desc + " | Network client threw: " + errorDesc + " | Attempted to reach: " + endpoint.split("?")[0]); }; /** * Create an error thrown when get request fails due to reasons other than internet connectivity */ BrowserAuthError.createGetRequestFailedError = function (errorDesc, endpoint) { return new BrowserAuthError(BrowserAuthErrorMessage.getRequestFailed.code, BrowserAuthErrorMessage.getRequestFailed.desc + " | Network client threw: " + errorDesc + " | Attempted to reach: " + endpoint.split("?")[0]); }; /** * Create an error thrown when network client fails to parse network response */ BrowserAuthError.createFailedToParseNetworkResponseError = function (endpoint) { return new BrowserAuthError(BrowserAuthErrorMessage.failedToParseNetworkResponse.code, BrowserAuthErrorMessage.failedToParseNetworkResponse.desc + " | Attempted to reach: " + endpoint.split("?")[0]); }; return BrowserAuthError; }(AuthError)); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ // Constant byte array length var RANDOM_BYTE_ARR_LENGTH = 32; /** * Class which exposes APIs to generate PKCE codes and code verifiers. */ var PkceGenerator = /** @class */ (function () { function PkceGenerator(cryptoObj) { this.base64Encode = new Base64Encode(); this.cryptoObj = cryptoObj; } /** * Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636 */ PkceGenerator.prototype.generateCodes = function () { return __awaiter$1(this, void 0, void 0, function () { var codeVerifier, codeChallenge; return __generator$1(this, function (_a) { switch (_a.label) { case 0: codeVerifier = this.generateCodeVerifier(); return [4 /*yield*/, this.generateCodeChallengeFromVerifier(codeVerifier)]; case 1: codeChallenge = _a.sent(); return [2 /*return*/, { verifier: codeVerifier, challenge: codeChallenge }]; } }); }); }; /** * Generates a random 32 byte buffer and returns the base64 * encoded string to be used as a PKCE Code Verifier */ PkceGenerator.prototype.generateCodeVerifier = function () { try { // Generate random values as utf-8 var buffer = new Uint8Array(RANDOM_BYTE_ARR_LENGTH); this.cryptoObj.getRandomValues(buffer); // encode verifier as base64 var pkceCodeVerifierB64 = this.base64Encode.urlEncodeArr(buffer); return pkceCodeVerifierB64; } catch (e) { throw BrowserAuthError.createPkceNotGeneratedError(e); } }; /** * Creates a base64 encoded PKCE Code Challenge string from the * hash created from the PKCE Code Verifier supplied */ PkceGenerator.prototype.generateCodeChallengeFromVerifier = function (pkceCodeVerifier) { return __awaiter$1(this, void 0, void 0, function () { var pkceHashedCodeVerifier, e_1; return __generator$1(this, function (_a) { switch (_a.label) { case 0: _a.trys.push([0, 2, , 3]); return [4 /*yield*/, this.cryptoObj.sha256Digest(pkceCodeVerifier)]; case 1: pkceHashedCodeVerifier = _a.sent(); // encode hash as base64 return [2 /*return*/, this.base64Encode.urlEncodeArr(new Uint8Array(pkceHashedCodeVerifier))]; case 2: e_1 = _a.sent(); throw BrowserAuthError.createPkceNotGeneratedError(e_1); case 3: return [2 /*return*/]; } }); }); }; return PkceGenerator; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * See here for more info on RsaHashedKeyGenParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams */ // RSA KeyGen Algorithm var PKCS1_V15_KEYGEN_ALG = "RSASSA-PKCS1-v1_5"; // SHA-256 hashing algorithm var S256_HASH_ALG = "SHA-256"; // MOD length for PoP tokens var MODULUS_LENGTH = 2048; // Public Exponent var PUBLIC_EXPONENT = new Uint8Array([0x01, 0x00, 0x01]); /** * This class implements functions used by the browser library to perform cryptography operations such as * hashing and encoding. It also has helper functions to validate the availability of specific APIs. */ var BrowserCrypto = /** @class */ (function () { function BrowserCrypto() { if (!(this.hasCryptoAPI())) { throw BrowserAuthError.createCryptoNotAvailableError("Browser crypto or msCrypto object not available."); } this._keygenAlgorithmOptions = { name: PKCS1_V15_KEYGEN_ALG, hash: S256_HASH_ALG, modulusLength: MODULUS_LENGTH, publicExponent: PUBLIC_EXPONENT }; } /** * Returns a sha-256 hash of the given dataString as an ArrayBuffer. * @param dataString */ BrowserCrypto.prototype.sha256Digest = function (dataString) { return __awaiter$1(this, void 0, void 0, function () { var data; return __generator$1(this, function (_a) { data = BrowserStringUtils.stringToUtf8Arr(dataString); return [2 /*return*/, this.hasIECrypto() ? this.getMSCryptoDigest(S256_HASH_ALG, data) : this.getSubtleCryptoDigest(S256_HASH_ALG, data)]; }); }); }; /** * Populates buffer with cryptographically random values. * @param dataBuffer */ BrowserCrypto.prototype.getRandomValues = function (dataBuffer) { var cryptoObj = window["msCrypto"] || window.crypto; if (!cryptoObj.getRandomValues) { throw BrowserAuthError.createCryptoNotAvailableError("getRandomValues does not exist."); } cryptoObj.getRandomValues(dataBuffer); }; /** * Generates a keypair based on current keygen algorithm config. * @param extractable * @param usages */ BrowserCrypto.prototype.generateKeyPair = function (extractable, usages) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, (this.hasIECrypto() ? this.msCryptoGenerateKey(extractable, usages) : window.crypto.subtle.generateKey(this._keygenAlgorithmOptions, extractable, usages))]; }); }); }; /** * Export key as Json Web Key (JWK) * @param key * @param format */ BrowserCrypto.prototype.exportJwk = function (key) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, this.hasIECrypto() ? this.msCryptoExportJwk(key) : window.crypto.subtle.exportKey(KEY_FORMAT_JWK, key)]; }); }); }; /** * Imports key as Json Web Key (JWK), can set extractable and usages. * @param key * @param format * @param extractable * @param usages */ BrowserCrypto.prototype.importJwk = function (key, extractable, usages) { return __awaiter$1(this, void 0, void 0, function () { var keyString, keyBuffer; return __generator$1(this, function (_a) { keyString = BrowserCrypto.getJwkString(key); keyBuffer = BrowserStringUtils.stringToArrayBuffer(keyString); return [2 /*return*/, this.hasIECrypto() ? this.msCryptoImportKey(keyBuffer, extractable, usages) : window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, this._keygenAlgorithmOptions, extractable, usages)]; }); }); }; /** * Signs given data with given key * @param key * @param data */ BrowserCrypto.prototype.sign = function (key, data) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, this.hasIECrypto() ? this.msCryptoSign(key, data) : window.crypto.subtle.sign(this._keygenAlgorithmOptions, key, data)]; }); }); }; /** * Check whether IE crypto or other browser cryptography is available. */ BrowserCrypto.prototype.hasCryptoAPI = function () { return this.hasIECrypto() || this.hasBrowserCrypto(); }; /** * Checks whether IE crypto (AKA msCrypto) is available. */ BrowserCrypto.prototype.hasIECrypto = function () { return "msCrypto" in window; }; /** * Check whether browser crypto is available. */ BrowserCrypto.prototype.hasBrowserCrypto = function () { return "crypto" in window; }; /** * Helper function for SHA digest. * @param algorithm * @param data */ BrowserCrypto.prototype.getSubtleCryptoDigest = function (algorithm, data) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, window.crypto.subtle.digest(algorithm, data)]; }); }); }; /** * IE Helper function for SHA digest. * @param algorithm * @param data */ BrowserCrypto.prototype.getMSCryptoDigest = function (algorithm, data) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, new Promise(function (resolve, reject) { var digestOperation = window["msCrypto"].subtle.digest(algorithm, data.buffer); digestOperation.addEventListener("complete", function (e) { resolve(e.target.result); }); digestOperation.addEventListener("error", function (error) { reject(error); }); })]; }); }); }; /** * IE Helper function for generating a keypair * @param extractable * @param usages */ BrowserCrypto.prototype.msCryptoGenerateKey = function (extractable, usages) { return __awaiter$1(this, void 0, void 0, function () { var _this = this; return __generator$1(this, function (_a) { return [2 /*return*/, new Promise(function (resolve, reject) { var msGenerateKey = window["msCrypto"].subtle.generateKey(_this._keygenAlgorithmOptions, extractable, usages); msGenerateKey.addEventListener("complete", function (e) { resolve(e.target.result); }); msGenerateKey.addEventListener("error", function (error) { reject(error); }); })]; }); }); }; /** * IE Helper function for exportKey * @param key * @param format */ BrowserCrypto.prototype.msCryptoExportJwk = function (key) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, new Promise(function (resolve, reject) { var msExportKey = window["msCrypto"].subtle.exportKey(KEY_FORMAT_JWK, key); msExportKey.addEventListener("complete", function (e) { var resultBuffer = e.target.result; var resultString = BrowserStringUtils.utf8ArrToString(new Uint8Array(resultBuffer)) .replace(/\r/g, "") .replace(/\n/g, "") .replace(/\t/g, "") .split(" ").join("") .replace("\u0000", ""); try { resolve(JSON.parse(resultString)); } catch (e) { reject(e); } }); msExportKey.addEventListener("error", function (error) { reject(error); }); })]; }); }); }; /** * IE Helper function for importKey * @param key * @param format * @param extractable * @param usages */ BrowserCrypto.prototype.msCryptoImportKey = function (keyBuffer, extractable, usages) { return __awaiter$1(this, void 0, void 0, function () { var _this = this; return __generator$1(this, function (_a) { return [2 /*return*/, new Promise(function (resolve, reject) { var msImportKey = window["msCrypto"].subtle.importKey(KEY_FORMAT_JWK, keyBuffer, _this._keygenAlgorithmOptions, extractable, usages); msImportKey.addEventListener("complete", function (e) { resolve(e.target.result); }); msImportKey.addEventListener("error", function (error) { reject(error); }); })]; }); }); }; /** * IE Helper function for sign JWT * @param key * @param data */ BrowserCrypto.prototype.msCryptoSign = function (key, data) { return __awaiter$1(this, void 0, void 0, function () { var _this = this; return __generator$1(this, function (_a) { return [2 /*return*/, new Promise(function (resolve, reject) { var msSign = window["msCrypto"].subtle.sign(_this._keygenAlgorithmOptions, key, data); msSign.addEventListener("complete", function (e) { resolve(e.target.result); }); msSign.addEventListener("error", function (error) { reject(error); }); })]; }); }); }; /** * Returns stringified jwk. * @param jwk */ BrowserCrypto.getJwkString = function (jwk) { return JSON.stringify(jwk, Object.keys(jwk).sort()); }; return BrowserCrypto; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Storage wrapper for IndexedDB storage in browsers: https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API */ var DatabaseStorage = /** @class */ (function () { function DatabaseStorage(dbName, tableName, version) { this.dbName = dbName; this.tableName = tableName; this.version = version; this.dbOpen = false; } /** * Opens IndexedDB instance. */ DatabaseStorage.prototype.open = function () { return __awaiter$1(this, void 0, void 0, function () { var _this = this; return __generator$1(this, function (_a) { return [2 /*return*/, new Promise(function (resolve, reject) { // TODO: Add timeouts? var openDB = window.indexedDB.open(_this.dbName, _this.version); openDB.addEventListener("upgradeneeded", function (e) { var event = e; event.target.result.createObjectStore(_this.tableName); }); openDB.addEventListener("success", function (e) { var event = e; _this.db = event.target.result; _this.dbOpen = true; resolve(); }); openDB.addEventListener("error", function (error) { return reject(error); }); })]; }); }); }; /** * Retrieves item from IndexedDB instance. * @param key */ DatabaseStorage.prototype.get = function (key) { return __awaiter$1(this, void 0, void 0, function () { var _this = this; return __generator$1(this, function (_a) { switch (_a.label) { case 0: if (!!this.dbOpen) return [3 /*break*/, 2]; return [4 /*yield*/, this.open()]; case 1: _a.sent(); _a.label = 2; case 2: return [2 /*return*/, new Promise(function (resolve, reject) { // TODO: Add timeouts? if (!_this.db) { return reject(BrowserAuthError.createDatabaseNotOpenError()); } var transaction = _this.db.transaction([_this.tableName], "readonly"); var objectStore = transaction.objectStore(_this.tableName); var dbGet = objectStore.get(key); dbGet.addEventListener("success", function (e) { var event = e; resolve(event.target.result); }); dbGet.addEventListener("error", function (e) { return reject(e); }); })]; } }); }); }; /** * Adds item to IndexedDB under given key * @param key * @param payload */ DatabaseStorage.prototype.put = function (key, payload) { return __awaiter$1(this, void 0, void 0, function () { var _this = this; return __generator$1(this, function (_a) { switch (_a.label) { case 0: if (!!this.dbOpen) return [3 /*break*/, 2]; return [4 /*yield*/, this.open()]; case 1: _a.sent(); _a.label = 2; case 2: return [2 /*return*/, new Promise(function (resolve, reject) { // TODO: Add timeouts? if (!_this.db) { return reject(BrowserAuthError.createDatabaseNotOpenError()); } var transaction = _this.db.transaction([_this.tableName], "readwrite"); var objectStore = transaction.objectStore(_this.tableName); var dbPut = objectStore.put(payload, key); dbPut.addEventListener("success", function (e) { var event = e; resolve(event.target.result); }); dbPut.addEventListener("error", function (e) { return reject(e); }); })]; } }); }); }; return DatabaseStorage; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636). */ var CryptoOps = /** @class */ (function () { function CryptoOps() { // Browser crypto needs to be validated first before any other classes can be set. this.browserCrypto = new BrowserCrypto(); this.b64Encode = new Base64Encode(); this.b64Decode = new Base64Decode(); this.guidGenerator = new GuidGenerator(this.browserCrypto); this.pkceGenerator = new PkceGenerator(this.browserCrypto); this.cache = new DatabaseStorage(CryptoOps.DB_NAME, CryptoOps.TABLE_NAME, CryptoOps.DB_VERSION); } /** * Creates a new random GUID - used to populate state and nonce. * @returns string (GUID) */ CryptoOps.prototype.createNewGuid = function () { return this.guidGenerator.generateGuid(); }; /** * Encodes input string to base64. * @param input */ CryptoOps.prototype.base64Encode = function (input) { return this.b64Encode.encode(input); }; /** * Decodes input string from base64. * @param input */ CryptoOps.prototype.base64Decode = function (input) { return this.b64Decode.decode(input); }; /** * Generates PKCE codes used in Authorization Code Flow. */ CryptoOps.prototype.generatePkceCodes = function () { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, this.pkceGenerator.generateCodes()]; }); }); }; /** * Generates a keypair, stores it and returns a thumbprint * @param request */ CryptoOps.prototype.getPublicKeyThumbprint = function (request) { return __awaiter$1(this, void 0, void 0, function () { var keyPair, publicKeyJwk, pubKeyThumprintObj, publicJwkString, publicJwkBuffer, publicJwkHash, privateKeyJwk, unextractablePrivateKey; return __generator$1(this, function (_a) { switch (_a.label) { case 0: return [4 /*yield*/, this.browserCrypto.generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES)]; case 1: keyPair = _a.sent(); return [4 /*yield*/, this.browserCrypto.exportJwk(keyPair.publicKey)]; case 2: publicKeyJwk = _a.sent(); pubKeyThumprintObj = { e: publicKeyJwk.e, kty: publicKeyJwk.kty, n: publicKeyJwk.n }; publicJwkString = BrowserCrypto.getJwkString(pubKeyThumprintObj); return [4 /*yield*/, this.browserCrypto.sha256Digest(publicJwkString)]; case 3: publicJwkBuffer = _a.sent(); publicJwkHash = this.b64Encode.urlEncodeArr(new Uint8Array(publicJwkBuffer)); return [4 /*yield*/, this.browserCrypto.exportJwk(keyPair.privateKey)]; case 4: privateKeyJwk = _a.sent(); return [4 /*yield*/, this.browserCrypto.importJwk(privateKeyJwk, false, ["sign"])]; case 5: unextractablePrivateKey = _a.sent(); // Store Keypair data in keystore this.cache.put(publicJwkHash, { privateKey: unextractablePrivateKey, publicKey: keyPair.publicKey, requestMethod: request.resourceRequestMethod, requestUri: request.resourceRequestUri }); return [2 /*return*/, publicJwkHash]; } }); }); }; /** * Signs the given object as a jwt payload with private key retrieved by given kid. * @param payload * @param kid */ CryptoOps.prototype.signJwt = function (payload, kid) { return __awaiter$1(this, void 0, void 0, function () { var cachedKeyPair, publicKeyJwk, publicKeyJwkString, header, encodedHeader, encodedPayload, tokenString, tokenBuffer, signatureBuffer, encodedSignature; return __generator$1(this, function (_a) { switch (_a.label) { case 0: return [4 /*yield*/, this.cache.get(kid)]; case 1: cachedKeyPair = _a.sent(); return [4 /*yield*/, this.browserCrypto.exportJwk(cachedKeyPair.publicKey)]; case 2: publicKeyJwk = _a.sent(); publicKeyJwkString = BrowserCrypto.getJwkString(publicKeyJwk); header = { alg: publicKeyJwk.alg, type: KEY_FORMAT_JWK }; encodedHeader = this.b64Encode.urlEncode(JSON.stringify(header)); // Generate payload payload.cnf = { jwk: JSON.parse(publicKeyJwkString) }; encodedPayload = this.b64Encode.urlEncode(JSON.stringify(payload)); tokenString = encodedHeader + "." + encodedPayload; tokenBuffer = BrowserStringUtils.stringToArrayBuffer(tokenString); return [4 /*yield*/, this.browserCrypto.sign(cachedKeyPair.privateKey, tokenBuffer)]; case 3: signatureBuffer = _a.sent(); encodedSignature = this.b64Encode.urlEncodeArr(new Uint8Array(signatureBuffer)); return [2 /*return*/, tokenString + "." + encodedSignature]; } }); }); }; CryptoOps.POP_KEY_USAGES = ["sign", "verify"]; CryptoOps.EXTRACTABLE = true; CryptoOps.DB_VERSION = 1; CryptoOps.DB_NAME = "msal.db"; CryptoOps.TABLE_NAME = CryptoOps.DB_NAME + ".keys"; return CryptoOps; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * BrowserAuthErrorMessage class containing string constants used by error codes and messages. */ var BrowserConfigurationAuthErrorMessage = { redirectUriNotSet: { code: "redirect_uri_empty", desc: "A redirect URI is required for all calls, and none has been set." }, postLogoutUriNotSet: { code: "post_logout_uri_empty", desc: "A post logout redirect has not been set." }, storageNotSupportedError: { code: "storage_not_supported", desc: "Given storage configuration option was not supported." }, noRedirectCallbacksSet: { code: "no_redirect_callbacks", desc: "No redirect callbacks have been set. Please call setRedirectCallbacks() with the appropriate function arguments before continuing. " + "More information is available here: https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/MSAL-basics." }, invalidCallbackObject: { code: "invalid_callback_object", desc: "The object passed for the callback was invalid. " + "More information is available here: https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/MSAL-basics." }, stubPcaInstanceCalled: { code: "stubbed_public_client_application_called", desc: "Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors" }, inMemRedirectUnavailable: { code: "in_mem_redirect_unavailable", desc: "Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true." } }; /** * Browser library error class thrown by the MSAL.js library for SPAs */ var BrowserConfigurationAuthError = /** @class */ (function (_super) { __extends$1(BrowserConfigurationAuthError, _super); function BrowserConfigurationAuthError(errorCode, errorMessage) { var _this = _super.call(this, errorCode, errorMessage) || this; _this.name = "BrowserConfigurationAuthError"; Object.setPrototypeOf(_this, BrowserConfigurationAuthError.prototype); return _this; } /** * Creates an error thrown when the redirect uri is empty (not set by caller) */ BrowserConfigurationAuthError.createRedirectUriEmptyError = function () { return new BrowserConfigurationAuthError(BrowserConfigurationAuthErrorMessage.redirectUriNotSet.code, BrowserConfigurationAuthErrorMessage.redirectUriNotSet.desc); }; /** * Creates an error thrown when the post-logout redirect uri is empty (not set by caller) */ BrowserConfigurationAuthError.createPostLogoutRedirectUriEmptyError = function () { return new BrowserConfigurationAuthError(BrowserConfigurationAuthErrorMessage.postLogoutUriNotSet.code, BrowserConfigurationAuthErrorMessage.postLogoutUriNotSet.desc); }; /** * Creates error thrown when given storage location is not supported. * @param givenStorageLocation */ BrowserConfigurationAuthError.createStorageNotSupportedError = function (givenStorageLocation) { return new BrowserConfigurationAuthError(BrowserConfigurationAuthErrorMessage.storageNotSupportedError.code, BrowserConfigurationAuthErrorMessage.storageNotSupportedError.desc + " Given Location: " + givenStorageLocation); }; /** * Creates error thrown when redirect callbacks are not set before calling loginRedirect() or acquireTokenRedirect(). */ BrowserConfigurationAuthError.createRedirectCallbacksNotSetError = function () { return new BrowserConfigurationAuthError(BrowserConfigurationAuthErrorMessage.noRedirectCallbacksSet.code, BrowserConfigurationAuthErrorMessage.noRedirectCallbacksSet.desc); }; /** * Creates error thrown when the stub instance of PublicClientApplication is called. */ BrowserConfigurationAuthError.createStubPcaInstanceCalledError = function () { return new BrowserConfigurationAuthError(BrowserConfigurationAuthErrorMessage.stubPcaInstanceCalled.code, BrowserConfigurationAuthErrorMessage.stubPcaInstanceCalled.desc); }; /* * Create an error thrown when in-memory storage is used and storeAuthStateInCookie=false. */ BrowserConfigurationAuthError.createInMemoryRedirectUnavailableError = function () { return new BrowserConfigurationAuthError(BrowserConfigurationAuthErrorMessage.inMemRedirectUnavailable.code, BrowserConfigurationAuthErrorMessage.inMemRedirectUnavailable.desc); }; return BrowserConfigurationAuthError; }(AuthError)); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var BrowserStorage = /** @class */ (function () { function BrowserStorage(cacheLocation) { this.validateWindowStorage(cacheLocation); this.windowStorage = window[cacheLocation]; } BrowserStorage.prototype.validateWindowStorage = function (cacheLocation) { if (cacheLocation !== exports.BrowserCacheLocation.LocalStorage && cacheLocation !== exports.BrowserCacheLocation.SessionStorage) { throw BrowserConfigurationAuthError.createStorageNotSupportedError(cacheLocation); } var storageSupported = !!window[cacheLocation]; if (!storageSupported) { throw BrowserConfigurationAuthError.createStorageNotSupportedError(cacheLocation); } }; BrowserStorage.prototype.getItem = function (key) { return this.windowStorage.getItem(key); }; BrowserStorage.prototype.setItem = function (key, value) { this.windowStorage.setItem(key, value); }; BrowserStorage.prototype.removeItem = function (key) { this.windowStorage.removeItem(key); }; BrowserStorage.prototype.getKeys = function () { return Object.keys(this.windowStorage); }; BrowserStorage.prototype.containsKey = function (key) { return this.windowStorage.hasOwnProperty(key); }; return BrowserStorage; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var MemoryStorage = /** @class */ (function () { function MemoryStorage() { this.cache = new Map(); } MemoryStorage.prototype.getItem = function (key) { return this.cache.get(key) || null; }; MemoryStorage.prototype.setItem = function (key, value) { this.cache.set(key, value); }; MemoryStorage.prototype.removeItem = function (key) { this.cache.delete(key); }; MemoryStorage.prototype.getKeys = function () { var cacheKeys = []; this.cache.forEach(function (value, key) { cacheKeys.push(key); }); return cacheKeys; }; MemoryStorage.prototype.containsKey = function (key) { return this.cache.has(key); }; MemoryStorage.prototype.clear = function () { this.cache.clear(); }; return MemoryStorage; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var BrowserProtocolUtils = /** @class */ (function () { function BrowserProtocolUtils() { } /** * Extracts the BrowserStateObject from the state string. * @param browserCrypto * @param state */ BrowserProtocolUtils.extractBrowserRequestState = function (browserCrypto, state) { if (StringUtils.isEmpty(state)) { return null; } try { var requestStateObj = ProtocolUtils.parseRequestState(browserCrypto, state); return requestStateObj.libraryState.meta; } catch (e) { throw ClientAuthError.createInvalidStateError(state, e); } }; /** * Parses properties of server response from url hash * @param locationHash Hash from url */ BrowserProtocolUtils.parseServerResponseFromHash = function (locationHash) { if (!locationHash) { return {}; } var hashUrlString = new UrlString(locationHash); return UrlString.getDeserializedHash(hashUrlString.getHash()); }; return BrowserProtocolUtils; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * This class implements the cache storage interface for MSAL through browser local or session storage. * Cookies are only used if storeAuthStateInCookie is true, and are only used for * parameters such as state and nonce, generally. */ var BrowserCacheManager = /** @class */ (function (_super) { __extends$1(BrowserCacheManager, _super); function BrowserCacheManager(clientId, cacheConfig, cryptoImpl, logger) { var _this = _super.call(this, clientId, cryptoImpl) || this; // Cookie life calculation (hours * minutes * seconds * ms) _this.COOKIE_LIFE_MULTIPLIER = 24 * 60 * 60 * 1000; _this.cacheConfig = cacheConfig; _this.logger = logger; _this.internalStorage = new MemoryStorage(); _this.browserStorage = _this.setupBrowserStorage(_this.cacheConfig.cacheLocation); _this.temporaryCacheStorage = _this.setupTemporaryCacheStorage(_this.cacheConfig.cacheLocation); // Migrate any cache entries from older versions of MSAL. _this.migrateCacheEntries(); return _this; } /** * Returns a window storage class implementing the IWindowStorage interface that corresponds to the configured cacheLocation. * @param cacheLocation */ BrowserCacheManager.prototype.setupBrowserStorage = function (cacheLocation) { switch (cacheLocation) { case exports.BrowserCacheLocation.LocalStorage: case exports.BrowserCacheLocation.SessionStorage: try { // Temporary cache items will always be stored in session storage to mitigate problems caused by multiple tabs return new BrowserStorage(cacheLocation); } catch (e) { this.logger.verbose(e); break; } case exports.BrowserCacheLocation.MemoryStorage: } this.cacheConfig.cacheLocation = exports.BrowserCacheLocation.MemoryStorage; return new MemoryStorage(); }; /** * * @param cacheLocation */ BrowserCacheManager.prototype.setupTemporaryCacheStorage = function (cacheLocation) { switch (cacheLocation) { case exports.BrowserCacheLocation.LocalStorage: case exports.BrowserCacheLocation.SessionStorage: try { // Temporary cache items will always be stored in session storage to mitigate problems caused by multiple tabs return new BrowserStorage(exports.BrowserCacheLocation.SessionStorage); } catch (e) { this.logger.verbose(e); return this.internalStorage; } case exports.BrowserCacheLocation.MemoryStorage: default: return this.internalStorage; } }; /** * Migrate all old cache entries to new schema. No rollback supported. * @param storeAuthStateInCookie */ BrowserCacheManager.prototype.migrateCacheEntries = function () { var _this = this; var idTokenKey = Constants.CACHE_PREFIX + "." + PersistentCacheKeys.ID_TOKEN; var clientInfoKey = Constants.CACHE_PREFIX + "." + PersistentCacheKeys.CLIENT_INFO; var errorKey = Constants.CACHE_PREFIX + "." + PersistentCacheKeys.ERROR; var errorDescKey = Constants.CACHE_PREFIX + "." + PersistentCacheKeys.ERROR_DESC; var idTokenValue = this.browserStorage.getItem(idTokenKey); var clientInfoValue = this.browserStorage.getItem(clientInfoKey); var errorValue = this.browserStorage.getItem(errorKey); var errorDescValue = this.browserStorage.getItem(errorDescKey); var values = [idTokenValue, clientInfoValue, errorValue, errorDescValue]; var keysToMigrate = [PersistentCacheKeys.ID_TOKEN, PersistentCacheKeys.CLIENT_INFO, PersistentCacheKeys.ERROR, PersistentCacheKeys.ERROR_DESC]; keysToMigrate.forEach(function (cacheKey, index) { return _this.migrateCacheEntry(cacheKey, values[index]); }); }; /** * Utility function to help with migration. * @param newKey * @param value * @param storeAuthStateInCookie */ BrowserCacheManager.prototype.migrateCacheEntry = function (newKey, value) { if (value) { this.setTemporaryCache(newKey, value, true); } }; /** * Parses passed value as JSON object, JSON.parse() will throw an error. * @param input */ BrowserCacheManager.prototype.validateAndParseJson = function (jsonValue) { try { var parsedJson = JSON.parse(jsonValue); /** * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check * of the parsed value is necessary in order to be certain that the string represents a valid JSON object. * */ return (parsedJson && typeof parsedJson === "object") ? parsedJson : null; } catch (error) { return null; } }; /** * fetches the entry from the browser storage based off the key * @param key */ BrowserCacheManager.prototype.getItem = function (key) { return this.browserStorage.getItem(key); }; /** * sets the entry in the browser storage * @param key * @param value */ BrowserCacheManager.prototype.setItem = function (key, value) { this.browserStorage.setItem(key, value); }; /** * fetch the account entity from the platform cache * @param accountKey */ BrowserCacheManager.prototype.getAccount = function (accountKey) { var account = this.getItem(accountKey); if (!account) { return null; } var parsedAccount = this.validateAndParseJson(account); if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) { return null; } return CacheManager.toObject(new AccountEntity(), parsedAccount); }; /** * set account entity in the platform cache * @param key * @param value */ BrowserCacheManager.prototype.setAccount = function (account) { this.logger.trace("BrowserCacheManager.setAccount called"); var key = account.generateAccountKey(); this.setItem(key, JSON.stringify(account)); }; /** * generates idToken entity from a string * @param idTokenKey */ BrowserCacheManager.prototype.getIdTokenCredential = function (idTokenKey) { var value = this.getItem(idTokenKey); if (!value) { this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"); return null; } var parsedIdToken = this.validateAndParseJson(value); if (!parsedIdToken || !IdTokenEntity.isIdTokenEntity(parsedIdToken)) { this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"); return null; } this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"); return CacheManager.toObject(new IdTokenEntity(), parsedIdToken); }; /** * set IdToken credential to the platform cache * @param idToken */ BrowserCacheManager.prototype.setIdTokenCredential = function (idToken) { this.logger.trace("BrowserCacheManager.setIdTokenCredential called"); var idTokenKey = idToken.generateCredentialKey(); this.setItem(idTokenKey, JSON.stringify(idToken)); }; /** * generates accessToken entity from a string * @param key */ BrowserCacheManager.prototype.getAccessTokenCredential = function (accessTokenKey) { var value = this.getItem(accessTokenKey); if (!value) { this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"); return null; } var parsedAccessToken = this.validateAndParseJson(value); if (!parsedAccessToken || !AccessTokenEntity.isAccessTokenEntity(parsedAccessToken)) { this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"); return null; } this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"); return CacheManager.toObject(new AccessTokenEntity(), parsedAccessToken); }; /** * set accessToken credential to the platform cache * @param accessToken */ BrowserCacheManager.prototype.setAccessTokenCredential = function (accessToken) { this.logger.trace("BrowserCacheManager.setAccessTokenCredential called"); var accessTokenKey = accessToken.generateCredentialKey(); this.setItem(accessTokenKey, JSON.stringify(accessToken)); }; /** * generates refreshToken entity from a string * @param refreshTokenKey */ BrowserCacheManager.prototype.getRefreshTokenCredential = function (refreshTokenKey) { var value = this.getItem(refreshTokenKey); if (!value) { this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"); return null; } var parsedRefreshToken = this.validateAndParseJson(value); if (!parsedRefreshToken || !RefreshTokenEntity.isRefreshTokenEntity(parsedRefreshToken)) { this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"); return null; } this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"); return CacheManager.toObject(new RefreshTokenEntity(), parsedRefreshToken); }; /** * set refreshToken credential to the platform cache * @param refreshToken */ BrowserCacheManager.prototype.setRefreshTokenCredential = function (refreshToken) { this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called"); var refreshTokenKey = refreshToken.generateCredentialKey(); this.setItem(refreshTokenKey, JSON.stringify(refreshToken)); }; /** * fetch appMetadata entity from the platform cache * @param appMetadataKey */ BrowserCacheManager.prototype.getAppMetadata = function (appMetadataKey) { var value = this.getItem(appMetadataKey); if (!value) { this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"); return null; } var parsedMetadata = this.validateAndParseJson(value); if (!parsedMetadata || !AppMetadataEntity.isAppMetadataEntity(appMetadataKey, parsedMetadata)) { this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"); return null; } this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"); return CacheManager.toObject(new AppMetadataEntity(), parsedMetadata); }; /** * set appMetadata entity to the platform cache * @param appMetadata */ BrowserCacheManager.prototype.setAppMetadata = function (appMetadata) { this.logger.trace("BrowserCacheManager.setAppMetadata called"); var appMetadataKey = appMetadata.generateAppMetadataKey(); this.setItem(appMetadataKey, JSON.stringify(appMetadata)); }; /** * fetch server telemetry entity from the platform cache * @param serverTelemetryKey */ BrowserCacheManager.prototype.getServerTelemetry = function (serverTelemetryKey) { var value = this.getItem(serverTelemetryKey); if (!value) { this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"); return null; } var parsedMetadata = this.validateAndParseJson(value); if (!parsedMetadata || !ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetryKey, parsedMetadata)) { this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"); return null; } this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"); return CacheManager.toObject(new ServerTelemetryEntity(), parsedMetadata); }; /** * set server telemetry entity to the platform cache * @param serverTelemetryKey * @param serverTelemetry */ BrowserCacheManager.prototype.setServerTelemetry = function (serverTelemetryKey, serverTelemetry) { this.logger.trace("BrowserCacheManager.setServerTelemetry called"); this.setItem(serverTelemetryKey, JSON.stringify(serverTelemetry)); }; /** * */ BrowserCacheManager.prototype.getAuthorityMetadata = function (key) { var value = this.internalStorage.getItem(key); if (!value) { this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"); return null; } var parsedMetadata = this.validateAndParseJson(value); if (parsedMetadata && AuthorityMetadataEntity.isAuthorityMetadataEntity(key, parsedMetadata)) { this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"); return CacheManager.toObject(new AuthorityMetadataEntity(), parsedMetadata); } return null; }; /** * */ BrowserCacheManager.prototype.getAuthorityMetadataKeys = function () { var _this = this; var allKeys = this.internalStorage.getKeys(); return allKeys.filter(function (key) { return _this.isAuthorityMetadata(key); }); }; /** * * @param entity */ BrowserCacheManager.prototype.setAuthorityMetadata = function (key, entity) { this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"); this.internalStorage.setItem(key, JSON.stringify(entity)); }; /** * fetch throttling entity from the platform cache * @param throttlingCacheKey */ BrowserCacheManager.prototype.getThrottlingCache = function (throttlingCacheKey) { var value = this.getItem(throttlingCacheKey); if (!value) { this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"); return null; } var parsedThrottlingCache = this.validateAndParseJson(value); if (!parsedThrottlingCache || !ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, parsedThrottlingCache)) { this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"); return null; } this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"); return CacheManager.toObject(new ThrottlingEntity(), parsedThrottlingCache); }; /** * set throttling entity to the platform cache * @param throttlingCacheKey * @param throttlingCache */ BrowserCacheManager.prototype.setThrottlingCache = function (throttlingCacheKey, throttlingCache) { this.logger.trace("BrowserCacheManager.setThrottlingCache called"); this.setItem(throttlingCacheKey, JSON.stringify(throttlingCache)); }; /** * Gets cache item with given key. * Will retrieve from cookies if storeAuthStateInCookie is set to true. * @param key */ BrowserCacheManager.prototype.getTemporaryCache = function (cacheKey, generateKey) { var key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey; if (this.cacheConfig.storeAuthStateInCookie) { var itemCookie = this.getItemCookie(key); if (itemCookie) { this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"); return itemCookie; } } var value = this.temporaryCacheStorage.getItem(key); if (!value) { // If temp cache item not found in session/memory, check local storage for items set by old versions if (this.cacheConfig.cacheLocation === exports.BrowserCacheLocation.LocalStorage) { var item = this.browserStorage.getItem(key); if (item) { this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"); return item; } } this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"); return null; } this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"); return value; }; /** * Sets the cache item with the key and value given. * Stores in cookie if storeAuthStateInCookie is set to true. * This can cause cookie overflow if used incorrectly. * @param key * @param value */ BrowserCacheManager.prototype.setTemporaryCache = function (cacheKey, value, generateKey) { var key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey; this.temporaryCacheStorage.setItem(key, value); if (this.cacheConfig.storeAuthStateInCookie) { this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"); this.setItemCookie(key, value); } }; /** * Removes the cache item with the given key. * Will also clear the cookie item if storeAuthStateInCookie is set to true. * @param key */ BrowserCacheManager.prototype.removeItem = function (key) { this.browserStorage.removeItem(key); this.temporaryCacheStorage.removeItem(key); if (this.cacheConfig.storeAuthStateInCookie) { this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"); this.clearItemCookie(key); } return true; }; /** * Checks whether key is in cache. * @param key */ BrowserCacheManager.prototype.containsKey = function (key) { return this.browserStorage.containsKey(key) || this.temporaryCacheStorage.containsKey(key); }; /** * Gets all keys in window. */ BrowserCacheManager.prototype.getKeys = function () { return __spread(this.browserStorage.getKeys(), this.temporaryCacheStorage.getKeys()); }; /** * Clears all cache entries created by MSAL (except tokens). */ BrowserCacheManager.prototype.clear = function () { var _this = this; this.removeAllAccounts(); this.removeAppMetadata(); this.getKeys().forEach(function (cacheKey) { // Check if key contains msal prefix; For now, we are clearing all the cache items created by MSAL.js if ((_this.browserStorage.containsKey(cacheKey) || _this.temporaryCacheStorage.containsKey(cacheKey)) && ((cacheKey.indexOf(Constants.CACHE_PREFIX) !== -1) || (cacheKey.indexOf(_this.clientId) !== -1))) { _this.removeItem(cacheKey); } }); this.internalStorage.clear(); }; /** * Add value to cookies * @param cookieName * @param cookieValue * @param expires */ BrowserCacheManager.prototype.setItemCookie = function (cookieName, cookieValue, expires) { var cookieStr = encodeURIComponent(cookieName) + "=" + encodeURIComponent(cookieValue) + ";path=/;"; if (expires) { var expireTime = this.getCookieExpirationTime(expires); cookieStr += "expires=" + expireTime + ";"; } if (this.cacheConfig.secureCookies) { cookieStr += "Secure;"; } document.cookie = cookieStr; }; /** * Get one item by key from cookies * @param cookieName */ BrowserCacheManager.prototype.getItemCookie = function (cookieName) { var name = encodeURIComponent(cookieName) + "="; var cookieList = document.cookie.split(";"); for (var i = 0; i < cookieList.length; i++) { var cookie = cookieList[i]; while (cookie.charAt(0) === " ") { cookie = cookie.substring(1); } if (cookie.indexOf(name) === 0) { return decodeURIComponent(cookie.substring(name.length, cookie.length)); } } return ""; }; /** * Clear all msal-related cookies currently set in the browser. Should only be used to clear temporary cache items. */ BrowserCacheManager.prototype.clearMsalCookies = function () { var _this = this; var cookiePrefix = Constants.CACHE_PREFIX + "." + this.clientId; var cookieList = document.cookie.split(";"); cookieList.forEach(function (cookie) { while (cookie.charAt(0) === " ") { // eslint-disable-next-line no-param-reassign cookie = cookie.substring(1); } if (cookie.indexOf(cookiePrefix) === 0) { var cookieKey = cookie.split("=")[0]; _this.clearItemCookie(cookieKey); } }); }; /** * Clear an item in the cookies by key * @param cookieName */ BrowserCacheManager.prototype.clearItemCookie = function (cookieName) { this.setItemCookie(cookieName, "", -1); }; /** * Get cookie expiration time * @param cookieLifeDays */ BrowserCacheManager.prototype.getCookieExpirationTime = function (cookieLifeDays) { var today = new Date(); var expr = new Date(today.getTime() + cookieLifeDays * this.COOKIE_LIFE_MULTIPLIER); return expr.toUTCString(); }; /** * Gets the cache object referenced by the browser */ BrowserCacheManager.prototype.getCache = function () { return this.browserStorage; }; /** * interface compat, we cannot overwrite browser cache; Functionality is supported by individual entities in browser */ BrowserCacheManager.prototype.setCache = function () { // sets nothing }; /** * Prepend msal. to each key; Skip for any JSON object as Key (defined schemas do not need the key appended: AccessToken Keys or the upcoming schema) * @param key * @param addInstanceId */ BrowserCacheManager.prototype.generateCacheKey = function (key) { var generatedKey = this.validateAndParseJson(key); if (!generatedKey) { if (StringUtils.startsWith(key, Constants.CACHE_PREFIX) || StringUtils.startsWith(key, PersistentCacheKeys.ADAL_ID_TOKEN)) { return key; } return Constants.CACHE_PREFIX + "." + this.clientId + "." + key; } return JSON.stringify(key); }; /** * Create authorityKey to cache authority * @param state */ BrowserCacheManager.prototype.generateAuthorityKey = function (stateString) { var stateId = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString).libraryState.id; return this.generateCacheKey(TemporaryCacheKeys.AUTHORITY + "." + stateId); }; /** * Create Nonce key to cache nonce * @param state */ BrowserCacheManager.prototype.generateNonceKey = function (stateString) { var stateId = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString).libraryState.id; return this.generateCacheKey(TemporaryCacheKeys.NONCE_IDTOKEN + "." + stateId); }; /** * Creates full cache key for the request state * @param stateString State string for the request */ BrowserCacheManager.prototype.generateStateKey = function (stateString) { // Use the library state id to key temp storage for uniqueness for multiple concurrent requests var stateId = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString).libraryState.id; return this.generateCacheKey(TemporaryCacheKeys.REQUEST_STATE + "." + stateId); }; /** * Gets the cached authority based on the cached state. Returns empty if no cached state found. */ BrowserCacheManager.prototype.getCachedAuthority = function (cachedState) { var stateCacheKey = this.generateStateKey(cachedState); var state = this.getTemporaryCache(stateCacheKey); if (!state) { return null; } var authorityCacheKey = this.generateAuthorityKey(state); return this.getTemporaryCache(authorityCacheKey); }; /** * Updates account, authority, and state in cache * @param serverAuthenticationRequest * @param account */ BrowserCacheManager.prototype.updateCacheEntries = function (state, nonce, authorityInstance, loginHint, account) { this.logger.trace("BrowserCacheManager.updateCacheEntries called"); // Cache the request state var stateCacheKey = this.generateStateKey(state); this.setTemporaryCache(stateCacheKey, state, false); // Cache the nonce var nonceCacheKey = this.generateNonceKey(state); this.setTemporaryCache(nonceCacheKey, nonce, false); // Cache authorityKey var authorityCacheKey = this.generateAuthorityKey(state); this.setTemporaryCache(authorityCacheKey, authorityInstance, false); if (account) { var ccsCredential = { credential: account.homeAccountId, type: CcsCredentialType.HOME_ACCOUNT_ID }; this.setTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, JSON.stringify(ccsCredential), true); } else if (!StringUtils.isEmpty(loginHint)) { var ccsCredential = { credential: loginHint, type: CcsCredentialType.UPN }; this.setTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, JSON.stringify(ccsCredential), true); } }; /** * Reset all temporary cache items * @param state */ BrowserCacheManager.prototype.resetRequestCache = function (state) { var _this = this; this.logger.trace("BrowserCacheManager.resetRequestCache called"); // check state and remove associated cache items if (!StringUtils.isEmpty(state)) { this.getKeys().forEach(function (key) { if (key.indexOf(state) !== -1) { _this.removeItem(key); } }); } // delete generic interactive request parameters if (state) { this.removeItem(this.generateStateKey(state)); this.removeItem(this.generateNonceKey(state)); this.removeItem(this.generateAuthorityKey(state)); } this.removeItem(this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS)); this.removeItem(this.generateCacheKey(TemporaryCacheKeys.ORIGIN_URI)); this.removeItem(this.generateCacheKey(TemporaryCacheKeys.URL_HASH)); this.removeItem(this.generateCacheKey(TemporaryCacheKeys.INTERACTION_STATUS_KEY)); this.removeItem(this.generateCacheKey(TemporaryCacheKeys.CCS_CREDENTIAL)); }; /** * Removes temporary cache for the provided state * @param stateString */ BrowserCacheManager.prototype.cleanRequestByState = function (stateString) { this.logger.trace("BrowserCacheManager.cleanRequestByState called"); // Interaction is completed - remove interaction status. if (stateString) { var stateKey = this.generateStateKey(stateString); var cachedState = this.temporaryCacheStorage.getItem(stateKey); this.logger.infoPii("BrowserCacheManager.cleanRequestByState: Removing temporary cache items for state: " + cachedState); this.resetRequestCache(cachedState || ""); } this.clearMsalCookies(); }; /** * Looks in temporary cache for any state values with the provided interactionType and removes all temporary cache items for that state * Used in scenarios where temp cache needs to be cleaned but state is not known, such as clicking browser back button. * @param interactionType */ BrowserCacheManager.prototype.cleanRequestByInteractionType = function (interactionType) { var _this = this; this.logger.trace("BrowserCacheManager.cleanRequestByInteractionType called"); // Loop through all keys to find state key this.getKeys().forEach(function (key) { // If this key is not the state key, move on if (key.indexOf(TemporaryCacheKeys.REQUEST_STATE) === -1) { return; } // Retrieve state value, return if not a valid value var stateValue = _this.temporaryCacheStorage.getItem(key); if (!stateValue) { return; } // Extract state and ensure it matches given InteractionType, then clean request cache var parsedState = BrowserProtocolUtils.extractBrowserRequestState(_this.cryptoImpl, stateValue); if (parsedState && parsedState.interactionType === interactionType) { _this.logger.infoPii("BrowserCacheManager.cleanRequestByInteractionType: Removing temporary cache items for state: " + stateValue); _this.resetRequestCache(stateValue); } }); this.clearMsalCookies(); }; BrowserCacheManager.prototype.cacheCodeRequest = function (authCodeRequest, browserCrypto) { this.logger.trace("BrowserCacheManager.cacheCodeRequest called"); var encodedValue = browserCrypto.base64Encode(JSON.stringify(authCodeRequest)); this.setTemporaryCache(TemporaryCacheKeys.REQUEST_PARAMS, encodedValue, true); }; /** * Gets the token exchange parameters from the cache. Throws an error if nothing is found. */ BrowserCacheManager.prototype.getCachedRequest = function (state, browserCrypto) { this.logger.trace("BrowserCacheManager.getCachedRequest called"); // Get token request from cache and parse as TokenExchangeParameters. var encodedTokenRequest = this.getTemporaryCache(TemporaryCacheKeys.REQUEST_PARAMS, true); if (!encodedTokenRequest) { throw BrowserAuthError.createNoTokenRequestCacheError(); } var parsedRequest = this.validateAndParseJson(browserCrypto.base64Decode(encodedTokenRequest)); if (!parsedRequest) { throw BrowserAuthError.createUnableToParseTokenRequestCacheError(); } this.removeItem(this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS)); // Get cached authority and use if no authority is cached with request. if (StringUtils.isEmpty(parsedRequest.authority)) { var authorityCacheKey = this.generateAuthorityKey(state); var cachedAuthority = this.getTemporaryCache(authorityCacheKey); if (!cachedAuthority) { throw BrowserAuthError.createNoCachedAuthorityError(); } parsedRequest.authority = cachedAuthority; } return parsedRequest; }; return BrowserCacheManager; }(CacheManager)); var DEFAULT_BROWSER_CACHE_MANAGER = function (clientId, logger) { var cacheOptions = { cacheLocation: exports.BrowserCacheLocation.MemoryStorage, storeAuthStateInCookie: false, secureCookies: false }; return new BrowserCacheManager(clientId, cacheOptions, DEFAULT_CRYPTO_IMPLEMENTATION, logger); }; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * This class implements the Fetch API for GET and POST requests. See more here: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API */ var FetchClient = /** @class */ (function () { function FetchClient() { } /** * Fetch Client for REST endpoints - Get request * @param url * @param headers * @param body */ FetchClient.prototype.sendGetRequestAsync = function (url, options) { return __awaiter$1(this, void 0, void 0, function () { var response, e_1, _a; return __generator$1(this, function (_b) { switch (_b.label) { case 0: _b.trys.push([0, 2, , 3]); return [4 /*yield*/, fetch(url, { method: HTTP_REQUEST_TYPE.GET, headers: this.getFetchHeaders(options) })]; case 1: response = _b.sent(); return [3 /*break*/, 3]; case 2: e_1 = _b.sent(); if (window.navigator.onLine) { throw BrowserAuthError.createGetRequestFailedError(e_1, url); } else { throw BrowserAuthError.createNoNetworkConnectivityError(); } case 3: _b.trys.push([3, 5, , 6]); _a = { headers: this.getHeaderDict(response.headers) }; return [4 /*yield*/, response.json()]; case 4: return [2 /*return*/, (_a.body = (_b.sent()), _a.status = response.status, _a)]; case 5: _b.sent(); throw BrowserAuthError.createFailedToParseNetworkResponseError(url); case 6: return [2 /*return*/]; } }); }); }; /** * Fetch Client for REST endpoints - Post request * @param url * @param headers * @param body */ FetchClient.prototype.sendPostRequestAsync = function (url, options) { return __awaiter$1(this, void 0, void 0, function () { var reqBody, response, e_3, _a; return __generator$1(this, function (_b) { switch (_b.label) { case 0: reqBody = (options && options.body) || ""; _b.label = 1; case 1: _b.trys.push([1, 3, , 4]); return [4 /*yield*/, fetch(url, { method: HTTP_REQUEST_TYPE.POST, headers: this.getFetchHeaders(options), body: reqBody })]; case 2: response = _b.sent(); return [3 /*break*/, 4]; case 3: e_3 = _b.sent(); if (window.navigator.onLine) { throw BrowserAuthError.createPostRequestFailedError(e_3, url); } else { throw BrowserAuthError.createNoNetworkConnectivityError(); } case 4: _b.trys.push([4, 6, , 7]); _a = { headers: this.getHeaderDict(response.headers) }; return [4 /*yield*/, response.json()]; case 5: return [2 /*return*/, (_a.body = (_b.sent()), _a.status = response.status, _a)]; case 6: _b.sent(); throw BrowserAuthError.createFailedToParseNetworkResponseError(url); case 7: return [2 /*return*/]; } }); }); }; /** * Get Fetch API Headers object from string map * @param inputHeaders */ FetchClient.prototype.getFetchHeaders = function (options) { var headers = new Headers(); if (!(options && options.headers)) { return headers; } var optionsHeaders = options.headers; Object.keys(optionsHeaders).forEach(function (key) { headers.append(key, optionsHeaders[key]); }); return headers; }; FetchClient.prototype.getHeaderDict = function (headers) { var headerDict = {}; headers.forEach(function (value, key) { headerDict[key] = value; }); return headerDict; }; return FetchClient; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * This client implements the XMLHttpRequest class to send GET and POST requests. */ var XhrClient = /** @class */ (function () { function XhrClient() { } /** * XhrClient for REST endpoints - Get request * @param url * @param headers * @param body */ XhrClient.prototype.sendGetRequestAsync = function (url, options) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, this.sendRequestAsync(url, HTTP_REQUEST_TYPE.GET, options)]; }); }); }; /** * XhrClient for REST endpoints - Post request * @param url * @param headers * @param body */ XhrClient.prototype.sendPostRequestAsync = function (url, options) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { return [2 /*return*/, this.sendRequestAsync(url, HTTP_REQUEST_TYPE.POST, options)]; }); }); }; /** * Helper for XhrClient requests. * @param url * @param method * @param options */ XhrClient.prototype.sendRequestAsync = function (url, method, options) { var _this = this; return new Promise(function (resolve, reject) { var xhr = new XMLHttpRequest(); xhr.open(method, url, /* async: */ true); _this.setXhrHeaders(xhr, options); xhr.onload = function () { if (xhr.status < 200 || xhr.status >= 300) { if (method === HTTP_REQUEST_TYPE.POST) { reject(BrowserAuthError.createPostRequestFailedError("Failed with status " + xhr.status, url)); } else { reject(BrowserAuthError.createGetRequestFailedError("Failed with status " + xhr.status, url)); } } try { var jsonResponse = JSON.parse(xhr.responseText); var networkResponse = { headers: _this.getHeaderDict(xhr), body: jsonResponse, status: xhr.status }; resolve(networkResponse); } catch (e) { reject(BrowserAuthError.createFailedToParseNetworkResponseError(url)); } }; xhr.onerror = function () { if (window.navigator.onLine) { if (method === HTTP_REQUEST_TYPE.POST) { reject(BrowserAuthError.createPostRequestFailedError("Failed with status " + xhr.status, url)); } else { reject(BrowserAuthError.createGetRequestFailedError("Failed with status " + xhr.status, url)); } } else { reject(BrowserAuthError.createNoNetworkConnectivityError()); } }; if (method === HTTP_REQUEST_TYPE.POST && options && options.body) { xhr.send(options.body); } else if (method === HTTP_REQUEST_TYPE.GET) { xhr.send(); } else { throw BrowserAuthError.createHttpMethodNotImplementedError(method); } }); }; /** * Helper to set XHR headers for request. * @param xhr * @param options */ XhrClient.prototype.setXhrHeaders = function (xhr, options) { if (options && options.headers) { var headers_1 = options.headers; Object.keys(headers_1).forEach(function (key) { xhr.setRequestHeader(key, headers_1[key]); }); } }; /** * Gets a string map of the headers received in the response. * * Algorithm comes from https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/getAllResponseHeaders * @param xhr */ XhrClient.prototype.getHeaderDict = function (xhr) { var headerString = xhr.getAllResponseHeaders(); var headerArr = headerString.trim().split(/[\r\n]+/); var headerDict = {}; headerArr.forEach(function (value) { var parts = value.split(": "); var headerName = parts.shift(); var headerVal = parts.join(": "); if (headerName && headerVal) { headerDict[headerName] = headerVal; } }); return headerDict; }; return XhrClient; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Utility class for browser specific functions */ var BrowserUtils = /** @class */ (function () { function BrowserUtils() { } // #region Window Navigation and URL management /** * Clears hash from window url. */ BrowserUtils.clearHash = function (contentWindow) { // Office.js sets history.replaceState to null contentWindow.location.hash = Constants.EMPTY_STRING; if (typeof contentWindow.history.replaceState === "function") { // Full removes "#" from url contentWindow.history.replaceState(null, Constants.EMPTY_STRING, "" + contentWindow.location.pathname + contentWindow.location.search); } }; /** * Replaces current hash with hash from provided url */ BrowserUtils.replaceHash = function (url) { var urlParts = url.split("#"); urlParts.shift(); // Remove part before the hash window.location.hash = urlParts.length > 0 ? urlParts.join("#") : ""; }; /** * Returns boolean of whether the current window is in an iframe or not. */ BrowserUtils.isInIframe = function () { return window.parent !== window; }; // #endregion /** * Returns current window URL as redirect uri */ BrowserUtils.getCurrentUri = function () { return window.location.href.split("?")[0].split("#")[0]; }; /** * Gets the homepage url for the current window location. */ BrowserUtils.getHomepage = function () { var currentUrl = new UrlString(window.location.href); var urlComponents = currentUrl.getUrlComponents(); return urlComponents.Protocol + "//" + urlComponents.HostNameAndPort + "/"; }; /** * Returns best compatible network client object. */ BrowserUtils.getBrowserNetworkClient = function () { if (window.fetch && window.Headers) { return new FetchClient(); } else { return new XhrClient(); } }; /** * Throws error if we have completed an auth and are * attempting another auth request inside an iframe. */ BrowserUtils.blockReloadInHiddenIframes = function () { var isResponseHash = UrlString.hashContainsKnownProperties(window.location.hash); // return an error if called from the hidden iframe created by the msal js silent calls if (isResponseHash && BrowserUtils.isInIframe()) { throw BrowserAuthError.createBlockReloadInHiddenIframeError(); } }; /** * Block redirect operations in iframes unless explicitly allowed * @param interactionType Interaction type for the request * @param allowRedirectInIframe Config value to allow redirects when app is inside an iframe */ BrowserUtils.blockRedirectInIframe = function (interactionType, allowRedirectInIframe) { var isIframedApp = BrowserUtils.isInIframe(); if (interactionType === exports.InteractionType.Redirect && isIframedApp && !allowRedirectInIframe) { // If we are not in top frame, we shouldn't redirect. This is also handled by the service. throw BrowserAuthError.createRedirectInIframeError(isIframedApp); } }; /** * Block redirectUri loaded in popup from calling AcquireToken APIs */ BrowserUtils.blockAcquireTokenInPopups = function () { // Popups opened by msal popup APIs are given a name that starts with "msal." if (window.opener && window.opener !== window && typeof window.name === "string" && window.name.indexOf(BrowserConstants.POPUP_NAME_PREFIX + ".") === 0) { throw BrowserAuthError.createBlockAcquireTokenInPopupsError(); } }; /** * Throws error if token requests are made in non-browser environment * @param isBrowserEnvironment Flag indicating if environment is a browser. */ BrowserUtils.blockNonBrowserEnvironment = function (isBrowserEnvironment) { if (!isBrowserEnvironment) { throw BrowserAuthError.createNonBrowserEnvironmentError(); } }; /** * Returns boolean of whether current browser is an Internet Explorer or Edge browser. */ BrowserUtils.detectIEOrEdge = function () { var ua = window.navigator.userAgent; var msie = ua.indexOf("MSIE "); var msie11 = ua.indexOf("Trident/"); var msedge = ua.indexOf("Edge/"); var isIE = msie > 0 || msie11 > 0; var isEdge = msedge > 0; return isIE || isEdge; }; return BrowserUtils; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var NavigationClient = /** @class */ (function () { function NavigationClient() { } /** * Navigates to other pages within the same web application * @param url * @param options */ NavigationClient.prototype.navigateInternal = function (url, options) { return NavigationClient.defaultNavigateWindow(url, options); }; /** * Navigates to other pages outside the web application i.e. the Identity Provider * @param url * @param options */ NavigationClient.prototype.navigateExternal = function (url, options) { return NavigationClient.defaultNavigateWindow(url, options); }; /** * Default navigation implementation invoked by the internal and external functions * @param url * @param options */ NavigationClient.defaultNavigateWindow = function (url, options) { if (options.noHistory) { window.location.replace(url); } else { window.location.assign(url); } return new Promise(function (resolve) { setTimeout(function () { resolve(true); }, options.timeout); }); }; return NavigationClient; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ // Default timeout for popup windows and iframes in milliseconds var DEFAULT_POPUP_TIMEOUT_MS = 60000; var DEFAULT_IFRAME_TIMEOUT_MS = 6000; var DEFAULT_REDIRECT_TIMEOUT_MS = 30000; /** * MSAL function that sets the default options when not explicitly configured from app developer * * @param auth * @param cache * @param system * * @returns Configuration object */ function buildConfiguration(_a, isBrowserEnvironment) { var userInputAuth = _a.auth, userInputCache = _a.cache, userInputSystem = _a.system; // Default auth options for browser var DEFAULT_AUTH_OPTIONS = { clientId: "", authority: "" + Constants.DEFAULT_AUTHORITY, knownAuthorities: [], cloudDiscoveryMetadata: "", authorityMetadata: "", redirectUri: "", postLogoutRedirectUri: "", navigateToLoginRequestUrl: true, clientCapabilities: [], protocolMode: exports.ProtocolMode.AAD }; // Default cache options for browser var DEFAULT_CACHE_OPTIONS = { cacheLocation: exports.BrowserCacheLocation.SessionStorage, storeAuthStateInCookie: false, secureCookies: false }; // Default logger options for browser var DEFAULT_LOGGER_OPTIONS = { // eslint-disable-next-line @typescript-eslint/no-empty-function loggerCallback: function () { }, logLevel: exports.LogLevel.Info, piiLoggingEnabled: false }; // Default system options for browser var DEFAULT_BROWSER_SYSTEM_OPTIONS = __assign$1(__assign$1({}, DEFAULT_SYSTEM_OPTIONS), { loggerOptions: DEFAULT_LOGGER_OPTIONS, networkClient: isBrowserEnvironment ? BrowserUtils.getBrowserNetworkClient() : StubbedNetworkModule, navigationClient: new NavigationClient(), loadFrameTimeout: 0, // If loadFrameTimeout is provided, use that as default. windowHashTimeout: (userInputSystem && userInputSystem.loadFrameTimeout) || DEFAULT_POPUP_TIMEOUT_MS, iframeHashTimeout: (userInputSystem && userInputSystem.loadFrameTimeout) || DEFAULT_IFRAME_TIMEOUT_MS, navigateFrameWait: isBrowserEnvironment && BrowserUtils.detectIEOrEdge() ? 500 : 0, redirectNavigationTimeout: DEFAULT_REDIRECT_TIMEOUT_MS, asyncPopups: false, allowRedirectInIframe: false }); var overlayedConfig = { auth: __assign$1(__assign$1({}, DEFAULT_AUTH_OPTIONS), userInputAuth), cache: __assign$1(__assign$1({}, DEFAULT_CACHE_OPTIONS), userInputCache), system: __assign$1(__assign$1({}, DEFAULT_BROWSER_SYSTEM_OPTIONS), userInputSystem) }; return overlayedConfig; } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Abstract class which defines operations for a browser interaction handling class. */ var InteractionHandler = /** @class */ (function () { function InteractionHandler(authCodeModule, storageImpl, authCodeRequest, browserRequestLogger) { this.authModule = authCodeModule; this.browserStorage = storageImpl; this.authCodeRequest = authCodeRequest; this.browserRequestLogger = browserRequestLogger; } /** * Function to handle response parameters from hash. * @param locationHash */ InteractionHandler.prototype.handleCodeResponse = function (locationHash, state, authority, networkModule) { return __awaiter$1(this, void 0, void 0, function () { var stateKey, requestState, authCodeResponse, nonceKey, cachedNonce, cachedCcsCred, tokenResponse; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.browserRequestLogger.verbose("InteractionHandler.handleCodeResponse called"); // Check that location hash isn't empty. if (StringUtils.isEmpty(locationHash)) { throw BrowserAuthError.createEmptyHashError(locationHash); } stateKey = this.browserStorage.generateStateKey(state); requestState = this.browserStorage.getTemporaryCache(stateKey); if (!requestState) { throw ClientAuthError.createStateNotFoundError("Cached State"); } authCodeResponse = this.authModule.handleFragmentResponse(locationHash, requestState); nonceKey = this.browserStorage.generateNonceKey(requestState); cachedNonce = this.browserStorage.getTemporaryCache(nonceKey); // Assign code to request this.authCodeRequest.code = authCodeResponse.code; if (!authCodeResponse.cloud_instance_host_name) return [3 /*break*/, 2]; return [4 /*yield*/, this.updateTokenEndpointAuthority(authCodeResponse.cloud_instance_host_name, authority, networkModule)]; case 1: _a.sent(); _a.label = 2; case 2: authCodeResponse.nonce = cachedNonce || undefined; authCodeResponse.state = requestState; // Add CCS parameters if available if (authCodeResponse.client_info) { this.authCodeRequest.clientInfo = authCodeResponse.client_info; } else { cachedCcsCred = this.checkCcsCredentials(); if (cachedCcsCred) { this.authCodeRequest.ccsCredential = cachedCcsCred; } } return [4 /*yield*/, this.authModule.acquireToken(this.authCodeRequest, authCodeResponse)]; case 3: tokenResponse = _a.sent(); this.browserStorage.cleanRequestByState(state); return [2 /*return*/, tokenResponse]; } }); }); }; /** * Updates authority based on cloudInstanceHostname * @param cloudInstanceHostname * @param authority * @param networkModule */ InteractionHandler.prototype.updateTokenEndpointAuthority = function (cloudInstanceHostname, authority, networkModule) { return __awaiter$1(this, void 0, void 0, function () { var cloudInstanceAuthorityUri, cloudInstanceAuthority; return __generator$1(this, function (_a) { switch (_a.label) { case 0: cloudInstanceAuthorityUri = "https://" + cloudInstanceHostname + "/" + authority.tenant + "/"; return [4 /*yield*/, AuthorityFactory.createDiscoveredInstance(cloudInstanceAuthorityUri, networkModule, this.browserStorage, authority.options)]; case 1: cloudInstanceAuthority = _a.sent(); this.authModule.updateAuthority(cloudInstanceAuthority); return [2 /*return*/]; } }); }); }; /** * Looks up ccs creds in the cache */ InteractionHandler.prototype.checkCcsCredentials = function () { // Look up ccs credential in temp cache var cachedCcsCred = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.CCS_CREDENTIAL, true); if (cachedCcsCred) { try { return JSON.parse(cachedCcsCred); } catch (e) { this.authModule.logger.error("Cache credential could not be parsed"); this.authModule.logger.errorPii("Cache credential could not be parsed: " + cachedCcsCred); } } return null; }; return InteractionHandler; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var RedirectHandler = /** @class */ (function (_super) { __extends$1(RedirectHandler, _super); function RedirectHandler(authCodeModule, storageImpl, authCodeRequest, browserRequestLogger, browserCrypto) { var _this = _super.call(this, authCodeModule, storageImpl, authCodeRequest, browserRequestLogger) || this; _this.browserCrypto = browserCrypto; return _this; } /** * Redirects window to given URL. * @param urlNavigate */ RedirectHandler.prototype.initiateAuthRequest = function (requestUrl, params) { return __awaiter$1(this, void 0, void 0, function () { var navigationOptions, navigate; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.browserRequestLogger.verbose("RedirectHandler.initiateAuthRequest called"); if (!!StringUtils.isEmpty(requestUrl)) return [3 /*break*/, 7]; // Cache start page, returns to this page after redirectUri if navigateToLoginRequestUrl is true if (params.redirectStartPage) { this.browserRequestLogger.verbose("RedirectHandler.initiateAuthRequest: redirectStartPage set, caching start page"); this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, params.redirectStartPage, true); } // Set interaction status in the library. this.browserStorage.setTemporaryCache(TemporaryCacheKeys.INTERACTION_STATUS_KEY, BrowserConstants.INTERACTION_IN_PROGRESS_VALUE, true); this.browserStorage.cacheCodeRequest(this.authCodeRequest, this.browserCrypto); this.browserRequestLogger.infoPii("RedirectHandler.initiateAuthRequest: Navigate to: " + requestUrl); navigationOptions = { apiId: exports.ApiId.acquireTokenRedirect, timeout: params.redirectTimeout, noHistory: false }; if (!(typeof params.onRedirectNavigate === "function")) return [3 /*break*/, 4]; this.browserRequestLogger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"); navigate = params.onRedirectNavigate(requestUrl); if (!(navigate !== false)) return [3 /*break*/, 2]; this.browserRequestLogger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"); return [4 /*yield*/, params.navigationClient.navigateExternal(requestUrl, navigationOptions)]; case 1: _a.sent(); return [2 /*return*/]; case 2: this.browserRequestLogger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation"); return [2 /*return*/]; case 3: return [3 /*break*/, 6]; case 4: // Navigate window to request URL this.browserRequestLogger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"); return [4 /*yield*/, params.navigationClient.navigateExternal(requestUrl, navigationOptions)]; case 5: _a.sent(); return [2 /*return*/]; case 6: return [3 /*break*/, 8]; case 7: // Throw error if request URL is empty. this.browserRequestLogger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"); throw BrowserAuthError.createEmptyNavigationUriError(); case 8: return [2 /*return*/]; } }); }); }; /** * Handle authorization code response in the window. * @param hash */ RedirectHandler.prototype.handleCodeResponse = function (locationHash, state, authority, networkModule, clientId) { return __awaiter$1(this, void 0, void 0, function () { var stateKey, requestState, authCodeResponse, nonceKey, cachedNonce, cachedCcsCred, tokenResponse; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.browserRequestLogger.verbose("RedirectHandler.handleCodeResponse called"); // Check that location hash isn't empty. if (StringUtils.isEmpty(locationHash)) { throw BrowserAuthError.createEmptyHashError(locationHash); } // Interaction is completed - remove interaction status. this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.INTERACTION_STATUS_KEY)); stateKey = this.browserStorage.generateStateKey(state); requestState = this.browserStorage.getTemporaryCache(stateKey); if (!requestState) { throw ClientAuthError.createStateNotFoundError("Cached State"); } authCodeResponse = this.authModule.handleFragmentResponse(locationHash, requestState); nonceKey = this.browserStorage.generateNonceKey(requestState); cachedNonce = this.browserStorage.getTemporaryCache(nonceKey); // Assign code to request this.authCodeRequest.code = authCodeResponse.code; if (!authCodeResponse.cloud_instance_host_name) return [3 /*break*/, 2]; return [4 /*yield*/, this.updateTokenEndpointAuthority(authCodeResponse.cloud_instance_host_name, authority, networkModule)]; case 1: _a.sent(); _a.label = 2; case 2: authCodeResponse.nonce = cachedNonce || undefined; authCodeResponse.state = requestState; // Add CCS parameters if available if (authCodeResponse.client_info) { this.authCodeRequest.clientInfo = authCodeResponse.client_info; } else { cachedCcsCred = this.checkCcsCredentials(); if (cachedCcsCred) { this.authCodeRequest.ccsCredential = cachedCcsCred; } } // Remove throttle if it exists if (clientId) { ThrottlingUtils.removeThrottle(this.browserStorage, clientId, this.authCodeRequest.authority, this.authCodeRequest.scopes); } return [4 /*yield*/, this.authModule.acquireToken(this.authCodeRequest, authCodeResponse)]; case 3: tokenResponse = _a.sent(); this.browserStorage.cleanRequestByState(state); return [2 /*return*/, tokenResponse]; } }); }); }; return RedirectHandler; }(InteractionHandler)); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var PopupUtils = /** @class */ (function () { function PopupUtils(storageImpl, logger) { this.browserStorage = storageImpl; this.logger = logger; // Properly sets this reference for the unload event. this.unloadWindow = this.unloadWindow.bind(this); } /** * @hidden * * Configures popup window for login. * * @param urlNavigate * @param title * @param popUpWidth * @param popUpHeight * @ignore * @hidden */ PopupUtils.prototype.openPopup = function (urlNavigate, popupName, popup) { try { var popupWindow = void 0; // Popup window passed in, setting url to navigate to if (popup) { popupWindow = popup; this.logger.verbosePii("Navigating popup window to: " + urlNavigate); popupWindow.location.assign(urlNavigate); } else if (typeof popup === "undefined") { // Popup will be undefined if it was not passed in this.logger.verbosePii("Opening popup window to: " + urlNavigate); popupWindow = PopupUtils.openSizedPopup(urlNavigate, popupName); } // Popup will be null if popups are blocked if (!popupWindow) { throw BrowserAuthError.createEmptyWindowCreatedError(); } if (popupWindow.focus) { popupWindow.focus(); } this.currentWindow = popupWindow; window.addEventListener("beforeunload", this.unloadWindow); return popupWindow; } catch (e) { this.logger.error("error opening popup " + e.message); this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.INTERACTION_STATUS_KEY)); throw BrowserAuthError.createPopupWindowError(e.toString()); } }; PopupUtils.openSizedPopup = function (urlNavigate, popupName) { /** * adding winLeft and winTop to account for dual monitor * using screenLeft and screenTop for IE8 and earlier */ var winLeft = window.screenLeft ? window.screenLeft : window.screenX; var winTop = window.screenTop ? window.screenTop : window.screenY; /** * window.innerWidth displays browser window"s height and width excluding toolbars * using document.documentElement.clientWidth for IE8 and earlier */ var width = window.innerWidth || document.documentElement.clientWidth || document.body.clientWidth; var height = window.innerHeight || document.documentElement.clientHeight || document.body.clientHeight; var left = Math.max(0, ((width / 2) - (BrowserConstants.POPUP_WIDTH / 2)) + winLeft); var top = Math.max(0, ((height / 2) - (BrowserConstants.POPUP_HEIGHT / 2)) + winTop); return window.open(urlNavigate, popupName, "width=" + BrowserConstants.POPUP_WIDTH + ", height=" + BrowserConstants.POPUP_HEIGHT + ", top=" + top + ", left=" + left + ", scrollbars=yes"); }; /** * Event callback to unload main window. */ PopupUtils.prototype.unloadWindow = function (e) { this.browserStorage.cleanRequestByInteractionType(exports.InteractionType.Popup); if (this.currentWindow) { this.currentWindow.close(); } // Guarantees browser unload will happen, so no other errors will be thrown. e.preventDefault(); }; /** * Closes popup, removes any state vars created during popup calls. * @param popupWindow */ PopupUtils.prototype.cleanPopup = function (popupWindow) { if (popupWindow) { // Close window. popupWindow.close(); } // Remove window unload function window.removeEventListener("beforeunload", this.unloadWindow); // Interaction is completed - remove interaction status. this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.INTERACTION_STATUS_KEY)); }; /** * Monitors a window until it loads a url with the same origin. * @param popupWindow - window that is being monitored */ PopupUtils.prototype.monitorPopupForSameOrigin = function (popupWindow) { var _this = this; return new Promise(function (resolve, reject) { var intervalId = setInterval(function () { if (popupWindow.closed) { // Window is closed _this.cleanPopup(); clearInterval(intervalId); reject(BrowserAuthError.createUserCancelledError()); return; } var href = Constants.EMPTY_STRING; try { /* * Will throw if cross origin, * which should be caught and ignored * since we need the interval to keep running while on STS UI. */ href = popupWindow.location.href; } catch (e) { } // Don't process blank pages or cross domain if (StringUtils.isEmpty(href) || href === "about:blank") { return; } clearInterval(intervalId); resolve(); }, BrowserConstants.POLL_INTERVAL_MS); }); }; /** * Generates the name for the popup based on the client id and request * @param clientId * @param request */ PopupUtils.generatePopupName = function (clientId, request) { return BrowserConstants.POPUP_NAME_PREFIX + "." + clientId + "." + request.scopes.join("-") + "." + request.authority + "." + request.correlationId; }; /** * Generates the name for the popup based on the client id and request for logouts * @param clientId * @param request */ PopupUtils.generateLogoutPopupName = function (clientId, request) { var homeAccountId = request.account && request.account.homeAccountId; return BrowserConstants.POPUP_NAME_PREFIX + "." + clientId + "." + homeAccountId + "." + request.correlationId; }; return PopupUtils; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * This class implements the interaction handler base class for browsers. It is written specifically for handling * popup window scenarios. It includes functions for monitoring the popup window for a hash. */ var PopupHandler = /** @class */ (function (_super) { __extends$1(PopupHandler, _super); function PopupHandler(authCodeModule, storageImpl, authCodeRequest, browserRequestLogger) { var _this = _super.call(this, authCodeModule, storageImpl, authCodeRequest, browserRequestLogger) || this; // Properly sets this reference for the unload event. _this.popupUtils = new PopupUtils(storageImpl, browserRequestLogger); return _this; } /** * Opens a popup window with given request Url. * @param requestUrl */ PopupHandler.prototype.initiateAuthRequest = function (requestUrl, params) { // Check that request url is not empty. if (!StringUtils.isEmpty(requestUrl)) { // Set interaction status in the library. this.browserStorage.setTemporaryCache(TemporaryCacheKeys.INTERACTION_STATUS_KEY, BrowserConstants.INTERACTION_IN_PROGRESS_VALUE, true); this.browserRequestLogger.infoPii("Navigate to: " + requestUrl); // Open the popup window to requestUrl. return this.popupUtils.openPopup(requestUrl, params.popupName, params.popup); } else { // Throw error if request URL is empty. this.browserRequestLogger.error("Navigate url is empty"); throw BrowserAuthError.createEmptyNavigationUriError(); } }; /** * Monitors a window until it loads a url with a known hash, or hits a specified timeout. * @param popupWindow - window that is being monitored * @param timeout - milliseconds until timeout */ PopupHandler.prototype.monitorPopupForHash = function (popupWindow) { var _this = this; return this.popupUtils.monitorPopupForSameOrigin(popupWindow).then(function () { var contentHash = popupWindow.location.hash; BrowserUtils.clearHash(popupWindow); _this.popupUtils.cleanPopup(popupWindow); if (!contentHash) { throw BrowserAuthError.createEmptyHashError(popupWindow.location.href); } if (UrlString.hashContainsKnownProperties(contentHash)) { return contentHash; } else { throw BrowserAuthError.createHashDoesNotContainKnownPropertiesError(); } }); }; return PopupHandler; }(InteractionHandler)); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var SilentHandler = /** @class */ (function (_super) { __extends$1(SilentHandler, _super); function SilentHandler(authCodeModule, storageImpl, authCodeRequest, browserRequestLogger, navigateFrameWait) { var _this = _super.call(this, authCodeModule, storageImpl, authCodeRequest, browserRequestLogger) || this; _this.navigateFrameWait = navigateFrameWait; return _this; } /** * Creates a hidden iframe to given URL using user-requested scopes as an id. * @param urlNavigate * @param userRequestScopes */ SilentHandler.prototype.initiateAuthRequest = function (requestUrl) { return __awaiter$1(this, void 0, void 0, function () { var _a; return __generator$1(this, function (_b) { switch (_b.label) { case 0: if (StringUtils.isEmpty(requestUrl)) { // Throw error if request URL is empty. this.browserRequestLogger.info("Navigate url is empty"); throw BrowserAuthError.createEmptyNavigationUriError(); } if (!this.navigateFrameWait) return [3 /*break*/, 2]; return [4 /*yield*/, this.loadFrame(requestUrl)]; case 1: _a = _b.sent(); return [3 /*break*/, 3]; case 2: _a = this.loadFrameSync(requestUrl); _b.label = 3; case 3: return [2 /*return*/, _a]; } }); }); }; /** * Monitors an iframe content window until it loads a url with a known hash, or hits a specified timeout. * @param iframe * @param timeout */ SilentHandler.prototype.monitorIframeForHash = function (iframe, timeout) { var _this = this; return new Promise(function (resolve, reject) { if (timeout < DEFAULT_IFRAME_TIMEOUT_MS) { _this.browserRequestLogger.warning("system.loadFrameTimeout or system.iframeHashTimeout set to lower (" + timeout + "ms) than the default (" + DEFAULT_IFRAME_TIMEOUT_MS + "ms). This may result in timeouts."); } /* * Polling for iframes can be purely timing based, * since we don't need to account for interaction. */ var nowMark = window.performance.now(); var timeoutMark = nowMark + timeout; var intervalId = setInterval(function () { if (window.performance.now() > timeoutMark) { _this.removeHiddenIframe(iframe); clearInterval(intervalId); reject(BrowserAuthError.createMonitorIframeTimeoutError()); return; } var href = Constants.EMPTY_STRING; var contentWindow = iframe.contentWindow; try { /* * Will throw if cross origin, * which should be caught and ignored * since we need the interval to keep running while on STS UI. */ href = contentWindow ? contentWindow.location.href : Constants.EMPTY_STRING; } catch (e) { } if (StringUtils.isEmpty(href)) { return; } var contentHash = contentWindow ? contentWindow.location.hash : Constants.EMPTY_STRING; if (UrlString.hashContainsKnownProperties(contentHash)) { // Success case _this.removeHiddenIframe(iframe); clearInterval(intervalId); resolve(contentHash); return; } }, BrowserConstants.POLL_INTERVAL_MS); }); }; /** * @hidden * Loads iframe with authorization endpoint URL * @ignore */ SilentHandler.prototype.loadFrame = function (urlNavigate) { /* * This trick overcomes iframe navigation in IE * IE does not load the page consistently in iframe */ var _this = this; return new Promise(function (resolve, reject) { var frameHandle = _this.createHiddenIframe(); setTimeout(function () { if (!frameHandle) { reject("Unable to load iframe"); return; } frameHandle.src = urlNavigate; resolve(frameHandle); }, _this.navigateFrameWait); }); }; /** * @hidden * Loads the iframe synchronously when the navigateTimeFrame is set to `0` * @param urlNavigate * @param frameName * @param logger */ SilentHandler.prototype.loadFrameSync = function (urlNavigate) { var frameHandle = this.createHiddenIframe(); frameHandle.src = urlNavigate; return frameHandle; }; /** * @hidden * Creates a new hidden iframe or gets an existing one for silent token renewal. * @ignore */ SilentHandler.prototype.createHiddenIframe = function () { var authFrame = document.createElement("iframe"); authFrame.style.visibility = "hidden"; authFrame.style.position = "absolute"; authFrame.style.width = authFrame.style.height = "0"; authFrame.style.border = "0"; authFrame.setAttribute("sandbox", "allow-scripts allow-same-origin allow-forms"); document.getElementsByTagName("body")[0].appendChild(authFrame); return authFrame; }; /** * @hidden * Removes a hidden iframe from the page. * @ignore */ SilentHandler.prototype.removeHiddenIframe = function (iframe) { if (document.body === iframe.parentNode) { document.body.removeChild(iframe); } }; return SilentHandler; }(InteractionHandler)); /* eslint-disable header/header */ var name = "@azure/msal-browser"; var version = "2.15.0"; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ exports.EventType = void 0; (function (EventType) { EventType["LOGIN_START"] = "msal:loginStart"; EventType["LOGIN_SUCCESS"] = "msal:loginSuccess"; EventType["LOGIN_FAILURE"] = "msal:loginFailure"; EventType["ACQUIRE_TOKEN_START"] = "msal:acquireTokenStart"; EventType["ACQUIRE_TOKEN_SUCCESS"] = "msal:acquireTokenSuccess"; EventType["ACQUIRE_TOKEN_FAILURE"] = "msal:acquireTokenFailure"; EventType["ACQUIRE_TOKEN_NETWORK_START"] = "msal:acquireTokenFromNetworkStart"; EventType["SSO_SILENT_START"] = "msal:ssoSilentStart"; EventType["SSO_SILENT_SUCCESS"] = "msal:ssoSilentSuccess"; EventType["SSO_SILENT_FAILURE"] = "msal:ssoSilentFailure"; EventType["HANDLE_REDIRECT_START"] = "msal:handleRedirectStart"; EventType["HANDLE_REDIRECT_END"] = "msal:handleRedirectEnd"; EventType["POPUP_OPENED"] = "msal:popupOpened"; EventType["LOGOUT_START"] = "msal:logoutStart"; EventType["LOGOUT_SUCCESS"] = "msal:logoutSuccess"; EventType["LOGOUT_FAILURE"] = "msal:logoutFailure"; EventType["LOGOUT_END"] = "msal:logoutEnd"; })(exports.EventType || (exports.EventType = {})); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var EventHandler = /** @class */ (function () { function EventHandler(logger, browserCrypto) { this.eventCallbacks = new Map(); this.logger = logger; this.browserCrypto = browserCrypto; } /** * Adds event callbacks to array * @param callback */ EventHandler.prototype.addEventCallback = function (callback) { if (typeof window !== "undefined") { var callbackId = this.browserCrypto.createNewGuid(); this.eventCallbacks.set(callbackId, callback); this.logger.verbose("Event callback registered with id: " + callbackId); return callbackId; } return null; }; /** * Removes callback with provided id from callback array * @param callbackId */ EventHandler.prototype.removeEventCallback = function (callbackId) { this.eventCallbacks.delete(callbackId); this.logger.verbose("Event callback " + callbackId + " removed."); }; /** * Emits events by calling callback with event message * @param eventType * @param interactionType * @param payload * @param error */ EventHandler.prototype.emitEvent = function (eventType, interactionType, payload, error) { var _this = this; if (typeof window !== "undefined") { var message_1 = { eventType: eventType, interactionType: interactionType || null, payload: payload || null, error: error || null, timestamp: Date.now() }; this.logger.info("Emitting event: " + eventType); this.eventCallbacks.forEach(function (callback, callbackId) { _this.logger.verbose("Emitting event to callback " + callbackId + ": " + eventType); callback.apply(null, [message_1]); }); } }; return EventHandler; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var ClientApplication = /** @class */ (function () { /** * @constructor * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object * * Important attributes in the Configuration object for auth are: * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview * - authority: the authority URL for your application. * - redirect_uri: the uri of your application registered in the portal. * * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here} * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. * * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/ * Full B2C functionality will be available in this library in future versions. * * @param configuration Object for the MSAL PublicClientApplication instance */ function ClientApplication(configuration) { /* * If loaded in an environment where window is not available, * set internal flag to false so that further requests fail. * This is to support server-side rendering environments. */ this.isBrowserEnvironment = typeof window !== "undefined"; // Set the configuration. this.config = buildConfiguration(configuration, this.isBrowserEnvironment); this.activeLocalAccountId = null; // Initialize logger this.logger = new Logger(this.config.system.loggerOptions, name, version); // Initialize the network module class. this.networkClient = this.config.system.networkClient; // Initialize the navigation client class. this.navigationClient = this.config.system.navigationClient; // Initialize redirectResponse Map this.redirectResponse = new Map(); // Initialize the crypto class. this.browserCrypto = this.isBrowserEnvironment ? new CryptoOps() : DEFAULT_CRYPTO_IMPLEMENTATION; this.eventHandler = new EventHandler(this.logger, this.browserCrypto); // Initialize the browser storage class. this.browserStorage = this.isBrowserEnvironment ? new BrowserCacheManager(this.config.auth.clientId, this.config.cache, this.browserCrypto, this.logger) : DEFAULT_BROWSER_CACHE_MANAGER(this.config.auth.clientId, this.logger); } // #region Redirect Flow /** * Event handler function which allows users to fire events after the PublicClientApplication object * has loaded during redirect flows. This should be invoked on all page loads involved in redirect * auth flows. * @param hash Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value. * @returns Token response or null. If the return value is null, then no auth redirect was detected. */ ClientApplication.prototype.handleRedirectPromise = function (hash) { return __awaiter$1(this, void 0, void 0, function () { var loggedInAccounts, redirectResponseKey, response; var _this = this; return __generator$1(this, function (_a) { this.eventHandler.emitEvent(exports.EventType.HANDLE_REDIRECT_START, exports.InteractionType.Redirect); this.logger.verbose("handleRedirectPromise called"); loggedInAccounts = this.getAllAccounts(); if (this.isBrowserEnvironment) { redirectResponseKey = hash || Constants.EMPTY_STRING; response = this.redirectResponse.get(redirectResponseKey); if (typeof response === "undefined") { this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise"); response = this.handleRedirectResponse(hash) .then(function (result) { if (result) { // Emit login event if number of accounts change var isLoggingIn = loggedInAccounts.length < _this.getAllAccounts().length; if (isLoggingIn) { _this.eventHandler.emitEvent(exports.EventType.LOGIN_SUCCESS, exports.InteractionType.Redirect, result); _this.logger.verbose("handleRedirectResponse returned result, login success"); } else { _this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_SUCCESS, exports.InteractionType.Redirect, result); _this.logger.verbose("handleRedirectResponse returned result, acquire token success"); } } _this.eventHandler.emitEvent(exports.EventType.HANDLE_REDIRECT_END, exports.InteractionType.Redirect); return result; }) .catch(function (e) { // Emit login event if there is an account if (loggedInAccounts.length > 0) { _this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_FAILURE, exports.InteractionType.Redirect, null, e); } else { _this.eventHandler.emitEvent(exports.EventType.LOGIN_FAILURE, exports.InteractionType.Redirect, null, e); } _this.eventHandler.emitEvent(exports.EventType.HANDLE_REDIRECT_END, exports.InteractionType.Redirect); throw e; }); this.redirectResponse.set(redirectResponseKey, response); } else { this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"); } return [2 /*return*/, response]; } this.logger.verbose("handleRedirectPromise returns null, not browser environment"); return [2 /*return*/, null]; }); }); }; /** * Checks if navigateToLoginRequestUrl is set, and: * - if true, performs logic to cache and navigate * - if false, handles hash string and parses response * @param hash */ ClientApplication.prototype.handleRedirectResponse = function (hash) { return __awaiter$1(this, void 0, void 0, function () { var responseHash, state, loginRequestUrl, loginRequestUrlNormalized, currentUrlNormalized, handleHashResult, navigationOptions, processHashOnRedirect, homepage; return __generator$1(this, function (_a) { switch (_a.label) { case 0: if (!this.interactionInProgress()) { this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."); return [2 /*return*/, null]; } responseHash = this.getRedirectResponseHash(hash || window.location.hash); if (!responseHash) { // Not a recognized server response hash or hash not associated with a redirect request this.logger.info("handleRedirectPromise did not detect a response hash as a result of a redirect. Cleaning temporary cache."); this.browserStorage.cleanRequestByInteractionType(exports.InteractionType.Redirect); return [2 /*return*/, null]; } try { state = this.validateAndExtractStateFromHash(responseHash, exports.InteractionType.Redirect); BrowserUtils.clearHash(window); this.logger.verbose("State extracted from hash"); } catch (e) { this.logger.info("handleRedirectPromise was unable to extract state due to: " + e); this.browserStorage.cleanRequestByInteractionType(exports.InteractionType.Redirect); return [2 /*return*/, null]; } loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, true) || ""; loginRequestUrlNormalized = UrlString.removeHashFromUrl(loginRequestUrl); currentUrlNormalized = UrlString.removeHashFromUrl(window.location.href); if (!(loginRequestUrlNormalized === currentUrlNormalized && this.config.auth.navigateToLoginRequestUrl)) return [3 /*break*/, 2]; // We are on the page we need to navigate to - handle hash this.logger.verbose("Current page is loginRequestUrl, handling hash"); return [4 /*yield*/, this.handleHash(responseHash, state)]; case 1: handleHashResult = _a.sent(); if (loginRequestUrl.indexOf("#") > -1) { // Replace current hash with non-msal hash, if present BrowserUtils.replaceHash(loginRequestUrl); } return [2 /*return*/, handleHashResult]; case 2: if (!!this.config.auth.navigateToLoginRequestUrl) return [3 /*break*/, 3]; this.logger.verbose("NavigateToLoginRequestUrl set to false, handling hash"); return [2 /*return*/, this.handleHash(responseHash, state)]; case 3: if (!!BrowserUtils.isInIframe()) return [3 /*break*/, 8]; /* * Returned from authority using redirect - need to perform navigation before processing response * Cache the hash to be retrieved after the next redirect */ this.browserStorage.setTemporaryCache(TemporaryCacheKeys.URL_HASH, responseHash, true); navigationOptions = { apiId: exports.ApiId.handleRedirectPromise, timeout: this.config.system.redirectNavigationTimeout, noHistory: true }; processHashOnRedirect = true; if (!(!loginRequestUrl || loginRequestUrl === "null")) return [3 /*break*/, 5]; homepage = BrowserUtils.getHomepage(); // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true); this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"); return [4 /*yield*/, this.navigationClient.navigateInternal(homepage, navigationOptions)]; case 4: processHashOnRedirect = _a.sent(); return [3 /*break*/, 7]; case 5: // Navigate to page that initiated the redirect request this.logger.verbose("Navigating to loginRequestUrl: " + loginRequestUrl); return [4 /*yield*/, this.navigationClient.navigateInternal(loginRequestUrl, navigationOptions)]; case 6: processHashOnRedirect = _a.sent(); _a.label = 7; case 7: // If navigateInternal implementation returns false, handle the hash now if (!processHashOnRedirect) { return [2 /*return*/, this.handleHash(responseHash, state)]; } _a.label = 8; case 8: return [2 /*return*/, null]; } }); }); }; /** * Gets the response hash for a redirect request * Returns null if interactionType in the state value is not "redirect" or the hash does not contain known properties * @param hash */ ClientApplication.prototype.getRedirectResponseHash = function (hash) { this.logger.verbose("getRedirectResponseHash called"); // Get current location hash from window or cache. var isResponseHash = UrlString.hashContainsKnownProperties(hash); var cachedHash = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.URL_HASH, true); this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.URL_HASH)); if (isResponseHash) { this.logger.verbose("Hash contains known properties, returning response hash"); return hash; } this.logger.verbose("Hash does not contain known properties, returning cached hash"); return cachedHash; }; /** * @param hash * @param interactionType */ ClientApplication.prototype.validateAndExtractStateFromHash = function (hash, interactionType, requestCorrelationId) { this.logger.verbose("validateAndExtractStateFromHash called", requestCorrelationId); // Deserialize hash fragment response parameters. var serverParams = UrlString.getDeserializedHash(hash); if (!serverParams.state) { throw BrowserAuthError.createHashDoesNotContainStateError(); } var platformStateObj = BrowserProtocolUtils.extractBrowserRequestState(this.browserCrypto, serverParams.state); if (!platformStateObj) { throw BrowserAuthError.createUnableToParseStateError(); } if (platformStateObj.interactionType !== interactionType) { throw BrowserAuthError.createStateInteractionTypeMismatchError(); } this.logger.verbose("Returning state from hash", requestCorrelationId); return serverParams.state; }; /** * Checks if hash exists and handles in window. * @param hash * @param state */ ClientApplication.prototype.handleHash = function (hash, state) { return __awaiter$1(this, void 0, void 0, function () { var cachedRequest, browserRequestLogger, serverTelemetryManager, currentAuthority, authClient, interactionHandler, e_1; return __generator$1(this, function (_a) { switch (_a.label) { case 0: cachedRequest = this.browserStorage.getCachedRequest(state, this.browserCrypto); browserRequestLogger = this.logger.clone(name, version, cachedRequest.correlationId); browserRequestLogger.verbose("handleHash called, retrieved cached request"); serverTelemetryManager = this.initializeServerTelemetryManager(exports.ApiId.handleRedirectPromise, cachedRequest.correlationId); _a.label = 1; case 1: _a.trys.push([1, 4, , 5]); currentAuthority = this.browserStorage.getCachedAuthority(state); if (!currentAuthority) { throw BrowserAuthError.createNoCachedAuthorityError(); } return [4 /*yield*/, this.createAuthCodeClient(serverTelemetryManager, currentAuthority, cachedRequest.correlationId)]; case 2: authClient = _a.sent(); browserRequestLogger.verbose("Auth code client created"); interactionHandler = new RedirectHandler(authClient, this.browserStorage, cachedRequest, browserRequestLogger, this.browserCrypto); return [4 /*yield*/, interactionHandler.handleCodeResponse(hash, state, authClient.authority, this.networkClient, this.config.auth.clientId)]; case 3: return [2 /*return*/, _a.sent()]; case 4: e_1 = _a.sent(); serverTelemetryManager.cacheFailedRequest(e_1); this.browserStorage.cleanRequestByInteractionType(exports.InteractionType.Redirect); throw e_1; case 5: return [2 /*return*/]; } }); }); }; /** * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects * the page, so any code that follows this function will not execute. * * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. * * @param request */ ClientApplication.prototype.acquireTokenRedirect = function (request) { return __awaiter$1(this, void 0, void 0, function () { var isLoggedIn, validRequest, browserRequestLogger, serverTelemetryManager, authCodeRequest, authClient, interactionHandler, navigateUrl, redirectStartPage, e_2; return __generator$1(this, function (_a) { switch (_a.label) { case 0: // Preflight request this.preflightBrowserEnvironmentCheck(exports.InteractionType.Redirect); this.logger.verbose("acquireTokenRedirect called"); isLoggedIn = this.getAllAccounts().length > 0; if (isLoggedIn) { this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_START, exports.InteractionType.Redirect, request); } else { this.eventHandler.emitEvent(exports.EventType.LOGIN_START, exports.InteractionType.Redirect, request); } validRequest = this.preflightInteractiveRequest(request, exports.InteractionType.Redirect); browserRequestLogger = this.logger.clone(name, version, validRequest.correlationId); serverTelemetryManager = this.initializeServerTelemetryManager(exports.ApiId.acquireTokenRedirect, validRequest.correlationId); _a.label = 1; case 1: _a.trys.push([1, 5, , 6]); return [4 /*yield*/, this.initializeAuthorizationCodeRequest(validRequest)]; case 2: authCodeRequest = _a.sent(); return [4 /*yield*/, this.createAuthCodeClient(serverTelemetryManager, validRequest.authority, validRequest.correlationId)]; case 3: authClient = _a.sent(); browserRequestLogger.verbose("Auth code client created"); interactionHandler = new RedirectHandler(authClient, this.browserStorage, authCodeRequest, browserRequestLogger, this.browserCrypto); return [4 /*yield*/, authClient.getAuthCodeUrl(validRequest)]; case 4: navigateUrl = _a.sent(); redirectStartPage = this.getRedirectStartPage(request.redirectStartPage); browserRequestLogger.verbosePii("Redirect start page: " + redirectStartPage); // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function. return [2 /*return*/, interactionHandler.initiateAuthRequest(navigateUrl, { navigationClient: this.navigationClient, redirectTimeout: this.config.system.redirectNavigationTimeout, redirectStartPage: redirectStartPage, onRedirectNavigate: request.onRedirectNavigate })]; case 5: e_2 = _a.sent(); // If logged in, emit acquire token events if (isLoggedIn) { this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_FAILURE, exports.InteractionType.Redirect, null, e_2); } else { this.eventHandler.emitEvent(exports.EventType.LOGIN_FAILURE, exports.InteractionType.Redirect, null, e_2); } serverTelemetryManager.cacheFailedRequest(e_2); this.browserStorage.cleanRequestByState(validRequest.state); throw e_2; case 6: return [2 /*return*/]; } }); }); }; // #endregion // #region Popup Flow /** * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser * * @param request * * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ ClientApplication.prototype.acquireTokenPopup = function (request) { var validRequest; try { this.preflightBrowserEnvironmentCheck(exports.InteractionType.Popup); this.logger.verbose("acquireTokenPopup called", request.correlationId); validRequest = this.preflightInteractiveRequest(request, exports.InteractionType.Popup); } catch (e) { // Since this function is syncronous we need to reject return Promise.reject(e); } var popupName = PopupUtils.generatePopupName(this.config.auth.clientId, validRequest); // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously. if (this.config.system.asyncPopups) { this.logger.verbose("asyncPopups set to true, acquiring token", validRequest.correlationId); return this.acquireTokenPopupAsync(validRequest, popupName); } else { // asyncPopups flag is set to false. Opens popup before acquiring token. this.logger.verbose("asyncPopup set to false, opening popup before acquiring token", validRequest.correlationId); var popup = PopupUtils.openSizedPopup("about:blank", popupName); return this.acquireTokenPopupAsync(validRequest, popupName, popup); } }; /** * Helper which obtains an access_token for your API via opening a popup window in the user's browser * @param validRequest * @param popupName * @param popup * * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ ClientApplication.prototype.acquireTokenPopupAsync = function (validRequest, popupName, popup) { return __awaiter$1(this, void 0, void 0, function () { var loggedInAccounts, browserRequestLogger, serverTelemetryManager, authCodeRequest, authClient, navigateUrl, interactionHandler, popupParameters, popupWindow, hash, state, result, isLoggingIn, e_3; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.logger.verbose("acquireTokenPopupAsync called", validRequest.correlationId); loggedInAccounts = this.getAllAccounts(); if (loggedInAccounts.length > 0) { this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_START, exports.InteractionType.Popup, validRequest); } else { this.eventHandler.emitEvent(exports.EventType.LOGIN_START, exports.InteractionType.Popup, validRequest); } browserRequestLogger = this.logger.clone(name, version, validRequest.correlationId); serverTelemetryManager = this.initializeServerTelemetryManager(exports.ApiId.acquireTokenPopup, validRequest.correlationId); _a.label = 1; case 1: _a.trys.push([1, 7, , 8]); return [4 /*yield*/, this.initializeAuthorizationCodeRequest(validRequest)]; case 2: authCodeRequest = _a.sent(); return [4 /*yield*/, this.createAuthCodeClient(serverTelemetryManager, validRequest.authority, validRequest.correlationId)]; case 3: authClient = _a.sent(); browserRequestLogger.verbose("Auth code client created"); return [4 /*yield*/, authClient.getAuthCodeUrl(validRequest)]; case 4: navigateUrl = _a.sent(); interactionHandler = new PopupHandler(authClient, this.browserStorage, authCodeRequest, browserRequestLogger); popupParameters = { popup: popup, popupName: popupName }; popupWindow = interactionHandler.initiateAuthRequest(navigateUrl, popupParameters); this.eventHandler.emitEvent(exports.EventType.POPUP_OPENED, exports.InteractionType.Popup, { popupWindow: popupWindow }, null); return [4 /*yield*/, interactionHandler.monitorPopupForHash(popupWindow)]; case 5: hash = _a.sent(); state = this.validateAndExtractStateFromHash(hash, exports.InteractionType.Popup, validRequest.correlationId); // Remove throttle if it exists ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId, authCodeRequest.authority, authCodeRequest.scopes); return [4 /*yield*/, interactionHandler.handleCodeResponse(hash, state, authClient.authority, this.networkClient)]; case 6: result = _a.sent(); isLoggingIn = loggedInAccounts.length < this.getAllAccounts().length; if (isLoggingIn) { this.eventHandler.emitEvent(exports.EventType.LOGIN_SUCCESS, exports.InteractionType.Popup, result); } else { this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_SUCCESS, exports.InteractionType.Popup, result); } return [2 /*return*/, result]; case 7: e_3 = _a.sent(); if (loggedInAccounts.length > 0) { this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_FAILURE, exports.InteractionType.Popup, null, e_3); } else { this.eventHandler.emitEvent(exports.EventType.LOGIN_FAILURE, exports.InteractionType.Popup, null, e_3); } if (popup) { // Close the synchronous popup if an error is thrown before the window unload event is registered popup.close(); } serverTelemetryManager.cacheFailedRequest(e_3); this.browserStorage.cleanRequestByState(validRequest.state); throw e_3; case 8: return [2 /*return*/]; } }); }); }; // #endregion // #region Silent Flow /** * This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work: * - Any browser using a form of Intelligent Tracking Prevention * - If there is not an established session with the service * * In these cases, the request must be done inside a popup or full frame redirect. * * For the cases where interaction is required, you cannot send a request with prompt=none. * * If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as * you session on the server still exists. * @param request {@link SsoSilentRequest} * * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ ClientApplication.prototype.ssoSilent = function (request) { return __awaiter$1(this, void 0, void 0, function () { var silentTokenResult, e_4; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.preflightBrowserEnvironmentCheck(exports.InteractionType.Silent); this.logger.verbose("ssoSilent called", request.correlationId); this.eventHandler.emitEvent(exports.EventType.SSO_SILENT_START, exports.InteractionType.Silent, request); _a.label = 1; case 1: _a.trys.push([1, 3, , 4]); return [4 /*yield*/, this.acquireTokenByIframe(request, exports.ApiId.ssoSilent)]; case 2: silentTokenResult = _a.sent(); this.eventHandler.emitEvent(exports.EventType.SSO_SILENT_SUCCESS, exports.InteractionType.Silent, silentTokenResult); return [2 /*return*/, silentTokenResult]; case 3: e_4 = _a.sent(); this.eventHandler.emitEvent(exports.EventType.SSO_SILENT_FAILURE, exports.InteractionType.Silent, null, e_4); throw e_4; case 4: return [2 /*return*/]; } }); }); }; /** * This function uses a hidden iframe to fetch an authorization code from the eSTS. To be used for silent refresh token acquisition and renewal. * @param request * @param apiId - ApiId of the calling function. Used for telemetry. */ ClientApplication.prototype.acquireTokenByIframe = function (request, apiId) { return __awaiter$1(this, void 0, void 0, function () { var silentRequest, browserRequestLogger, serverTelemetryManager, authCodeRequest, authClient, navigateUrl, e_5; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.logger.verbose("acquireTokenByIframe called", request.correlationId); // Check that we have some SSO data if (StringUtils.isEmpty(request.loginHint) && StringUtils.isEmpty(request.sid) && (!request.account || StringUtils.isEmpty(request.account.username))) { throw BrowserAuthError.createSilentSSOInsufficientInfoError(); } // Check that prompt is set to none, throw error if it is set to anything else. if (request.prompt && request.prompt !== PromptValue.NONE) { throw BrowserAuthError.createSilentPromptValueError(request.prompt); } silentRequest = this.initializeAuthorizationRequest(__assign$1(__assign$1({}, request), { prompt: PromptValue.NONE }), exports.InteractionType.Silent); browserRequestLogger = this.logger.clone(name, version, silentRequest.correlationId); serverTelemetryManager = this.initializeServerTelemetryManager(apiId, silentRequest.correlationId); _a.label = 1; case 1: _a.trys.push([1, 6, , 7]); return [4 /*yield*/, this.initializeAuthorizationCodeRequest(silentRequest)]; case 2: authCodeRequest = _a.sent(); return [4 /*yield*/, this.createAuthCodeClient(serverTelemetryManager, silentRequest.authority, silentRequest.correlationId)]; case 3: authClient = _a.sent(); browserRequestLogger.verbose("Auth code client created"); return [4 /*yield*/, authClient.getAuthCodeUrl(silentRequest)]; case 4: navigateUrl = _a.sent(); return [4 /*yield*/, this.silentTokenHelper(navigateUrl, authCodeRequest, authClient, browserRequestLogger)]; case 5: return [2 /*return*/, _a.sent()]; case 6: e_5 = _a.sent(); serverTelemetryManager.cacheFailedRequest(e_5); this.browserStorage.cleanRequestByState(silentRequest.state); throw e_5; case 7: return [2 /*return*/]; } }); }); }; /** * Use this function to obtain a token before every call to the API / resource provider * * MSAL return's a cached token when available * Or it send's a request to the STS to obtain a new token using a refresh token. * * @param {@link SilentRequest} * * To renew idToken, please pass clientId as the only scope in the Authentication Parameters * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ ClientApplication.prototype.acquireTokenByRefreshToken = function (request) { return __awaiter$1(this, void 0, void 0, function () { var silentRequest, browserRequestLogger, serverTelemetryManager, refreshTokenClient, e_6, isServerError, isInteractionRequiredError, isInvalidGrantError; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_NETWORK_START, exports.InteractionType.Silent, request); // block the reload if it occurred inside a hidden iframe BrowserUtils.blockReloadInHiddenIframes(); silentRequest = __assign$1(__assign$1({}, request), this.initializeBaseRequest(request)); browserRequestLogger = this.logger.clone(name, version, silentRequest.correlationId); serverTelemetryManager = this.initializeServerTelemetryManager(exports.ApiId.acquireTokenSilent_silentFlow, silentRequest.correlationId); _a.label = 1; case 1: _a.trys.push([1, 4, , 7]); return [4 /*yield*/, this.createRefreshTokenClient(serverTelemetryManager, silentRequest.authority, silentRequest.correlationId)]; case 2: refreshTokenClient = _a.sent(); browserRequestLogger.verbose("Refresh token client created"); return [4 /*yield*/, refreshTokenClient.acquireTokenByRefreshToken(silentRequest)]; case 3: // Send request to renew token. Auth module will throw errors if token cannot be renewed. return [2 /*return*/, _a.sent()]; case 4: e_6 = _a.sent(); serverTelemetryManager.cacheFailedRequest(e_6); isServerError = e_6 instanceof ServerError; isInteractionRequiredError = e_6 instanceof InteractionRequiredAuthError; isInvalidGrantError = (e_6.errorCode === BrowserConstants.INVALID_GRANT_ERROR); if (!(isServerError && isInvalidGrantError && !isInteractionRequiredError)) return [3 /*break*/, 6]; browserRequestLogger.verbose("Refresh token expired or invalid, attempting acquire token by iframe"); return [4 /*yield*/, this.acquireTokenByIframe(request, exports.ApiId.acquireTokenSilent_authCode)]; case 5: return [2 /*return*/, _a.sent()]; case 6: throw e_6; case 7: return [2 /*return*/]; } }); }); }; /** * Helper which acquires an authorization code silently using a hidden iframe from given url * using the scopes requested as part of the id, and exchanges the code for a set of OAuth tokens. * @param navigateUrl * @param userRequestScopes */ ClientApplication.prototype.silentTokenHelper = function (navigateUrl, authCodeRequest, authClient, browserRequestLogger) { return __awaiter$1(this, void 0, void 0, function () { var silentHandler, msalFrame, hash, state; return __generator$1(this, function (_a) { switch (_a.label) { case 0: silentHandler = new SilentHandler(authClient, this.browserStorage, authCodeRequest, browserRequestLogger, this.config.system.navigateFrameWait); return [4 /*yield*/, silentHandler.initiateAuthRequest(navigateUrl)]; case 1: msalFrame = _a.sent(); return [4 /*yield*/, silentHandler.monitorIframeForHash(msalFrame, this.config.system.iframeHashTimeout)]; case 2: hash = _a.sent(); state = this.validateAndExtractStateFromHash(hash, exports.InteractionType.Silent, authCodeRequest.correlationId); // Handle response from hash string return [2 /*return*/, silentHandler.handleCodeResponse(hash, state, authClient.authority, this.networkClient)]; } }); }); }; // #endregion // #region Logout /** * Deprecated logout function. Use logoutRedirect or logoutPopup instead * @param logoutRequest * @deprecated */ ClientApplication.prototype.logout = function (logoutRequest) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead."); return [2 /*return*/, this.logoutRedirect(logoutRequest)]; }); }); }; /** * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. * Default behaviour is to redirect the user to `window.location.href`. * @param logoutRequest */ ClientApplication.prototype.logoutRedirect = function (logoutRequest) { return __awaiter$1(this, void 0, void 0, function () { var validLogoutRequest, browserRequestLogger, serverTelemetryManager, authClient, logoutUri, navigationOptions, navigate, e_7; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.preflightBrowserEnvironmentCheck(exports.InteractionType.Redirect); this.logger.verbose("logoutRedirect called", logoutRequest === null || logoutRequest === void 0 ? void 0 : logoutRequest.correlationId); validLogoutRequest = this.initializeLogoutRequest(logoutRequest); browserRequestLogger = this.logger.clone(name, version, validLogoutRequest.correlationId); serverTelemetryManager = this.initializeServerTelemetryManager(exports.ApiId.logout, validLogoutRequest.correlationId); _a.label = 1; case 1: _a.trys.push([1, 9, , 10]); this.eventHandler.emitEvent(exports.EventType.LOGOUT_START, exports.InteractionType.Redirect, logoutRequest); return [4 /*yield*/, this.createAuthCodeClient(serverTelemetryManager, logoutRequest && logoutRequest.authority, validLogoutRequest === null || validLogoutRequest === void 0 ? void 0 : validLogoutRequest.correlationId)]; case 2: authClient = _a.sent(); browserRequestLogger.verbose("Auth code client created"); logoutUri = authClient.getLogoutUri(validLogoutRequest); if (!validLogoutRequest.account || AccountEntity.accountInfoIsEqual(validLogoutRequest.account, this.getActiveAccount(), false)) { browserRequestLogger.verbose("Setting active account to null"); this.setActiveAccount(null); } navigationOptions = { apiId: exports.ApiId.logout, timeout: this.config.system.redirectNavigationTimeout, noHistory: false }; this.eventHandler.emitEvent(exports.EventType.LOGOUT_SUCCESS, exports.InteractionType.Redirect, validLogoutRequest); if (!(logoutRequest && typeof logoutRequest.onRedirectNavigate === "function")) return [3 /*break*/, 6]; navigate = logoutRequest.onRedirectNavigate(logoutUri); if (!(navigate !== false)) return [3 /*break*/, 4]; browserRequestLogger.verbose("Logout onRedirectNavigate did not return false, navigating"); return [4 /*yield*/, this.navigationClient.navigateExternal(logoutUri, navigationOptions)]; case 3: _a.sent(); return [2 /*return*/]; case 4: browserRequestLogger.verbose("Logout onRedirectNavigate returned false, stopping navigation"); _a.label = 5; case 5: return [3 /*break*/, 8]; case 6: return [4 /*yield*/, this.navigationClient.navigateExternal(logoutUri, navigationOptions)]; case 7: _a.sent(); return [2 /*return*/]; case 8: return [3 /*break*/, 10]; case 9: e_7 = _a.sent(); serverTelemetryManager.cacheFailedRequest(e_7); this.eventHandler.emitEvent(exports.EventType.LOGOUT_FAILURE, exports.InteractionType.Redirect, null, e_7); throw e_7; case 10: this.eventHandler.emitEvent(exports.EventType.LOGOUT_END, exports.InteractionType.Redirect); return [2 /*return*/]; } }); }); }; /** * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server * @param logoutRequest */ ClientApplication.prototype.logoutPopup = function (logoutRequest) { var validLogoutRequest; try { this.preflightBrowserEnvironmentCheck(exports.InteractionType.Popup); this.logger.verbose("logoutPopup called", logoutRequest === null || logoutRequest === void 0 ? void 0 : logoutRequest.correlationId); validLogoutRequest = this.initializeLogoutRequest(logoutRequest); } catch (e) { // Since this function is synchronous we need to reject return Promise.reject(e); } var popupName = PopupUtils.generateLogoutPopupName(this.config.auth.clientId, validLogoutRequest); var popup; // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously. if (this.config.system.asyncPopups) { this.logger.verbose("asyncPopups set to true", validLogoutRequest.correlationId); } else { // asyncPopups flag is set to false. Opens popup before logging out. this.logger.verbose("asyncPopup set to false, opening popup", validLogoutRequest.correlationId); popup = PopupUtils.openSizedPopup("about:blank", popupName); } var authority = logoutRequest && logoutRequest.authority; var mainWindowRedirectUri = logoutRequest && logoutRequest.mainWindowRedirectUri; return this.logoutPopupAsync(validLogoutRequest, popupName, authority, popup, mainWindowRedirectUri); }; /** * * @param request * @param popupName * @param requestAuthority * @param popup */ ClientApplication.prototype.logoutPopupAsync = function (validRequest, popupName, requestAuthority, popup, mainWindowRedirectUri) { return __awaiter$1(this, void 0, void 0, function () { var browserRequestLogger, serverTelemetryManager, authClient, logoutUri, popupUtils, popupWindow, e_8, navigationOptions, absoluteUrl, e_9; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.logger.verbose("logoutPopupAsync called", validRequest.correlationId); this.eventHandler.emitEvent(exports.EventType.LOGOUT_START, exports.InteractionType.Popup, validRequest); browserRequestLogger = this.logger.clone(name, version, validRequest.correlationId); serverTelemetryManager = this.initializeServerTelemetryManager(exports.ApiId.logoutPopup, validRequest.correlationId); _a.label = 1; case 1: _a.trys.push([1, 7, , 8]); this.browserStorage.setTemporaryCache(TemporaryCacheKeys.INTERACTION_STATUS_KEY, BrowserConstants.INTERACTION_IN_PROGRESS_VALUE, true); return [4 /*yield*/, this.createAuthCodeClient(serverTelemetryManager, requestAuthority, validRequest.correlationId)]; case 2: authClient = _a.sent(); browserRequestLogger.verbose("Auth code client created"); logoutUri = authClient.getLogoutUri(validRequest); if (!validRequest.account || AccountEntity.accountInfoIsEqual(validRequest.account, this.getActiveAccount(), false)) { browserRequestLogger.verbose("Setting active account to null"); this.setActiveAccount(null); } this.eventHandler.emitEvent(exports.EventType.LOGOUT_SUCCESS, exports.InteractionType.Popup, validRequest); popupUtils = new PopupUtils(this.browserStorage, this.logger); popupWindow = popupUtils.openPopup(logoutUri, popupName, popup); this.eventHandler.emitEvent(exports.EventType.POPUP_OPENED, exports.InteractionType.Popup, { popupWindow: popupWindow }, null); _a.label = 3; case 3: _a.trys.push([3, 5, , 6]); // Don't care if this throws an error (User Cancelled) return [4 /*yield*/, popupUtils.monitorPopupForSameOrigin(popupWindow)]; case 4: // Don't care if this throws an error (User Cancelled) _a.sent(); browserRequestLogger.verbose("Popup successfully redirected to postLogoutRedirectUri"); return [3 /*break*/, 6]; case 5: e_8 = _a.sent(); browserRequestLogger.verbose("Error occurred while monitoring popup for same origin. Session on server may remain active. Error: " + e_8); return [3 /*break*/, 6]; case 6: popupUtils.cleanPopup(popupWindow); if (mainWindowRedirectUri) { navigationOptions = { apiId: exports.ApiId.logoutPopup, timeout: this.config.system.redirectNavigationTimeout, noHistory: false }; absoluteUrl = UrlString.getAbsoluteUrl(mainWindowRedirectUri, BrowserUtils.getCurrentUri()); browserRequestLogger.verbose("Redirecting main window to url specified in the request"); browserRequestLogger.verbosePii("Redirecing main window to: " + absoluteUrl); this.navigationClient.navigateInternal(absoluteUrl, navigationOptions); } else { browserRequestLogger.verbose("No main window navigation requested"); } return [3 /*break*/, 8]; case 7: e_9 = _a.sent(); if (popup) { // Close the synchronous popup if an error is thrown before the window unload event is registered popup.close(); } this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.INTERACTION_STATUS_KEY)); this.eventHandler.emitEvent(exports.EventType.LOGOUT_FAILURE, exports.InteractionType.Popup, null, e_9); serverTelemetryManager.cacheFailedRequest(e_9); throw e_9; case 8: this.eventHandler.emitEvent(exports.EventType.LOGOUT_END, exports.InteractionType.Popup); return [2 /*return*/]; } }); }); }; // #endregion // #region Account APIs /** * Returns all accounts that MSAL currently has data for. * (the account object is created at the time of successful login) * or empty array when no accounts are found * @returns Array of account objects in cache */ ClientApplication.prototype.getAllAccounts = function () { this.logger.verbose("getAllAccounts called"); return this.isBrowserEnvironment ? this.browserStorage.getAllAccounts() : []; }; /** * Returns the signed in account matching username. * (the account object is created at the time of successful login) * or null when no matching account is found. * This API is provided for convenience but getAccountById should be used for best reliability * @param userName * @returns The account object stored in MSAL */ ClientApplication.prototype.getAccountByUsername = function (userName) { var allAccounts = this.getAllAccounts(); if (!StringUtils.isEmpty(userName) && allAccounts && allAccounts.length) { this.logger.verbose("Account matching username found, returning"); this.logger.verbosePii("Returning signed-in accounts matching username: " + userName); return allAccounts.filter(function (accountObj) { return accountObj.username.toLowerCase() === userName.toLowerCase(); })[0] || null; } else { this.logger.verbose("getAccountByUsername: No matching account found, returning null"); return null; } }; /** * Returns the signed in account matching homeAccountId. * (the account object is created at the time of successful login) * or null when no matching account is found * @param homeAccountId * @returns The account object stored in MSAL */ ClientApplication.prototype.getAccountByHomeId = function (homeAccountId) { var allAccounts = this.getAllAccounts(); if (!StringUtils.isEmpty(homeAccountId) && allAccounts && allAccounts.length) { this.logger.verbose("Account matching homeAccountId found, returning"); this.logger.verbosePii("Returning signed-in accounts matching homeAccountId: " + homeAccountId); return allAccounts.filter(function (accountObj) { return accountObj.homeAccountId === homeAccountId; })[0] || null; } else { this.logger.verbose("getAccountByHomeId: No matching account found, returning null"); return null; } }; /** * Returns the signed in account matching localAccountId. * (the account object is created at the time of successful login) * or null when no matching account is found * @param localAccountId * @returns The account object stored in MSAL */ ClientApplication.prototype.getAccountByLocalId = function (localAccountId) { var allAccounts = this.getAllAccounts(); if (!StringUtils.isEmpty(localAccountId) && allAccounts && allAccounts.length) { this.logger.verbose("Account matching localAccountId found, returning"); this.logger.verbosePii("Returning signed-in accounts matching localAccountId: " + localAccountId); return allAccounts.filter(function (accountObj) { return accountObj.localAccountId === localAccountId; })[0] || null; } else { this.logger.verbose("getAccountByLocalId: No matching account found, returning null"); return null; } }; /** * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. * @param account */ ClientApplication.prototype.setActiveAccount = function (account) { if (account) { this.logger.verbose("setActiveAccount: Active account set"); this.activeLocalAccountId = account.localAccountId; } else { this.logger.verbose("setActiveAccount: No account passed, active account not set"); this.activeLocalAccountId = null; } }; /** * Gets the currently active account */ ClientApplication.prototype.getActiveAccount = function () { if (!this.activeLocalAccountId) { this.logger.verbose("getActiveAccount: No active account"); return null; } return this.getAccountByLocalId(this.activeLocalAccountId); }; // #endregion // #region Helpers /** * * Use to get the redirect uri configured in MSAL or null. * @param requestRedirectUri * @returns Redirect URL * */ ClientApplication.prototype.getRedirectUri = function (requestRedirectUri) { this.logger.verbose("getRedirectUri called"); var redirectUri = requestRedirectUri || this.config.auth.redirectUri || BrowserUtils.getCurrentUri(); return UrlString.getAbsoluteUrl(redirectUri, BrowserUtils.getCurrentUri()); }; /** * Use to get the redirectStartPage either from request or use current window * @param requestStartPage */ ClientApplication.prototype.getRedirectStartPage = function (requestStartPage) { var redirectStartPage = requestStartPage || window.location.href; return UrlString.getAbsoluteUrl(redirectStartPage, BrowserUtils.getCurrentUri()); }; /** * Used to get a discovered version of the default authority. * @param requestAuthority * @param requestCorrelationId */ ClientApplication.prototype.getDiscoveredAuthority = function (requestAuthority, requestCorrelationId) { return __awaiter$1(this, void 0, void 0, function () { var authorityOptions; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.logger.verbose("getDiscoveredAuthority called", requestCorrelationId); authorityOptions = { protocolMode: this.config.auth.protocolMode, knownAuthorities: this.config.auth.knownAuthorities, cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata, authorityMetadata: this.config.auth.authorityMetadata }; if (!requestAuthority) return [3 /*break*/, 2]; this.logger.verbose("Creating discovered authority with request authority", requestCorrelationId); return [4 /*yield*/, AuthorityFactory.createDiscoveredInstance(requestAuthority, this.config.system.networkClient, this.browserStorage, authorityOptions)]; case 1: return [2 /*return*/, _a.sent()]; case 2: this.logger.verbose("Creating discovered authority with configured authority", requestCorrelationId); return [4 /*yield*/, AuthorityFactory.createDiscoveredInstance(this.config.auth.authority, this.config.system.networkClient, this.browserStorage, authorityOptions)]; case 3: return [2 /*return*/, _a.sent()]; } }); }); }; /** * Helper to check whether interaction is in progress. */ ClientApplication.prototype.interactionInProgress = function () { // Check whether value in cache is present and equal to expected value return (this.browserStorage.getTemporaryCache(TemporaryCacheKeys.INTERACTION_STATUS_KEY, true)) === BrowserConstants.INTERACTION_IN_PROGRESS_VALUE; }; /** * Creates an Authorization Code Client with the given authority, or the default authority. * @param serverTelemetryManager * @param authorityUrl */ ClientApplication.prototype.createAuthCodeClient = function (serverTelemetryManager, authorityUrl, correlationId) { return __awaiter$1(this, void 0, void 0, function () { var clientConfig; return __generator$1(this, function (_a) { switch (_a.label) { case 0: return [4 /*yield*/, this.getClientConfiguration(serverTelemetryManager, authorityUrl, correlationId)]; case 1: clientConfig = _a.sent(); return [2 /*return*/, new AuthorizationCodeClient(clientConfig)]; } }); }); }; /** * Creates an Silent Flow Client with the given authority, or the default authority. * @param serverTelemetryManager * @param authorityUrl */ ClientApplication.prototype.createSilentFlowClient = function (serverTelemetryManager, authorityUrl, correlationId) { return __awaiter$1(this, void 0, void 0, function () { var clientConfig; return __generator$1(this, function (_a) { switch (_a.label) { case 0: return [4 /*yield*/, this.getClientConfiguration(serverTelemetryManager, authorityUrl, correlationId)]; case 1: clientConfig = _a.sent(); return [2 /*return*/, new SilentFlowClient(clientConfig)]; } }); }); }; /** * Creates a Refresh Client with the given authority, or the default authority. * @param serverTelemetryManager * @param authorityUrl */ ClientApplication.prototype.createRefreshTokenClient = function (serverTelemetryManager, authorityUrl, correlationId) { return __awaiter$1(this, void 0, void 0, function () { var clientConfig; return __generator$1(this, function (_a) { switch (_a.label) { case 0: return [4 /*yield*/, this.getClientConfiguration(serverTelemetryManager, authorityUrl, correlationId)]; case 1: clientConfig = _a.sent(); return [2 /*return*/, new RefreshTokenClient(clientConfig)]; } }); }); }; /** * Creates a Client Configuration object with the given request authority, or the default authority. * @param serverTelemetryManager * @param requestAuthority * @param requestCorrelationId */ ClientApplication.prototype.getClientConfiguration = function (serverTelemetryManager, requestAuthority, requestCorrelationId) { return __awaiter$1(this, void 0, void 0, function () { var discoveredAuthority; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.logger.verbose("getClientConfiguration called", requestCorrelationId); return [4 /*yield*/, this.getDiscoveredAuthority(requestAuthority, requestCorrelationId)]; case 1: discoveredAuthority = _a.sent(); return [2 /*return*/, { authOptions: { clientId: this.config.auth.clientId, authority: discoveredAuthority, clientCapabilities: this.config.auth.clientCapabilities }, systemOptions: { tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds, preventCorsPreflight: true }, loggerOptions: { loggerCallback: this.config.system.loggerOptions.loggerCallback, piiLoggingEnabled: this.config.system.loggerOptions.piiLoggingEnabled, logLevel: this.config.system.loggerOptions.logLevel, correlationId: requestCorrelationId }, cryptoInterface: this.browserCrypto, networkInterface: this.networkClient, storageInterface: this.browserStorage, serverTelemetryManager: serverTelemetryManager, libraryInfo: { sku: BrowserConstants.MSAL_SKU, version: version, cpu: "", os: "" } }]; } }); }); }; /** * Helper to validate app environment before making a request. * @param request * @param interactionType */ ClientApplication.prototype.preflightInteractiveRequest = function (request, interactionType) { this.logger.verbose("preflightInteractiveRequest called, validating app environment", request === null || request === void 0 ? void 0 : request.correlationId); // block the reload if it occurred inside a hidden iframe BrowserUtils.blockReloadInHiddenIframes(); // Check if interaction is in progress. Throw error if true. if (this.interactionInProgress()) { throw BrowserAuthError.createInteractionInProgressError(); } return this.initializeAuthorizationRequest(request, interactionType); }; /** * Helper to validate app environment before making an auth request * * @param interactionType */ ClientApplication.prototype.preflightBrowserEnvironmentCheck = function (interactionType) { this.logger.verbose("preflightBrowserEnvironmentCheck started"); // Block request if not in browser environment BrowserUtils.blockNonBrowserEnvironment(this.isBrowserEnvironment); // Block redirects if in an iframe BrowserUtils.blockRedirectInIframe(interactionType, this.config.system.allowRedirectInIframe); // Block auth requests inside a hidden iframe BrowserUtils.blockReloadInHiddenIframes(); // Block redirectUri opened in a popup from calling MSAL APIs BrowserUtils.blockAcquireTokenInPopups(); // Block redirects if memory storage is enabled but storeAuthStateInCookie is not if (interactionType === exports.InteractionType.Redirect && this.config.cache.cacheLocation === exports.BrowserCacheLocation.MemoryStorage && !this.config.cache.storeAuthStateInCookie) { throw BrowserConfigurationAuthError.createInMemoryRedirectUnavailableError(); } }; /** * Initializer function for all request APIs * @param request */ ClientApplication.prototype.initializeBaseRequest = function (request) { this.logger.verbose("Initializing BaseAuthRequest", request.correlationId); var authority = request.authority || this.config.auth.authority; var scopes = __spread(((request && request.scopes) || [])); var correlationId = (request && request.correlationId) || this.browserCrypto.createNewGuid(); // Set authenticationScheme to BEARER if not explicitly set in the request if (!request.authenticationScheme) { request.authenticationScheme = exports.AuthenticationScheme.BEARER; this.logger.verbose("Authentication Scheme wasn't explicitly set in request, defaulting to \"Bearer\" request", request.correlationId); } else { this.logger.verbose("Authentication Scheme set to \"" + request.authenticationScheme + "\" as configured in Auth request", request.correlationId); } var validatedRequest = __assign$1(__assign$1({}, request), { correlationId: correlationId, authority: authority, scopes: scopes }); return validatedRequest; }; /** * * @param apiId * @param correlationId * @param forceRefresh */ ClientApplication.prototype.initializeServerTelemetryManager = function (apiId, correlationId, forceRefresh) { this.logger.verbose("initializeServerTelemetryManager called", correlationId); var telemetryPayload = { clientId: this.config.auth.clientId, correlationId: correlationId, apiId: apiId, forceRefresh: forceRefresh || false, wrapperSKU: this.wrapperSKU, wrapperVer: this.wrapperVer }; return new ServerTelemetryManager(telemetryPayload, this.browserStorage); }; /** * Helper to initialize required request parameters for interactive APIs and ssoSilent() * @param request * @param interactionType */ ClientApplication.prototype.initializeAuthorizationRequest = function (request, interactionType) { this.logger.verbose("initializeAuthorizationRequest called", request.correlationId); var redirectUri = this.getRedirectUri(request.redirectUri); var browserState = { interactionType: interactionType }; var state = ProtocolUtils.setRequestState(this.browserCrypto, (request && request.state) || "", browserState); var validatedRequest = __assign$1(__assign$1({}, this.initializeBaseRequest(request)), { redirectUri: redirectUri, state: state, nonce: request.nonce || this.browserCrypto.createNewGuid(), responseMode: ResponseMode.FRAGMENT }); var account = request.account || this.getActiveAccount(); if (account) { this.logger.verbose("Setting validated request account"); this.logger.verbosePii("Setting validated request account: " + account); validatedRequest.account = account; } // Check for ADAL SSO if (StringUtils.isEmpty(validatedRequest.loginHint)) { // Only check for adal token if no SSO params are being used var adalIdTokenString = this.browserStorage.getTemporaryCache(PersistentCacheKeys.ADAL_ID_TOKEN); if (adalIdTokenString) { var adalIdToken = new AuthToken(adalIdTokenString, this.browserCrypto); this.browserStorage.removeItem(PersistentCacheKeys.ADAL_ID_TOKEN); if (adalIdToken.claims && adalIdToken.claims.upn) { this.logger.verbose("No SSO params used and ADAL token retrieved, setting ADAL upn as loginHint"); validatedRequest.loginHint = adalIdToken.claims.upn; } } } this.browserStorage.updateCacheEntries(validatedRequest.state, validatedRequest.nonce, validatedRequest.authority, validatedRequest.loginHint || "", validatedRequest.account || null); return validatedRequest; }; /** * Generates an auth code request tied to the url request. * @param request */ ClientApplication.prototype.initializeAuthorizationCodeRequest = function (request) { return __awaiter$1(this, void 0, void 0, function () { var generatedPkceParams, authCodeRequest; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.logger.verbose("initializeAuthorizationRequest called", request.correlationId); return [4 /*yield*/, this.browserCrypto.generatePkceCodes()]; case 1: generatedPkceParams = _a.sent(); authCodeRequest = __assign$1(__assign$1({}, request), { redirectUri: request.redirectUri, code: "", codeVerifier: generatedPkceParams.verifier }); request.codeChallenge = generatedPkceParams.challenge; request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD; return [2 /*return*/, authCodeRequest]; } }); }); }; /** * Initializer for the logout request. * @param logoutRequest */ ClientApplication.prototype.initializeLogoutRequest = function (logoutRequest) { this.logger.verbose("initializeLogoutRequest called", logoutRequest === null || logoutRequest === void 0 ? void 0 : logoutRequest.correlationId); // Check if interaction is in progress. Throw error if true. if (this.interactionInProgress()) { throw BrowserAuthError.createInteractionInProgressError(); } var validLogoutRequest = __assign$1({ correlationId: this.browserCrypto.createNewGuid() }, logoutRequest); /* * Only set redirect uri if logout request isn't provided or the set uri isn't null. * Otherwise, use passed uri, config, or current page. */ if (!logoutRequest || logoutRequest.postLogoutRedirectUri !== null) { if (logoutRequest && logoutRequest.postLogoutRedirectUri) { this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request", validLogoutRequest.correlationId); validLogoutRequest.postLogoutRedirectUri = UrlString.getAbsoluteUrl(logoutRequest.postLogoutRedirectUri, BrowserUtils.getCurrentUri()); } else if (this.config.auth.postLogoutRedirectUri === null) { this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect", validLogoutRequest.correlationId); } else if (this.config.auth.postLogoutRedirectUri) { this.logger.verbose("Setting postLogoutRedirectUri to configured uri", validLogoutRequest.correlationId); validLogoutRequest.postLogoutRedirectUri = UrlString.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri, BrowserUtils.getCurrentUri()); } else { this.logger.verbose("Setting postLogoutRedirectUri to current page", validLogoutRequest.correlationId); validLogoutRequest.postLogoutRedirectUri = UrlString.getAbsoluteUrl(BrowserUtils.getCurrentUri(), BrowserUtils.getCurrentUri()); } } else { this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri", validLogoutRequest.correlationId); } return validLogoutRequest; }; /** * Adds event callbacks to array * @param callback */ ClientApplication.prototype.addEventCallback = function (callback) { return this.eventHandler.addEventCallback(callback); }; /** * Removes callback with provided id from callback array * @param callbackId */ ClientApplication.prototype.removeEventCallback = function (callbackId) { this.eventHandler.removeEventCallback(callbackId); }; /** * Returns the logger instance */ ClientApplication.prototype.getLogger = function () { return this.logger; }; /** * Replaces the default logger set in configurations with new Logger with new configurations * @param logger Logger instance */ ClientApplication.prototype.setLogger = function (logger) { this.logger = logger; }; /** * Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc. * @param sku * @param version */ ClientApplication.prototype.initializeWrapperLibrary = function (sku, version) { // Validate the SKU passed in is one we expect this.wrapperSKU = sku; this.wrapperVer = version; }; /** * Sets navigation client * @param navigationClient */ ClientApplication.prototype.setNavigationClient = function (navigationClient) { this.navigationClient = navigationClient; }; return ClientApplication; }()); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications * to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification. */ var PublicClientApplication = /** @class */ (function (_super) { __extends$1(PublicClientApplication, _super); /** * @constructor * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object * * Important attributes in the Configuration object for auth are: * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview * - authority: the authority URL for your application. * - redirect_uri: the uri of your application registered in the portal. * * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here} * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. * * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/ * Full B2C functionality will be available in this library in future versions. * * @param configuration object for the MSAL PublicClientApplication instance */ function PublicClientApplication(configuration) { return _super.call(this, configuration) || this; } /** * Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so * any code that follows this function will not execute. * * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. * * @param request */ PublicClientApplication.prototype.loginRedirect = function (request) { return __awaiter$1(this, void 0, void 0, function () { return __generator$1(this, function (_a) { this.logger.verbose("loginRedirect called"); return [2 /*return*/, this.acquireTokenRedirect(request || DEFAULT_REQUEST)]; }); }); }; /** * Use when initiating the login process via opening a popup window in the user's browser * * @param request * * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ PublicClientApplication.prototype.loginPopup = function (request) { this.logger.verbose("loginPopup called"); return this.acquireTokenPopup(request || DEFAULT_REQUEST); }; /** * Silently acquire an access token for a given set of scopes. Will use cached token if available, otherwise will attempt to acquire a new token from the network via refresh token. * * @param {@link (SilentRequest:type)} * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object */ PublicClientApplication.prototype.acquireTokenSilent = function (request) { return __awaiter$1(this, void 0, void 0, function () { var account, silentRequest, browserRequestLogger, serverTelemetryManager, silentAuthClient, cachedToken, tokenRenewalResult, tokenRenewalError_1; return __generator$1(this, function (_a) { switch (_a.label) { case 0: this.preflightBrowserEnvironmentCheck(exports.InteractionType.Silent); this.logger.verbose("acquireTokenSilent called", request.correlationId); account = request.account || this.getActiveAccount(); if (!account) { throw BrowserAuthError.createNoAccountError(); } silentRequest = __assign$1(__assign$1(__assign$1({}, request), this.initializeBaseRequest(request)), { account: account, forceRefresh: request.forceRefresh || false }); browserRequestLogger = this.logger.clone(name, version, silentRequest.correlationId); this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_START, exports.InteractionType.Silent, request); _a.label = 1; case 1: _a.trys.push([1, 4, , 9]); serverTelemetryManager = this.initializeServerTelemetryManager(exports.ApiId.acquireTokenSilent_silentFlow, silentRequest.correlationId); return [4 /*yield*/, this.createSilentFlowClient(serverTelemetryManager, silentRequest.authority, silentRequest.correlationId)]; case 2: silentAuthClient = _a.sent(); browserRequestLogger.verbose("Silent auth client created"); return [4 /*yield*/, silentAuthClient.acquireCachedToken(silentRequest)]; case 3: cachedToken = _a.sent(); this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_SUCCESS, exports.InteractionType.Silent, cachedToken); return [2 /*return*/, cachedToken]; case 4: _a.sent(); _a.label = 5; case 5: _a.trys.push([5, 7, , 8]); return [4 /*yield*/, this.acquireTokenByRefreshToken(silentRequest)]; case 6: tokenRenewalResult = _a.sent(); this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_SUCCESS, exports.InteractionType.Silent, tokenRenewalResult); return [2 /*return*/, tokenRenewalResult]; case 7: tokenRenewalError_1 = _a.sent(); this.eventHandler.emitEvent(exports.EventType.ACQUIRE_TOKEN_FAILURE, exports.InteractionType.Silent, null, tokenRenewalError_1); throw tokenRenewalError_1; case 8: return [3 /*break*/, 9]; case 9: return [2 /*return*/]; } }); }); }; return PublicClientApplication; }(ClientApplication)); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var stubbedPublicClientApplication = { acquireTokenPopup: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, acquireTokenRedirect: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, acquireTokenSilent: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, getAllAccounts: function () { return []; }, getAccountByHomeId: function () { return null; }, getAccountByUsername: function () { return null; }, getAccountByLocalId: function () { return null; }, handleRedirectPromise: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, loginPopup: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, loginRedirect: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, logout: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, logoutRedirect: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, logoutPopup: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, ssoSilent: function () { return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError()); }, addEventCallback: function () { return null; }, removeEventCallback: function () { return; }, getLogger: function () { throw BrowserConfigurationAuthError.createStubPcaInstanceCalledError(); }, setLogger: function () { return; }, setActiveAccount: function () { return; }, getActiveAccount: function () { return null; }, initializeWrapperLibrary: function () { return; }, setNavigationClient: function () { return; } }; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var EventMessageUtils = /** @class */ (function () { function EventMessageUtils() { } /** * Gets interaction status from event message * @param message */ EventMessageUtils.getInteractionStatusFromEvent = function (message) { switch (message.eventType) { case exports.EventType.LOGIN_START: return exports.InteractionStatus.Login; case exports.EventType.SSO_SILENT_START: return exports.InteractionStatus.SsoSilent; case exports.EventType.ACQUIRE_TOKEN_START: if (message.interactionType === exports.InteractionType.Redirect || message.interactionType === exports.InteractionType.Popup) { return exports.InteractionStatus.AcquireToken; } break; case exports.EventType.HANDLE_REDIRECT_START: return exports.InteractionStatus.HandleRedirect; case exports.EventType.LOGOUT_START: return exports.InteractionStatus.Logout; case exports.EventType.LOGIN_SUCCESS: case exports.EventType.SSO_SILENT_SUCCESS: case exports.EventType.HANDLE_REDIRECT_END: case exports.EventType.LOGIN_FAILURE: case exports.EventType.SSO_SILENT_FAILURE: case exports.EventType.LOGOUT_END: return exports.InteractionStatus.None; case exports.EventType.ACQUIRE_TOKEN_SUCCESS: case exports.EventType.ACQUIRE_TOKEN_FAILURE: if (message.interactionType === exports.InteractionType.Redirect || message.interactionType === exports.InteractionType.Popup) { return exports.InteractionStatus.None; } break; } return null; }; return EventMessageUtils; }()); exports.AccountEntity = AccountEntity; exports.AuthError = AuthError; exports.AuthErrorMessage = AuthErrorMessage; exports.BrowserAuthError = BrowserAuthError; exports.BrowserAuthErrorMessage = BrowserAuthErrorMessage; exports.BrowserConfigurationAuthError = BrowserConfigurationAuthError; exports.BrowserConfigurationAuthErrorMessage = BrowserConfigurationAuthErrorMessage; exports.BrowserUtils = BrowserUtils; exports.EventMessageUtils = EventMessageUtils; exports.InteractionRequiredAuthError = InteractionRequiredAuthError; exports.Logger = Logger; exports.NavigationClient = NavigationClient; exports.PublicClientApplication = PublicClientApplication; exports.StringUtils = StringUtils; exports.UrlString = UrlString; exports.stubbedPublicClientApplication = stubbedPublicClientApplication; Object.defineProperty(exports, '__esModule', { value: true }); }))); //# sourceMappingURL=msal-browser.js.map