UNPKG

@azure/msal-browser

Version:

Microsoft Authentication Library for js

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

1,128 lines (1,099 loc) • 813 kB

JavaScript

/*! @azure/msal-browser v2.28.1 2022-08-01 */ 'use strict'; 'use strict'; Object.defineProperty(exports, '__esModule', { value: true }); /*! ***************************************************************************** Copyright (c) Microsoft Corporation. Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ***************************************************************************** */ /* global Reflect, Promise */ var extendStatics$1 = function(d, b) { extendStatics$1 = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; }; return extendStatics$1(d, b); }; function __extends$1(d, b) { extendStatics$1(d, b); function __() { this.constructor = d; } d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); } var __assign$1 = function() { __assign$1 = Object.assign || function __assign(t) { for (var s, i = 1, n = arguments.length; i < n; i++) { s = arguments[i]; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; } return t; }; return __assign$1.apply(this, arguments); }; function __rest(s, e) { var t = {}; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) t[p] = s[p]; if (s != null && typeof Object.getOwnPropertySymbols === "function") for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) t[p[i]] = s[p[i]]; } return t; } function __awaiter$1(thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); } function __generator$1(thisArg, body) { var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while (_) try { if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [op[0] & 2, t.value]; switch (op[0]) { case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [0]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } } function __read(o, n) { var m = typeof Symbol === "function" && o[Symbol.iterator]; if (!m) return o; var i = m.call(o), r, ar = [], e; try { while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value); } catch (error) { e = { error: error }; } finally { try { if (r && !r.done && (m = i["return"])) m.call(i); } finally { if (e) throw e.error; } } return ar; } function __spread() { for (var ar = [], i = 0; i < arguments.length; i++) ar = ar.concat(__read(arguments[i])); return ar; } /*! @azure/msal-common v7.3.0 2022-08-01 */ /*! ***************************************************************************** Copyright (c) Microsoft Corporation. Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ***************************************************************************** */ /* global Reflect, Promise */ var extendStatics = function(d, b) { extendStatics = Object.setPrototypeOf || ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) || function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; }; return extendStatics(d, b); }; function __extends(d, b) { extendStatics(d, b); function __() { this.constructor = d; } d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __()); } var __assign = function() { __assign = Object.assign || function __assign(t) { for (var s, i = 1, n = arguments.length; i < n; i++) { s = arguments[i]; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p]; } return t; }; return __assign.apply(this, arguments); }; function __awaiter(thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); } function __generator(thisArg, body) { var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while (_) try { if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [op[0] & 2, t.value]; switch (op[0]) { case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [0]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } } function __spreadArrays() { for (var s = 0, i = 0, il = arguments.length; i < il; i++) s += arguments[i].length; for (var r = Array(s), k = 0, i = 0; i < il; i++) for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++) r[k] = a[j]; return r; } /*! @azure/msal-common v7.3.0 2022-08-01 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var Constants = { LIBRARY_NAME: "MSAL.JS", SKU: "msal.js.common", // Prefix for all library cache entries CACHE_PREFIX: "msal", // default authority DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/", DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com", DEFAULT_COMMON_TENANT: "common", // ADFS String ADFS: "adfs", // Default AAD Instance Discovery Endpoint AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=", // Resource delimiter - used for certain cache entries RESOURCE_DELIM: "|", // Placeholder for non-existent account ids/objects NO_ACCOUNT: "NO_ACCOUNT", // Claims CLAIMS: "claims", // Consumer UTID CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad", // Default scopes OPENID_SCOPE: "openid", PROFILE_SCOPE: "profile", OFFLINE_ACCESS_SCOPE: "offline_access", EMAIL_SCOPE: "email", // Default response type for authorization code flow CODE_RESPONSE_TYPE: "code", CODE_GRANT_TYPE: "authorization_code", RT_GRANT_TYPE: "refresh_token", FRAGMENT_RESPONSE_MODE: "fragment", S256_CODE_CHALLENGE_METHOD: "S256", URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8", AUTHORIZATION_PENDING: "authorization_pending", NOT_DEFINED: "not_defined", EMPTY_STRING: "", FORWARD_SLASH: "/", IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location", IMDS_VERSION: "2020-06-01", IMDS_TIMEOUT: 2000, AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect", REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com", KNOWN_PUBLIC_CLOUDS: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"], TOKEN_RESPONSE_TYPE: "token", ID_TOKEN_RESPONSE_TYPE: "id_token", SHR_NONCE_VALIDITY: 240, }; var OIDC_DEFAULT_SCOPES = [ Constants.OPENID_SCOPE, Constants.PROFILE_SCOPE, Constants.OFFLINE_ACCESS_SCOPE ]; var OIDC_SCOPES = __spreadArrays(OIDC_DEFAULT_SCOPES, [ Constants.EMAIL_SCOPE ]); /** * Request header names */ var HeaderNames; (function (HeaderNames) { HeaderNames["CONTENT_TYPE"] = "Content-Type"; HeaderNames["RETRY_AFTER"] = "Retry-After"; HeaderNames["CCS_HEADER"] = "X-AnchorMailbox"; HeaderNames["WWWAuthenticate"] = "WWW-Authenticate"; HeaderNames["AuthenticationInfo"] = "Authentication-Info"; })(HeaderNames || (HeaderNames = {})); /** * Persistent cache keys MSAL which stay while user is logged in. */ var PersistentCacheKeys; (function (PersistentCacheKeys) { PersistentCacheKeys["ID_TOKEN"] = "idtoken"; PersistentCacheKeys["CLIENT_INFO"] = "client.info"; PersistentCacheKeys["ADAL_ID_TOKEN"] = "adal.idtoken"; PersistentCacheKeys["ERROR"] = "error"; PersistentCacheKeys["ERROR_DESC"] = "error.description"; PersistentCacheKeys["ACTIVE_ACCOUNT"] = "active-account"; PersistentCacheKeys["ACTIVE_ACCOUNT_FILTERS"] = "active-account-filters"; // new cache entry for active_account for a more robust version for browser })(PersistentCacheKeys || (PersistentCacheKeys = {})); /** * String constants related to AAD Authority */ var AADAuthorityConstants; (function (AADAuthorityConstants) { AADAuthorityConstants["COMMON"] = "common"; AADAuthorityConstants["ORGANIZATIONS"] = "organizations"; AADAuthorityConstants["CONSUMERS"] = "consumers"; })(AADAuthorityConstants || (AADAuthorityConstants = {})); /** * Keys in the hashParams sent by AAD Server */ var AADServerParamKeys; (function (AADServerParamKeys) { AADServerParamKeys["CLIENT_ID"] = "client_id"; AADServerParamKeys["REDIRECT_URI"] = "redirect_uri"; AADServerParamKeys["RESPONSE_TYPE"] = "response_type"; AADServerParamKeys["RESPONSE_MODE"] = "response_mode"; AADServerParamKeys["GRANT_TYPE"] = "grant_type"; AADServerParamKeys["CLAIMS"] = "claims"; AADServerParamKeys["SCOPE"] = "scope"; AADServerParamKeys["ERROR"] = "error"; AADServerParamKeys["ERROR_DESCRIPTION"] = "error_description"; AADServerParamKeys["ACCESS_TOKEN"] = "access_token"; AADServerParamKeys["ID_TOKEN"] = "id_token"; AADServerParamKeys["REFRESH_TOKEN"] = "refresh_token"; AADServerParamKeys["EXPIRES_IN"] = "expires_in"; AADServerParamKeys["STATE"] = "state"; AADServerParamKeys["NONCE"] = "nonce"; AADServerParamKeys["PROMPT"] = "prompt"; AADServerParamKeys["SESSION_STATE"] = "session_state"; AADServerParamKeys["CLIENT_INFO"] = "client_info"; AADServerParamKeys["CODE"] = "code"; AADServerParamKeys["CODE_CHALLENGE"] = "code_challenge"; AADServerParamKeys["CODE_CHALLENGE_METHOD"] = "code_challenge_method"; AADServerParamKeys["CODE_VERIFIER"] = "code_verifier"; AADServerParamKeys["CLIENT_REQUEST_ID"] = "client-request-id"; AADServerParamKeys["X_CLIENT_SKU"] = "x-client-SKU"; AADServerParamKeys["X_CLIENT_VER"] = "x-client-VER"; AADServerParamKeys["X_CLIENT_OS"] = "x-client-OS"; AADServerParamKeys["X_CLIENT_CPU"] = "x-client-CPU"; AADServerParamKeys["X_CLIENT_CURR_TELEM"] = "x-client-current-telemetry"; AADServerParamKeys["X_CLIENT_LAST_TELEM"] = "x-client-last-telemetry"; AADServerParamKeys["X_MS_LIB_CAPABILITY"] = "x-ms-lib-capability"; AADServerParamKeys["X_APP_NAME"] = "x-app-name"; AADServerParamKeys["X_APP_VER"] = "x-app-ver"; AADServerParamKeys["POST_LOGOUT_URI"] = "post_logout_redirect_uri"; AADServerParamKeys["ID_TOKEN_HINT"] = "id_token_hint"; AADServerParamKeys["DEVICE_CODE"] = "device_code"; AADServerParamKeys["CLIENT_SECRET"] = "client_secret"; AADServerParamKeys["CLIENT_ASSERTION"] = "client_assertion"; AADServerParamKeys["CLIENT_ASSERTION_TYPE"] = "client_assertion_type"; AADServerParamKeys["TOKEN_TYPE"] = "token_type"; AADServerParamKeys["REQ_CNF"] = "req_cnf"; AADServerParamKeys["OBO_ASSERTION"] = "assertion"; AADServerParamKeys["REQUESTED_TOKEN_USE"] = "requested_token_use"; AADServerParamKeys["ON_BEHALF_OF"] = "on_behalf_of"; AADServerParamKeys["FOCI"] = "foci"; AADServerParamKeys["CCS_HEADER"] = "X-AnchorMailbox"; AADServerParamKeys["RETURN_SPA_CODE"] = "return_spa_code"; AADServerParamKeys["NATIVE_BROKER"] = "nativebroker"; AADServerParamKeys["LOGOUT_HINT"] = "logout_hint"; })(AADServerParamKeys || (AADServerParamKeys = {})); /** * Claims request keys */ var ClaimsRequestKeys; (function (ClaimsRequestKeys) { ClaimsRequestKeys["ACCESS_TOKEN"] = "access_token"; ClaimsRequestKeys["XMS_CC"] = "xms_cc"; })(ClaimsRequestKeys || (ClaimsRequestKeys = {})); /** * we considered making this "enum" in the request instead of string, however it looks like the allowed list of * prompt values kept changing over past couple of years. There are some undocumented prompt values for some * internal partners too, hence the choice of generic "string" type instead of the "enum" */ var PromptValue = { LOGIN: "login", SELECT_ACCOUNT: "select_account", CONSENT: "consent", NONE: "none", CREATE: "create" }; /** * SSO Types - generated to populate hints */ var SSOTypes; (function (SSOTypes) { SSOTypes["ACCOUNT"] = "account"; SSOTypes["SID"] = "sid"; SSOTypes["LOGIN_HINT"] = "login_hint"; SSOTypes["ID_TOKEN"] = "id_token"; SSOTypes["DOMAIN_HINT"] = "domain_hint"; SSOTypes["ORGANIZATIONS"] = "organizations"; SSOTypes["CONSUMERS"] = "consumers"; SSOTypes["ACCOUNT_ID"] = "accountIdentifier"; SSOTypes["HOMEACCOUNT_ID"] = "homeAccountIdentifier"; })(SSOTypes || (SSOTypes = {})); /** * allowed values for codeVerifier */ var CodeChallengeMethodValues = { PLAIN: "plain", S256: "S256" }; /** * allowed values for response_mode */ var ResponseMode; (function (ResponseMode) { ResponseMode["QUERY"] = "query"; ResponseMode["FRAGMENT"] = "fragment"; ResponseMode["FORM_POST"] = "form_post"; })(ResponseMode || (ResponseMode = {})); /** * allowed grant_type */ var GrantType; (function (GrantType) { GrantType["IMPLICIT_GRANT"] = "implicit"; GrantType["AUTHORIZATION_CODE_GRANT"] = "authorization_code"; GrantType["CLIENT_CREDENTIALS_GRANT"] = "client_credentials"; GrantType["RESOURCE_OWNER_PASSWORD_GRANT"] = "password"; GrantType["REFRESH_TOKEN_GRANT"] = "refresh_token"; GrantType["DEVICE_CODE_GRANT"] = "device_code"; GrantType["JWT_BEARER"] = "urn:ietf:params:oauth:grant-type:jwt-bearer"; })(GrantType || (GrantType = {})); /** * Account types in Cache */ var CacheAccountType; (function (CacheAccountType) { CacheAccountType["MSSTS_ACCOUNT_TYPE"] = "MSSTS"; CacheAccountType["ADFS_ACCOUNT_TYPE"] = "ADFS"; CacheAccountType["MSAV1_ACCOUNT_TYPE"] = "MSA"; CacheAccountType["GENERIC_ACCOUNT_TYPE"] = "Generic"; // NTLM, Kerberos, FBA, Basic etc })(CacheAccountType || (CacheAccountType = {})); /** * Separators used in cache */ var Separators; (function (Separators) { Separators["CACHE_KEY_SEPARATOR"] = "-"; Separators["CLIENT_INFO_SEPARATOR"] = "."; })(Separators || (Separators = {})); /** * Credential Type stored in the cache */ var CredentialType; (function (CredentialType) { CredentialType["ID_TOKEN"] = "IdToken"; CredentialType["ACCESS_TOKEN"] = "AccessToken"; CredentialType["ACCESS_TOKEN_WITH_AUTH_SCHEME"] = "AccessToken_With_AuthScheme"; CredentialType["REFRESH_TOKEN"] = "RefreshToken"; })(CredentialType || (CredentialType = {})); /** * Credential Type stored in the cache */ var CacheSchemaType; (function (CacheSchemaType) { CacheSchemaType["ACCOUNT"] = "Account"; CacheSchemaType["CREDENTIAL"] = "Credential"; CacheSchemaType["ID_TOKEN"] = "IdToken"; CacheSchemaType["ACCESS_TOKEN"] = "AccessToken"; CacheSchemaType["REFRESH_TOKEN"] = "RefreshToken"; CacheSchemaType["APP_METADATA"] = "AppMetadata"; CacheSchemaType["TEMPORARY"] = "TempCache"; CacheSchemaType["TELEMETRY"] = "Telemetry"; CacheSchemaType["UNDEFINED"] = "Undefined"; CacheSchemaType["THROTTLING"] = "Throttling"; })(CacheSchemaType || (CacheSchemaType = {})); /** * Combine all cache types */ var CacheType; (function (CacheType) { CacheType[CacheType["ADFS"] = 1001] = "ADFS"; CacheType[CacheType["MSA"] = 1002] = "MSA"; CacheType[CacheType["MSSTS"] = 1003] = "MSSTS"; CacheType[CacheType["GENERIC"] = 1004] = "GENERIC"; CacheType[CacheType["ACCESS_TOKEN"] = 2001] = "ACCESS_TOKEN"; CacheType[CacheType["REFRESH_TOKEN"] = 2002] = "REFRESH_TOKEN"; CacheType[CacheType["ID_TOKEN"] = 2003] = "ID_TOKEN"; CacheType[CacheType["APP_METADATA"] = 3001] = "APP_METADATA"; CacheType[CacheType["UNDEFINED"] = 9999] = "UNDEFINED"; })(CacheType || (CacheType = {})); /** * More Cache related constants */ var APP_METADATA = "appmetadata"; var CLIENT_INFO = "client_info"; var THE_FAMILY_ID = "1"; var AUTHORITY_METADATA_CONSTANTS = { CACHE_KEY: "authority-metadata", REFRESH_TIME_SECONDS: 3600 * 24 // 24 Hours }; var AuthorityMetadataSource; (function (AuthorityMetadataSource) { AuthorityMetadataSource["CONFIG"] = "config"; AuthorityMetadataSource["CACHE"] = "cache"; AuthorityMetadataSource["NETWORK"] = "network"; AuthorityMetadataSource["HARDCODED_VALUES"] = "hardcoded_values"; })(AuthorityMetadataSource || (AuthorityMetadataSource = {})); var SERVER_TELEM_CONSTANTS = { SCHEMA_VERSION: 5, MAX_CUR_HEADER_BYTES: 80, MAX_LAST_HEADER_BYTES: 330, MAX_CACHED_ERRORS: 50, CACHE_KEY: "server-telemetry", CATEGORY_SEPARATOR: "|", VALUE_SEPARATOR: ",", OVERFLOW_TRUE: "1", OVERFLOW_FALSE: "0", UNKNOWN_ERROR: "unknown_error" }; /** * Type of the authentication request */ exports.AuthenticationScheme = void 0; (function (AuthenticationScheme) { AuthenticationScheme["BEARER"] = "Bearer"; AuthenticationScheme["POP"] = "pop"; AuthenticationScheme["SSH"] = "ssh-cert"; })(exports.AuthenticationScheme || (exports.AuthenticationScheme = {})); /** * Constants related to throttling */ var ThrottlingConstants = { // Default time to throttle RequestThumbprint in seconds DEFAULT_THROTTLE_TIME_SECONDS: 60, // Default maximum time to throttle in seconds, overrides what the server sends back DEFAULT_MAX_THROTTLE_TIME_SECONDS: 3600, // Prefix for storing throttling entries THROTTLING_PREFIX: "throttling", // Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling X_MS_LIB_CAPABILITY_VALUE: "retry-after, h429" }; var Errors = { INVALID_GRANT_ERROR: "invalid_grant", CLIENT_MISMATCH_ERROR: "client_mismatch", }; /** * Password grant parameters */ var PasswordGrantConstants; (function (PasswordGrantConstants) { PasswordGrantConstants["username"] = "username"; PasswordGrantConstants["password"] = "password"; })(PasswordGrantConstants || (PasswordGrantConstants = {})); /** * Response codes */ var ResponseCodes; (function (ResponseCodes) { ResponseCodes[ResponseCodes["httpSuccess"] = 200] = "httpSuccess"; ResponseCodes[ResponseCodes["httpBadRequest"] = 400] = "httpBadRequest"; })(ResponseCodes || (ResponseCodes = {})); /** * Region Discovery Sources */ var RegionDiscoverySources; (function (RegionDiscoverySources) { RegionDiscoverySources["FAILED_AUTO_DETECTION"] = "1"; RegionDiscoverySources["INTERNAL_CACHE"] = "2"; RegionDiscoverySources["ENVIRONMENT_VARIABLE"] = "3"; RegionDiscoverySources["IMDS"] = "4"; })(RegionDiscoverySources || (RegionDiscoverySources = {})); /** * Region Discovery Outcomes */ var RegionDiscoveryOutcomes; (function (RegionDiscoveryOutcomes) { RegionDiscoveryOutcomes["CONFIGURED_MATCHES_DETECTED"] = "1"; RegionDiscoveryOutcomes["CONFIGURED_NO_AUTO_DETECTION"] = "2"; RegionDiscoveryOutcomes["CONFIGURED_NOT_DETECTED"] = "3"; RegionDiscoveryOutcomes["AUTO_DETECTION_REQUESTED_SUCCESSFUL"] = "4"; RegionDiscoveryOutcomes["AUTO_DETECTION_REQUESTED_FAILED"] = "5"; })(RegionDiscoveryOutcomes || (RegionDiscoveryOutcomes = {})); var CacheOutcome; (function (CacheOutcome) { CacheOutcome["NO_CACHE_HIT"] = "0"; CacheOutcome["FORCE_REFRESH"] = "1"; CacheOutcome["NO_CACHED_ACCESS_TOKEN"] = "2"; CacheOutcome["CACHED_ACCESS_TOKEN_EXPIRED"] = "3"; CacheOutcome["REFRESH_CACHED_ACCESS_TOKEN"] = "4"; })(CacheOutcome || (CacheOutcome = {})); var JsonTypes; (function (JsonTypes) { JsonTypes["Jwt"] = "JWT"; JsonTypes["Jwk"] = "JWK"; })(JsonTypes || (JsonTypes = {})); /*! @azure/msal-common v7.3.0 2022-08-01 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * AuthErrorMessage class containing string constants used by error codes and messages. */ var AuthErrorMessage = { unexpectedError: { code: "unexpected_error", desc: "Unexpected error in authentication." }, postRequestFailed: { code: "post_request_failed", desc: "Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details." } }; /** * General error class thrown by the MSAL.js library. */ var AuthError = /** @class */ (function (_super) { __extends(AuthError, _super); function AuthError(errorCode, errorMessage, suberror) { var _this = this; var errorString = errorMessage ? errorCode + ": " + errorMessage : errorCode; _this = _super.call(this, errorString) || this; Object.setPrototypeOf(_this, AuthError.prototype); _this.errorCode = errorCode || Constants.EMPTY_STRING; _this.errorMessage = errorMessage || Constants.EMPTY_STRING; _this.subError = suberror || Constants.EMPTY_STRING; _this.name = "AuthError"; return _this; } AuthError.prototype.setCorrelationId = function (correlationId) { this.correlationId = correlationId; }; /** * Creates an error that is thrown when something unexpected happens in the library. * @param errDesc */ AuthError.createUnexpectedError = function (errDesc) { return new AuthError(AuthErrorMessage.unexpectedError.code, AuthErrorMessage.unexpectedError.desc + ": " + errDesc); }; /** * Creates an error for post request failures. * @param errDesc * @returns */ AuthError.createPostRequestFailed = function (errDesc) { return new AuthError(AuthErrorMessage.postRequestFailed.code, AuthErrorMessage.postRequestFailed.desc + ": " + errDesc); }; return AuthError; }(Error)); /*! @azure/msal-common v7.3.0 2022-08-01 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ var DEFAULT_CRYPTO_IMPLEMENTATION = { createNewGuid: function () { var notImplErr = "Crypto interface - createNewGuid() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }, base64Decode: function () { var notImplErr = "Crypto interface - base64Decode() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }, base64Encode: function () { var notImplErr = "Crypto interface - base64Encode() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }, generatePkceCodes: function () { return __awaiter(this, void 0, void 0, function () { var notImplErr; return __generator(this, function (_a) { notImplErr = "Crypto interface - generatePkceCodes() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }); }); }, getPublicKeyThumbprint: function () { return __awaiter(this, void 0, void 0, function () { var notImplErr; return __generator(this, function (_a) { notImplErr = "Crypto interface - getPublicKeyThumbprint() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }); }); }, removeTokenBindingKey: function () { return __awaiter(this, void 0, void 0, function () { var notImplErr; return __generator(this, function (_a) { notImplErr = "Crypto interface - removeTokenBindingKey() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }); }); }, clearKeystore: function () { return __awaiter(this, void 0, void 0, function () { var notImplErr; return __generator(this, function (_a) { notImplErr = "Crypto interface - clearKeystore() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }); }); }, signJwt: function () { return __awaiter(this, void 0, void 0, function () { var notImplErr; return __generator(this, function (_a) { notImplErr = "Crypto interface - signJwt() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }); }); }, hashString: function () { return __awaiter(this, void 0, void 0, function () { var notImplErr; return __generator(this, function (_a) { notImplErr = "Crypto interface - hashString() has not been implemented"; throw AuthError.createUnexpectedError(notImplErr); }); }); } }; /*! @azure/msal-common v7.3.0 2022-08-01 */ /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * ClientAuthErrorMessage class containing string constants used by error codes and messages. */ var ClientAuthErrorMessage = { clientInfoDecodingError: { code: "client_info_decoding_error", desc: "The client info could not be parsed/decoded correctly. Please review the trace to determine the root cause." }, clientInfoEmptyError: { code: "client_info_empty_error", desc: "The client info was empty. Please review the trace to determine the root cause." }, tokenParsingError: { code: "token_parsing_error", desc: "Token cannot be parsed. Please review stack trace to determine root cause." }, nullOrEmptyToken: { code: "null_or_empty_token", desc: "The token is null or empty. Please review the trace to determine the root cause." }, endpointResolutionError: { code: "endpoints_resolution_error", desc: "Error: could not resolve endpoints. Please check network and try again." }, networkError: { code: "network_error", desc: "Network request failed. Please check network trace to determine root cause." }, unableToGetOpenidConfigError: { code: "openid_config_error", desc: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints." }, hashNotDeserialized: { code: "hash_not_deserialized", desc: "The hash parameters could not be deserialized. Please review the trace to determine the root cause." }, blankGuidGenerated: { code: "blank_guid_generated", desc: "The guid generated was blank. Please review the trace to determine the root cause." }, invalidStateError: { code: "invalid_state", desc: "State was not the expected format. Please check the logs to determine whether the request was sent using ProtocolUtils.setRequestState()." }, stateMismatchError: { code: "state_mismatch", desc: "State mismatch error. Please check your network. Continued requests may cause cache overflow." }, stateNotFoundError: { code: "state_not_found", desc: "State not found" }, nonceMismatchError: { code: "nonce_mismatch", desc: "Nonce mismatch error. This may be caused by a race condition in concurrent requests." }, nonceNotFoundError: { code: "nonce_not_found", desc: "nonce not found" }, noTokensFoundError: { code: "no_tokens_found", desc: "No tokens were found for the given scopes, and no authorization code was passed to acquireToken. You must retrieve an authorization code before making a call to acquireToken()." }, multipleMatchingTokens: { code: "multiple_matching_tokens", desc: "The cache contains multiple tokens satisfying the requirements. " + "Call AcquireToken again providing more requirements such as authority or account." }, multipleMatchingAccounts: { code: "multiple_matching_accounts", desc: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account" }, multipleMatchingAppMetadata: { code: "multiple_matching_appMetadata", desc: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata" }, tokenRequestCannotBeMade: { code: "request_cannot_be_made", desc: "Token request cannot be made without authorization code or refresh token." }, appendEmptyScopeError: { code: "cannot_append_empty_scope", desc: "Cannot append null or empty scope to ScopeSet. Please check the stack trace for more info." }, removeEmptyScopeError: { code: "cannot_remove_empty_scope", desc: "Cannot remove null or empty scope from ScopeSet. Please check the stack trace for more info." }, appendScopeSetError: { code: "cannot_append_scopeset", desc: "Cannot append ScopeSet due to error." }, emptyInputScopeSetError: { code: "empty_input_scopeset", desc: "Empty input ScopeSet cannot be processed." }, DeviceCodePollingCancelled: { code: "device_code_polling_cancelled", desc: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true." }, DeviceCodeExpired: { code: "device_code_expired", desc: "Device code is expired." }, DeviceCodeUnknownError: { code: "device_code_unknown_error", desc: "Device code stopped polling for unknown reasons." }, NoAccountInSilentRequest: { code: "no_account_in_silent_request", desc: "Please pass an account object, silent flow is not supported without account information" }, invalidCacheRecord: { code: "invalid_cache_record", desc: "Cache record object was null or undefined." }, invalidCacheEnvironment: { code: "invalid_cache_environment", desc: "Invalid environment when attempting to create cache entry" }, noAccountFound: { code: "no_account_found", desc: "No account found in cache for given key." }, CachePluginError: { code: "no cache plugin set on CacheManager", desc: "ICachePlugin needs to be set before using readFromStorage or writeFromStorage" }, noCryptoObj: { code: "no_crypto_object", desc: "No crypto object detected. This is required for the following operation: " }, invalidCacheType: { code: "invalid_cache_type", desc: "Invalid cache type" }, unexpectedAccountType: { code: "unexpected_account_type", desc: "Unexpected account type." }, unexpectedCredentialType: { code: "unexpected_credential_type", desc: "Unexpected credential type." }, invalidAssertion: { code: "invalid_assertion", desc: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515" }, invalidClientCredential: { code: "invalid_client_credential", desc: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential" }, tokenRefreshRequired: { code: "token_refresh_required", desc: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired." }, userTimeoutReached: { code: "user_timeout_reached", desc: "User defined timeout for device code polling reached", }, tokenClaimsRequired: { code: "token_claims_cnf_required_for_signedjwt", desc: "Cannot generate a POP jwt if the token_claims are not populated" }, noAuthorizationCodeFromServer: { code: "authorization_code_missing_from_server_response", desc: "Server response does not contain an authorization code to proceed" }, noAzureRegionDetected: { code: "no_azure_region_detected", desc: "No azure region was detected and no fallback was made available" }, accessTokenEntityNullError: { code: "access_token_entity_null", desc: "Access token entity is null, please check logs and cache to ensure a valid access token is present." }, bindingKeyNotRemovedError: { code: "binding_key_not_removed", desc: "Could not remove the credential's binding key from storage." }, logoutNotSupported: { code: "end_session_endpoint_not_supported", desc: "Provided authority does not support logout." }, keyIdMissing: { code: "key_id_missing", desc: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key." } }; /** * Error thrown when there is an error in the client code running on the browser. */ var ClientAuthError = /** @class */ (function (_super) { __extends(ClientAuthError, _super); function ClientAuthError(errorCode, errorMessage) { var _this = _super.call(this, errorCode, errorMessage) || this; _this.name = "ClientAuthError"; Object.setPrototypeOf(_this, ClientAuthError.prototype); return _this; } /** * Creates an error thrown when client info object doesn't decode correctly. * @param caughtError */ ClientAuthError.createClientInfoDecodingError = function (caughtError) { return new ClientAuthError(ClientAuthErrorMessage.clientInfoDecodingError.code, ClientAuthErrorMessage.clientInfoDecodingError.desc + " Failed with error: " + caughtError); }; /** * Creates an error thrown if the client info is empty. * @param rawClientInfo */ ClientAuthError.createClientInfoEmptyError = function () { return new ClientAuthError(ClientAuthErrorMessage.clientInfoEmptyError.code, "" + ClientAuthErrorMessage.clientInfoEmptyError.desc); }; /** * Creates an error thrown when the id token extraction errors out. * @param err */ ClientAuthError.createTokenParsingError = function (caughtExtractionError) { return new ClientAuthError(ClientAuthErrorMessage.tokenParsingError.code, ClientAuthErrorMessage.tokenParsingError.desc + " Failed with error: " + caughtExtractionError); }; /** * Creates an error thrown when the id token string is null or empty. * @param invalidRawTokenString */ ClientAuthError.createTokenNullOrEmptyError = function (invalidRawTokenString) { return new ClientAuthError(ClientAuthErrorMessage.nullOrEmptyToken.code, ClientAuthErrorMessage.nullOrEmptyToken.desc + " Raw Token Value: " + invalidRawTokenString); }; /** * Creates an error thrown when the endpoint discovery doesn't complete correctly. */ ClientAuthError.createEndpointDiscoveryIncompleteError = function (errDetail) { return new ClientAuthError(ClientAuthErrorMessage.endpointResolutionError.code, ClientAuthErrorMessage.endpointResolutionError.desc + " Detail: " + errDetail); }; /** * Creates an error thrown when the fetch client throws */ ClientAuthError.createNetworkError = function (endpoint, errDetail) { return new ClientAuthError(ClientAuthErrorMessage.networkError.code, ClientAuthErrorMessage.networkError.desc + " | Fetch client threw: " + errDetail + " | Attempted to reach: " + endpoint.split("?")[0]); }; /** * Creates an error thrown when the openid-configuration endpoint cannot be reached or does not contain the required data */ ClientAuthError.createUnableToGetOpenidConfigError = function (errDetail) { return new ClientAuthError(ClientAuthErrorMessage.unableToGetOpenidConfigError.code, ClientAuthErrorMessage.unableToGetOpenidConfigError.desc + " Attempted to retrieve endpoints from: " + errDetail); }; /** * Creates an error thrown when the hash cannot be deserialized. * @param hashParamObj */ ClientAuthError.createHashNotDeserializedError = function (hashParamObj) { return new ClientAuthError(ClientAuthErrorMessage.hashNotDeserialized.code, ClientAuthErrorMessage.hashNotDeserialized.desc + " Given Object: " + hashParamObj); }; /** * Creates an error thrown when the state cannot be parsed. * @param invalidState */ ClientAuthError.createInvalidStateError = function (invalidState, errorString) { return new ClientAuthError(ClientAuthErrorMessage.invalidStateError.code, ClientAuthErrorMessage.invalidStateError.desc + " Invalid State: " + invalidState + ", Root Err: " + errorString); }; /** * Creates an error thrown when two states do not match. */ ClientAuthError.createStateMismatchError = function () { return new ClientAuthError(ClientAuthErrorMessage.stateMismatchError.code, ClientAuthErrorMessage.stateMismatchError.desc); }; /** * Creates an error thrown when the state is not present * @param missingState */ ClientAuthError.createStateNotFoundError = function (missingState) { return new ClientAuthError(ClientAuthErrorMessage.stateNotFoundError.code, ClientAuthErrorMessage.stateNotFoundError.desc + ": " + missingState); }; /** * Creates an error thrown when the nonce does not match. */ ClientAuthError.createNonceMismatchError = function () { return new ClientAuthError(ClientAuthErrorMessage.nonceMismatchError.code, ClientAuthErrorMessage.nonceMismatchError.desc); }; /** * Creates an error thrown when the mnonce is not present * @param missingNonce */ ClientAuthError.createNonceNotFoundError = function (missingNonce) { return new ClientAuthError(ClientAuthErrorMessage.nonceNotFoundError.code, ClientAuthErrorMessage.nonceNotFoundError.desc + ": " + missingNonce); }; /** * Throws error when multiple tokens are in cache. */ ClientAuthError.createMultipleMatchingTokensInCacheError = function () { return new ClientAuthError(ClientAuthErrorMessage.multipleMatchingTokens.code, ClientAuthErrorMessage.multipleMatchingTokens.desc + "."); }; /** * Throws error when multiple accounts are in cache for the given params */ ClientAuthError.createMultipleMatchingAccountsInCacheError = function () { return new ClientAuthError(ClientAuthErrorMessage.multipleMatchingAccounts.code, ClientAuthErrorMessage.multipleMatchingAccounts.desc); }; /** * Throws error when multiple appMetada are in cache for the given clientId. */ ClientAuthError.createMultipleMatchingAppMetadataInCacheError = function () { return new ClientAuthError(ClientAuthErrorMessage.multipleMatchingAppMetadata.code, ClientAuthErrorMessage.multipleMatchingAppMetadata.desc); }; /** * Throws error when no auth code or refresh token is given to ServerTokenRequestParameters. */ ClientAuthError.createTokenRequestCannotBeMadeError = function () { return new ClientAuthError(ClientAuthErrorMessage.tokenRequestCannotBeMade.code, ClientAuthErrorMessage.tokenRequestCannotBeMade.desc); }; /** * Throws error when attempting to append a null, undefined or empty scope to a set * @param givenScope */ ClientAuthError.createAppendEmptyScopeToSetError = function (givenScope) { return new ClientAuthError(ClientAuthErrorMessage.appendEmptyScopeError.code, ClientAuthErrorMessage.appendEmptyScopeError.desc + " Given Scope: " + givenScope); }; /** * Throws error when attempting to append a null, undefined or empty scope to a set * @param givenScope */ ClientAuthError.createRemoveEmptyScopeFromSetError = function (givenScope) { return new ClientAuthError(ClientAuthErrorMessage.removeEmptyScopeError.code, ClientAuthErrorMessage.removeEmptyScopeError.desc + " Given Scope: " + givenScope); }; /** * Throws error when attempting to append null or empty ScopeSet. * @param appendError */ ClientAuthError.createAppendScopeSetError = function (appendError) { return new ClientAuthError(ClientAuthErrorMessage.appendScopeSetError.code, ClientAuthErrorMessage.appendScopeSetError.desc + " Detail Error: " + appendError); }; /** * Throws error if ScopeSet is null or undefined. * @param givenScopeSet */ ClientAuthError.createEmptyInputScopeSetError = function () { return new ClientAuthError(ClientAuthErrorMessage.emptyInputScopeSetError.code, "" + ClientAuthErrorMessage.emptyInputScopeSetError.desc); }; /** * Throws error if user sets CancellationToken.cancel = true during polling of token endpoint during device code flow */ ClientAuthError.createDeviceCodeCancelledError = function () { return new ClientAuthError(ClientAuthErrorMessage.DeviceCodePollingCancelled.code, "" + ClientAuthErrorMessage.DeviceCodePollingCancelled.desc); }; /** * Throws error if device code is expired */ ClientAuthError.createDeviceCodeExpiredError = function () { return new ClientAuthError(ClientAuthErrorMessage.DeviceCodeExpired.code, "" + ClientAuthErrorMessage.DeviceCodeExpired.desc); }; /** * Throws error if device code is expired */ ClientAuthError.createDeviceCodeUnknownError = function () { return new ClientAuthError(ClientAuthErrorMessage.DeviceCodeUnknownError.code, "" + ClientAuthErrorMessage.DeviceCodeUnknownError.desc); }; /** * Throws error when silent requests are made without an account object */ ClientAuthError.createNoAccountInSilentRequestError = function () { return new ClientAuthError(ClientAuthErrorMessage.NoAccountInSilentRequest.code, "" + ClientAuthErrorMessage.NoAccountInSilentRequest.desc); }; /** * Throws error when cache record is null or undefined. */ ClientAuthError.createNullOrUndefinedCacheRecord = function () { return new ClientAuthError(ClientAuthErrorMessage.invalidCacheRecord.code, ClientAuthErrorMessage.invalidCacheRecord.desc); }; /** * Throws error when provided environment is not part of the CloudDiscoveryMetadata object */ ClientAuthError.createInvalidCacheEnvironmentError = function () { return new ClientAuthError(ClientAuthErrorMessage.invalidCacheEnvironment.code, ClientAuthErrorMessage.invalidCacheEnvironment.desc); }; /** * Throws error when account is not found in cache. */ ClientAuthError.createNoAccountFoundError = function () { return new ClientAuthError(ClientAuthErrorMessage.noAccountFound.code, ClientAuthErrorMessage.noAccountFound.desc); }; /** * Throws error if ICachePlugin not set on CacheManager. */ ClientAuthError.createCachePluginError = function () { return new ClientAuthError(ClientAuthErrorMessage.CachePluginError.code, "" + ClientAuthErrorMessage.CachePluginError.desc); }; /** * Throws error if crypto object not found. * @param operationName */ ClientAuthError.createNoCryptoObjectError = function (operationName) { return new ClientAuthError(ClientAuthErrorMessage.noCryptoObj.code, "" + ClientAuthErrorMessage.noCryptoObj.desc + operationName); }; /** * Throws error if cache type is invalid. */ ClientAuthError.createInvalidCacheTypeError = function () { return new ClientAuthError(ClientAuthErrorMessage.invalidCacheType.code, "" + ClientAuthErrorMessage.invalidCacheType.desc); }; /** * Throws error if unexpected account type. */ ClientAuthError.createUnexpectedAccountTypeError = function () { return new ClientAuthError(ClientAuthErrorMessage.unexpectedAccountType.code, "" + ClientAuthErrorMessage.unexpectedAccountType.desc); }; /** * Throws error if unexpected credential ty