UNPKG

@azure/msal-browser

Version:

Microsoft Authentication Library for js

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

380 lines (377 loc) 16.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
/*! @azure/msal-browser v4.12.0 2025-05-06 */ 'use strict'; import { createV3Controller } from '../controllers/ControllerFactory.mjs'; import { StandardController } from '../controllers/StandardController.mjs'; import { StandardOperatingContext } from '../operatingcontext/StandardOperatingContext.mjs'; import { NestedAppAuthController } from '../controllers/NestedAppAuthController.mjs'; import { NestedAppOperatingContext } from '../operatingcontext/NestedAppOperatingContext.mjs'; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications * to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification. */ class PublicClientApplication { /** * Creates StandardController and passes it to the PublicClientApplication * * @param configuration {Configuration} */ static async createPublicClientApplication(configuration) { const controller = await createV3Controller(configuration); const pca = new PublicClientApplication(configuration, controller); return pca; } /** * @constructor * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object * * Important attributes in the Configuration object for auth are: * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview * - authority: the authority URL for your application. * - redirect_uri: the uri of your application registered in the portal. * * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here} * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. * * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/ * Full B2C functionality will be available in this library in future versions. * * @param configuration Object for the MSAL PublicClientApplication instance * @param IController Optional parameter to explictly set the controller. (Will be removed when we remove public constructor) */ constructor(configuration, controller) { this.isBroker = false; this.controller = controller || new StandardController(new StandardOperatingContext(configuration)); } /** * Initializer function to perform async startup tasks such as connecting to WAM extension * @param request {?InitializeApplicationRequest} */ async initialize(request) { return this.controller.initialize(request, this.isBroker); } /** * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser * * @param request * * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ async acquireTokenPopup(request) { return this.controller.acquireTokenPopup(request); } /** * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects * the page, so any code that follows this function will not execute. * * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. * * @param request */ acquireTokenRedirect(request) { return this.controller.acquireTokenRedirect(request); } /** * Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made. * * @param {@link (SilentRequest:type)} * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthenticationResult} object */ acquireTokenSilent(silentRequest) { return this.controller.acquireTokenSilent(silentRequest); } /** * This function redeems an authorization code (passed as code) from the eSTS token endpoint. * This authorization code should be acquired server-side using a confidential client to acquire a spa_code. * This API is not indended for normal authorization code acquisition and redemption. * * Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client. * * @param request {@link AuthorizationCodeRequest} * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ acquireTokenByCode(request) { return this.controller.acquireTokenByCode(request); } /** * Adds event callbacks to array * @param callback * @param eventTypes */ addEventCallback(callback, eventTypes) { return this.controller.addEventCallback(callback, eventTypes); } /** * Removes callback with provided id from callback array * @param callbackId */ removeEventCallback(callbackId) { return this.controller.removeEventCallback(callbackId); } /** * Registers a callback to receive performance events. * * @param {PerformanceCallbackFunction} callback * @returns {string} */ addPerformanceCallback(callback) { return this.controller.addPerformanceCallback(callback); } /** * Removes a callback registered with addPerformanceCallback. * * @param {string} callbackId * @returns {boolean} */ removePerformanceCallback(callbackId) { return this.controller.removePerformanceCallback(callbackId); } /** * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window */ enableAccountStorageEvents() { this.controller.enableAccountStorageEvents(); } /** * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window */ disableAccountStorageEvents() { this.controller.disableAccountStorageEvents(); } /** * Returns the first account found in the cache that matches the account filter passed in. * @param accountFilter * @returns The first account found in the cache matching the provided filter or null if no account could be found. */ getAccount(accountFilter) { return this.controller.getAccount(accountFilter); } /** * Returns the signed in account matching homeAccountId. * (the account object is created at the time of successful login) * or null when no matching account is found * @param homeAccountId * @returns The account object stored in MSAL * @deprecated - Use getAccount instead */ getAccountByHomeId(homeAccountId) { return this.controller.getAccountByHomeId(homeAccountId); } /** * Returns the signed in account matching localAccountId. * (the account object is created at the time of successful login) * or null when no matching account is found * @param localAccountId * @returns The account object stored in MSAL * @deprecated - Use getAccount instead */ getAccountByLocalId(localId) { return this.controller.getAccountByLocalId(localId); } /** * Returns the signed in account matching username. * (the account object is created at the time of successful login) * or null when no matching account is found. * This API is provided for convenience but getAccountById should be used for best reliability * @param userName * @returns The account object stored in MSAL * @deprecated - Use getAccount instead */ getAccountByUsername(userName) { return this.controller.getAccountByUsername(userName); } /** * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. * @param accountFilter - (Optional) filter to narrow down the accounts returned * @returns Array of AccountInfo objects in cache */ getAllAccounts(accountFilter) { return this.controller.getAllAccounts(accountFilter); } /** * Event handler function which allows users to fire events after the PublicClientApplication object * has loaded during redirect flows. This should be invoked on all page loads involved in redirect * auth flows. * @param hash Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value. * @returns Token response or null. If the return value is null, then no auth redirect was detected. */ handleRedirectPromise(hash) { return this.controller.handleRedirectPromise(hash); } /** * Use when initiating the login process via opening a popup window in the user's browser * * @param request * * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ loginPopup(request) { return this.controller.loginPopup(request); } /** * Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so * any code that follows this function will not execute. * * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. * * @param request */ loginRedirect(request) { return this.controller.loginRedirect(request); } /** * Deprecated logout function. Use logoutRedirect or logoutPopup instead * @param logoutRequest * @deprecated */ logout(logoutRequest) { return this.controller.logout(logoutRequest); } /** * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. * Default behaviour is to redirect the user to `window.location.href`. * @param logoutRequest */ logoutRedirect(logoutRequest) { return this.controller.logoutRedirect(logoutRequest); } /** * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server * @param logoutRequest */ logoutPopup(logoutRequest) { return this.controller.logoutPopup(logoutRequest); } /** * This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work: * - Any browser using a form of Intelligent Tracking Prevention * - If there is not an established session with the service * * In these cases, the request must be done inside a popup or full frame redirect. * * For the cases where interaction is required, you cannot send a request with prompt=none. * * If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as * you session on the server still exists. * @param request {@link SsoSilentRequest} * * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised. */ ssoSilent(request) { return this.controller.ssoSilent(request); } /** * Gets the token cache for the application. */ getTokenCache() { return this.controller.getTokenCache(); } /** * Returns the logger instance */ getLogger() { return this.controller.getLogger(); } /** * Replaces the default logger set in configurations with new Logger with new configurations * @param logger Logger instance */ setLogger(logger) { this.controller.setLogger(logger); } /** * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. * @param account */ setActiveAccount(account) { this.controller.setActiveAccount(account); } /** * Gets the currently active account */ getActiveAccount() { return this.controller.getActiveAccount(); } /** * Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc. * @param sku * @param version */ initializeWrapperLibrary(sku, version) { return this.controller.initializeWrapperLibrary(sku, version); } /** * Sets navigation client * @param navigationClient */ setNavigationClient(navigationClient) { this.controller.setNavigationClient(navigationClient); } /** * Returns the configuration object * @internal */ getConfiguration() { return this.controller.getConfiguration(); } /** * Hydrates cache with the tokens and account in the AuthenticationResult object * @param result * @param request - The request object that was used to obtain the AuthenticationResult * @returns */ async hydrateCache(result, request) { return this.controller.hydrateCache(result, request); } /** * Clears tokens and account from the browser cache. * @param logoutRequest */ clearCache(logoutRequest) { return this.controller.clearCache(logoutRequest); } } /** * creates NestedAppAuthController and passes it to the PublicClientApplication, * falls back to StandardController if NestedAppAuthController is not available * * @param configuration * @returns IPublicClientApplication * */ async function createNestablePublicClientApplication(configuration) { const nestedAppAuth = new NestedAppOperatingContext(configuration); await nestedAppAuth.initialize(); if (nestedAppAuth.isAvailable()) { const controller = new NestedAppAuthController(nestedAppAuth); const nestablePCA = new PublicClientApplication(configuration, controller); await nestablePCA.initialize(); return nestablePCA; } return createStandardPublicClientApplication(configuration); } /** * creates PublicClientApplication using StandardController * * @param configuration * @returns IPublicClientApplication * */ async function createStandardPublicClientApplication(configuration) { const pca = new PublicClientApplication(configuration); await pca.initialize(); return pca; } export { PublicClientApplication, createNestablePublicClientApplication, createStandardPublicClientApplication }; //# sourceMappingURL=PublicClientApplication.mjs.map