@azure/msal-browser/dist/custom_auth/core/interaction_client/jit/JitClient.mjs

Microsoft Authentication Library for js

/*! @azure/msal-browser v5.10.1 2026-05-11 */
'use strict';
import { CustomAuthInteractionClientBase } from '../CustomAuthInteractionClientBase.mjs';
import { createJitVerificationRequiredResult, createJitCompletedResult } from './result/JitActionResult.mjs';
import { ChallengeType, GrantType, DefaultCustomAuthApiCodeLength } from '../../../CustomAuthConstants.mjs';
import { JIT_SUBMIT_CHALLENGE, JIT_CHALLENGE_AUTH_METHOD } from '../../telemetry/PublicApiId.mjs';
import { initializeServerTelemetryManager } from '../../../../interaction_client/BaseInteractionClient.mjs';

/*
 * Copyright (c) Microsoft Corporation. All rights reserved.
 * Licensed under the MIT License.
 */
/**
 * JIT client for handling just-in-time authentication method registration flows.
 */
class JitClient extends CustomAuthInteractionClientBase {
    /**
     * Challenges an authentication method for JIT registration.
     * @param parameters The parameters for challenging the auth method.
     * @returns Promise that resolves to either JitVerificationRequiredResult or JitCompletedResult.
     */
    async challengeAuthMethod(parameters) {
        const correlationId = parameters.correlationId || this.correlationId;
        const apiId = JIT_CHALLENGE_AUTH_METHOD;
        const telemetryManager = initializeServerTelemetryManager(apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger);
        this.logger.verbose("1kxcgm", correlationId);
        const challengeReq = {
            continuation_token: parameters.continuationToken,
            challenge_type: parameters.authMethod.challenge_type,
            challenge_target: parameters.verificationContact,
            challenge_channel: parameters.authMethod.challenge_channel,
            correlationId: correlationId,
            telemetryManager: telemetryManager,
        };
        const challengeResponse = await this.customAuthApiClient.registerApi.challenge(challengeReq);
        this.logger.verbose("07vc8z", challengeResponse.correlation_id || correlationId);
        /*
         * Handle fast-pass scenario (preverified)
         * This occurs when the user selects the same email used during sign-up
         * Since the email was already verified during sign-up, no additional verification is needed
         */
        if (challengeResponse.challenge_type === ChallengeType.PREVERIFIED) {
            this.logger.verbose("0tmt75", challengeResponse.correlation_id || correlationId);
            // Use submitChallenge for fast-pass scenario with continuation_token grant type
            const fastPassParams = {
                correlationId: challengeResponse.correlation_id || correlationId,
                continuationToken: challengeResponse.continuation_token,
                grantType: GrantType.CONTINUATION_TOKEN,
                scopes: parameters.scopes,
                username: parameters.username,
                claims: parameters.claims,
            };
            const completedResult = await this.submitChallenge(fastPassParams);
            return completedResult;
        }
        // Verification required
        return createJitVerificationRequiredResult({
            correlationId: challengeResponse.correlation_id || correlationId,
            continuationToken: challengeResponse.continuation_token,
            challengeChannel: challengeResponse.challenge_channel,
            challengeTargetLabel: challengeResponse.challenge_target,
            codeLength: challengeResponse.code_length || DefaultCustomAuthApiCodeLength,
        });
    }
    /**
     * Submits challenge response and completes JIT registration.
     * @param parameters The parameters for submitting the challenge.
     * @returns Promise that resolves to JitCompletedResult.
     */
    async submitChallenge(parameters) {
        const correlationId = parameters.correlationId || this.correlationId;
        const apiId = JIT_SUBMIT_CHALLENGE;
        const telemetryManager = initializeServerTelemetryManager(apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger);
        this.logger.verbose("1l3zg1", correlationId);
        // Submit challenge to complete registration
        const continueReq = {
            continuation_token: parameters.continuationToken,
            grant_type: parameters.grantType,
            ...(parameters.challenge && {
                oob: parameters.challenge,
            }),
            correlationId: correlationId,
            telemetryManager: telemetryManager,
        };
        const continueResponse = await this.customAuthApiClient.registerApi.continue(continueReq);
        this.logger.verbose("10bc4x", parameters.correlationId);
        // Use continuation token to get authentication tokens
        const scopes = this.getScopes(parameters.scopes);
        const tokenRequest = {
            continuation_token: continueResponse.continuation_token,
            scope: scopes.join(" "),
            correlationId: continueResponse.correlation_id || correlationId,
            telemetryManager: telemetryManager,
            ...(parameters.claims && {
                claims: parameters.claims,
            }),
        };
        const tokenResponse = await this.customAuthApiClient.signInApi.requestTokenWithContinuationToken(tokenRequest);
        const authResult = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id ||
            continueResponse.correlation_id ||
            correlationId, apiId);
        return createJitCompletedResult({
            correlationId: continueResponse.correlation_id || correlationId,
            authenticationResult: authResult,
        });
    }
}

export { JitClient };
//# sourceMappingURL=JitClient.mjs.map