@azure/msal-browser

/* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ import { CustomAuthInteractionClientBase } from "../CustomAuthInteractionClientBase.js"; import { JitChallengeAuthMethodParams, JitSubmitChallengeParams, } from "./parameter/JitParams.js"; import { JitVerificationRequiredResult, JitCompletedResult, createJitVerificationRequiredResult, createJitCompletedResult, } from "./result/JitActionResult.js"; import { DefaultCustomAuthApiCodeLength, ChallengeType, GrantType, } from "../../../CustomAuthConstants.js"; import * as PublicApiId from "../../telemetry/PublicApiId.js"; import { RegisterChallengeRequest, RegisterContinueRequest, SignInContinuationTokenRequest, } from "../../network_client/custom_auth_api/types/ApiRequestTypes.js"; import { initializeServerTelemetryManager } from "../../../../interaction_client/BaseInteractionClient.js"; /** * JIT client for handling just-in-time authentication method registration flows. */ export class JitClient extends CustomAuthInteractionClientBase { /** * Challenges an authentication method for JIT registration. * @param parameters The parameters for challenging the auth method. * @returns Promise that resolves to either JitVerificationRequiredResult or JitCompletedResult. */ async challengeAuthMethod( parameters: JitChallengeAuthMethodParams ): Promise<JitVerificationRequiredResult | JitCompletedResult> { const correlationId = parameters.correlationId || this.correlationId; const apiId = PublicApiId.JIT_CHALLENGE_AUTH_METHOD; const telemetryManager = initializeServerTelemetryManager( apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger ); this.logger.verbose( "Calling challenge endpoint for getting auth method.", correlationId ); const challengeReq: RegisterChallengeRequest = { continuation_token: parameters.continuationToken, challenge_type: parameters.authMethod.challenge_type, challenge_target: parameters.verificationContact, challenge_channel: parameters.authMethod.challenge_channel, correlationId: correlationId, telemetryManager: telemetryManager, }; const challengeResponse = await this.customAuthApiClient.registerApi.challenge(challengeReq); this.logger.verbose( "Challenge endpoint called for auth method registration.", challengeResponse.correlation_id || correlationId ); /* * Handle fast-pass scenario (preverified) * This occurs when the user selects the same email used during sign-up * Since the email was already verified during sign-up, no additional verification is needed */ if (challengeResponse.challenge_type === ChallengeType.PREVERIFIED) { this.logger.verbose( "Fast-pass scenario detected - completing registration without additional verification.", challengeResponse.correlation_id || correlationId ); // Use submitChallenge for fast-pass scenario with continuation_token grant type const fastPassParams: JitSubmitChallengeParams = { correlationId: challengeResponse.correlation_id || correlationId, continuationToken: challengeResponse.continuation_token, grantType: GrantType.CONTINUATION_TOKEN, scopes: parameters.scopes, username: parameters.username, claims: parameters.claims, }; const completedResult = await this.submitChallenge(fastPassParams); return completedResult; } // Verification required return createJitVerificationRequiredResult({ correlationId: challengeResponse.correlation_id || correlationId, continuationToken: challengeResponse.continuation_token, challengeChannel: challengeResponse.challenge_channel, challengeTargetLabel: challengeResponse.challenge_target, codeLength: challengeResponse.code_length || DefaultCustomAuthApiCodeLength, }); } /** * Submits challenge response and completes JIT registration. * @param parameters The parameters for submitting the challenge. * @returns Promise that resolves to JitCompletedResult. */ async submitChallenge( parameters: JitSubmitChallengeParams ): Promise<JitCompletedResult> { const correlationId = parameters.correlationId || this.correlationId; const apiId = PublicApiId.JIT_SUBMIT_CHALLENGE; const telemetryManager = initializeServerTelemetryManager( apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger ); this.logger.verbose( "Calling continue endpoint for auth method challenge submission.", correlationId ); // Submit challenge to complete registration const continueReq: RegisterContinueRequest = { continuation_token: parameters.continuationToken, grant_type: parameters.grantType, ...(parameters.challenge && { oob: parameters.challenge, }), correlationId: correlationId, telemetryManager: telemetryManager, }; const continueResponse = await this.customAuthApiClient.registerApi.continue(continueReq); this.logger.verbose( "Continue endpoint called for auth method challenge submission.", parameters.correlationId ); // Use continuation token to get authentication tokens const scopes = this.getScopes(parameters.scopes); const tokenRequest: SignInContinuationTokenRequest = { continuation_token: continueResponse.continuation_token, scope: scopes.join(" "), correlationId: continueResponse.correlation_id || correlationId, telemetryManager: telemetryManager, ...(parameters.claims && { claims: parameters.claims, }), }; const tokenResponse = await this.customAuthApiClient.signInApi.requestTokenWithContinuationToken( tokenRequest ); const authResult = await this.handleTokenResponse( tokenResponse, scopes, tokenResponse.correlation_id || continueResponse.correlation_id || correlationId, apiId ); return createJitCompletedResult({ correlationId: continueResponse.correlation_id || correlationId, authenticationResult: authResult, }); } }