UNPKG

@azure/msal-common

Version:

Microsoft Authentication Library for js

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

99 lines (96 loc) 2.44 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
/* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Type which describes Id Token claims known by MSAL. */ export type TokenClaims = { /** * Audience */ aud?: string; /** * Issuer */ iss?: string; /** * Issued at */ iat?: number; /** * Not valid before */ nbf?: number; /** * Immutable object identifier, this ID uniquely identifies the user across applications */ oid?: string; /** * Immutable subject identifier, this is a pairwise identifier - it is unique to a particular application ID */ sub?: string; /** * Users' tenant or '9188040d-6c67-4c5b-b112-36a304b66dad' for personal accounts. */ tid?: string; /** * Trusted Framework Policy (B2C) The name of the policy that was used to acquire the ID token. */ tfp?: string; /** * Authentication Context Class Reference (B2C) Used only with older policies. */ acr?: string; ver?: string; upn?: string; preferred_username?: string; login_hint?: string; emails?: string[]; name?: string; nonce?: string; /** * Expiration */ exp?: number; home_oid?: string; sid?: string; cloud_instance_host_name?: string; cnf?: { kid: string; }; x5c_ca?: string[]; ts?: number; at?: string; u?: string; p?: string; m?: string; roles?: string[]; amr?: string[]; idp?: string; auth_time?: number; /** * Region of the resource tenant */ tenant_region_scope?: string; tenant_region_sub_scope?: string; }; /** * Gets tenantId from available ID token claims to set as credential realm with the following precedence: * 1. tid - if the token is acquired from an Azure AD tenant tid will be present * 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present * 3. acr - if the token is acquired from a legacy B2C tenant acr should be present * Downcased to match the realm case-insensitive comparison requirements * @param idTokenClaims * @returns */ export function getTenantIdFromIdTokenClaims( idTokenClaims?: TokenClaims ): string | null { if (idTokenClaims) { const tenantId = idTokenClaims.tid || idTokenClaims.tfp || idTokenClaims.acr; return tenantId || null; } return null; }