UNPKG

@azure/msal-common

Version:

Microsoft Authentication Library for js

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

1,336 lines (1,311 loc) • 325 kB

JavaScript

/*! @azure/msal-common v16.6.2 2026-05-19 */ 'use strict'; 'use strict'; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * AuthErrorMessage class containing string constants used by error codes and messages. */ const unexpectedError = "unexpected_error"; const postRequestFailed = "post_request_failed"; var AuthErrorCodes = /*#__PURE__*/Object.freeze({ __proto__: null, postRequestFailed: postRequestFailed, unexpectedError: unexpectedError }); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ function getDefaultErrorMessage(code) { return `See https://aka.ms/msal.js.errors#${code} for details`; } /** * General error class thrown by the MSAL.js library. */ class AuthError extends Error { constructor(errorCode, errorMessage, suberror) { const message = errorMessage || (errorCode ? getDefaultErrorMessage(errorCode) : ""); const errorString = message ? `${errorCode}: ${message}` : errorCode; super(errorString); Object.setPrototypeOf(this, AuthError.prototype); this.errorCode = errorCode || ""; this.errorMessage = message || ""; this.subError = suberror || ""; this.name = "AuthError"; } setCorrelationId(correlationId) { this.correlationId = correlationId; } } function createAuthError(code, additionalMessage) { return new AuthError(code, additionalMessage || getDefaultErrorMessage(code)); } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ const clientInfoDecodingError = "client_info_decoding_error"; const clientInfoEmptyError = "client_info_empty_error"; const tokenParsingError = "token_parsing_error"; const nullOrEmptyToken = "null_or_empty_token"; const endpointResolutionError = "endpoints_resolution_error"; const networkError = "network_error"; const openIdConfigError = "openid_config_error"; const hashNotDeserialized = "hash_not_deserialized"; const invalidState = "invalid_state"; const stateMismatch = "state_mismatch"; const stateNotFound = "state_not_found"; const nonceMismatch = "nonce_mismatch"; const authTimeNotFound = "auth_time_not_found"; const maxAgeTranspired = "max_age_transpired"; const multipleMatchingTokens = "multiple_matching_tokens"; const multipleMatchingAppMetadata = "multiple_matching_appMetadata"; const requestCannotBeMade = "request_cannot_be_made"; const cannotRemoveEmptyScope = "cannot_remove_empty_scope"; const cannotAppendScopeSet = "cannot_append_scopeset"; const emptyInputScopeSet = "empty_input_scopeset"; const noAccountInSilentRequest = "no_account_in_silent_request"; const invalidCacheRecord = "invalid_cache_record"; const invalidCacheEnvironment = "invalid_cache_environment"; const noAccountFound = "no_account_found"; const noCryptoObject = "no_crypto_object"; const unexpectedCredentialType = "unexpected_credential_type"; const tokenRefreshRequired = "token_refresh_required"; const tokenClaimsCnfRequiredForSignedJwt = "token_claims_cnf_required_for_signedjwt"; const authorizationCodeMissingFromServerResponse = "authorization_code_missing_from_server_response"; const bindingKeyNotRemoved = "binding_key_not_removed"; const endSessionEndpointNotSupported = "end_session_endpoint_not_supported"; const keyIdMissing = "key_id_missing"; const noNetworkConnectivity = "no_network_connectivity"; const userCanceled = "user_canceled"; const methodNotImplemented = "method_not_implemented"; const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled"; const platformBrokerError = "platform_broker_error"; const resourceParameterRequired = "resource_parameter_required"; const misplacedResourceParam = "misplaced_resource_parameter"; var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({ __proto__: null, authTimeNotFound: authTimeNotFound, authorizationCodeMissingFromServerResponse: authorizationCodeMissingFromServerResponse, bindingKeyNotRemoved: bindingKeyNotRemoved, cannotAppendScopeSet: cannotAppendScopeSet, cannotRemoveEmptyScope: cannotRemoveEmptyScope, clientInfoDecodingError: clientInfoDecodingError, clientInfoEmptyError: clientInfoEmptyError, emptyInputScopeSet: emptyInputScopeSet, endSessionEndpointNotSupported: endSessionEndpointNotSupported, endpointResolutionError: endpointResolutionError, hashNotDeserialized: hashNotDeserialized, invalidCacheEnvironment: invalidCacheEnvironment, invalidCacheRecord: invalidCacheRecord, invalidState: invalidState, keyIdMissing: keyIdMissing, maxAgeTranspired: maxAgeTranspired, methodNotImplemented: methodNotImplemented, misplacedResourceParam: misplacedResourceParam, multipleMatchingAppMetadata: multipleMatchingAppMetadata, multipleMatchingTokens: multipleMatchingTokens, nestedAppAuthBridgeDisabled: nestedAppAuthBridgeDisabled, networkError: networkError, noAccountFound: noAccountFound, noAccountInSilentRequest: noAccountInSilentRequest, noCryptoObject: noCryptoObject, noNetworkConnectivity: noNetworkConnectivity, nonceMismatch: nonceMismatch, nullOrEmptyToken: nullOrEmptyToken, openIdConfigError: openIdConfigError, platformBrokerError: platformBrokerError, requestCannotBeMade: requestCannotBeMade, resourceParameterRequired: resourceParameterRequired, stateMismatch: stateMismatch, stateNotFound: stateNotFound, tokenClaimsCnfRequiredForSignedJwt: tokenClaimsCnfRequiredForSignedJwt, tokenParsingError: tokenParsingError, tokenRefreshRequired: tokenRefreshRequired, unexpectedCredentialType: unexpectedCredentialType, userCanceled: userCanceled }); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * ClientAuthErrorMessage class containing string constants used by error codes and messages. */ /** * Error thrown when there is an error in the client code running on the browser. */ class ClientAuthError extends AuthError { constructor(errorCode, additionalMessage) { super(errorCode, additionalMessage); this.name = "ClientAuthError"; Object.setPrototypeOf(this, ClientAuthError.prototype); } } function createClientAuthError(errorCode, additionalMessage) { return new ClientAuthError(errorCode, additionalMessage); } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Extract token by decoding the rawToken * * @param encodedToken */ function extractTokenClaims(encodedToken, base64Decode) { const jswPayload = getJWSPayload(encodedToken); // token will be decoded to get the username try { // base64Decode() should throw an error if there is an issue const base64Decoded = base64Decode(jswPayload); return JSON.parse(base64Decoded); } catch (err) { throw createClientAuthError(tokenParsingError); } } /** * Check if the signin_state claim contains "kmsi" * @param idTokenClaims * @returns */ function isKmsi(idTokenClaims) { if (!idTokenClaims.signin_state) { return false; } /** * Signin_state claim known values: * dvc_mngd - device is managed * dvc_dmjd - device is domain joined * kmsi - user opted to "keep me signed in" * inknownntwk - Request made inside a known network. Don't use this, use CAE instead. */ const kmsiClaims = ["kmsi", "dvc_dmjd"]; // There are some cases where kmsi may not be returned but persistent storage is still OK - allow dvc_dmjd as well return idTokenClaims.signin_state.some((value) => kmsiClaims.includes(value.trim().toLowerCase())); } /** * decode a JWT * * @param authToken */ function getJWSPayload(authToken) { if (!authToken) { throw createClientAuthError(nullOrEmptyToken); } const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/; const matches = tokenPartsRegex.exec(authToken); if (!matches || matches.length < 4) { throw createClientAuthError(tokenParsingError); } /** * const crackedToken = { * header: matches[1], * JWSPayload: matches[2], * JWSSig: matches[3], * }; */ return matches[2]; } /** * Determine if the token's max_age has transpired */ function checkMaxAge(authTime, maxAge) { /* * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access, * provide a value of 0 for the max_age parameter and the AS will force a fresh login. */ const fiveMinuteSkew = 300000; // five minutes in milliseconds if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) { throw createClientAuthError(maxAgeTranspired); } } var AuthToken = /*#__PURE__*/Object.freeze({ __proto__: null, checkMaxAge: checkMaxAge, extractTokenClaims: extractTokenClaims, getJWSPayload: getJWSPayload, isKmsi: isKmsi }); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Authority types supported by MSAL. */ const AuthorityType = { Default: 0, Adfs: 1, Dsts: 2, Ciam: 3, }; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ function isOpenIdConfigResponse(response) { return (response.hasOwnProperty("authorization_endpoint") && response.hasOwnProperty("token_endpoint") && response.hasOwnProperty("issuer") && response.hasOwnProperty("jwks_uri")); } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ const redirectUriEmpty = "redirect_uri_empty"; const claimsRequestParsingError = "claims_request_parsing_error"; const authorityUriInsecure = "authority_uri_insecure"; const urlParseError = "url_parse_error"; const urlEmptyError = "empty_url_error"; const emptyInputScopesError = "empty_input_scopes_error"; const invalidClaims = "invalid_claims"; const tokenRequestEmpty = "token_request_empty"; const logoutRequestEmpty = "logout_request_empty"; const invalidCodeChallengeMethod = "invalid_code_challenge_method"; const pkceParamsMissing = "pkce_params_missing"; const invalidCloudDiscoveryMetadata = "invalid_cloud_discovery_metadata"; const invalidAuthorityMetadata = "invalid_authority_metadata"; const untrustedAuthority = "untrusted_authority"; const missingSshJwk = "missing_ssh_jwk"; const missingSshKid = "missing_ssh_kid"; const missingNonceAuthenticationHeader = "missing_nonce_authentication_header"; const invalidAuthenticationHeader = "invalid_authentication_header"; const cannotSetOIDCOptions = "cannot_set_OIDCOptions"; const cannotAllowPlatformBroker = "cannot_allow_platform_broker"; const authorityMismatch = "authority_mismatch"; const invalidRequestMethodForEAR = "invalid_request_method_for_EAR"; const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration"; const issuerValidationFailed = "issuer_validation_failed"; var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({ __proto__: null, authorityMismatch: authorityMismatch, authorityUriInsecure: authorityUriInsecure, cannotAllowPlatformBroker: cannotAllowPlatformBroker, cannotSetOIDCOptions: cannotSetOIDCOptions, claimsRequestParsingError: claimsRequestParsingError, emptyInputScopesError: emptyInputScopesError, invalidAuthenticationHeader: invalidAuthenticationHeader, invalidAuthorityMetadata: invalidAuthorityMetadata, invalidClaims: invalidClaims, invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata, invalidCodeChallengeMethod: invalidCodeChallengeMethod, invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration, invalidRequestMethodForEAR: invalidRequestMethodForEAR, issuerValidationFailed: issuerValidationFailed, logoutRequestEmpty: logoutRequestEmpty, missingNonceAuthenticationHeader: missingNonceAuthenticationHeader, missingSshJwk: missingSshJwk, missingSshKid: missingSshKid, pkceParamsMissing: pkceParamsMissing, redirectUriEmpty: redirectUriEmpty, tokenRequestEmpty: tokenRequestEmpty, untrustedAuthority: untrustedAuthority, urlEmptyError: urlEmptyError, urlParseError: urlParseError }); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Error thrown when there is an error in configuration of the MSAL.js library. */ class ClientConfigurationError extends AuthError { constructor(errorCode) { super(errorCode); this.name = "ClientConfigurationError"; Object.setPrototypeOf(this, ClientConfigurationError.prototype); } } function createClientConfigurationError(errorCode) { return new ClientConfigurationError(errorCode); } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * @hidden */ class StringUtils { /** * Check if stringified object is empty * @param strObj */ static isEmptyObj(strObj) { if (strObj) { try { const obj = JSON.parse(strObj); return Object.keys(obj).length === 0; } catch (e) { } } return true; } static startsWith(str, search) { return str.indexOf(search) === 0; } static endsWith(str, search) { return (str.length >= search.length && str.lastIndexOf(search) === str.length - search.length); } /** * Parses string into an object. * * @param query */ static queryStringToObject(query) { const obj = {}; const params = query.split("&"); const decode = (s) => decodeURIComponent(s.replace(/\+/g, " ")); params.forEach((pair) => { if (pair.trim()) { const [key, value] = pair.split(/=(.+)/g, 2); // Split on the first occurence of the '=' character if (key && value) { obj[decode(key)] = decode(value); } } }); return obj; } /** * Trims entries in an array. * * @param arr */ static trimArrayEntries(arr) { return arr.map((entry) => entry.trim()); } /** * Removes empty strings from array * @param arr */ static removeEmptyStringsFromArray(arr) { return arr.filter((entry) => { return !!entry; }); } /** * Attempts to parse a string into JSON * @param str */ static jsonParseHelper(str) { try { return JSON.parse(str); } catch (e) { return null; } } } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ const SKU = "msal.js.common"; // default authority const DEFAULT_AUTHORITY = "https://login.microsoftonline.com/common/"; const DEFAULT_AUTHORITY_HOST = "login.microsoftonline.com"; const DEFAULT_COMMON_TENANT = "common"; // ADFS String const ADFS = "adfs"; const DSTS = "dstsv2"; // Default AAD Instance Discovery Endpoint const AAD_INSTANCE_DISCOVERY_ENDPT = `${DEFAULT_AUTHORITY}discovery/instance?api-version=1.1&authorization_endpoint=`; // CIAM URL const CIAM_AUTH_URL = ".ciamlogin.com"; const AAD_TENANT_DOMAIN_SUFFIX = ".onmicrosoft.com"; // Resource delimiter - used for certain cache entries const RESOURCE_DELIM = "|"; // Consumer UTID const CONSUMER_UTID = "9188040d-6c67-4c5b-b112-36a304b66dad"; // Default scopes const OPENID_SCOPE = "openid"; const PROFILE_SCOPE = "profile"; const OFFLINE_ACCESS_SCOPE = "offline_access"; const EMAIL_SCOPE = "email"; const CODE_GRANT_TYPE = "authorization_code"; const S256_CODE_CHALLENGE_METHOD = "S256"; const URL_FORM_CONTENT_TYPE = "application/x-www-form-urlencoded;charset=utf-8"; const AUTHORIZATION_PENDING = "authorization_pending"; const NOT_APPLICABLE = "N/A"; const NOT_AVAILABLE = "Not Available"; const FORWARD_SLASH = "/"; const IMDS_ENDPOINT = "http://169.254.169.254/metadata/instance/compute/location"; const IMDS_VERSION = "2020-06-01"; const IMDS_TIMEOUT = 2000; const AZURE_REGION_AUTO_DISCOVER_FLAG = "TryAutoDetect"; const REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = "login.microsoft.com"; const KNOWN_PUBLIC_CLOUDS = [ "login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net", ]; const SHR_NONCE_VALIDITY = 240; const INVALID_INSTANCE = "invalid_instance"; const HTTP_SUCCESS = 200; const HTTP_SUCCESS_RANGE_START = 200; const HTTP_SUCCESS_RANGE_END = 299; const HTTP_REDIRECT = 302; const HTTP_CLIENT_ERROR = 400; const HTTP_CLIENT_ERROR_RANGE_START = 400; const HTTP_BAD_REQUEST = 400; const HTTP_UNAUTHORIZED = 401; const HTTP_NOT_FOUND = 404; const HTTP_REQUEST_TIMEOUT = 408; const HTTP_GONE = 410; const HTTP_TOO_MANY_REQUESTS = 429; const HTTP_CLIENT_ERROR_RANGE_END = 499; const HTTP_SERVER_ERROR = 500; const HTTP_SERVER_ERROR_RANGE_START = 500; const HTTP_SERVICE_UNAVAILABLE = 503; const HTTP_GATEWAY_TIMEOUT = 504; const HTTP_SERVER_ERROR_RANGE_END = 599; const HTTP_MULTI_SIDED_ERROR = 600; const HttpMethod = { GET: "GET", POST: "POST", }; const OIDC_DEFAULT_SCOPES = [ OPENID_SCOPE, PROFILE_SCOPE, OFFLINE_ACCESS_SCOPE, ]; const OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, EMAIL_SCOPE]; /** * Request header names */ const HeaderNames = { CONTENT_TYPE: "Content-Type", CONTENT_LENGTH: "Content-Length", RETRY_AFTER: "Retry-After", CCS_HEADER: "X-AnchorMailbox", WWWAuthenticate: "WWW-Authenticate", AuthenticationInfo: "Authentication-Info", X_MS_REQUEST_ID: "x-ms-request-id", X_MS_HTTP_VERSION: "x-ms-httpver", }; /** * Persistent cache keys MSAL which stay while user is logged in. */ const PersistentCacheKeys = { ACTIVE_ACCOUNT_FILTERS: "active-account-filters", // new cache entry for active_account for a more robust version for browser }; /** * String constants related to AAD Authority */ const AADAuthority = { COMMON: "common", ORGANIZATIONS: "organizations", CONSUMERS: "consumers", }; /** * Claims request keys */ const ClaimsRequestKeys = { ACCESS_TOKEN: "access_token", XMS_CC: "xms_cc", }; /** * we considered making this "enum" in the request instead of string, however it looks like the allowed list of * prompt values kept changing over past couple of years. There are some undocumented prompt values for some * internal partners too, hence the choice of generic "string" type instead of the "enum" */ const PromptValue = { LOGIN: "login", SELECT_ACCOUNT: "select_account", CONSENT: "consent", NONE: "none", CREATE: "create", NO_SESSION: "no_session", }; /** * allowed values for codeVerifier */ const CodeChallengeMethodValues = { PLAIN: "plain", S256: "S256", }; /** * Allowed values for response_type */ const OAuthResponseType = { CODE: "code", IDTOKEN_TOKEN: "id_token token", IDTOKEN_TOKEN_REFRESHTOKEN: "id_token token refresh_token", }; /** * allowed values for response_mode */ const ResponseMode = { QUERY: "query", FRAGMENT: "fragment", FORM_POST: "form_post", }; /** * allowed grant_type */ const GrantType = { IMPLICIT_GRANT: "implicit", AUTHORIZATION_CODE_GRANT: "authorization_code", CLIENT_CREDENTIALS_GRANT: "client_credentials", RESOURCE_OWNER_PASSWORD_GRANT: "password", REFRESH_TOKEN_GRANT: "refresh_token", DEVICE_CODE_GRANT: "device_code", JWT_BEARER: "urn:ietf:params:oauth:grant-type:jwt-bearer", }; /** * Account types in Cache */ const CACHE_ACCOUNT_TYPE_MSSTS = "MSSTS"; const CACHE_ACCOUNT_TYPE_ADFS = "ADFS"; const CACHE_ACCOUNT_TYPE_MSAV1 = "MSA"; const CACHE_ACCOUNT_TYPE_GENERIC = "Generic"; /** * Separators used in cache */ const CACHE_KEY_SEPARATOR = "-"; const CLIENT_INFO_SEPARATOR = "."; /** * Credential Type stored in the cache */ const CredentialType = { ID_TOKEN: "IdToken", ACCESS_TOKEN: "AccessToken", ACCESS_TOKEN_WITH_AUTH_SCHEME: "AccessToken_With_AuthScheme", REFRESH_TOKEN: "RefreshToken", }; /** * Combine all cache types */ const CacheType = { ADFS: 1001, MSA: 1002, MSSTS: 1003, GENERIC: 1004, ACCESS_TOKEN: 2001, REFRESH_TOKEN: 2002, ID_TOKEN: 2003, APP_METADATA: 3001, UNDEFINED: 9999, }; /** * More Cache related constants */ const APP_METADATA = "appmetadata"; const CLIENT_INFO$1 = "client_info"; const THE_FAMILY_ID = "1"; const AUTHORITY_METADATA_CACHE_KEY = "authority-metadata"; const AUTHORITY_METADATA_REFRESH_TIME_SECONDS = 3600 * 24; // 24 Hours const AuthorityMetadataSource = { CONFIG: "config", CACHE: "cache", NETWORK: "network", HARDCODED_VALUES: "hardcoded_values", }; const SERVER_TELEM_SCHEMA_VERSION = 5; const SERVER_TELEM_MAX_CUR_HEADER_BYTES = 80; // ESTS limit is 100B, set to 80 to provide a 20B buffer const SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer, const SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains const SERVER_TELEM_CACHE_KEY = "server-telemetry"; const SERVER_TELEM_CATEGORY_SEPARATOR = "|"; const SERVER_TELEM_VALUE_SEPARATOR = ","; const SERVER_TELEM_OVERFLOW_TRUE = "1"; const SERVER_TELEM_OVERFLOW_FALSE = "0"; const SERVER_TELEM_UNKNOWN_ERROR = "unknown_error"; /** * Type of the authentication request */ const AuthenticationScheme = { BEARER: "Bearer", POP: "pop", SSH: "ssh-cert", }; /** * Constants related to throttling */ const DEFAULT_THROTTLE_TIME_SECONDS = 60; // Default maximum time to throttle in seconds, overrides what the server sends back const DEFAULT_MAX_THROTTLE_TIME_SECONDS = 3600; // Prefix for storing throttling entries const THROTTLING_PREFIX = "throttling"; // Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling const X_MS_LIB_CAPABILITY_VALUE = "retry-after, h429"; /** * Errors */ const INVALID_GRANT_ERROR = "invalid_grant"; const CLIENT_MISMATCH_ERROR = "client_mismatch"; /** * Password grant parameters */ const PasswordGrantConstants = { username: "username", password: "password", }; /** * Region Discovery Sources */ const RegionDiscoverySources = { FAILED_AUTO_DETECTION: "1", INTERNAL_CACHE: "2", ENVIRONMENT_VARIABLE: "3", IMDS: "4", }; /** * Region Discovery Outcomes */ const RegionDiscoveryOutcomes = { CONFIGURED_MATCHES_DETECTED: "1", CONFIGURED_NO_AUTO_DETECTION: "2", CONFIGURED_NOT_DETECTED: "3", AUTO_DETECTION_REQUESTED_SUCCESSFUL: "4", AUTO_DETECTION_REQUESTED_FAILED: "5", }; /** * Specifies the reason for fetching the access token from the identity provider */ const CacheOutcome = { // When a token is found in the cache or the cache is not supposed to be hit when making the request NOT_APPLICABLE: "0", // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested FORCE_REFRESH_OR_CLAIMS: "1", // When the token request goes to the identity provider because no cached access token exists NO_CACHED_ACCESS_TOKEN: "2", // When the token request goes to the identity provider because cached access token expired CACHED_ACCESS_TOKEN_EXPIRED: "3", // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed PROACTIVELY_REFRESHED: "4", }; const JsonWebTokenTypes = { Jwt: "JWT", Jwk: "JWK", Pop: "pop", }; const ONE_DAY_IN_MS = 86400000; // Token renewal offset default in seconds const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300; const EncodingTypes = { BASE64: "base64", HEX: "hex", UTF8: "utf-8", }; var Constants = /*#__PURE__*/Object.freeze({ __proto__: null, AADAuthority: AADAuthority, AAD_INSTANCE_DISCOVERY_ENDPT: AAD_INSTANCE_DISCOVERY_ENDPT, AAD_TENANT_DOMAIN_SUFFIX: AAD_TENANT_DOMAIN_SUFFIX, ADFS: ADFS, APP_METADATA: APP_METADATA, AUTHORITY_METADATA_CACHE_KEY: AUTHORITY_METADATA_CACHE_KEY, AUTHORITY_METADATA_REFRESH_TIME_SECONDS: AUTHORITY_METADATA_REFRESH_TIME_SECONDS, AUTHORIZATION_PENDING: AUTHORIZATION_PENDING, AZURE_REGION_AUTO_DISCOVER_FLAG: AZURE_REGION_AUTO_DISCOVER_FLAG, AuthenticationScheme: AuthenticationScheme, AuthorityMetadataSource: AuthorityMetadataSource, CACHE_ACCOUNT_TYPE_ADFS: CACHE_ACCOUNT_TYPE_ADFS, CACHE_ACCOUNT_TYPE_GENERIC: CACHE_ACCOUNT_TYPE_GENERIC, CACHE_ACCOUNT_TYPE_MSAV1: CACHE_ACCOUNT_TYPE_MSAV1, CACHE_ACCOUNT_TYPE_MSSTS: CACHE_ACCOUNT_TYPE_MSSTS, CACHE_KEY_SEPARATOR: CACHE_KEY_SEPARATOR, CIAM_AUTH_URL: CIAM_AUTH_URL, CLIENT_INFO: CLIENT_INFO$1, CLIENT_INFO_SEPARATOR: CLIENT_INFO_SEPARATOR, CLIENT_MISMATCH_ERROR: CLIENT_MISMATCH_ERROR, CODE_GRANT_TYPE: CODE_GRANT_TYPE, CONSUMER_UTID: CONSUMER_UTID, CacheOutcome: CacheOutcome, CacheType: CacheType, ClaimsRequestKeys: ClaimsRequestKeys, CodeChallengeMethodValues: CodeChallengeMethodValues, CredentialType: CredentialType, DEFAULT_AUTHORITY: DEFAULT_AUTHORITY, DEFAULT_AUTHORITY_HOST: DEFAULT_AUTHORITY_HOST, DEFAULT_COMMON_TENANT: DEFAULT_COMMON_TENANT, DEFAULT_MAX_THROTTLE_TIME_SECONDS: DEFAULT_MAX_THROTTLE_TIME_SECONDS, DEFAULT_THROTTLE_TIME_SECONDS: DEFAULT_THROTTLE_TIME_SECONDS, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, DSTS: DSTS, EMAIL_SCOPE: EMAIL_SCOPE, EncodingTypes: EncodingTypes, FORWARD_SLASH: FORWARD_SLASH, GrantType: GrantType, HTTP_BAD_REQUEST: HTTP_BAD_REQUEST, HTTP_CLIENT_ERROR: HTTP_CLIENT_ERROR, HTTP_CLIENT_ERROR_RANGE_END: HTTP_CLIENT_ERROR_RANGE_END, HTTP_CLIENT_ERROR_RANGE_START: HTTP_CLIENT_ERROR_RANGE_START, HTTP_GATEWAY_TIMEOUT: HTTP_GATEWAY_TIMEOUT, HTTP_GONE: HTTP_GONE, HTTP_MULTI_SIDED_ERROR: HTTP_MULTI_SIDED_ERROR, HTTP_NOT_FOUND: HTTP_NOT_FOUND, HTTP_REDIRECT: HTTP_REDIRECT, HTTP_REQUEST_TIMEOUT: HTTP_REQUEST_TIMEOUT, HTTP_SERVER_ERROR: HTTP_SERVER_ERROR, HTTP_SERVER_ERROR_RANGE_END: HTTP_SERVER_ERROR_RANGE_END, HTTP_SERVER_ERROR_RANGE_START: HTTP_SERVER_ERROR_RANGE_START, HTTP_SERVICE_UNAVAILABLE: HTTP_SERVICE_UNAVAILABLE, HTTP_SUCCESS: HTTP_SUCCESS, HTTP_SUCCESS_RANGE_END: HTTP_SUCCESS_RANGE_END, HTTP_SUCCESS_RANGE_START: HTTP_SUCCESS_RANGE_START, HTTP_TOO_MANY_REQUESTS: HTTP_TOO_MANY_REQUESTS, HTTP_UNAUTHORIZED: HTTP_UNAUTHORIZED, HeaderNames: HeaderNames, HttpMethod: HttpMethod, IMDS_ENDPOINT: IMDS_ENDPOINT, IMDS_TIMEOUT: IMDS_TIMEOUT, IMDS_VERSION: IMDS_VERSION, INVALID_GRANT_ERROR: INVALID_GRANT_ERROR, INVALID_INSTANCE: INVALID_INSTANCE, JsonWebTokenTypes: JsonWebTokenTypes, KNOWN_PUBLIC_CLOUDS: KNOWN_PUBLIC_CLOUDS, NOT_APPLICABLE: NOT_APPLICABLE, NOT_AVAILABLE: NOT_AVAILABLE, OAuthResponseType: OAuthResponseType, OFFLINE_ACCESS_SCOPE: OFFLINE_ACCESS_SCOPE, OIDC_DEFAULT_SCOPES: OIDC_DEFAULT_SCOPES, OIDC_SCOPES: OIDC_SCOPES, ONE_DAY_IN_MS: ONE_DAY_IN_MS, OPENID_SCOPE: OPENID_SCOPE, PROFILE_SCOPE: PROFILE_SCOPE, PasswordGrantConstants: PasswordGrantConstants, PersistentCacheKeys: PersistentCacheKeys, PromptValue: PromptValue, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX, RESOURCE_DELIM: RESOURCE_DELIM, RegionDiscoveryOutcomes: RegionDiscoveryOutcomes, RegionDiscoverySources: RegionDiscoverySources, ResponseMode: ResponseMode, S256_CODE_CHALLENGE_METHOD: S256_CODE_CHALLENGE_METHOD, SERVER_TELEM_CACHE_KEY: SERVER_TELEM_CACHE_KEY, SERVER_TELEM_CATEGORY_SEPARATOR: SERVER_TELEM_CATEGORY_SEPARATOR, SERVER_TELEM_MAX_CACHED_ERRORS: SERVER_TELEM_MAX_CACHED_ERRORS, SERVER_TELEM_MAX_CUR_HEADER_BYTES: SERVER_TELEM_MAX_CUR_HEADER_BYTES, SERVER_TELEM_MAX_LAST_HEADER_BYTES: SERVER_TELEM_MAX_LAST_HEADER_BYTES, SERVER_TELEM_OVERFLOW_FALSE: SERVER_TELEM_OVERFLOW_FALSE, SERVER_TELEM_OVERFLOW_TRUE: SERVER_TELEM_OVERFLOW_TRUE, SERVER_TELEM_SCHEMA_VERSION: SERVER_TELEM_SCHEMA_VERSION, SERVER_TELEM_UNKNOWN_ERROR: SERVER_TELEM_UNKNOWN_ERROR, SERVER_TELEM_VALUE_SEPARATOR: SERVER_TELEM_VALUE_SEPARATOR, SHR_NONCE_VALIDITY: SHR_NONCE_VALIDITY, SKU: SKU, THE_FAMILY_ID: THE_FAMILY_ID, THROTTLING_PREFIX: THROTTLING_PREFIX, URL_FORM_CONTENT_TYPE: URL_FORM_CONTENT_TYPE, X_MS_LIB_CAPABILITY_VALUE: X_MS_LIB_CAPABILITY_VALUE }); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Url object class which can perform various transformations on url strings. */ class UrlString { get urlString() { return this._urlString; } constructor(url) { this._urlString = url; if (!this._urlString) { // Throws error if url is empty throw createClientConfigurationError(urlEmptyError); } if (!url.includes("#")) { this._urlString = UrlString.canonicalizeUri(url); } } /** * Ensure urls are lower case and end with a / character. * @param url */ static canonicalizeUri(url) { if (url) { let lowerCaseUrl = url.toLowerCase(); if (StringUtils.endsWith(lowerCaseUrl, "?")) { lowerCaseUrl = lowerCaseUrl.slice(0, -1); } else if (StringUtils.endsWith(lowerCaseUrl, "?/")) { lowerCaseUrl = lowerCaseUrl.slice(0, -2); } if (!StringUtils.endsWith(lowerCaseUrl, "/")) { lowerCaseUrl += "/"; } return lowerCaseUrl; } return url; } /** * Throws if urlString passed is not a valid authority URI string. */ validateAsUri() { // Attempts to parse url for uri components let components; try { components = this.getUrlComponents(); } catch (e) { throw createClientConfigurationError(urlParseError); } // Throw error if URI or path segments are not parseable. if (!components.HostNameAndPort || !components.PathSegments) { throw createClientConfigurationError(urlParseError); } // Throw error if uri is insecure. if (!components.Protocol || components.Protocol.toLowerCase() !== "https:") { throw createClientConfigurationError(authorityUriInsecure); } } /** * Given a url and a query string return the url with provided query string appended * @param url * @param queryString */ static appendQueryString(url, queryString) { if (!queryString) { return url; } return url.indexOf("?") < 0 ? `${url}?${queryString}` : `${url}&${queryString}`; } /** * Returns a url with the hash removed * @param url */ static removeHashFromUrl(url) { return UrlString.canonicalizeUri(url.split("#")[0]); } /** * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d * @param href The url * @param tenantId The tenant id to replace */ replaceTenantPath(tenantId) { const urlObject = this.getUrlComponents(); const pathArray = urlObject.PathSegments; if (tenantId && pathArray.length !== 0 && (pathArray[0] === AADAuthority.COMMON || pathArray[0] === AADAuthority.ORGANIZATIONS)) { pathArray[0] = tenantId; } return UrlString.constructAuthorityUriFromObject(urlObject); } /** * Parses out the components from a url string. * @returns An object with the various components. Please cache this value insted of calling this multiple times on the same url. */ getUrlComponents() { // https://gist.github.com/curtisz/11139b2cfcaef4a261e0 const regEx = RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"); // If url string does not match regEx, we throw an error const match = this.urlString.match(regEx); if (!match) { throw createClientConfigurationError(urlParseError); } // Url component object const urlComponents = { Protocol: match[1], HostNameAndPort: match[4], AbsolutePath: match[5], QueryString: match[7], }; let pathSegments = urlComponents.AbsolutePath.split("/"); pathSegments = pathSegments.filter((val) => val && val.length > 0); // remove empty elements urlComponents.PathSegments = pathSegments; if (urlComponents.QueryString && urlComponents.QueryString.endsWith("/")) { urlComponents.QueryString = urlComponents.QueryString.substring(0, urlComponents.QueryString.length - 1); } return urlComponents; } static getDomainFromUrl(url) { const regEx = RegExp("^([^:/?#]+://)?([^/?#]*)"); const match = url.match(regEx); if (!match) { throw createClientConfigurationError(urlParseError); } return match[2]; } static getAbsoluteUrl(relativeUrl, baseUrl) { if (relativeUrl[0] === FORWARD_SLASH) { const url = new UrlString(baseUrl); const baseComponents = url.getUrlComponents(); return (baseComponents.Protocol + "//" + baseComponents.HostNameAndPort + relativeUrl); } return relativeUrl; } static constructAuthorityUriFromObject(urlObject) { return new UrlString(urlObject.Protocol + "//" + urlObject.HostNameAndPort + "/" + urlObject.PathSegments.join("/")); } } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ // Build endpoint metadata dynamically to avoid string duplication const endpointHosts = [ { host: "login.microsoftonline.com" }, { host: "login.chinacloudapi.cn", issuerHost: "login.partner.microsoftonline.cn", // Issuer differs }, { host: "login.microsoftonline.us" }, { host: "login.sovcloud-identity.fr" }, { host: "login.sovcloud-identity.de" }, { host: "login.sovcloud-identity.sg" }, ]; function buildOpenIdConfig(host, issuerHost) { return { token_endpoint: `https://${host}/{tenantid}/oauth2/v2.0/token`, jwks_uri: `https://${host}/{tenantid}/discovery/v2.0/keys`, issuer: `https://${issuerHost}/{tenantid}/v2.0`, authorization_endpoint: `https://${host}/{tenantid}/oauth2/v2.0/authorize`, end_session_endpoint: `https://${host}/{tenantid}/oauth2/v2.0/logout`, }; } const dynamicEndpointMetadata = endpointHosts.reduce((acc, { host, issuerHost }) => { acc[host] = buildOpenIdConfig(host, issuerHost || host); return acc; }, {}); const rawMetdataJSON = { endpointMetadata: dynamicEndpointMetadata, instanceDiscoveryMetadata: { metadata: [ { preferred_network: "login.microsoftonline.com", preferred_cache: "login.windows.net", aliases: [ "login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net", ], }, { preferred_network: "login.partner.microsoftonline.cn", preferred_cache: "login.partner.microsoftonline.cn", aliases: [ "login.partner.microsoftonline.cn", "login.chinacloudapi.cn", ], }, { preferred_network: "login.microsoftonline.de", preferred_cache: "login.microsoftonline.de", aliases: ["login.microsoftonline.de"], }, { preferred_network: "login.microsoftonline.us", preferred_cache: "login.microsoftonline.us", aliases: [ "login.microsoftonline.us", "login.usgovcloudapi.net", ], }, { preferred_network: "login-us.microsoftonline.com", preferred_cache: "login-us.microsoftonline.com", aliases: ["login-us.microsoftonline.com"], }, { preferred_network: "login.sovcloud-identity.fr", preferred_cache: "login.sovcloud-identity.fr", aliases: ["login.sovcloud-identity.fr"], }, { preferred_network: "login.sovcloud-identity.de", preferred_cache: "login.sovcloud-identity.de", aliases: ["login.sovcloud-identity.de"], }, { preferred_network: "login.sovcloud-identity.sg", preferred_cache: "login.sovcloud-identity.sg", aliases: ["login.sovcloud-identity.sg"], }, { preferred_network: "login.windows-ppe.net", preferred_cache: "login.windows-ppe.net", aliases: [ "login.windows-ppe.net", "sts.windows-ppe.net", "login.microsoft-ppe.com", ], }, ], }, }; const EndpointMetadata = rawMetdataJSON.endpointMetadata; const InstanceDiscoveryMetadata = rawMetdataJSON.instanceDiscoveryMetadata; const InstanceDiscoveryMetadataAliases = new Set(); InstanceDiscoveryMetadata.metadata.forEach((metadataEntry) => { metadataEntry.aliases.forEach((alias) => { InstanceDiscoveryMetadataAliases.add(alias); }); }); /** * Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host * @param staticAuthorityOptions * @param logger * @returns */ function getAliasesFromStaticSources(staticAuthorityOptions, logger, correlationId) { let staticAliases; const canonicalAuthority = staticAuthorityOptions.canonicalAuthority; if (canonicalAuthority) { const authorityHost = new UrlString(canonicalAuthority).getUrlComponents().HostNameAndPort; staticAliases = getAliasesFromMetadata(logger, correlationId, authorityHost, staticAuthorityOptions.cloudDiscoveryMetadata?.metadata, AuthorityMetadataSource.CONFIG) || getAliasesFromMetadata(logger, correlationId, authorityHost, InstanceDiscoveryMetadata.metadata, AuthorityMetadataSource.HARDCODED_VALUES) || staticAuthorityOptions.knownAuthorities; } return staticAliases || []; } /** * Returns aliases for from the raw cloud discovery metadata passed in * @param authorityHost * @param rawCloudDiscoveryMetadata * @returns */ function getAliasesFromMetadata(logger, correlationId, authorityHost, cloudDiscoveryMetadata, source) { logger.trace(`getAliasesFromMetadata called with source: '${source}'`, correlationId); if (authorityHost && cloudDiscoveryMetadata) { const metadata = getCloudDiscoveryMetadataFromNetworkResponse(cloudDiscoveryMetadata, authorityHost); if (metadata) { logger.trace(`getAliasesFromMetadata: found cloud discovery metadata in '${source}', returning aliases`, correlationId); return metadata.aliases; } else { logger.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in '${source}'`, correlationId); } } return null; } /** * Get cloud discovery metadata for common authorities */ function getCloudDiscoveryMetadataFromHardcodedValues(authorityHost) { const metadata = getCloudDiscoveryMetadataFromNetworkResponse(InstanceDiscoveryMetadata.metadata, authorityHost); return metadata; } /** * Searches instance discovery network response for the entry that contains the host in the aliases list * @param response * @param authority */ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) { for (let i = 0; i < response.length; i++) { const metadata = response[i]; if (metadata.aliases.includes(authorityHost)) { return metadata; } } return null; } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Protocol modes supported by MSAL. */ const ProtocolMode = { /** * Auth Code + PKCE with Entra ID (formerly AAD) specific optimizations and features */ AAD: "AAD", /** * Auth Code + PKCE without Entra ID specific optimizations and features. For use only with non-Microsoft owned authorities. * Support is limited for this mode. */ OIDC: "OIDC", /** * Encrypted Authorize Response (EAR) with Entra ID specific optimizations and features */ EAR: "EAR", }; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ const AzureCloudInstance = { // AzureCloudInstance is not specified. None: "none", // Microsoft Azure public cloud AzurePublic: "https://login.microsoftonline.com", // Microsoft PPE AzurePpe: "https://login.windows-ppe.net", // Microsoft Chinese national/regional cloud AzureChina: "https://login.chinacloudapi.cn", // Microsoft German national/regional cloud ("Black Forest") AzureGermany: "https://login.microsoftonline.de", // US Government cloud AzureUsGovernment: "https://login.microsoftonline.us", }; /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ function isCloudInstanceDiscoveryResponse(response) { return (response.hasOwnProperty("tenant_discovery_endpoint") && response.hasOwnProperty("metadata")); } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ function isCloudInstanceDiscoveryErrorResponse(response) { return (response.hasOwnProperty("error") && response.hasOwnProperty("error_description")); } /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Time spent sending/waiting for the response of a request to the token endpoint */ const NetworkClientSendPostRequestAsync = "networkClientSendPostRequestAsync"; const RefreshTokenClientExecutePostToTokenEndpoint = "refreshTokenClientExecutePostToTokenEndpoint"; const AuthorizationCodeClientExecutePostToTokenEndpoint = "authorizationCodeClientExecutePostToTokenEndpoint"; /** * Time spent on the network for refresh token acquisition */ const RefreshTokenClientExecuteTokenRequest = "refreshTokenClientExecuteTokenRequest"; /** * Time taken for acquiring refresh token , records RT size */ const RefreshTokenClientAcquireToken = "refreshTokenClientAcquireToken"; /** * Time taken for acquiring cached refresh token */ const RefreshTokenClientAcquireTokenWithCachedRefreshToken = "refreshTokenClientAcquireTokenWithCachedRefreshToken"; /** * Helper function to create token request body in RefreshTokenClient (msal-common). */ const RefreshTokenClientCreateTokenRequestBody = "refreshTokenClientCreateTokenRequestBody"; const SilentFlowClientGenerateResultFromCacheRecord = "silentFlowClientGenerateResultFromCacheRecord"; /** * getAuthCodeUrl API (msal-browser and msal-node). */ const GetAuthCodeUrl = "getAuthCodeUrl"; /** * Functions from InteractionHandler (msal-browser) */ const HandleCodeResponseFromServer = "handleCodeResponseFromServer"; /** * APIs in Authorization Code Client (msal-common) */ const AuthClientExecuteTokenRequest = "authClientExecuteTokenRequest"; const AuthClientCreateTokenRequestBody = "authClientCreateTokenRequestBody"; const UpdateTokenEndpointAuthority = "updateTokenEndpointAuthority"; /** * Generate functions in PopTokenGenerator (msal-common) */ const PopTokenGenerateCnf = "popTokenGenerateCnf"; /** * handleServerTokenResponse API in ResponseHandler (msal-common) */ const HandleServerTokenResponse = "handleServerTokenResponse"; /** * Authority functions */ const AuthorityResolveEndpointsAsync = "authorityResolveEndpointsAsync"; const AuthorityGetCloudDiscoveryMetadataFromNetwork = "authorityGetCloudDiscoveryMetadataFromNetwork"; const AuthorityUpdateCloudDiscoveryMetadata = "authorityUpdateCloudDiscoveryMetadata"; const AuthorityGetEndpointMetadataFromNetwork = "authorityGetEndpointMetadataFromNetwork"; const AuthorityUpdateEndpointMetadata = "authorityUpdateEndpointMetadata"; const AuthorityUpdateMetadataWithRegionalInformation = "authorityUpdateMetadataWithRegionalInformation"; /** * Region Discovery functions */ const RegionDiscoveryDetectRegion = "regionDiscoveryDetectRegion"; const RegionDiscoveryGetRegionFromIMDS = "regionDiscoveryGetRegionFromIMDS"; const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion"; /** * Cache operations */ const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken"; const SetUserData = "setUserData"; var PerformanceEvents = /*#__PURE__*/Object.freeze({ __proto__: null, AuthClientCreateTokenRequestBody: AuthClientCreateTokenRequestBody, AuthClientExecuteTokenRequest: AuthClientExecuteTokenRequest, AuthorityGetCloudDiscoveryMetadataFromNetwork: AuthorityGetCloudDiscoveryMetadataFromNetwork, AuthorityGetEndpointMetadataFromNetwork: AuthorityGetEndpointMetadataFromNetwork, AuthorityResolveEndpointsAsync: AuthorityResolveEndpointsAsync, AuthorityUpdateCloudDiscoveryMetadata: AuthorityUpdateCloudDiscoveryMetadata, AuthorityUpdateEndpointMetadata: AuthorityUpdateEndpointMetadata, AuthorityUpdateMetadataWithRegionalInformation: AuthorityUpdateMetadataWithRegionalInformation, AuthorizationCodeClientExecutePostToTokenEndpoint: AuthorizationCodeClientExecutePostToTokenEndpoint, CacheManagerGetRefreshToken: CacheManagerGetRefreshToken, GetAuthCodeUrl: GetAuthCodeUrl, HandleCodeResponseFromServer: HandleCodeResponseFromServer, HandleServerTokenResponse: HandleServerTokenResponse, NetworkClientSendPostRequestAsync: NetworkClientSendPostRequestAsync, PopTokenGenerateCnf: PopTokenGenerateCnf, RefreshTokenClientAcquireToken: RefreshTokenClientAcquireToken, RefreshTokenClientAcquireTokenWithCachedRefreshToken: RefreshTokenClientAcquireTokenWithCachedRefreshToken, RefreshTokenClientCreateTokenRequestBody: RefreshTokenClientCreateTokenRequestBody, RefreshTokenClientExecutePostToTokenEndpoint: RefreshTokenClientExecutePostToTokenEndpoint, RefreshTokenClientExecuteTokenRequest: RefreshTokenClientExecuteTokenRequest, RegionDiscoveryDetectRegion: RegionDiscoveryDetectRegion, RegionDiscoveryGetCurrentVersion: RegionDiscoveryGetCurrentVersion, RegionDiscoveryGetRegionFromIMDS: RegionDiscoveryGetRegionFromIMDS, SetUserData: SetUserData, SilentFlowClientGenerateResultFromCacheRecord: SilentFlowClientGenerateResultFromCacheRecord, UpdateTokenEndpointAuthority: UpdateTokenEndpointAuthority }); /* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ /** * Wraps a function with a performance measurement. * Usage: invoke(functionToCall, performanceClient, "EventName", "correlationId")(...argsToPassToFunction) * @param callback * @param eventName * @param logger * @param telemetryClient * @param correlationId * @returns * @internal */ // eslint-disable-next-line @typescript-eslint/no-explicit-any const invoke = (callback, eventName, logger, telemetryClient, correlationId) => { return (...args) => { logger.trace(`Executing function '${eventName}'`, correlationId); const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId); if (correlationId) { // Track number of times this API is called in a single request telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId); } try { const result = callback(...args); inProgressEvent.end({ success: true, }); logger.trace(`Returning result from '${eventName}'`, correlationId); return result; } catch (e) { logger.trace(`Error occurred in '${eventName}'`, correlationId); try { logger.trace(JSON.stringify(e), correlationId);