msal

import { Authority } from "./Authority"; import { Logger } from "./Logger"; import { Storage } from "./Storage"; import { Account } from "./Account"; import { Configuration } from "./Configuration"; import { AuthenticationParameters } from "./AuthenticationParameters"; import { AuthError } from "./error/AuthError"; import { AuthResponse } from "./AuthResponse"; /** * Interface to handle iFrame generation, Popup Window creation and redirect handling */ declare global { interface Window { msal: Object; CustomEvent: CustomEvent; Event: Event; activeRenewals: {}; renewStates: Array<string>; callbackMappedToRenewStates: {}; promiseMappedToRenewStates: {}; openedWindows: Array<Window>; requestType: string; } } /** * @hidden * @ignore */ export interface CacheResult { errorDesc: string; token: string; error: string; } /** * @hidden * @ignore * Data type to hold information about state returned from the server */ export declare type ResponseStateInfo = { state: string; stateMatch: boolean; requestType: string; }; /** * A type alias for an authResponseCallback function. * {@link (authResponseCallback:type)} * @param authErr error created for failure cases * @param response response containing token strings in success cases, or just state value in error cases */ export declare type authResponseCallback = (authErr: AuthError, response?: AuthResponse) => void; /** * A type alias for a tokenReceivedCallback function. * {@link (tokenReceivedCallback:type)} * @returns response of type {@link (AuthResponse:type)} * The function that will get the call back once this API is completed (either successfully or with a failure). */ export declare type tokenReceivedCallback = (response: AuthResponse) => void; /** * A type alias for a errorReceivedCallback function. * {@link (errorReceivedCallback:type)} * @returns response of type {@link (AuthError:class)} * @returns {string} account state */ export declare type errorReceivedCallback = (authErr: AuthError, accountState: string) => void; /** * UserAgentApplication class * * Object Instance that the developer can use to make loginXX OR acquireTokenXX functions */ export declare class UserAgentApplication { private config; private authResponseCallback; private tokenReceivedCallback; private errorReceivedCallback; private logger; private clientId; private inCookie; private telemetryManager; protected cacheStorage: Storage; private account; private loginInProgress; private acquireTokenInProgress; private silentAuthenticationState; private silentLogin; private redirectCallbacksSet; protected authorityInstance: Authority; /** * setter for the authority URL * @param {string} authority */ /** * Method to manage the authority URL. * * @returns {string} authority */ authority: string; /** * Get the current authority instance from the MSAL configuration object * * @returns {@link Authority} authority instance */ getAuthorityInstance(): Authority; /** * @constructor * Constructor for the UserAgentApplication used to instantiate the UserAgentApplication object * * Important attributes in the Configuration object for auth are: * - clientID: the application ID of your application. * You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview * - authority: the authority URL for your application. * * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens. * It is of the form https://login.microsoftonline.com/<Enter_the_Tenant_Info_Here>. * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com). * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations. * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common. * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers. * * * In Azure B2C, authority is of the form https://<instance>/tfp/<tenant>/<policyName>/ * @param {@link (Configuration:type)} configuration object for the MSAL UserAgentApplication instance */ constructor(configuration: Configuration); /** * @hidden * @ignore * Set the callback functions for the redirect flow to send back the success or error object. * @param {@link (tokenReceivedCallback:type)} successCallback - Callback which contains the AuthResponse object, containing data from the server. * @param {@link (errorReceivedCallback:type)} errorCallback - Callback which contains a AuthError object, containing error data from either the server * or the library, depending on the origin of the error. */ handleRedirectCallback(tokenReceivedCallback: tokenReceivedCallback, errorReceivedCallback: errorReceivedCallback): void; handleRedirectCallback(authCallback: authResponseCallback): void; private authResponseHandler; private authErrorHandler; /** * Use when initiating the login process by redirecting the user's browser to the authorization endpoint. * @param {@link (AuthenticationParameters:type)} */ loginRedirect(request?: AuthenticationParameters): void; /** * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. * @param {@link (AuthenticationParameters:type)} * * To renew idToken, please pass clientId as the only scope in the Authentication Parameters */ acquireTokenRedirect(request: AuthenticationParameters): void; /** * Use when initiating the login process via opening a popup window in the user's browser * * @param {@link (AuthenticationParameters:type)} * * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object */ loginPopup(request?: AuthenticationParameters): Promise<AuthResponse>; /** * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser * @param {@link AuthenticationParameters} * * To renew idToken, please pass clientId as the only scope in the Authentication Parameters * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object */ acquireTokenPopup(request: AuthenticationParameters): Promise<AuthResponse>; /** * Use when initiating the login process or when you want to obtain an access_token for your API, * either by redirecting the user's browser window to the authorization endpoint or via opening a popup window in the user's browser. * @param {@link (AuthenticationParameters:type)} * * To renew idToken, please pass clientId as the only scope in the Authentication Parameters */ private acquireTokenInteractive; /** * @hidden * @ignore * Helper function to acquireToken * */ private acquireTokenHelper; /** * Use this function to obtain a token before every call to the API / resource provider * * MSAL return's a cached token when available * Or it send's a request to the STS to obtain a new token using a hidden iframe. * * @param {@link AuthenticationParameters} * * To renew idToken, please pass clientId as the only scope in the Authentication Parameters * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object * */ acquireTokenSilent(request: AuthenticationParameters): Promise<AuthResponse>; /** * @hidden * * Used to send the user to the redirect_uri after authentication is complete. The user's bearer token is attached to the URI fragment as an id_token/access_token field. * This function also closes the popup window after redirection. * * @param urlNavigate * @param title * @param interval * @param instance * @param resolve * @param reject * @ignore */ private openWindow; /** * @hidden * * Configures popup window for login. * * @param urlNavigate * @param title * @param popUpWidth * @param popUpHeight * @ignore * @hidden */ private openPopup; /** * @hidden * Returns whether current window is in ifram for token renewal * @ignore */ isInIframe(): boolean; /** * @hidden * Returns whether parent window exists and has msal */ private parentIsMsal; /** * @hidden * Calling _loadFrame but with a timeout to signal failure in loadframeStatus. Callbacks are left. * registered when network errors occur and subsequent token requests for same resource are registered to the pending request. * @ignore */ private loadIframeTimeout; /** * @hidden * Loads iframe with authorization endpoint URL * @ignore */ private loadFrame; /** * @hidden * Adds the hidden iframe for silent token renewal. * @ignore */ private addHiddenIFrame; /** * @hidden * Used to redirect the browser to the STS authorization endpoint * @param {string} urlNavigate - URL of the authorization endpoint */ private navigateWindow; /** * @hidden * Used to add the developer requested callback to the array of callbacks for the specified scopes. The updated array is stored on the window object * @param {string} expectedState - Unique state identifier (guid). * @param {string} scope - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned. * @param {Function} resolve - The resolve function of the promise object. * @param {Function} reject - The reject function of the promise object. * @ignore */ private registerCallback; /** * Use to log out the current user, and redirect the user to the postLogoutRedirectUri. * Default behaviour is to redirect the user to `window.location.href`. */ logout(): void; /** * @hidden * Clear all access tokens in the cache. * @ignore */ protected clearCache(): void; /** * @hidden * Clear a given access token from the cache. * * @param accessToken */ protected clearCacheForScope(accessToken: string): void; /** * @hidden * @ignore * Checks if the redirect response is received from the STS. In case of redirect, the url fragment has either id_token, access_token or error. * @param {string} hash - Hash passed from redirect page. * @returns {Boolean} - true if response contains id_token, access_token or error, false otherwise. */ isCallback(hash: string): boolean; private urlContainsHash; /** * @hidden * Used to call the constructor callback with the token/error * @param {string} [hash=window.location.hash] - Hash fragment of Url. */ private processCallBack; /** * @hidden * This method must be called for processing the response received from the STS. It extracts the hash, processes the token or error information and saves it in the cache. It then * calls the registered callbacks in case of redirect or resolves the promises with the result. * @param {string} [hash=window.location.hash] - Hash fragment of Url. */ private handleAuthenticationResponse; /** * @hidden * Returns deserialized portion of URL hash * @param hash */ private deserializeHash; /** * @hidden * Creates a stateInfo object from the URL fragment and returns it. * @param {string} hash - Hash passed from redirect page * @returns {TokenResponse} an object created from the redirect response from AAD comprising of the keys - parameters, requestType, stateMatch, stateResponse and valid. * @ignore */ protected getResponseState(hash: string): ResponseStateInfo; /** * @hidden * Used to get token for the specified set of scopes from the cache * @param {@link ServerRequestParameters} - Request sent to the STS to obtain an id_token/access_token * @param {Account} account - Account for which the scopes were requested */ private getCachedToken; /** * @hidden * Used to get a unique list of authoritues from the cache * @param {Array<AccessTokenCacheItem>} accessTokenCacheItems - accessTokenCacheItems saved in the cache * @ignore */ private getUniqueAuthority; /** * @hidden * Check if ADAL id_token exists and return if exists. * */ private extractADALIdToken; /** * @hidden * Acquires access token using a hidden iframe. * @ignore */ private renewToken; /** * @hidden * Renews idtoken for app"s own backend when clientId is passed as a single scope in the scopes array. * @ignore */ private renewIdToken; /** * @hidden * * This method must be called for processing the response received from AAD. It extracts the hash, processes the token or error, saves it in the cache and calls the registered callbacks with the result. * @param {string} authority authority received in the redirect response from AAD. * @param {TokenResponse} requestInfo an object created from the redirect response from AAD comprising of the keys - parameters, requestType, stateMatch, stateResponse and valid. * @param {Account} account account object for which scopes are consented for. The default account is the logged in account. * @param {ClientInfo} clientInfo clientInfo received as part of the response comprising of fields uid and utid. * @param {IdToken} idToken idToken received as part of the response. * @ignore * @private */ private saveAccessToken; /** * @hidden * Saves token or error received in the response from AAD in the cache. In case of id_token, it also creates the account object. * @ignore */ protected saveTokenFromHash(hash: string, stateInfo: ResponseStateInfo): AuthResponse; /** * Returns the signed in account * (the account object is created at the time of successful login) * or null when no state is found * @returns {@link Account} - the account object stored in MSAL */ getAccount(): Account; /** * @hidden * * Extracts state value from the accountState sent with the authentication request. * @returns {string} scope. * @ignore */ getAccountState(state: string): string; /** * Use to get a list of unique accounts in MSAL cache based on homeAccountIdentifier. * * @param {@link Array<Account>} Account - all unique accounts in MSAL cache. */ getAllAccounts(): Array<Account>; /** * @hidden * * Used to filter accounts based on homeAccountIdentifier * @param {Array<Account>} Accounts - accounts saved in the cache * @ignore */ private getUniqueAccounts; /** * @hidden * * Used to validate the scopes input parameter requested by the developer. * @param {Array<string>} scopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned. * @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not * @ignore */ private validateInputScope; /** * @hidden * * Extracts scope value from the state sent with the authentication request. * @param {string} state * @returns {string} scope. * @ignore */ private getScopeFromState; /** * @ignore * Appends extraScopesToConsent if passed * @param {@link AuthenticationParameters} */ private appendScopes; /** * @hidden * * Broadcast messages - Used only for Angular? * * @param eventName * @param data */ private broadcast; /** * @hidden * * Helper function to retrieve the cached token * * @param scopes * @param {@link Account} account * @param state * @return {@link AuthResponse} AuthResponse */ protected getCachedTokenInternal(scopes: Array<string>, account: Account, state: string): AuthResponse; /** * @hidden * * Get scopes for the Endpoint - Used in Angular to track protected and unprotected resources without interaction from the developer app * * @param endpoint */ protected getScopesForEndpoint(endpoint: string): Array<string>; /** * Return boolean flag to developer to help inform if login is in progress * @returns {boolean} true/false */ getLoginInProgress(): boolean; /** * @hidden * @ignore * * @param loginInProgress */ protected setloginInProgress(loginInProgress: boolean): void; /** * @hidden * @ignore * * returns the status of acquireTokenInProgress */ protected getAcquireTokenInProgress(): boolean; /** * @hidden * @ignore * * @param acquireTokenInProgress */ protected setAcquireTokenInProgress(acquireTokenInProgress: boolean): void; /** * @hidden * @ignore * * returns the logger handle */ protected getLogger(): Logger; /** * * Use to get the redirect uri configured in MSAL or null. * Evaluates redirectUri if its a function, otherwise simply returns its value. * @returns {string} redirect URL * */ getRedirectUri(): string; /** * Use to get the post logout redirect uri configured in MSAL or null. * Evaluates postLogoutredirectUri if its a function, otherwise simply returns its value. * * @returns {string} post logout redirect URL */ getPostLogoutRedirectUri(): string; /** * Use to get the current {@link Configuration} object in MSAL * * @returns {@link Configuration} */ getCurrentConfiguration(): Configuration; /** * @hidden * @ignore * * extract URI from the host * * @param {string} URI * @returns {string} host from the URI */ private getHostFromUri; /** * @hidden * @ignore * * Utils function to create the Authentication * @param {@link account} account object * @param scopes * @param silentCall * * @returns {string} token type: id_token or access_token * */ private getTokenType; /** * @hidden * @ignore * * Sets the cachekeys for and stores the account information in cache * @param account * @param state * @hidden */ private setAccountCache; /** * @hidden * @ignore * * Sets the cacheKey for and stores the authority information in cache * @param state * @param authority * @hidden */ private setAuthorityCache; /** * Updates account, authority, and nonce in cache * @param serverAuthenticationRequest * @param account * @hidden * @ignore */ private updateCacheEntries; /** * Returns the unique identifier for the logged in account * @param account * @hidden * @ignore */ private getAccountId; /** * @hidden * @ignore * * Construct 'tokenRequest' from the available data in adalIdToken * @param extraQueryParameters * @hidden */ private buildIDTokenRequest; private getTelemetryManagerFromConfig; }