msal
Version:
Microsoft Authentication Library for js
1,289 lines (1,238 loc) • 335 kB
JavaScript
/*! msal v1.4.18 2023-05-01 */
'use strict';
(function webpackUniversalModuleDefinition(root, factory) {
if(typeof exports === 'object' && typeof module === 'object')
module.exports = factory();
else if(typeof define === 'function' && define.amd)
define("Msal", [], factory);
else if(typeof exports === 'object')
exports["Msal"] = factory();
else
root["Msal"] = factory();
})(self, function() {
return /******/ (function() { // webpackBootstrap
/******/ "use strict";
/******/ var __webpack_modules__ = ({
/***/ 795:
/***/ (function(__unused_webpack_module, exports) {
/*! *****************************************************************************
Copyright (c) Microsoft Corporation.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
***************************************************************************** */
/* global Reflect, Promise */
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.__classPrivateFieldSet = exports.__classPrivateFieldGet = exports.__importDefault = exports.__importStar = exports.__makeTemplateObject = exports.__asyncValues = exports.__asyncDelegator = exports.__asyncGenerator = exports.__await = exports.__spreadArrays = exports.__spread = exports.__read = exports.__values = exports.__exportStar = exports.__createBinding = exports.__generator = exports.__awaiter = exports.__metadata = exports.__param = exports.__decorate = exports.__rest = exports.__assign = exports.__extends = void 0;
var extendStatics = function (d, b) {
extendStatics = Object.setPrototypeOf ||
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
function (d, b) { for (var p in b)
if (b.hasOwnProperty(p))
d[p] = b[p]; };
return extendStatics(d, b);
};
function __extends(d, b) {
extendStatics(d, b);
function __() { this.constructor = d; }
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
}
exports.__extends = __extends;
exports.__assign = function () {
exports.__assign = Object.assign || function __assign(t) {
for (var s, i = 1, n = arguments.length; i < n; i++) {
s = arguments[i];
for (var p in s)
if (Object.prototype.hasOwnProperty.call(s, p))
t[p] = s[p];
}
return t;
};
return exports.__assign.apply(this, arguments);
};
function __rest(s, e) {
var t = {};
for (var p in s)
if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
t[p] = s[p];
if (s != null && typeof Object.getOwnPropertySymbols === "function")
for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
t[p[i]] = s[p[i]];
}
return t;
}
exports.__rest = __rest;
function __decorate(decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
r = Reflect.decorate(decorators, target, key, desc);
else
for (var i = decorators.length - 1; i >= 0; i--)
if (d = decorators[i])
r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
}
exports.__decorate = __decorate;
function __param(paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); };
}
exports.__param = __param;
function __metadata(metadataKey, metadataValue) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function")
return Reflect.metadata(metadataKey, metadataValue);
}
exports.__metadata = __metadata;
function __awaiter(thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try {
step(generator.next(value));
}
catch (e) {
reject(e);
} }
function rejected(value) { try {
step(generator["throw"](value));
}
catch (e) {
reject(e);
} }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
}
exports.__awaiter = __awaiter;
function __generator(thisArg, body) {
var _ = { label: 0, sent: function () { if (t[0] & 1)
throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function () { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f)
throw new TypeError("Generator is already executing.");
while (_)
try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done)
return t;
if (y = 0, t)
op = [op[0] & 2, t.value];
switch (op[0]) {
case 0:
case 1:
t = op;
break;
case 4:
_.label++;
return { value: op[1], done: false };
case 5:
_.label++;
y = op[1];
op = [0];
continue;
case 7:
op = _.ops.pop();
_.trys.pop();
continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
_ = 0;
continue;
}
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) {
_.label = op[1];
break;
}
if (op[0] === 6 && _.label < t[1]) {
_.label = t[1];
t = op;
break;
}
if (t && _.label < t[2]) {
_.label = t[2];
_.ops.push(op);
break;
}
if (t[2])
_.ops.pop();
_.trys.pop();
continue;
}
op = body.call(thisArg, _);
}
catch (e) {
op = [6, e];
y = 0;
}
finally {
f = t = 0;
}
if (op[0] & 5)
throw op[1];
return { value: op[0] ? op[1] : void 0, done: true };
}
}
exports.__generator = __generator;
function __createBinding(o, m, k, k2) {
if (k2 === undefined)
k2 = k;
o[k2] = m[k];
}
exports.__createBinding = __createBinding;
function __exportStar(m, exports) {
for (var p in m)
if (p !== "default" && !exports.hasOwnProperty(p))
exports[p] = m[p];
}
exports.__exportStar = __exportStar;
function __values(o) {
var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
if (m)
return m.call(o);
if (o && typeof o.length === "number")
return {
next: function () {
if (o && i >= o.length)
o = void 0;
return { value: o && o[i++], done: !o };
}
};
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
}
exports.__values = __values;
function __read(o, n) {
var m = typeof Symbol === "function" && o[Symbol.iterator];
if (!m)
return o;
var i = m.call(o), r, ar = [], e;
try {
while ((n === void 0 || n-- > 0) && !(r = i.next()).done)
ar.push(r.value);
}
catch (error) {
e = { error: error };
}
finally {
try {
if (r && !r.done && (m = i["return"]))
m.call(i);
}
finally {
if (e)
throw e.error;
}
}
return ar;
}
exports.__read = __read;
function __spread() {
for (var ar = [], i = 0; i < arguments.length; i++)
ar = ar.concat(__read(arguments[i]));
return ar;
}
exports.__spread = __spread;
function __spreadArrays() {
for (var s = 0, i = 0, il = arguments.length; i < il; i++)
s += arguments[i].length;
for (var r = Array(s), k = 0, i = 0; i < il; i++)
for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++)
r[k] = a[j];
return r;
}
exports.__spreadArrays = __spreadArrays;
;
function __await(v) {
return this instanceof __await ? (this.v = v, this) : new __await(v);
}
exports.__await = __await;
function __asyncGenerator(thisArg, _arguments, generator) {
if (!Symbol.asyncIterator)
throw new TypeError("Symbol.asyncIterator is not defined.");
var g = generator.apply(thisArg, _arguments || []), i, q = [];
return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
function verb(n) { if (g[n])
i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
function resume(n, v) { try {
step(g[n](v));
}
catch (e) {
settle(q[0][3], e);
} }
function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
function fulfill(value) { resume("next", value); }
function reject(value) { resume("throw", value); }
function settle(f, v) { if (f(v), q.shift(), q.length)
resume(q[0][0], q[0][1]); }
}
exports.__asyncGenerator = __asyncGenerator;
function __asyncDelegator(o) {
var i, p;
return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i;
function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === "return" } : f ? f(v) : v; } : f; }
}
exports.__asyncDelegator = __asyncDelegator;
function __asyncValues(o) {
if (!Symbol.asyncIterator)
throw new TypeError("Symbol.asyncIterator is not defined.");
var m = o[Symbol.asyncIterator], i;
return m ? m.call(o) : (o = typeof __values === "function" ? __values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i);
function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }
function settle(resolve, reject, d, v) { Promise.resolve(v).then(function (v) { resolve({ value: v, done: d }); }, reject); }
}
exports.__asyncValues = __asyncValues;
function __makeTemplateObject(cooked, raw) {
if (Object.defineProperty) {
Object.defineProperty(cooked, "raw", { value: raw });
}
else {
cooked.raw = raw;
}
return cooked;
}
exports.__makeTemplateObject = __makeTemplateObject;
;
function __importStar(mod) {
if (mod && mod.__esModule)
return mod;
var result = {};
if (mod != null)
for (var k in mod)
if (Object.hasOwnProperty.call(mod, k))
result[k] = mod[k];
result.default = mod;
return result;
}
exports.__importStar = __importStar;
function __importDefault(mod) {
return (mod && mod.__esModule) ? mod : { default: mod };
}
exports.__importDefault = __importDefault;
function __classPrivateFieldGet(receiver, privateMap) {
if (!privateMap.has(receiver)) {
throw new TypeError("attempted to get private field on non-instance");
}
return privateMap.get(receiver);
}
exports.__classPrivateFieldGet = __classPrivateFieldGet;
function __classPrivateFieldSet(receiver, privateMap, value) {
if (!privateMap.has(receiver)) {
throw new TypeError("attempted to set private field on non-instance");
}
privateMap.set(receiver, value);
return value;
}
exports.__classPrivateFieldSet = __classPrivateFieldSet;
/***/ }),
/***/ 630:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.Account = void 0;
var CryptoUtils_1 = __webpack_require__(453);
var StringUtils_1 = __webpack_require__(454);
/**
* accountIdentifier combination of idToken.uid and idToken.utid
* homeAccountIdentifier combination of clientInfo.uid and clientInfo.utid
* userName idToken.preferred_username
* name idToken.name
* idToken idToken
* sid idToken.sid - session identifier
* environment idtoken.issuer (the authority that issues the token)
*/
var Account = /** @class */ (function () {
/**
* Creates an Account Object
* @praram accountIdentifier
* @param homeAccountIdentifier
* @param userName
* @param name
* @param idToken
* @param sid
* @param environment
*/
function Account(accountIdentifier, homeAccountIdentifier, userName, name, idTokenClaims, sid, environment) {
this.accountIdentifier = accountIdentifier;
this.homeAccountIdentifier = homeAccountIdentifier;
this.userName = userName;
this.name = name;
// will be deprecated soon
this.idToken = idTokenClaims;
this.idTokenClaims = idTokenClaims;
this.sid = sid;
this.environment = environment;
}
/**
* @hidden
* @param idToken
* @param clientInfo
*/
Account.createAccount = function (idToken, clientInfo) {
// create accountIdentifier
var accountIdentifier = idToken.objectId || idToken.subject;
// create homeAccountIdentifier
var uid = clientInfo ? clientInfo.uid : "";
var utid = clientInfo ? clientInfo.utid : "";
var homeAccountIdentifier;
if (!StringUtils_1.StringUtils.isEmpty(uid)) {
homeAccountIdentifier = StringUtils_1.StringUtils.isEmpty(utid) ? CryptoUtils_1.CryptoUtils.base64Encode(uid) : CryptoUtils_1.CryptoUtils.base64Encode(uid) + "." + CryptoUtils_1.CryptoUtils.base64Encode(utid);
}
return new Account(accountIdentifier, homeAccountIdentifier, idToken.preferredName, idToken.name, idToken.claims, idToken.sid, idToken.issuer);
};
/**
* Utils function to compare two Account objects - used to check if the same user account is logged in
*
* @param a1: Account object
* @param a2: Account object
*/
Account.compareAccounts = function (a1, a2) {
if (!a1 || !a2) {
return false;
}
if (a1.homeAccountIdentifier && a2.homeAccountIdentifier) {
if (a1.homeAccountIdentifier === a2.homeAccountIdentifier) {
return true;
}
}
return false;
};
return Account;
}());
exports.Account = Account;
/***/ }),
/***/ 681:
/***/ (function(__unused_webpack_module, exports) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.buildResponseStateOnly = void 0;
function buildResponseStateOnly(state) {
return {
uniqueId: "",
tenantId: "",
tokenType: "",
idToken: null,
idTokenClaims: null,
accessToken: "",
scopes: null,
expiresOn: null,
account: null,
accountState: state,
fromCache: false
};
}
exports.buildResponseStateOnly = buildResponseStateOnly;
/***/ }),
/***/ 733:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.validateClaimsRequest = void 0;
var ClientConfigurationError_1 = __webpack_require__(550);
function validateClaimsRequest(request) {
if (!request.claimsRequest) {
return;
}
try {
JSON.parse(request.claimsRequest);
}
catch (e) {
throw ClientConfigurationError_1.ClientConfigurationError.createClaimsRequestParsingError(e);
}
// TODO: More validation will be added when the server team tells us how they have actually implemented claims
}
exports.validateClaimsRequest = validateClaimsRequest;
/***/ }),
/***/ 271:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ClientInfo = void 0;
var CryptoUtils_1 = __webpack_require__(453);
var ClientAuthError_1 = __webpack_require__(356);
var StringUtils_1 = __webpack_require__(454);
/**
* @hidden
*/
var ClientInfo = /** @class */ (function () {
function ClientInfo(rawClientInfo, authority) {
if (!rawClientInfo || StringUtils_1.StringUtils.isEmpty(rawClientInfo)) {
this.uid = "";
this.utid = "";
return;
}
try {
var decodedClientInfo = CryptoUtils_1.CryptoUtils.base64Decode(rawClientInfo);
var clientInfo = JSON.parse(decodedClientInfo);
if (clientInfo) {
if (clientInfo.hasOwnProperty("uid")) {
this.uid = authority ? ClientInfo.stripPolicyFromUid(clientInfo.uid, authority) : clientInfo.uid;
}
if (clientInfo.hasOwnProperty("utid")) {
this.utid = clientInfo.utid;
}
}
}
catch (e) {
throw ClientAuthError_1.ClientAuthError.createClientInfoDecodingError(e);
}
}
Object.defineProperty(ClientInfo.prototype, "uid", {
get: function () {
return this._uid ? this._uid : "";
},
set: function (uid) {
this._uid = uid;
},
enumerable: false,
configurable: true
});
Object.defineProperty(ClientInfo.prototype, "utid", {
get: function () {
return this._utid ? this._utid : "";
},
set: function (utid) {
this._utid = utid;
},
enumerable: false,
configurable: true
});
ClientInfo.createClientInfoFromIdToken = function (idToken, authority) {
var clientInfo = {
uid: idToken.subject,
utid: ""
};
return new ClientInfo(CryptoUtils_1.CryptoUtils.base64Encode(JSON.stringify(clientInfo)), authority);
};
ClientInfo.stripPolicyFromUid = function (uid, authority) {
var uidSegments = uid.split("-");
// Reverse the url segments so the last one is more easily accessible
var urlSegments = authority.split("/").reverse();
var policy = "";
if (!StringUtils_1.StringUtils.isEmpty(urlSegments[0])) {
policy = urlSegments[0];
}
else if (urlSegments.length > 1) {
// If the original url had a trailing slash, urlSegments[0] would be "" so take the next element
policy = urlSegments[1];
}
if (uidSegments[uidSegments.length - 1] === policy) {
// If the last segment of uid matches the last segment of authority url, remove the last segment of uid
return uidSegments.slice(0, uidSegments.length - 1).join("-");
}
return uid;
};
ClientInfo.prototype.encodeClientInfo = function () {
var clientInfo = JSON.stringify({ uid: this.uid, utid: this.utid });
return CryptoUtils_1.CryptoUtils.base64Encode(clientInfo);
};
return ClientInfo;
}());
exports.ClientInfo = ClientInfo;
/***/ }),
/***/ 875:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.buildConfiguration = void 0;
var tslib_1 = __webpack_require__(795);
var Logger_1 = __webpack_require__(89);
var UrlUtils_1 = __webpack_require__(741);
/**
* Defaults for the Configuration Options
*/
var FRAME_TIMEOUT = 6000;
var OFFSET = 300;
var NAVIGATE_FRAME_WAIT = 500;
var DEFAULT_AUTH_OPTIONS = {
clientId: "",
authority: null,
validateAuthority: true,
authorityMetadata: "",
knownAuthorities: [],
redirectUri: function () { return UrlUtils_1.UrlUtils.getCurrentUrl(); },
postLogoutRedirectUri: function () { return UrlUtils_1.UrlUtils.getCurrentUrl(); },
navigateToLoginRequestUrl: true
};
var DEFAULT_CACHE_OPTIONS = {
cacheLocation: "sessionStorage",
storeAuthStateInCookie: false
};
var DEFAULT_SYSTEM_OPTIONS = {
logger: new Logger_1.Logger(null),
loadFrameTimeout: FRAME_TIMEOUT,
tokenRenewalOffsetSeconds: OFFSET,
navigateFrameWait: NAVIGATE_FRAME_WAIT
};
var DEFAULT_FRAMEWORK_OPTIONS = {
isAngular: false,
unprotectedResources: new Array(),
protectedResourceMap: new Map()
};
/**
* MSAL function that sets the default options when not explicitly configured from app developer
*
* @param TAuthOptions
* @param TCacheOptions
* @param TSystemOptions
* @param TFrameworkOptions
* @param TAuthorityDataOptions
*
* @returns TConfiguration object
*/
function buildConfiguration(_a) {
var auth = _a.auth, _b = _a.cache, cache = _b === void 0 ? {} : _b, _c = _a.system, system = _c === void 0 ? {} : _c, _d = _a.framework, framework = _d === void 0 ? {} : _d;
var overlayedConfig = {
auth: tslib_1.__assign(tslib_1.__assign({}, DEFAULT_AUTH_OPTIONS), auth),
cache: tslib_1.__assign(tslib_1.__assign({}, DEFAULT_CACHE_OPTIONS), cache),
system: tslib_1.__assign(tslib_1.__assign({}, DEFAULT_SYSTEM_OPTIONS), system),
framework: tslib_1.__assign(tslib_1.__assign({}, DEFAULT_FRAMEWORK_OPTIONS), framework)
};
return overlayedConfig;
}
exports.buildConfiguration = buildConfiguration;
/***/ }),
/***/ 881:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.IdToken = void 0;
var ClientAuthError_1 = __webpack_require__(356);
var TokenUtils_1 = __webpack_require__(94);
var StringUtils_1 = __webpack_require__(454);
/**
* @hidden
*/
var IdToken = /** @class */ (function () {
/* tslint:disable:no-string-literal */
function IdToken(rawIdToken) {
if (StringUtils_1.StringUtils.isEmpty(rawIdToken)) {
throw ClientAuthError_1.ClientAuthError.createIdTokenNullOrEmptyError(rawIdToken);
}
try {
this.rawIdToken = rawIdToken;
this.claims = TokenUtils_1.TokenUtils.extractIdToken(rawIdToken);
if (this.claims) {
if (this.claims.hasOwnProperty("iss")) {
this.issuer = this.claims["iss"];
}
if (this.claims.hasOwnProperty("oid")) {
this.objectId = this.claims["oid"];
}
if (this.claims.hasOwnProperty("sub")) {
this.subject = this.claims["sub"];
}
if (this.claims.hasOwnProperty("tid")) {
this.tenantId = this.claims["tid"];
}
if (this.claims.hasOwnProperty("ver")) {
this.version = this.claims["ver"];
}
if (this.claims.hasOwnProperty("preferred_username")) {
this.preferredName = this.claims["preferred_username"];
}
else if (this.claims.hasOwnProperty("upn")) {
this.preferredName = this.claims["upn"];
}
if (this.claims.hasOwnProperty("name")) {
this.name = this.claims["name"];
}
if (this.claims.hasOwnProperty("nonce")) {
this.nonce = this.claims["nonce"];
}
if (this.claims.hasOwnProperty("exp")) {
this.expiration = this.claims["exp"];
}
if (this.claims.hasOwnProperty("home_oid")) {
this.homeObjectId = this.claims["home_oid"];
}
if (this.claims.hasOwnProperty("sid")) {
this.sid = this.claims["sid"];
}
if (this.claims.hasOwnProperty("cloud_instance_host_name")) {
this.cloudInstance = this.claims["cloud_instance_host_name"];
}
/* tslint:enable:no-string-literal */
}
}
catch (e) {
/*
* TODO: This error here won't really every be thrown, since extractIdToken() returns null if the decodeJwt() fails.
* Need to add better error handling here to account for being unable to decode jwts.
*/
throw ClientAuthError_1.ClientAuthError.createIdTokenParsingError(e);
}
}
return IdToken;
}());
exports.IdToken = IdToken;
/***/ }),
/***/ 89:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.Logger = exports.LogLevel = void 0;
var StringUtils_1 = __webpack_require__(454);
var packageMetadata_1 = __webpack_require__(700);
var LogLevel;
(function (LogLevel) {
LogLevel[LogLevel["Error"] = 0] = "Error";
LogLevel[LogLevel["Warning"] = 1] = "Warning";
LogLevel[LogLevel["Info"] = 2] = "Info";
LogLevel[LogLevel["Verbose"] = 3] = "Verbose";
})(LogLevel = exports.LogLevel || (exports.LogLevel = {}));
var Logger = /** @class */ (function () {
function Logger(localCallback, options) {
if (options === void 0) { options = {}; }
/**
* @hidden
*/
this.level = LogLevel.Info;
var _a = options.correlationId, correlationId = _a === void 0 ? "" : _a, _b = options.level, level = _b === void 0 ? LogLevel.Info : _b, _c = options.piiLoggingEnabled, piiLoggingEnabled = _c === void 0 ? false : _c;
this.localCallback = localCallback;
this.correlationId = correlationId;
this.level = level;
this.piiLoggingEnabled = piiLoggingEnabled;
}
/**
* @hidden
*/
Logger.prototype.logMessage = function (logLevel, logMessage, containsPii) {
if ((logLevel > this.level) || (!this.piiLoggingEnabled && containsPii)) {
return;
}
var timestamp = new Date().toUTCString();
var log;
if (!StringUtils_1.StringUtils.isEmpty(this.correlationId)) {
log = timestamp + ":" + this.correlationId + "-" + packageMetadata_1.version + "-" + LogLevel[logLevel] + (containsPii ? "-pii" : "") + " " + logMessage;
}
else {
log = timestamp + ":" + packageMetadata_1.version + "-" + LogLevel[logLevel] + (containsPii ? "-pii" : "") + " " + logMessage;
}
this.executeCallback(logLevel, log, containsPii);
};
/**
* @hidden
*/
Logger.prototype.executeCallback = function (level, message, containsPii) {
if (this.localCallback) {
this.localCallback(level, message, containsPii);
}
};
/**
* @hidden
*/
Logger.prototype.error = function (message) {
this.logMessage(LogLevel.Error, message, false);
};
/**
* @hidden
*/
Logger.prototype.errorPii = function (message) {
this.logMessage(LogLevel.Error, message, true);
};
/**
* @hidden
*/
Logger.prototype.warning = function (message) {
this.logMessage(LogLevel.Warning, message, false);
};
/**
* @hidden
*/
Logger.prototype.warningPii = function (message) {
this.logMessage(LogLevel.Warning, message, true);
};
/**
* @hidden
*/
Logger.prototype.info = function (message) {
this.logMessage(LogLevel.Info, message, false);
};
/**
* @hidden
*/
Logger.prototype.infoPii = function (message) {
this.logMessage(LogLevel.Info, message, true);
};
/**
* @hidden
*/
Logger.prototype.verbose = function (message) {
this.logMessage(LogLevel.Verbose, message, false);
};
/**
* @hidden
*/
Logger.prototype.verbosePii = function (message) {
this.logMessage(LogLevel.Verbose, message, true);
};
Logger.prototype.isPiiLoggingEnabled = function () {
return this.piiLoggingEnabled;
};
return Logger;
}());
exports.Logger = Logger;
/***/ }),
/***/ 55:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ScopeSet = void 0;
var tslib_1 = __webpack_require__(795);
var ClientConfigurationError_1 = __webpack_require__(550);
var Constants_1 = __webpack_require__(91);
var ScopeSet = /** @class */ (function () {
function ScopeSet() {
}
/**
* Check if there are dup scopes in a given request
*
* @param cachedScopes
* @param scopes
*/
// TODO: Rename this, intersecting scopes isn't a great name for duplicate checker
ScopeSet.isIntersectingScopes = function (cachedScopes, scopes) {
var convertedCachedScopes = this.trimAndConvertArrayToLowerCase(tslib_1.__spreadArrays(cachedScopes));
var requestScopes = this.trimAndConvertArrayToLowerCase(tslib_1.__spreadArrays(scopes));
for (var i = 0; i < requestScopes.length; i++) {
if (convertedCachedScopes.indexOf(requestScopes[i].toLowerCase()) > -1) {
return true;
}
}
return false;
};
/**
* Check if a given scope is present in the request
*
* @param cachedScopes
* @param scopes
*/
ScopeSet.containsScope = function (cachedScopes, scopes) {
var convertedCachedScopes = this.trimAndConvertArrayToLowerCase(tslib_1.__spreadArrays(cachedScopes));
var requestScopes = this.trimAndConvertArrayToLowerCase(tslib_1.__spreadArrays(scopes));
return requestScopes.every(function (value) { return convertedCachedScopes.indexOf(value.toString().toLowerCase()) >= 0; });
};
/**
* Trims and converts string to lower case
*
* @param scopes
*/
// TODO: Rename this, too generic name for a function that only deals with scopes
ScopeSet.trimAndConvertToLowerCase = function (scope) {
return scope.trim().toLowerCase();
};
/**
* Performs trimAndConvertToLowerCase on string array
* @param scopes
*/
ScopeSet.trimAndConvertArrayToLowerCase = function (scopes) {
var _this = this;
return scopes.map(function (scope) { return _this.trimAndConvertToLowerCase(scope); });
};
/**
* Trims each scope in scopes array
* @param scopes
*/
ScopeSet.trimScopes = function (scopes) {
return scopes.map(function (scope) { return scope.trim(); });
};
/**
* Remove one element from a scope array
*
* @param scopes
* @param scope
*/
// TODO: Rename this, too generic name for a function that only deals with scopes
ScopeSet.removeElement = function (scopes, scope) {
var scopeVal = this.trimAndConvertToLowerCase(scope);
return scopes.filter(function (value) { return value !== scopeVal; });
};
/**
* Parse the scopes into a formatted scopeList
* @param scopes
*/
ScopeSet.parseScope = function (scopes) {
var scopeList = "";
if (scopes) {
for (var i = 0; i < scopes.length; ++i) {
scopeList += (i !== scopes.length - 1) ? scopes[i] + " " : scopes[i];
}
}
return scopeList;
};
/**
* @hidden
*
* Used to validate the scopes input parameter requested by the developer.
* @param {Array<string>} scopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.
* @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not
* @ignore
*/
ScopeSet.validateInputScope = function (scopes, scopesRequired) {
if (!scopes) {
if (scopesRequired) {
throw ClientConfigurationError_1.ClientConfigurationError.createScopesRequiredError(scopes);
}
else {
return;
}
}
// Check that scopes is an array object (also throws error if scopes == null)
if (!Array.isArray(scopes)) {
throw ClientConfigurationError_1.ClientConfigurationError.createScopesNonArrayError(scopes);
}
// Check that scopes is not an empty array
if (scopes.length < 1 && scopesRequired) {
throw ClientConfigurationError_1.ClientConfigurationError.createEmptyScopesArrayError(scopes.toString());
}
};
/**
* @hidden
*
* Extracts scope value from the state sent with the authentication request.
* @param {string} state
* @returns {string} scope.
* @ignore
*/
ScopeSet.getScopeFromState = function (state) {
if (state) {
var splitIndex = state.indexOf(Constants_1.Constants.resourceDelimiter);
if (splitIndex > -1 && splitIndex + 1 < state.length) {
return state.substring(splitIndex + 1);
}
}
return "";
};
/**
* @ignore
* Appends extraScopesToConsent if passed
* @param {@link AuthenticationParameters}
*/
ScopeSet.appendScopes = function (reqScopes, reqExtraScopesToConsent) {
if (reqScopes) {
var convertedExtraScopes = reqExtraScopesToConsent ? this.trimAndConvertArrayToLowerCase(tslib_1.__spreadArrays(reqExtraScopesToConsent)) : null;
var convertedReqScopes = this.trimAndConvertArrayToLowerCase(tslib_1.__spreadArrays(reqScopes));
return convertedExtraScopes ? tslib_1.__spreadArrays(convertedReqScopes, convertedExtraScopes) : convertedReqScopes;
}
return null;
};
// #endregion
/**
* @ignore
* Returns true if the scopes array only contains openid and/or profile
*/
ScopeSet.onlyContainsOidcScopes = function (scopes) {
var scopesCount = scopes.length;
var oidcScopesFound = 0;
if (scopes.indexOf(Constants_1.Constants.openidScope) > -1) {
oidcScopesFound += 1;
}
if (scopes.indexOf(Constants_1.Constants.profileScope) > -1) {
oidcScopesFound += 1;
}
return (scopesCount > 0 && scopesCount === oidcScopesFound);
};
/**
* @ignore
* Returns true if the scopes array only contains openid and/or profile
*/
ScopeSet.containsAnyOidcScopes = function (scopes) {
var containsOpenIdScope = scopes.indexOf(Constants_1.Constants.openidScope) > -1;
var containsProfileScope = scopes.indexOf(Constants_1.Constants.profileScope) > -1;
return (containsOpenIdScope || containsProfileScope);
};
/**
* @ignore
* Returns true if the clientId is the only scope in the array
*/
ScopeSet.onlyContainsClientId = function (scopes, clientId) {
// Double negation to force false value returned in case scopes is null
return !!scopes && (scopes.indexOf(clientId) > -1 && scopes.length === 1);
};
/**
* @ignore
* Adds missing OIDC scopes to scopes array without duplication. Since STS requires OIDC scopes for
* all implicit flow requests, 'openid' and 'profile' should always be included in the final request
*/
ScopeSet.appendDefaultScopes = function (scopes) {
var extendedScopes = scopes;
if (extendedScopes.indexOf(Constants_1.Constants.openidScope) === -1) {
extendedScopes.push(Constants_1.Constants.openidScope);
}
if (extendedScopes.indexOf(Constants_1.Constants.profileScope) === -1) {
extendedScopes.push(Constants_1.Constants.profileScope);
}
return extendedScopes;
};
/**
* @ignore
* Removes present OIDC scopes from scopes array.
*/
ScopeSet.removeDefaultScopes = function (scopes) {
return scopes.filter(function (scope) {
return (scope !== Constants_1.Constants.openidScope && scope !== Constants_1.Constants.profileScope);
});
};
/**
* @ignore
* Removes clientId from scopes array if included as only scope. If it's not the only scope, it is treated as a resource scope.
* @param scopes Array<string>: Pre-normalized scopes array
* @param clientId string: The application's clientId that is searched for in the scopes array
*/
ScopeSet.translateClientIdIfSingleScope = function (scopes, clientId) {
return this.onlyContainsClientId(scopes, clientId) ? Constants_1.Constants.oidcScopes : scopes;
};
return ScopeSet;
}());
exports.ScopeSet = ScopeSet;
/***/ }),
/***/ 436:
/***/ (function(__unused_webpack_module, exports, __webpack_require__) {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.ServerRequestParameters = void 0;
var tslib_1 = __webpack_require__(795);
var CryptoUtils_1 = __webpack_require__(453);
var Constants_1 = __webpack_require__(91);
var ScopeSet_1 = __webpack_require__(55);
var packageMetadata_1 = __webpack_require__(700);
/**
* Nonce: OIDC Nonce definition: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
* State: OAuth Spec: https://tools.ietf.org/html/rfc6749#section-10.12
* @hidden
*/
var ServerRequestParameters = /** @class */ (function () {
/**
* Constructor
* @param authority
* @param clientId
* @param scope
* @param responseType
* @param redirectUri
* @param state
*/
function ServerRequestParameters(authority, clientId, responseType, redirectUri, scopes, state, correlationId) {
this.authorityInstance = authority;
this.clientId = clientId;
this.nonce = CryptoUtils_1.CryptoUtils.createNewGuid();
// set scope to clientId if null
this.scopes = scopes ? tslib_1.__spreadArrays(scopes) : Constants_1.Constants.oidcScopes;
this.scopes = ScopeSet_1.ScopeSet.trimScopes(this.scopes);
// set state (already set at top level)
this.state = state;
// set correlationId
this.correlationId = correlationId;
// telemetry information
this.xClientSku = "MSAL.JS";
this.xClientVer = packageMetadata_1.version;
this.responseType = responseType;
this.redirectUri = redirectUri;
}
Object.defineProperty(ServerRequestParameters.prototype, "authority", {
get: function () {
return this.authorityInstance ? this.authorityInstance.CanonicalAuthority : null;
},
enumerable: false,
configurable: true
});
/**
* @hidden
* @ignore
*
* Utility to populate QueryParameters and ExtraQueryParameters to ServerRequestParamerers
* @param request
* @param serverAuthenticationRequest
*/
ServerRequestParameters.prototype.populateQueryParams = function (account, request, adalIdTokenObject, silentCall) {
var queryParameters = {};
if (request) {
// add the prompt parameter to serverRequestParameters if passed
if (request.prompt) {
this.promptValue = request.prompt;
}
// Add claims challenge to serverRequestParameters if passed
if (request.claimsRequest) {
this.claimsValue = request.claimsRequest;
}
// if the developer provides one of these, give preference to developer choice
if (ServerRequestParameters.isSSOParam(request)) {
queryParameters = this.constructUnifiedCacheQueryParameter(request, null);
}
}
if (adalIdTokenObject) {
queryParameters = this.constructUnifiedCacheQueryParameter(null, adalIdTokenObject);
}
/*
* adds sid/login_hint if not populated
* this.logger.verbose("Calling addHint parameters");
*/
queryParameters = this.addHintParameters(account, queryParameters);
// sanity check for developer passed extraQueryParameters
var eQParams = request ? request.extraQueryParameters : null;
// Populate the extraQueryParameters to be sent to the server
this.queryParameters = ServerRequestParameters.generateQueryParametersString(queryParameters);
this.extraQueryParameters = ServerRequestParameters.generateQueryParametersString(eQParams, silentCall);
};
// #region QueryParam helpers
/**
* Constructs extraQueryParameters to be sent to the server for the AuthenticationParameters set by the developer
* in any login() or acquireToken() calls
* @param idTokenObject
* @param extraQueryParameters
* @param sid
* @param loginHint
*/
// TODO: check how this behaves when domain_hint only is sent in extraparameters and idToken has no upn.
ServerRequestParameters.prototype.constructUnifiedCacheQueryParameter = function (request, idTokenObject) {
var _a;
// preference order: account > sid > login_hint
var ssoType;
var ssoData;
var serverReqParam = {};
// if account info is passed, account.login_hint claim > account.sid > account.username
if (request) {
if (request.account) {
var account = request.account;
if ((_a = account.idTokenClaims) === null || _a === void 0 ? void 0 : _a.login_hint) {
ssoType = Constants_1.SSOTypes.LOGIN_HINT;
ssoData = account.idTokenClaims.login_hint;
}
else if (account.sid) {
ssoType = Constants_1.SSOTypes.SID;
ssoData = account.sid;
}
else if (account.userName) {
ssoType = Constants_1.SSOTypes.LOGIN_HINT;
ssoData = account.userName;
}
}
// sid from request
else if (request.sid) {
ssoType = Constants_1.SSOTypes.SID;
ssoData = request.sid;
}
// loginHint from request
else if (request.loginHint) {
ssoType = Constants_1.SSOTypes.LOGIN_HINT;
ssoData = request.loginHint;
}
}
// adalIdToken retrieved from cache
else if (idTokenObject) {
if (idTokenObject.hasOwnProperty(Constants_1.Constants.upn)) {
ssoType = Constants_1.SSOTypes.ID_TOKEN;
ssoData = idTokenObject["upn"];
}
}
serverReqParam = this.addSSOParameter(ssoType, ssoData);
return serverReqParam;
};
/**
* @hidden
*
* Adds login_hint to authorization URL which is used to pre-fill the username field of sign in page for the user if known ahead of time
* domain_hint if added skips the email based discovery process of the user - only supported for interactive calls in implicit_flow
* domain_req utid received as part of the clientInfo
* login_req uid received as part of clientInfo
* Also does a sanity check for extraQueryParameters passed by the user to ensure no repeat queryParameters
*
* @param {@link Account} account - Account for which the token is requested
* @param queryparams
* @param {@link ServerRequestParameters}
* @ignore
*/
ServerRequestParameters.prototype.addHintParameters = function (account, params) {
var _a, _b;
/*
* This is a final check for all queryParams added so far; preference order: sid > login_hint
* sid cannot be passed along with login_hint or domain_hint, hence we check both are not populated yet in queryParameters
*/
var qParams = params;
if (account) {
if (!qParams[Constants_1.SSOTypes.SID] && !qParams[Constants_1.SSOTypes.LOGIN_HINT]) {
if ((_a = account.idTokenClaims) === null || _a === void 0 ? void 0 : _a.login_hint) {
// Use login_hint claim if available over sid or email/upn
qParams = this.addSSOParameter(Constants_1.SSOTypes.LOGIN_HINT, (_b = account.idTokenClaims) === null || _b === void 0 ? void 0 : _b.login_hint, qParams);
}
else if (account.sid && this.promptValue === Constants_1.PromptState.NONE) {
// sid - populate only if login_hint is not already populated and the account has sid
qParams = this.addSSOParameter(Constants_1.SSOTypes.SID, account.sid, qParams);
}
else if (account.userName) {
// Add username/upn as loginHint if nothing else available
qParams = this.addSSOParameter(Constants_1.SSOTypes.LOGIN_HINT, account.userName, qParams);
}
}
}
return qParams;
};
/**
* Add SID to extraQueryParameters
* @param sid
*/
ServerRequestParameters.prototype.addSSOParameter = function (ssoType, ssoData, params) {
var ssoParam = params || {};
if (!ssoData) {
return ssoParam;
}
switch (ssoType) {
case Constants_1.SSOTypes.SID: {
ssoParam[Constants_1.SSOTypes.SID] = ssoData;
break;
}
case Constants_1.SSOTypes.ID_TOKEN: {
ssoParam[Constants_1.SSOTypes.LOGIN_HINT] = ssoData;
break;
}
case Constants_1.SSOTypes.LOGIN_HINT: {
ssoParam[Constants_1.SSOTypes.LOGIN_HINT] = ssoData;
break;
}
}
return ssoParam;
};
/**
* Utility to generate a QueryParameterString from a Key-Value mapping of extraQueryParameters passed
* @param extraQueryParameters
*/
ServerRequestParameters.generateQueryParametersString = function (queryParameters, silentCall) {
var paramsString = null;
if (queryParameters) {
Object.keys(queryParameters).forEach(function (key) {
// sid cannot be passed along with login_hint or domain_hint
if (key === Constants_1.Constants.domain_hint && (silentCall || queryParameters[Constants_1.SSOTypes.SID])) {
return;
}
if (!paramsString) {