msal
Version:
Microsoft Authentication Library for js
1,305 lines (1,250 loc) • 327 kB
JavaScript
/*! msal v1.4.6 2021-02-09 */
'use strict';
(function webpackUniversalModuleDefinition(root, factory) {
if(typeof exports === 'object' && typeof module === 'object')
module.exports = factory();
else if(typeof define === 'function' && define.amd)
define("Msal", [], factory);
else if(typeof exports === 'object')
exports["Msal"] = factory();
else
root["Msal"] = factory();
})(self, function() {
return /******/ (() => { // webpackBootstrap
/******/ "use strict";
/******/ var __webpack_modules__ = ({
/***/ 795:
/***/ ((__unused_webpack_module, exports) => {
/*! *****************************************************************************
Copyright (c) Microsoft Corporation. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
this file except in compliance with the License. You may obtain a copy of the
License at http://www.apache.org/licenses/LICENSE-2.0
THIS CODE IS PROVIDED ON AN *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED
WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE,
MERCHANTABLITY OR NON-INFRINGEMENT.
See the Apache Version 2.0 License for specific language governing permissions
and limitations under the License.
***************************************************************************** */
/* global Reflect, Promise */
Object.defineProperty(exports, "__esModule", ({ value: true }));
var extendStatics = function (d, b) {
extendStatics = Object.setPrototypeOf ||
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
function (d, b) { for (var p in b)
if (b.hasOwnProperty(p))
d[p] = b[p]; };
return extendStatics(d, b);
};
function __extends(d, b) {
extendStatics(d, b);
function __() { this.constructor = d; }
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
}
exports.__extends = __extends;
exports.__assign = function () {
exports.__assign = Object.assign || function __assign(t) {
for (var s, i = 1, n = arguments.length; i < n; i++) {
s = arguments[i];
for (var p in s)
if (Object.prototype.hasOwnProperty.call(s, p))
t[p] = s[p];
}
return t;
};
return exports.__assign.apply(this, arguments);
};
function __rest(s, e) {
var t = {};
for (var p in s)
if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
t[p] = s[p];
if (s != null && typeof Object.getOwnPropertySymbols === "function")
for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
t[p[i]] = s[p[i]];
}
return t;
}
exports.__rest = __rest;
function __decorate(decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function")
r = Reflect.decorate(decorators, target, key, desc);
else
for (var i = decorators.length - 1; i >= 0; i--)
if (d = decorators[i])
r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
}
exports.__decorate = __decorate;
function __param(paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); };
}
exports.__param = __param;
function __metadata(metadataKey, metadataValue) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function")
return Reflect.metadata(metadataKey, metadataValue);
}
exports.__metadata = __metadata;
function __awaiter(thisArg, _arguments, P, generator) {
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try {
step(generator.next(value));
}
catch (e) {
reject(e);
} }
function rejected(value) { try {
step(generator["throw"](value));
}
catch (e) {
reject(e);
} }
function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
}
exports.__awaiter = __awaiter;
function __generator(thisArg, body) {
var _ = { label: 0, sent: function () { if (t[0] & 1)
throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function () { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f)
throw new TypeError("Generator is already executing.");
while (_)
try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done)
return t;
if (y = 0, t)
op = [op[0] & 2, t.value];
switch (op[0]) {
case 0:
case 1:
t = op;
break;
case 4:
_.label++;
return { value: op[1], done: false };
case 5:
_.label++;
y = op[1];
op = [0];
continue;
case 7:
op = _.ops.pop();
_.trys.pop();
continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
_ = 0;
continue;
}
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) {
_.label = op[1];
break;
}
if (op[0] === 6 && _.label < t[1]) {
_.label = t[1];
t = op;
break;
}
if (t && _.label < t[2]) {
_.label = t[2];
_.ops.push(op);
break;
}
if (t[2])
_.ops.pop();
_.trys.pop();
continue;
}
op = body.call(thisArg, _);
}
catch (e) {
op = [6, e];
y = 0;
}
finally {
f = t = 0;
}
if (op[0] & 5)
throw op[1];
return { value: op[0] ? op[1] : void 0, done: true };
}
}
exports.__generator = __generator;
function __exportStar(m, exports) {
for (var p in m)
if (!exports.hasOwnProperty(p))
exports[p] = m[p];
}
exports.__exportStar = __exportStar;
function __values(o) {
var m = typeof Symbol === "function" && o[Symbol.iterator], i = 0;
if (m)
return m.call(o);
return {
next: function () {
if (o && i >= o.length)
o = void 0;
return { value: o && o[i++], done: !o };
}
};
}
exports.__values = __values;
function __read(o, n) {
var m = typeof Symbol === "function" && o[Symbol.iterator];
if (!m)
return o;
var i = m.call(o), r, ar = [], e;
try {
while ((n === void 0 || n-- > 0) && !(r = i.next()).done)
ar.push(r.value);
}
catch (error) {
e = { error: error };
}
finally {
try {
if (r && !r.done && (m = i["return"]))
m.call(i);
}
finally {
if (e)
throw e.error;
}
}
return ar;
}
exports.__read = __read;
function __spread() {
for (var ar = [], i = 0; i < arguments.length; i++)
ar = ar.concat(__read(arguments[i]));
return ar;
}
exports.__spread = __spread;
function __spreadArrays() {
for (var s = 0, i = 0, il = arguments.length; i < il; i++)
s += arguments[i].length;
for (var r = Array(s), k = 0, i = 0; i < il; i++)
for (var a = arguments[i], j = 0, jl = a.length; j < jl; j++, k++)
r[k] = a[j];
return r;
}
exports.__spreadArrays = __spreadArrays;
;
function __await(v) {
return this instanceof __await ? (this.v = v, this) : new __await(v);
}
exports.__await = __await;
function __asyncGenerator(thisArg, _arguments, generator) {
if (!Symbol.asyncIterator)
throw new TypeError("Symbol.asyncIterator is not defined.");
var g = generator.apply(thisArg, _arguments || []), i, q = [];
return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
function verb(n) { if (g[n])
i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
function resume(n, v) { try {
step(g[n](v));
}
catch (e) {
settle(q[0][3], e);
} }
function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
function fulfill(value) { resume("next", value); }
function reject(value) { resume("throw", value); }
function settle(f, v) { if (f(v), q.shift(), q.length)
resume(q[0][0], q[0][1]); }
}
exports.__asyncGenerator = __asyncGenerator;
function __asyncDelegator(o) {
var i, p;
return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i;
function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === "return" } : f ? f(v) : v; } : f; }
}
exports.__asyncDelegator = __asyncDelegator;
function __asyncValues(o) {
if (!Symbol.asyncIterator)
throw new TypeError("Symbol.asyncIterator is not defined.");
var m = o[Symbol.asyncIterator], i;
return m ? m.call(o) : (o = typeof __values === "function" ? __values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i);
function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }
function settle(resolve, reject, d, v) { Promise.resolve(v).then(function (v) { resolve({ value: v, done: d }); }, reject); }
}
exports.__asyncValues = __asyncValues;
function __makeTemplateObject(cooked, raw) {
if (Object.defineProperty) {
Object.defineProperty(cooked, "raw", { value: raw });
}
else {
cooked.raw = raw;
}
return cooked;
}
exports.__makeTemplateObject = __makeTemplateObject;
;
function __importStar(mod) {
if (mod && mod.__esModule)
return mod;
var result = {};
if (mod != null)
for (var k in mod)
if (Object.hasOwnProperty.call(mod, k))
result[k] = mod[k];
result.default = mod;
return result;
}
exports.__importStar = __importStar;
function __importDefault(mod) {
return (mod && mod.__esModule) ? mod : { default: mod };
}
exports.__importDefault = __importDefault;
/***/ }),
/***/ 630:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var CryptoUtils_1 = __webpack_require__(453);
var StringUtils_1 = __webpack_require__(454);
/**
* accountIdentifier combination of idToken.uid and idToken.utid
* homeAccountIdentifier combination of clientInfo.uid and clientInfo.utid
* userName idToken.preferred_username
* name idToken.name
* idToken idToken
* sid idToken.sid - session identifier
* environment idtoken.issuer (the authority that issues the token)
*/
var Account = /** @class */ (function () {
/**
* Creates an Account Object
* @praram accountIdentifier
* @param homeAccountIdentifier
* @param userName
* @param name
* @param idToken
* @param sid
* @param environment
*/
function Account(accountIdentifier, homeAccountIdentifier, userName, name, idTokenClaims, sid, environment) {
this.accountIdentifier = accountIdentifier;
this.homeAccountIdentifier = homeAccountIdentifier;
this.userName = userName;
this.name = name;
// will be deprecated soon
this.idToken = idTokenClaims;
this.idTokenClaims = idTokenClaims;
this.sid = sid;
this.environment = environment;
}
/**
* @hidden
* @param idToken
* @param clientInfo
*/
Account.createAccount = function (idToken, clientInfo) {
// create accountIdentifier
var accountIdentifier = idToken.objectId || idToken.subject;
// create homeAccountIdentifier
var uid = clientInfo ? clientInfo.uid : "";
var utid = clientInfo ? clientInfo.utid : "";
var homeAccountIdentifier;
if (!StringUtils_1.StringUtils.isEmpty(uid)) {
homeAccountIdentifier = StringUtils_1.StringUtils.isEmpty(utid) ? CryptoUtils_1.CryptoUtils.base64Encode(uid) : CryptoUtils_1.CryptoUtils.base64Encode(uid) + "." + CryptoUtils_1.CryptoUtils.base64Encode(utid);
}
return new Account(accountIdentifier, homeAccountIdentifier, idToken.preferredName, idToken.name, idToken.claims, idToken.sid, idToken.issuer);
};
/**
* Utils function to compare two Account objects - used to check if the same user account is logged in
*
* @param a1: Account object
* @param a2: Account object
*/
Account.compareAccounts = function (a1, a2) {
if (!a1 || !a2) {
return false;
}
if (a1.homeAccountIdentifier && a2.homeAccountIdentifier) {
if (a1.homeAccountIdentifier === a2.homeAccountIdentifier) {
return true;
}
}
return false;
};
return Account;
}());
exports.Account = Account;
/***/ }),
/***/ 681:
/***/ ((__unused_webpack_module, exports) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
function buildResponseStateOnly(state) {
return {
uniqueId: "",
tenantId: "",
tokenType: "",
idToken: null,
idTokenClaims: null,
accessToken: "",
scopes: null,
expiresOn: null,
account: null,
accountState: state,
fromCache: false
};
}
exports.buildResponseStateOnly = buildResponseStateOnly;
/***/ }),
/***/ 733:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var ClientConfigurationError_1 = __webpack_require__(550);
function validateClaimsRequest(request) {
if (!request.claimsRequest) {
return;
}
try {
JSON.parse(request.claimsRequest);
}
catch (e) {
throw ClientConfigurationError_1.ClientConfigurationError.createClaimsRequestParsingError(e);
}
// TODO: More validation will be added when the server team tells us how they have actually implemented claims
}
exports.validateClaimsRequest = validateClaimsRequest;
/***/ }),
/***/ 271:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var CryptoUtils_1 = __webpack_require__(453);
var ClientAuthError_1 = __webpack_require__(356);
var StringUtils_1 = __webpack_require__(454);
/**
* @hidden
*/
var ClientInfo = /** @class */ (function () {
function ClientInfo(rawClientInfo, authority) {
if (!rawClientInfo || StringUtils_1.StringUtils.isEmpty(rawClientInfo)) {
this.uid = "";
this.utid = "";
return;
}
try {
var decodedClientInfo = CryptoUtils_1.CryptoUtils.base64Decode(rawClientInfo);
var clientInfo = JSON.parse(decodedClientInfo);
if (clientInfo) {
if (clientInfo.hasOwnProperty("uid")) {
this.uid = authority ? ClientInfo.stripPolicyFromUid(clientInfo.uid, authority) : clientInfo.uid;
}
if (clientInfo.hasOwnProperty("utid")) {
this.utid = clientInfo.utid;
}
}
}
catch (e) {
throw ClientAuthError_1.ClientAuthError.createClientInfoDecodingError(e);
}
}
Object.defineProperty(ClientInfo.prototype, "uid", {
get: function () {
return this._uid ? this._uid : "";
},
set: function (uid) {
this._uid = uid;
},
enumerable: true,
configurable: true
});
Object.defineProperty(ClientInfo.prototype, "utid", {
get: function () {
return this._utid ? this._utid : "";
},
set: function (utid) {
this._utid = utid;
},
enumerable: true,
configurable: true
});
ClientInfo.createClientInfoFromIdToken = function (idToken, authority) {
var clientInfo = {
uid: idToken.subject,
utid: ""
};
return new ClientInfo(CryptoUtils_1.CryptoUtils.base64Encode(JSON.stringify(clientInfo)), authority);
};
ClientInfo.stripPolicyFromUid = function (uid, authority) {
var uidSegments = uid.split("-");
// Reverse the url segments so the last one is more easily accessible
var urlSegments = authority.split("/").reverse();
var policy = "";
if (!StringUtils_1.StringUtils.isEmpty(urlSegments[0])) {
policy = urlSegments[0];
}
else if (urlSegments.length > 1) {
// If the original url had a trailing slash, urlSegments[0] would be "" so take the next element
policy = urlSegments[1];
}
if (uidSegments[uidSegments.length - 1] === policy) {
// If the last segment of uid matches the last segment of authority url, remove the last segment of uid
return uidSegments.slice(0, uidSegments.length - 1).join("-");
}
return uid;
};
ClientInfo.prototype.encodeClientInfo = function () {
var clientInfo = JSON.stringify({ uid: this.uid, utid: this.utid });
return CryptoUtils_1.CryptoUtils.base64Encode(clientInfo);
};
return ClientInfo;
}());
exports.ClientInfo = ClientInfo;
/***/ }),
/***/ 875:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var tslib_1 = __webpack_require__(795);
var Logger_1 = __webpack_require__(89);
var UrlUtils_1 = __webpack_require__(741);
/**
* Defaults for the Configuration Options
*/
var FRAME_TIMEOUT = 6000;
var OFFSET = 300;
var NAVIGATE_FRAME_WAIT = 500;
var DEFAULT_AUTH_OPTIONS = {
clientId: "",
authority: null,
validateAuthority: true,
authorityMetadata: "",
knownAuthorities: [],
redirectUri: function () { return UrlUtils_1.UrlUtils.getCurrentUrl(); },
postLogoutRedirectUri: function () { return UrlUtils_1.UrlUtils.getCurrentUrl(); },
navigateToLoginRequestUrl: true
};
var DEFAULT_CACHE_OPTIONS = {
cacheLocation: "sessionStorage",
storeAuthStateInCookie: false
};
var DEFAULT_SYSTEM_OPTIONS = {
logger: new Logger_1.Logger(null),
loadFrameTimeout: FRAME_TIMEOUT,
tokenRenewalOffsetSeconds: OFFSET,
navigateFrameWait: NAVIGATE_FRAME_WAIT
};
var DEFAULT_FRAMEWORK_OPTIONS = {
isAngular: false,
unprotectedResources: new Array(),
protectedResourceMap: new Map()
};
/**
* MSAL function that sets the default options when not explicitly configured from app developer
*
* @param TAuthOptions
* @param TCacheOptions
* @param TSystemOptions
* @param TFrameworkOptions
* @param TAuthorityDataOptions
*
* @returns TConfiguration object
*/
function buildConfiguration(_a) {
var auth = _a.auth, _b = _a.cache, cache = _b === void 0 ? {} : _b, _c = _a.system, system = _c === void 0 ? {} : _c, _d = _a.framework, framework = _d === void 0 ? {} : _d;
var overlayedConfig = {
auth: tslib_1.__assign({}, DEFAULT_AUTH_OPTIONS, auth),
cache: tslib_1.__assign({}, DEFAULT_CACHE_OPTIONS, cache),
system: tslib_1.__assign({}, DEFAULT_SYSTEM_OPTIONS, system),
framework: tslib_1.__assign({}, DEFAULT_FRAMEWORK_OPTIONS, framework)
};
return overlayedConfig;
}
exports.buildConfiguration = buildConfiguration;
/***/ }),
/***/ 881:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var ClientAuthError_1 = __webpack_require__(356);
var TokenUtils_1 = __webpack_require__(94);
var StringUtils_1 = __webpack_require__(454);
/**
* @hidden
*/
var IdToken = /** @class */ (function () {
/* tslint:disable:no-string-literal */
function IdToken(rawIdToken) {
if (StringUtils_1.StringUtils.isEmpty(rawIdToken)) {
throw ClientAuthError_1.ClientAuthError.createIdTokenNullOrEmptyError(rawIdToken);
}
try {
this.rawIdToken = rawIdToken;
this.claims = TokenUtils_1.TokenUtils.extractIdToken(rawIdToken);
if (this.claims) {
if (this.claims.hasOwnProperty("iss")) {
this.issuer = this.claims["iss"];
}
if (this.claims.hasOwnProperty("oid")) {
this.objectId = this.claims["oid"];
}
if (this.claims.hasOwnProperty("sub")) {
this.subject = this.claims["sub"];
}
if (this.claims.hasOwnProperty("tid")) {
this.tenantId = this.claims["tid"];
}
if (this.claims.hasOwnProperty("ver")) {
this.version = this.claims["ver"];
}
if (this.claims.hasOwnProperty("preferred_username")) {
this.preferredName = this.claims["preferred_username"];
}
else if (this.claims.hasOwnProperty("upn")) {
this.preferredName = this.claims["upn"];
}
if (this.claims.hasOwnProperty("name")) {
this.name = this.claims["name"];
}
if (this.claims.hasOwnProperty("nonce")) {
this.nonce = this.claims["nonce"];
}
if (this.claims.hasOwnProperty("exp")) {
this.expiration = this.claims["exp"];
}
if (this.claims.hasOwnProperty("home_oid")) {
this.homeObjectId = this.claims["home_oid"];
}
if (this.claims.hasOwnProperty("sid")) {
this.sid = this.claims["sid"];
}
if (this.claims.hasOwnProperty("cloud_instance_host_name")) {
this.cloudInstance = this.claims["cloud_instance_host_name"];
}
/* tslint:enable:no-string-literal */
}
}
catch (e) {
/*
* TODO: This error here won't really every be thrown, since extractIdToken() returns null if the decodeJwt() fails.
* Need to add better error handling here to account for being unable to decode jwts.
*/
throw ClientAuthError_1.ClientAuthError.createIdTokenParsingError(e);
}
}
return IdToken;
}());
exports.IdToken = IdToken;
/***/ }),
/***/ 89:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var StringUtils_1 = __webpack_require__(454);
var packageMetadata_1 = __webpack_require__(700);
var LogLevel;
(function (LogLevel) {
LogLevel[LogLevel["Error"] = 0] = "Error";
LogLevel[LogLevel["Warning"] = 1] = "Warning";
LogLevel[LogLevel["Info"] = 2] = "Info";
LogLevel[LogLevel["Verbose"] = 3] = "Verbose";
})(LogLevel = exports.LogLevel || (exports.LogLevel = {}));
var Logger = /** @class */ (function () {
function Logger(localCallback, options) {
if (options === void 0) { options = {}; }
/**
* @hidden
*/
this.level = LogLevel.Info;
var _a = options.correlationId, correlationId = _a === void 0 ? "" : _a, _b = options.level, level = _b === void 0 ? LogLevel.Info : _b, _c = options.piiLoggingEnabled, piiLoggingEnabled = _c === void 0 ? false : _c;
this.localCallback = localCallback;
this.correlationId = correlationId;
this.level = level;
this.piiLoggingEnabled = piiLoggingEnabled;
}
/**
* @hidden
*/
Logger.prototype.logMessage = function (logLevel, logMessage, containsPii) {
if ((logLevel > this.level) || (!this.piiLoggingEnabled && containsPii)) {
return;
}
var timestamp = new Date().toUTCString();
var log;
if (!StringUtils_1.StringUtils.isEmpty(this.correlationId)) {
log = timestamp + ":" + this.correlationId + "-" + packageMetadata_1.version + "-" + LogLevel[logLevel] + (containsPii ? "-pii" : "") + " " + logMessage;
}
else {
log = timestamp + ":" + packageMetadata_1.version + "-" + LogLevel[logLevel] + (containsPii ? "-pii" : "") + " " + logMessage;
}
this.executeCallback(logLevel, log, containsPii);
};
/**
* @hidden
*/
Logger.prototype.executeCallback = function (level, message, containsPii) {
if (this.localCallback) {
this.localCallback(level, message, containsPii);
}
};
/**
* @hidden
*/
Logger.prototype.error = function (message) {
this.logMessage(LogLevel.Error, message, false);
};
/**
* @hidden
*/
Logger.prototype.errorPii = function (message) {
this.logMessage(LogLevel.Error, message, true);
};
/**
* @hidden
*/
Logger.prototype.warning = function (message) {
this.logMessage(LogLevel.Warning, message, false);
};
/**
* @hidden
*/
Logger.prototype.warningPii = function (message) {
this.logMessage(LogLevel.Warning, message, true);
};
/**
* @hidden
*/
Logger.prototype.info = function (message) {
this.logMessage(LogLevel.Info, message, false);
};
/**
* @hidden
*/
Logger.prototype.infoPii = function (message) {
this.logMessage(LogLevel.Info, message, true);
};
/**
* @hidden
*/
Logger.prototype.verbose = function (message) {
this.logMessage(LogLevel.Verbose, message, false);
};
/**
* @hidden
*/
Logger.prototype.verbosePii = function (message) {
this.logMessage(LogLevel.Verbose, message, true);
};
Logger.prototype.isPiiLoggingEnabled = function () {
return this.piiLoggingEnabled;
};
return Logger;
}());
exports.Logger = Logger;
/***/ }),
/***/ 55:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var ClientConfigurationError_1 = __webpack_require__(550);
var Constants_1 = __webpack_require__(91);
var ScopeSet = /** @class */ (function () {
function ScopeSet() {
}
/**
* Check if there are dup scopes in a given request
*
* @param cachedScopes
* @param scopes
*/
// TODO: Rename this, intersecting scopes isn't a great name for duplicate checker
ScopeSet.isIntersectingScopes = function (cachedScopes, scopes) {
var convertedCachedScopes = this.trimAndConvertArrayToLowerCase(cachedScopes.slice());
var requestScopes = this.trimAndConvertArrayToLowerCase(scopes.slice());
for (var i = 0; i < requestScopes.length; i++) {
if (convertedCachedScopes.indexOf(requestScopes[i].toLowerCase()) > -1) {
return true;
}
}
return false;
};
/**
* Check if a given scope is present in the request
*
* @param cachedScopes
* @param scopes
*/
ScopeSet.containsScope = function (cachedScopes, scopes) {
var convertedCachedScopes = this.trimAndConvertArrayToLowerCase(cachedScopes.slice());
var requestScopes = this.trimAndConvertArrayToLowerCase(scopes.slice());
return requestScopes.every(function (value) { return convertedCachedScopes.indexOf(value.toString().toLowerCase()) >= 0; });
};
/**
* Trims and converts string to lower case
*
* @param scopes
*/
// TODO: Rename this, too generic name for a function that only deals with scopes
ScopeSet.trimAndConvertToLowerCase = function (scope) {
return scope.trim().toLowerCase();
};
/**
* Performs trimAndConvertToLowerCase on string array
* @param scopes
*/
ScopeSet.trimAndConvertArrayToLowerCase = function (scopes) {
var _this = this;
return scopes.map(function (scope) { return _this.trimAndConvertToLowerCase(scope); });
};
/**
* Trims each scope in scopes array
* @param scopes
*/
ScopeSet.trimScopes = function (scopes) {
return scopes.map(function (scope) { return scope.trim(); });
};
/**
* Remove one element from a scope array
*
* @param scopes
* @param scope
*/
// TODO: Rename this, too generic name for a function that only deals with scopes
ScopeSet.removeElement = function (scopes, scope) {
var scopeVal = this.trimAndConvertToLowerCase(scope);
return scopes.filter(function (value) { return value !== scopeVal; });
};
/**
* Parse the scopes into a formatted scopeList
* @param scopes
*/
ScopeSet.parseScope = function (scopes) {
var scopeList = "";
if (scopes) {
for (var i = 0; i < scopes.length; ++i) {
scopeList += (i !== scopes.length - 1) ? scopes[i] + " " : scopes[i];
}
}
return scopeList;
};
/**
* @hidden
*
* Used to validate the scopes input parameter requested by the developer.
* @param {Array<string>} scopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.
* @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not
* @ignore
*/
ScopeSet.validateInputScope = function (scopes, scopesRequired) {
if (!scopes) {
if (scopesRequired) {
throw ClientConfigurationError_1.ClientConfigurationError.createScopesRequiredError(scopes);
}
else {
return;
}
}
// Check that scopes is an array object (also throws error if scopes == null)
if (!Array.isArray(scopes)) {
throw ClientConfigurationError_1.ClientConfigurationError.createScopesNonArrayError(scopes);
}
// Check that scopes is not an empty array
if (scopes.length < 1 && scopesRequired) {
throw ClientConfigurationError_1.ClientConfigurationError.createEmptyScopesArrayError(scopes.toString());
}
};
/**
* @hidden
*
* Extracts scope value from the state sent with the authentication request.
* @param {string} state
* @returns {string} scope.
* @ignore
*/
ScopeSet.getScopeFromState = function (state) {
if (state) {
var splitIndex = state.indexOf(Constants_1.Constants.resourceDelimiter);
if (splitIndex > -1 && splitIndex + 1 < state.length) {
return state.substring(splitIndex + 1);
}
}
return "";
};
/**
* @ignore
* Appends extraScopesToConsent if passed
* @param {@link AuthenticationParameters}
*/
ScopeSet.appendScopes = function (reqScopes, reqExtraScopesToConsent) {
if (reqScopes) {
var convertedExtraScopes = reqExtraScopesToConsent ? this.trimAndConvertArrayToLowerCase(reqExtraScopesToConsent.slice()) : null;
var convertedReqScopes = this.trimAndConvertArrayToLowerCase(reqScopes.slice());
return convertedExtraScopes ? convertedReqScopes.concat(convertedExtraScopes) : convertedReqScopes;
}
return null;
};
// #endregion
/**
* @ignore
* Returns true if the scopes array only contains openid and/or profile
*/
ScopeSet.onlyContainsOidcScopes = function (scopes) {
var scopesCount = scopes.length;
var oidcScopesFound = 0;
if (scopes.indexOf(Constants_1.Constants.openidScope) > -1) {
oidcScopesFound += 1;
}
if (scopes.indexOf(Constants_1.Constants.profileScope) > -1) {
oidcScopesFound += 1;
}
return (scopesCount > 0 && scopesCount === oidcScopesFound);
};
/**
* @ignore
* Returns true if the scopes array only contains openid and/or profile
*/
ScopeSet.containsAnyOidcScopes = function (scopes) {
var containsOpenIdScope = scopes.indexOf(Constants_1.Constants.openidScope) > -1;
var containsProfileScope = scopes.indexOf(Constants_1.Constants.profileScope) > -1;
return (containsOpenIdScope || containsProfileScope);
};
/**
* @ignore
* Returns true if the clientId is the only scope in the array
*/
ScopeSet.onlyContainsClientId = function (scopes, clientId) {
// Double negation to force false value returned in case scopes is null
return !!scopes && (scopes.indexOf(clientId) > -1 && scopes.length === 1);
};
/**
* @ignore
* Adds missing OIDC scopes to scopes array without duplication. Since STS requires OIDC scopes for
* all implicit flow requests, 'openid' and 'profile' should always be included in the final request
*/
ScopeSet.appendDefaultScopes = function (scopes) {
var extendedScopes = scopes;
if (extendedScopes.indexOf(Constants_1.Constants.openidScope) === -1) {
extendedScopes.push(Constants_1.Constants.openidScope);
}
if (extendedScopes.indexOf(Constants_1.Constants.profileScope) === -1) {
extendedScopes.push(Constants_1.Constants.profileScope);
}
return extendedScopes;
};
/**
* @ignore
* Removes present OIDC scopes from scopes array.
*/
ScopeSet.removeDefaultScopes = function (scopes) {
return scopes.filter(function (scope) {
return (scope !== Constants_1.Constants.openidScope && scope !== Constants_1.Constants.profileScope);
});
};
/**
* @ignore
* Removes clientId from scopes array if included as only scope. If it's not the only scope, it is treated as a resource scope.
* @param scopes Array<string>: Pre-normalized scopes array
* @param clientId string: The application's clientId that is searched for in the scopes array
*/
ScopeSet.translateClientIdIfSingleScope = function (scopes, clientId) {
return this.onlyContainsClientId(scopes, clientId) ? Constants_1.Constants.oidcScopes : scopes;
};
return ScopeSet;
}());
exports.ScopeSet = ScopeSet;
/***/ }),
/***/ 436:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var CryptoUtils_1 = __webpack_require__(453);
var Constants_1 = __webpack_require__(91);
var StringUtils_1 = __webpack_require__(454);
var ScopeSet_1 = __webpack_require__(55);
var packageMetadata_1 = __webpack_require__(700);
/**
* Nonce: OIDC Nonce definition: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
* State: OAuth Spec: https://tools.ietf.org/html/rfc6749#section-10.12
* @hidden
*/
var ServerRequestParameters = /** @class */ (function () {
/**
* Constructor
* @param authority
* @param clientId
* @param scope
* @param responseType
* @param redirectUri
* @param state
*/
function ServerRequestParameters(authority, clientId, responseType, redirectUri, scopes, state, correlationId) {
this.authorityInstance = authority;
this.clientId = clientId;
this.nonce = CryptoUtils_1.CryptoUtils.createNewGuid();
// set scope to clientId if null
this.scopes = scopes ? scopes.slice() : Constants_1.Constants.oidcScopes;
this.scopes = ScopeSet_1.ScopeSet.trimScopes(this.scopes);
// set state (already set at top level)
this.state = state;
// set correlationId
this.correlationId = correlationId;
// telemetry information
this.xClientSku = "MSAL.JS";
this.xClientVer = packageMetadata_1.name;
this.responseType = responseType;
this.redirectUri = redirectUri;
}
Object.defineProperty(ServerRequestParameters.prototype, "authority", {
get: function () {
return this.authorityInstance ? this.authorityInstance.CanonicalAuthority : null;
},
enumerable: true,
configurable: true
});
/**
* @hidden
* @ignore
*
* Utility to populate QueryParameters and ExtraQueryParameters to ServerRequestParamerers
* @param request
* @param serverAuthenticationRequest
*/
ServerRequestParameters.prototype.populateQueryParams = function (account, request, adalIdTokenObject, silentCall) {
var queryParameters = {};
if (request) {
// add the prompt parameter to serverRequestParameters if passed
if (request.prompt) {
this.promptValue = request.prompt;
}
// Add claims challenge to serverRequestParameters if passed
if (request.claimsRequest) {
this.claimsValue = request.claimsRequest;
}
// if the developer provides one of these, give preference to developer choice
if (ServerRequestParameters.isSSOParam(request)) {
queryParameters = this.constructUnifiedCacheQueryParameter(request, null);
}
}
if (adalIdTokenObject) {
queryParameters = this.constructUnifiedCacheQueryParameter(null, adalIdTokenObject);
}
/*
* adds sid/login_hint if not populated
* this.logger.verbose("Calling addHint parameters");
*/
queryParameters = this.addHintParameters(account, queryParameters);
// sanity check for developer passed extraQueryParameters
var eQParams = request ? request.extraQueryParameters : null;
// Populate the extraQueryParameters to be sent to the server
this.queryParameters = ServerRequestParameters.generateQueryParametersString(queryParameters);
this.extraQueryParameters = ServerRequestParameters.generateQueryParametersString(eQParams, silentCall);
};
// #region QueryParam helpers
/**
* Constructs extraQueryParameters to be sent to the server for the AuthenticationParameters set by the developer
* in any login() or acquireToken() calls
* @param idTokenObject
* @param extraQueryParameters
* @param sid
* @param loginHint
*/
// TODO: check how this behaves when domain_hint only is sent in extraparameters and idToken has no upn.
ServerRequestParameters.prototype.constructUnifiedCacheQueryParameter = function (request, idTokenObject) {
// preference order: account > sid > login_hint
var ssoType;
var ssoData;
var serverReqParam = {};
// if account info is passed, account.sid > account.login_hint
if (request) {
if (request.account) {
var account = request.account;
if (account.sid) {
ssoType = Constants_1.SSOTypes.SID;
ssoData = account.sid;
}
else if (account.userName) {
ssoType = Constants_1.SSOTypes.LOGIN_HINT;
ssoData = account.userName;
}
}
// sid from request
else if (request.sid) {
ssoType = Constants_1.SSOTypes.SID;
ssoData = request.sid;
}
// loginHint from request
else if (request.loginHint) {
ssoType = Constants_1.SSOTypes.LOGIN_HINT;
ssoData = request.loginHint;
}
}
// adalIdToken retrieved from cache
else if (idTokenObject) {
if (idTokenObject.hasOwnProperty(Constants_1.Constants.upn)) {
ssoType = Constants_1.SSOTypes.ID_TOKEN;
ssoData = idTokenObject.upn;
}
}
serverReqParam = this.addSSOParameter(ssoType, ssoData);
return serverReqParam;
};
/**
* @hidden
*
* Adds login_hint to authorization URL which is used to pre-fill the username field of sign in page for the user if known ahead of time
* domain_hint if added skips the email based discovery process of the user - only supported for interactive calls in implicit_flow
* domain_req utid received as part of the clientInfo
* login_req uid received as part of clientInfo
* Also does a sanity check for extraQueryParameters passed by the user to ensure no repeat queryParameters
*
* @param {@link Account} account - Account for which the token is requested
* @param queryparams
* @param {@link ServerRequestParameters}
* @ignore
*/
ServerRequestParameters.prototype.addHintParameters = function (account, qParams) {
/*
* This is a final check for all queryParams added so far; preference order: sid > login_hint
* sid cannot be passed along with login_hint or domain_hint, hence we check both are not populated yet in queryParameters
*/
if (account && !qParams[Constants_1.SSOTypes.SID]) {
// sid - populate only if login_hint is not already populated and the account has sid
var populateSID = !qParams[Constants_1.SSOTypes.LOGIN_HINT] && account.sid && this.promptValue === Constants_1.PromptState.NONE;
if (populateSID) {
qParams = this.addSSOParameter(Constants_1.SSOTypes.SID, account.sid, qParams);
}
// login_hint - account.userName
else {
var populateLoginHint = !qParams[Constants_1.SSOTypes.LOGIN_HINT] && account.userName && !StringUtils_1.StringUtils.isEmpty(account.userName);
if (populateLoginHint) {
qParams = this.addSSOParameter(Constants_1.SSOTypes.LOGIN_HINT, account.userName, qParams);
}
}
}
return qParams;
};
/**
* Add SID to extraQueryParameters
* @param sid
*/
ServerRequestParameters.prototype.addSSOParameter = function (ssoType, ssoData, ssoParam) {
if (!ssoParam) {
ssoParam = {};
}
if (!ssoData) {
return ssoParam;
}
switch (ssoType) {
case Constants_1.SSOTypes.SID: {
ssoParam[Constants_1.SSOTypes.SID] = ssoData;
break;
}
case Constants_1.SSOTypes.ID_TOKEN: {
ssoParam[Constants_1.SSOTypes.LOGIN_HINT] = ssoData;
break;
}
case Constants_1.SSOTypes.LOGIN_HINT: {
ssoParam[Constants_1.SSOTypes.LOGIN_HINT] = ssoData;
break;
}
}
return ssoParam;
};
/**
* Utility to generate a QueryParameterString from a Key-Value mapping of extraQueryParameters passed
* @param extraQueryParameters
*/
ServerRequestParameters.generateQueryParametersString = function (queryParameters, silentCall) {
var paramsString = null;
if (queryParameters) {
Object.keys(queryParameters).forEach(function (key) {
// sid cannot be passed along with login_hint or domain_hint
if (key === Constants_1.Constants.domain_hint && (silentCall || queryParameters[Constants_1.SSOTypes.SID])) {
return;
}
if (!paramsString) {
paramsString = key + "=" + encodeURIComponent(queryParameters[key]);
}
else {
paramsString += "&" + key + "=" + encodeURIComponent(queryParameters[key]);
}
});
}
return paramsString;
};
// #endregion
/**
* Check to see if there are SSO params set in the Request
* @param request
*/
ServerRequestParameters.isSSOParam = function (request) {
return request && (request.account || request.sid || request.loginHint);
};
/**
* Returns the correct response_type string attribute for an acquireToken request configuration
* @param accountsMatch boolean: Determines whether the account in the request matches the cached account
* @param scopes Array<string>: AuthenticationRequest scopes configuration
* @param loginScopesOnly boolean: True if the scopes array ONLY contains the clientId or any combination of OIDC scopes, without resource scopes
*/
ServerRequestParameters.determineResponseType = function (accountsMatch, scopes) {
// Supports getting an id_token by sending in clientId as only scope or OIDC scopes as only scopes
if (ScopeSet_1.ScopeSet.onlyContainsOidcScopes(scopes)) {
return Constants_1.ResponseTypes.id_token;
}
// If accounts match, check if OIDC scopes are included, otherwise return id_token_token
return (accountsMatch) ? this.responseTypeForMatchingAccounts(scopes) : Constants_1.ResponseTypes.id_token_token;
};
/**
* Returns the correct response_type string attribute for an acquireToken request configuration that contains an
* account that matches the account in the MSAL cache.
* @param scopes Array<string>: AuthenticationRequest scopes configuration
*/
ServerRequestParameters.responseTypeForMatchingAccounts = function (scopes) {
// Opt-into also requesting an ID token by sending in 'openid', 'profile' or both along with resource scopes when login is not necessary.
return (ScopeSet_1.ScopeSet.containsAnyOidcScopes(scopes)) ? Constants_1.ResponseTypes.id_token_token : Constants_1.ResponseTypes.token;
};
return ServerRequestParameters;
}());
exports.ServerRequestParameters = ServerRequestParameters;
/***/ }),
/***/ 463:
/***/ ((__unused_webpack_module, exports, __webpack_require__) => {
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
Object.defineProperty(exports, "__esModule", ({ value: true }));
var tslib_1 = __webpack_require__(795);
var AccessTokenKey_1 = __webpack_require__(29);
var AccessT