nnanh3-msal-browser
Version:
Thư viện đã custom của azure masl có common kèm trong
243 lines (240 loc) • 11.6 kB
JavaScript
/*! @azure/msal-common v4.5.1 2021-08-02 */
;
import { Separators, CacheAccountType, CacheType, Constants } from '../../utils/Constants.js';
import { buildClientInfo } from '../../account/ClientInfo.js';
import { StringUtils } from '../../utils/StringUtils.js';
import { ClientAuthError } from '../../error/ClientAuthError.js';
import { AuthorityType } from '../../authority/AuthorityType.js';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
*
* Key : Value Schema
*
* Key: <home_account_id>-<environment>-<realm*>
*
* Value Schema:
* {
* homeAccountId: home account identifier for the auth scheme,
* environment: entity that issued the token, represented as a full host
* realm: Full tenant or organizational identifier that the account belongs to
* localAccountId: Original tenant-specific accountID, usually used for legacy cases
* username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
* authorityType: Accounts authority type as a string
* name: Full name for the account, including given name and family name,
* clientInfo: Full base64 encoded client info received from ESTS
* lastModificationTime: last time this entity was modified in the cache
* lastModificationApp:
* oboAssertion: access token passed in as part of OBO request
* idTokenClaims: Object containing claims parsed from ID token
* }
*/
var AccountEntity = /** @class */ (function () {
function AccountEntity() {
}
/**
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
*/
AccountEntity.prototype.generateAccountId = function () {
var accountId = [this.homeAccountId, this.environment];
return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
};
/**
* Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
*/
AccountEntity.prototype.generateAccountKey = function () {
return AccountEntity.generateAccountCacheKey({
homeAccountId: this.homeAccountId,
environment: this.environment,
tenantId: this.realm,
username: this.username,
localAccountId: this.localAccountId
});
};
/**
* returns the type of the cache (in this case account)
*/
AccountEntity.prototype.generateType = function () {
switch (this.authorityType) {
case CacheAccountType.ADFS_ACCOUNT_TYPE:
return CacheType.ADFS;
case CacheAccountType.MSAV1_ACCOUNT_TYPE:
return CacheType.MSA;
case CacheAccountType.MSSTS_ACCOUNT_TYPE:
return CacheType.MSSTS;
case CacheAccountType.GENERIC_ACCOUNT_TYPE:
return CacheType.GENERIC;
default: {
throw ClientAuthError.createUnexpectedAccountTypeError();
}
}
};
/**
* Returns the AccountInfo interface for this account.
*/
AccountEntity.prototype.getAccountInfo = function () {
return {
homeAccountId: this.homeAccountId,
environment: this.environment,
tenantId: this.realm,
username: this.username,
localAccountId: this.localAccountId,
name: this.name,
idTokenClaims: this.idTokenClaims
};
};
/**
* Generates account key from interface
* @param accountInterface
*/
AccountEntity.generateAccountCacheKey = function (accountInterface) {
var accountKey = [
accountInterface.homeAccountId,
accountInterface.environment || "",
accountInterface.tenantId || "",
];
return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
};
/**
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
* @param clientInfo
* @param authority
* @param idToken
* @param policy
*/
AccountEntity.createAccount = function (clientInfo, homeAccountId, authority, idToken, oboAssertion, cloudGraphHostName, msGraphHost) {
var _a, _b, _c, _d, _e, _f;
var account = new AccountEntity();
account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
account.clientInfo = clientInfo;
account.homeAccountId = homeAccountId;
var env = authority.getPreferredCache();
if (StringUtils.isEmpty(env)) {
throw ClientAuthError.createInvalidCacheEnvironmentError();
}
account.environment = env;
// non AAD scenarios can have empty realm
account.realm = ((_a = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _a === void 0 ? void 0 : _a.tid) || "";
account.oboAssertion = oboAssertion;
if (idToken) {
account.idTokenClaims = idToken.claims;
// How do you account for MSA CID here?
account.localAccountId = ((_b = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _b === void 0 ? void 0 : _b.oid) || ((_c = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _c === void 0 ? void 0 : _c.sub) || "";
/*
* In B2C scenarios the emails claim is used instead of preferred_username and it is an array. In most cases it will contain a single email.
* This field should not be relied upon if a custom policy is configured to return more than 1 email.
*/
account.username = ((_d = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _d === void 0 ? void 0 : _d.preferred_username) || (((_e = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _e === void 0 ? void 0 : _e.emails) ? idToken.claims.emails[0] : "");
account.name = (_f = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _f === void 0 ? void 0 : _f.name;
}
account.cloudGraphHostName = cloudGraphHostName;
account.msGraphHost = msGraphHost;
return account;
};
/**
* Builds non-AAD/ADFS account.
* @param authority
* @param idToken
*/
AccountEntity.createGenericAccount = function (authority, homeAccountId, idToken, oboAssertion, cloudGraphHostName, msGraphHost) {
var _a, _b, _c, _d;
var account = new AccountEntity();
account.authorityType = (authority.authorityType === AuthorityType.Adfs) ? CacheAccountType.ADFS_ACCOUNT_TYPE : CacheAccountType.GENERIC_ACCOUNT_TYPE;
account.homeAccountId = homeAccountId;
// non AAD scenarios can have empty realm
account.realm = "";
account.oboAssertion = oboAssertion;
var env = authority.getPreferredCache();
if (StringUtils.isEmpty(env)) {
throw ClientAuthError.createInvalidCacheEnvironmentError();
}
if (idToken) {
// How do you account for MSA CID here?
account.localAccountId = ((_a = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _a === void 0 ? void 0 : _a.oid) || ((_b = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _b === void 0 ? void 0 : _b.sub) || "";
// upn claim for most ADFS scenarios
account.username = ((_c = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _c === void 0 ? void 0 : _c.upn) || "";
account.name = ((_d = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _d === void 0 ? void 0 : _d.name) || "";
account.idTokenClaims = idToken === null || idToken === void 0 ? void 0 : idToken.claims;
}
account.environment = env;
account.cloudGraphHostName = cloudGraphHostName;
account.msGraphHost = msGraphHost;
/*
* add uniqueName to claims
* account.name = idToken.claims.uniqueName;
*/
return account;
};
/**
* Generate HomeAccountId from server response
* @param serverClientInfo
* @param authType
*/
AccountEntity.generateHomeAccountId = function (serverClientInfo, authType, logger, cryptoObj, idToken) {
var _a;
var accountId = ((_a = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _a === void 0 ? void 0 : _a.sub) ? idToken.claims.sub : Constants.EMPTY_STRING;
// since ADFS does not have tid and does not set client_info
if (authType === AuthorityType.Adfs) {
return accountId;
}
// for cases where there is clientInfo
if (serverClientInfo) {
try {
var clientInfo = buildClientInfo(serverClientInfo, cryptoObj);
if (!StringUtils.isEmpty(clientInfo.uid) && !StringUtils.isEmpty(clientInfo.utid)) {
return "" + clientInfo.uid + Separators.CLIENT_INFO_SEPARATOR + clientInfo.utid;
}
}
catch (e) { }
}
// default to "sub" claim
logger.verbose("No client info in response");
return accountId;
};
/**
* Validates an entity: checks for all expected params
* @param entity
*/
AccountEntity.isAccountEntity = function (entity) {
if (!entity) {
return false;
}
return (entity.hasOwnProperty("homeAccountId") &&
entity.hasOwnProperty("environment") &&
entity.hasOwnProperty("realm") &&
entity.hasOwnProperty("localAccountId") &&
entity.hasOwnProperty("username") &&
entity.hasOwnProperty("authorityType"));
};
/**
* Helper function to determine whether 2 accountInfo objects represent the same account
* @param accountA
* @param accountB
* @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
*/
AccountEntity.accountInfoIsEqual = function (accountA, accountB, compareClaims) {
if (!accountA || !accountB) {
return false;
}
var claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
if (compareClaims) {
var accountAClaims = (accountA.idTokenClaims || {});
var accountBClaims = (accountB.idTokenClaims || {});
// issued at timestamp and nonce are expected to change each time a new id token is acquired
claimsMatch = (accountAClaims.iat === accountBClaims.iat) &&
(accountAClaims.nonce === accountBClaims.nonce);
}
return (accountA.homeAccountId === accountB.homeAccountId) &&
(accountA.localAccountId === accountB.localAccountId) &&
(accountA.username === accountB.username) &&
(accountA.tenantId === accountB.tenantId) &&
(accountA.environment === accountB.environment) &&
claimsMatch;
};
return AccountEntity;
}());
export { AccountEntity };
//# sourceMappingURL=AccountEntity.js.map