Created
September 27, 2023 02:58
-
-
Save codyaweber/928d4ec6c82094c82e71605514fcbdad to your computer and use it in GitHub Desktop.
Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/*! For license information please see AuthenticationService.js.LICENSE.txt */ | |
(()=>{ | |
"use strict"; | |
var e = { | |
4: (e,t,r)=>{ | |
r.r(t), | |
r.d(t, { | |
AccountEntity: ()=>re, | |
ApiId: ()=>Se, | |
AuthError: ()=>J, | |
AuthErrorMessage: ()=>V, | |
AuthenticationHeaderParser: ()=>br, | |
AuthenticationScheme: ()=>F, | |
AzureCloudInstance: ()=>ze, | |
BrowserAuthError: ()=>ke, | |
BrowserAuthErrorMessage: ()=>Re, | |
BrowserCacheLocation: ()=>_e, | |
BrowserConfigurationAuthError: ()=>De, | |
BrowserConfigurationAuthErrorMessage: ()=>Le, | |
BrowserUtils: ()=>Ot, | |
ClientAuthError: ()=>X, | |
ClientAuthErrorMessage: ()=>Q, | |
ClientConfigurationError: ()=>ie, | |
ClientConfigurationErrorMessage: ()=>oe, | |
DEFAULT_IFRAME_TIMEOUT_MS: ()=>Vt, | |
EventMessageUtils: ()=>Ir, | |
EventType: ()=>Tt, | |
InteractionRequiredAuthError: ()=>lt, | |
InteractionRequiredAuthErrorMessage: ()=>ut, | |
InteractionStatus: ()=>Ae, | |
InteractionType: ()=>Ie, | |
LogLevel: ()=>qe, | |
Logger: ()=>je, | |
NavigationClient: ()=>Wt, | |
OIDC_DEFAULT_SCOPES: ()=>w, | |
PerformanceEvents: ()=>ht, | |
ProtocolMode: ()=>Et, | |
PublicClientApplication: ()=>wr, | |
ServerError: ()=>tt, | |
SignedHttpRequest: ()=>Ar, | |
StringUtils: ()=>$, | |
UrlString: ()=>Ke, | |
WrapperSKU: ()=>Oe, | |
internals: ()=>n, | |
stubbedPublicClientApplication: ()=>Sr, | |
version: ()=>kt | |
}); | |
var n = {}; | |
r.r(n), | |
r.d(n, { | |
BrowserCacheManager: ()=>Ge, | |
BrowserConstants: ()=>Ne, | |
EventHandler: ()=>$t, | |
NativeMessageHandler: ()=>Gt, | |
PopupClient: ()=>jt, | |
RedirectClient: ()=>zt, | |
RedirectHandler: ()=>Ht, | |
SilentCacheClient: ()=>Kt, | |
SilentIframeClient: ()=>Qt, | |
SilentRefreshClient: ()=>Xt, | |
StandardInteractionClient: ()=>Ut, | |
TemporaryCacheKeys: ()=>Te | |
}); | |
var o = function(e, t) { | |
return o = Object.setPrototypeOf || { | |
__proto__: [] | |
}instanceof Array && function(e, t) { | |
e.__proto__ = t | |
} | |
|| function(e, t) { | |
for (var r in t) | |
Object.prototype.hasOwnProperty.call(t, r) && (e[r] = t[r]) | |
} | |
, | |
o(e, t) | |
}; | |
function i(e, t) { | |
function r() { | |
this.constructor = e | |
} | |
o(e, t), | |
e.prototype = null === t ? Object.create(t) : (r.prototype = t.prototype, | |
new r) | |
} | |
var a = function() { | |
return a = Object.assign || function(e) { | |
for (var t, r = 1, n = arguments.length; r < n; r++) | |
for (var o in t = arguments[r]) | |
Object.prototype.hasOwnProperty.call(t, o) && (e[o] = t[o]); | |
return e | |
} | |
, | |
a.apply(this, arguments) | |
}; | |
function s(e, t, r, n) { | |
return new (r || (r = Promise))((function(o, i) { | |
function a(e) { | |
try { | |
c(n.next(e)) | |
} catch (e) { | |
i(e) | |
} | |
} | |
function s(e) { | |
try { | |
c(n.throw(e)) | |
} catch (e) { | |
i(e) | |
} | |
} | |
function c(e) { | |
var t; | |
e.done ? o(e.value) : (t = e.value, | |
t instanceof r ? t : new r((function(e) { | |
e(t) | |
} | |
))).then(a, s) | |
} | |
c((n = n.apply(e, t || [])).next()) | |
} | |
)) | |
} | |
function c(e, t) { | |
var r, n, o, i, a = { | |
label: 0, | |
sent: function() { | |
if (1 & o[0]) | |
throw o[1]; | |
return o[1] | |
}, | |
trys: [], | |
ops: [] | |
}; | |
return i = { | |
next: s(0), | |
throw: s(1), | |
return: s(2) | |
}, | |
"function" == typeof Symbol && (i[Symbol.iterator] = function() { | |
return this | |
} | |
), | |
i; | |
function s(i) { | |
return function(s) { | |
return function(i) { | |
if (r) | |
throw new TypeError("Generator is already executing."); | |
for (; a; ) | |
try { | |
if (r = 1, | |
n && (o = 2 & i[0] ? n.return : i[0] ? n.throw || ((o = n.return) && o.call(n), | |
0) : n.next) && !(o = o.call(n, i[1])).done) | |
return o; | |
switch (n = 0, | |
o && (i = [2 & i[0], o.value]), | |
i[0]) { | |
case 0: | |
case 1: | |
o = i; | |
break; | |
case 4: | |
return a.label++, | |
{ | |
value: i[1], | |
done: !1 | |
}; | |
case 5: | |
a.label++, | |
n = i[1], | |
i = [0]; | |
continue; | |
case 7: | |
i = a.ops.pop(), | |
a.trys.pop(); | |
continue; | |
default: | |
if (!((o = (o = a.trys).length > 0 && o[o.length - 1]) || 6 !== i[0] && 2 !== i[0])) { | |
a = 0; | |
continue | |
} | |
if (3 === i[0] && (!o || i[1] > o[0] && i[1] < o[3])) { | |
a.label = i[1]; | |
break | |
} | |
if (6 === i[0] && a.label < o[1]) { | |
a.label = o[1], | |
o = i; | |
break | |
} | |
if (o && a.label < o[2]) { | |
a.label = o[2], | |
a.ops.push(i); | |
break | |
} | |
o[2] && a.ops.pop(), | |
a.trys.pop(); | |
continue | |
} | |
i = t.call(e, a) | |
} catch (e) { | |
i = [6, e], | |
n = 0 | |
} finally { | |
r = o = 0 | |
} | |
if (5 & i[0]) | |
throw i[1]; | |
return { | |
value: i[0] ? i[1] : void 0, | |
done: !0 | |
} | |
}([i, s]) | |
} | |
} | |
} | |
function u(e, t) { | |
var r = "function" == typeof Symbol && e[Symbol.iterator]; | |
if (!r) | |
return e; | |
var n, o, i = r.call(e), a = []; | |
try { | |
for (; (void 0 === t || t-- > 0) && !(n = i.next()).done; ) | |
a.push(n.value) | |
} catch (e) { | |
o = { | |
error: e | |
} | |
} finally { | |
try { | |
n && !n.done && (r = i.return) && r.call(i) | |
} finally { | |
if (o) | |
throw o.error | |
} | |
} | |
return a | |
} | |
function l() { | |
for (var e = [], t = 0; t < arguments.length; t++) | |
e = e.concat(u(arguments[t])); | |
return e | |
} | |
var d = function(e, t) { | |
return d = Object.setPrototypeOf || { | |
__proto__: [] | |
}instanceof Array && function(e, t) { | |
e.__proto__ = t | |
} | |
|| function(e, t) { | |
for (var r in t) | |
Object.prototype.hasOwnProperty.call(t, r) && (e[r] = t[r]) | |
} | |
, | |
d(e, t) | |
}; | |
function h(e, t) { | |
function r() { | |
this.constructor = e | |
} | |
d(e, t), | |
e.prototype = null === t ? Object.create(t) : (r.prototype = t.prototype, | |
new r) | |
} | |
var p = function() { | |
return p = Object.assign || function(e) { | |
for (var t, r = 1, n = arguments.length; r < n; r++) | |
for (var o in t = arguments[r]) | |
Object.prototype.hasOwnProperty.call(t, o) && (e[o] = t[o]); | |
return e | |
} | |
, | |
p.apply(this, arguments) | |
}; | |
function g(e, t, r, n) { | |
return new (r || (r = Promise))((function(o, i) { | |
function a(e) { | |
try { | |
c(n.next(e)) | |
} catch (e) { | |
i(e) | |
} | |
} | |
function s(e) { | |
try { | |
c(n.throw(e)) | |
} catch (e) { | |
i(e) | |
} | |
} | |
function c(e) { | |
var t; | |
e.done ? o(e.value) : (t = e.value, | |
t instanceof r ? t : new r((function(e) { | |
e(t) | |
} | |
))).then(a, s) | |
} | |
c((n = n.apply(e, t || [])).next()) | |
} | |
)) | |
} | |
function f(e, t) { | |
var r, n, o, i, a = { | |
label: 0, | |
sent: function() { | |
if (1 & o[0]) | |
throw o[1]; | |
return o[1] | |
}, | |
trys: [], | |
ops: [] | |
}; | |
return i = { | |
next: s(0), | |
throw: s(1), | |
return: s(2) | |
}, | |
"function" == typeof Symbol && (i[Symbol.iterator] = function() { | |
return this | |
} | |
), | |
i; | |
function s(i) { | |
return function(s) { | |
return function(i) { | |
if (r) | |
throw new TypeError("Generator is already executing."); | |
for (; a; ) | |
try { | |
if (r = 1, | |
n && (o = 2 & i[0] ? n.return : i[0] ? n.throw || ((o = n.return) && o.call(n), | |
0) : n.next) && !(o = o.call(n, i[1])).done) | |
return o; | |
switch (n = 0, | |
o && (i = [2 & i[0], o.value]), | |
i[0]) { | |
case 0: | |
case 1: | |
o = i; | |
break; | |
case 4: | |
return a.label++, | |
{ | |
value: i[1], | |
done: !1 | |
}; | |
case 5: | |
a.label++, | |
n = i[1], | |
i = [0]; | |
continue; | |
case 7: | |
i = a.ops.pop(), | |
a.trys.pop(); | |
continue; | |
default: | |
if (!((o = (o = a.trys).length > 0 && o[o.length - 1]) || 6 !== i[0] && 2 !== i[0])) { | |
a = 0; | |
continue | |
} | |
if (3 === i[0] && (!o || i[1] > o[0] && i[1] < o[3])) { | |
a.label = i[1]; | |
break | |
} | |
if (6 === i[0] && a.label < o[1]) { | |
a.label = o[1], | |
o = i; | |
break | |
} | |
if (o && a.label < o[2]) { | |
a.label = o[2], | |
a.ops.push(i); | |
break | |
} | |
o[2] && a.ops.pop(), | |
a.trys.pop(); | |
continue | |
} | |
i = t.call(e, a) | |
} catch (e) { | |
i = [6, e], | |
n = 0 | |
} finally { | |
r = o = 0 | |
} | |
if (5 & i[0]) | |
throw i[1]; | |
return { | |
value: i[0] ? i[1] : void 0, | |
done: !0 | |
} | |
}([i, s]) | |
} | |
} | |
} | |
function m() { | |
for (var e = 0, t = 0, r = arguments.length; t < r; t++) | |
e += arguments[t].length; | |
var n = Array(e) | |
, o = 0; | |
for (t = 0; t < r; t++) | |
for (var i = arguments[t], a = 0, s = i.length; a < s; a++, | |
o++) | |
n[o] = i[a]; | |
return n | |
} | |
var v, y, E, _, C, T = { | |
LIBRARY_NAME: "MSAL.JS", | |
SKU: "msal.js.common", | |
CACHE_PREFIX: "msal", | |
DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/", | |
DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com", | |
DEFAULT_COMMON_TENANT: "common", | |
ADFS: "adfs", | |
AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=", | |
RESOURCE_DELIM: "|", | |
NO_ACCOUNT: "NO_ACCOUNT", | |
CLAIMS: "claims", | |
CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad", | |
OPENID_SCOPE: "openid", | |
PROFILE_SCOPE: "profile", | |
OFFLINE_ACCESS_SCOPE: "offline_access", | |
EMAIL_SCOPE: "email", | |
CODE_RESPONSE_TYPE: "code", | |
CODE_GRANT_TYPE: "authorization_code", | |
RT_GRANT_TYPE: "refresh_token", | |
FRAGMENT_RESPONSE_MODE: "fragment", | |
S256_CODE_CHALLENGE_METHOD: "S256", | |
URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8", | |
AUTHORIZATION_PENDING: "authorization_pending", | |
NOT_DEFINED: "not_defined", | |
EMPTY_STRING: "", | |
FORWARD_SLASH: "/", | |
IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location", | |
IMDS_VERSION: "2020-06-01", | |
IMDS_TIMEOUT: 2e3, | |
AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect", | |
REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com", | |
KNOWN_PUBLIC_CLOUDS: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"], | |
TOKEN_RESPONSE_TYPE: "token", | |
ID_TOKEN_RESPONSE_TYPE: "id_token", | |
SHR_NONCE_VALIDITY: 240 | |
}, w = [T.OPENID_SCOPE, T.PROFILE_SCOPE, T.OFFLINE_ACCESS_SCOPE], S = m(w, [T.EMAIL_SCOPE]); | |
!function(e) { | |
e.CONTENT_TYPE = "Content-Type", | |
e.RETRY_AFTER = "Retry-After", | |
e.CCS_HEADER = "X-AnchorMailbox", | |
e.WWWAuthenticate = "WWW-Authenticate", | |
e.AuthenticationInfo = "Authentication-Info" | |
}(v || (v = {})), | |
function(e) { | |
e.ID_TOKEN = "idtoken", | |
e.CLIENT_INFO = "client.info", | |
e.ADAL_ID_TOKEN = "adal.idtoken", | |
e.ERROR = "error", | |
e.ERROR_DESC = "error.description", | |
e.ACTIVE_ACCOUNT = "active-account", | |
e.ACTIVE_ACCOUNT_FILTERS = "active-account-filters" | |
}(y || (y = {})), | |
function(e) { | |
e.COMMON = "common", | |
e.ORGANIZATIONS = "organizations", | |
e.CONSUMERS = "consumers" | |
}(E || (E = {})), | |
function(e) { | |
e.CLIENT_ID = "client_id", | |
e.REDIRECT_URI = "redirect_uri", | |
e.RESPONSE_TYPE = "response_type", | |
e.RESPONSE_MODE = "response_mode", | |
e.GRANT_TYPE = "grant_type", | |
e.CLAIMS = "claims", | |
e.SCOPE = "scope", | |
e.ERROR = "error", | |
e.ERROR_DESCRIPTION = "error_description", | |
e.ACCESS_TOKEN = "access_token", | |
e.ID_TOKEN = "id_token", | |
e.REFRESH_TOKEN = "refresh_token", | |
e.EXPIRES_IN = "expires_in", | |
e.STATE = "state", | |
e.NONCE = "nonce", | |
e.PROMPT = "prompt", | |
e.SESSION_STATE = "session_state", | |
e.CLIENT_INFO = "client_info", | |
e.CODE = "code", | |
e.CODE_CHALLENGE = "code_challenge", | |
e.CODE_CHALLENGE_METHOD = "code_challenge_method", | |
e.CODE_VERIFIER = "code_verifier", | |
e.CLIENT_REQUEST_ID = "client-request-id", | |
e.X_CLIENT_SKU = "x-client-SKU", | |
e.X_CLIENT_VER = "x-client-VER", | |
e.X_CLIENT_OS = "x-client-OS", | |
e.X_CLIENT_CPU = "x-client-CPU", | |
e.X_CLIENT_CURR_TELEM = "x-client-current-telemetry", | |
e.X_CLIENT_LAST_TELEM = "x-client-last-telemetry", | |
e.X_MS_LIB_CAPABILITY = "x-ms-lib-capability", | |
e.X_APP_NAME = "x-app-name", | |
e.X_APP_VER = "x-app-ver", | |
e.POST_LOGOUT_URI = "post_logout_redirect_uri", | |
e.ID_TOKEN_HINT = "id_token_hint", | |
e.DEVICE_CODE = "device_code", | |
e.CLIENT_SECRET = "client_secret", | |
e.CLIENT_ASSERTION = "client_assertion", | |
e.CLIENT_ASSERTION_TYPE = "client_assertion_type", | |
e.TOKEN_TYPE = "token_type", | |
e.REQ_CNF = "req_cnf", | |
e.OBO_ASSERTION = "assertion", | |
e.REQUESTED_TOKEN_USE = "requested_token_use", | |
e.ON_BEHALF_OF = "on_behalf_of", | |
e.FOCI = "foci", | |
e.CCS_HEADER = "X-AnchorMailbox", | |
e.RETURN_SPA_CODE = "return_spa_code", | |
e.NATIVE_BROKER = "nativebroker", | |
e.LOGOUT_HINT = "logout_hint" | |
}(_ || (_ = {})), | |
function(e) { | |
e.ACCESS_TOKEN = "access_token", | |
e.XMS_CC = "xms_cc" | |
}(C || (C = {})); | |
var I, A = { | |
LOGIN: "login", | |
SELECT_ACCOUNT: "select_account", | |
CONSENT: "consent", | |
NONE: "none", | |
CREATE: "create" | |
}; | |
!function(e) { | |
e.ACCOUNT = "account", | |
e.SID = "sid", | |
e.LOGIN_HINT = "login_hint", | |
e.ID_TOKEN = "id_token", | |
e.DOMAIN_HINT = "domain_hint", | |
e.ORGANIZATIONS = "organizations", | |
e.CONSUMERS = "consumers", | |
e.ACCOUNT_ID = "accountIdentifier", | |
e.HOMEACCOUNT_ID = "homeAccountIdentifier" | |
}(I || (I = {})); | |
var b, R, k, N, P, O, M, U = { | |
PLAIN: "plain", | |
S256: "S256" | |
}; | |
!function(e) { | |
e.QUERY = "query", | |
e.FRAGMENT = "fragment", | |
e.FORM_POST = "form_post" | |
}(b || (b = {})), | |
function(e) { | |
e.IMPLICIT_GRANT = "implicit", | |
e.AUTHORIZATION_CODE_GRANT = "authorization_code", | |
e.CLIENT_CREDENTIALS_GRANT = "client_credentials", | |
e.RESOURCE_OWNER_PASSWORD_GRANT = "password", | |
e.REFRESH_TOKEN_GRANT = "refresh_token", | |
e.DEVICE_CODE_GRANT = "device_code", | |
e.JWT_BEARER = "urn:ietf:params:oauth:grant-type:jwt-bearer" | |
}(R || (R = {})), | |
function(e) { | |
e.MSSTS_ACCOUNT_TYPE = "MSSTS", | |
e.ADFS_ACCOUNT_TYPE = "ADFS", | |
e.MSAV1_ACCOUNT_TYPE = "MSA", | |
e.GENERIC_ACCOUNT_TYPE = "Generic" | |
}(k || (k = {})), | |
function(e) { | |
e.CACHE_KEY_SEPARATOR = "-", | |
e.CLIENT_INFO_SEPARATOR = "." | |
}(N || (N = {})), | |
function(e) { | |
e.ID_TOKEN = "IdToken", | |
e.ACCESS_TOKEN = "AccessToken", | |
e.ACCESS_TOKEN_WITH_AUTH_SCHEME = "AccessToken_With_AuthScheme", | |
e.REFRESH_TOKEN = "RefreshToken" | |
}(P || (P = {})), | |
function(e) { | |
e.ACCOUNT = "Account", | |
e.CREDENTIAL = "Credential", | |
e.ID_TOKEN = "IdToken", | |
e.ACCESS_TOKEN = "AccessToken", | |
e.REFRESH_TOKEN = "RefreshToken", | |
e.APP_METADATA = "AppMetadata", | |
e.TEMPORARY = "TempCache", | |
e.TELEMETRY = "Telemetry", | |
e.UNDEFINED = "Undefined", | |
e.THROTTLING = "Throttling" | |
}(O || (O = {})), | |
function(e) { | |
e[e.ADFS = 1001] = "ADFS", | |
e[e.MSA = 1002] = "MSA", | |
e[e.MSSTS = 1003] = "MSSTS", | |
e[e.GENERIC = 1004] = "GENERIC", | |
e[e.ACCESS_TOKEN = 2001] = "ACCESS_TOKEN", | |
e[e.REFRESH_TOKEN = 2002] = "REFRESH_TOKEN", | |
e[e.ID_TOKEN = 2003] = "ID_TOKEN", | |
e[e.APP_METADATA = 3001] = "APP_METADATA", | |
e[e.UNDEFINED = 9999] = "UNDEFINED" | |
}(M || (M = {})); | |
var q, H = "appmetadata", L = "1", D = "authority-metadata"; | |
!function(e) { | |
e.CONFIG = "config", | |
e.CACHE = "cache", | |
e.NETWORK = "network", | |
e.HARDCODED_VALUES = "hardcoded_values" | |
}(q || (q = {})); | |
var F, x = { | |
SCHEMA_VERSION: 5, | |
MAX_CUR_HEADER_BYTES: 80, | |
MAX_LAST_HEADER_BYTES: 330, | |
MAX_CACHED_ERRORS: 50, | |
CACHE_KEY: "server-telemetry", | |
CATEGORY_SEPARATOR: "|", | |
VALUE_SEPARATOR: ",", | |
OVERFLOW_TRUE: "1", | |
OVERFLOW_FALSE: "0", | |
UNKNOWN_ERROR: "unknown_error" | |
}; | |
!function(e) { | |
e.BEARER = "Bearer", | |
e.POP = "pop", | |
e.SSH = "ssh-cert" | |
}(F || (F = {})); | |
var K, B, G, z, j, Y; | |
!function(e) { | |
e.username = "username", | |
e.password = "password" | |
}(K || (K = {})), | |
function(e) { | |
e[e.httpSuccess = 200] = "httpSuccess", | |
e[e.httpBadRequest = 400] = "httpBadRequest" | |
}(B || (B = {})), | |
function(e) { | |
e.FAILED_AUTO_DETECTION = "1", | |
e.INTERNAL_CACHE = "2", | |
e.ENVIRONMENT_VARIABLE = "3", | |
e.IMDS = "4" | |
}(G || (G = {})), | |
function(e) { | |
e.CONFIGURED_MATCHES_DETECTED = "1", | |
e.CONFIGURED_NO_AUTO_DETECTION = "2", | |
e.CONFIGURED_NOT_DETECTED = "3", | |
e.AUTO_DETECTION_REQUESTED_SUCCESSFUL = "4", | |
e.AUTO_DETECTION_REQUESTED_FAILED = "5" | |
}(z || (z = {})), | |
function(e) { | |
e.NO_CACHE_HIT = "0", | |
e.FORCE_REFRESH = "1", | |
e.NO_CACHED_ACCESS_TOKEN = "2", | |
e.CACHED_ACCESS_TOKEN_EXPIRED = "3", | |
e.REFRESH_CACHED_ACCESS_TOKEN = "4" | |
}(j || (j = {})), | |
function(e) { | |
e.Jwt = "JWT", | |
e.Jwk = "JWK" | |
}(Y || (Y = {})); | |
var W, V = { | |
unexpectedError: { | |
code: "unexpected_error", | |
desc: "Unexpected error in authentication." | |
}, | |
postRequestFailed: { | |
code: "post_request_failed", | |
desc: "Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details." | |
} | |
}, J = function(e) { | |
function t(r, n, o) { | |
var i = this | |
, a = n ? r + ": " + n : r; | |
return i = e.call(this, a) || this, | |
Object.setPrototypeOf(i, t.prototype), | |
i.errorCode = r || T.EMPTY_STRING, | |
i.errorMessage = n || T.EMPTY_STRING, | |
i.subError = o || T.EMPTY_STRING, | |
i.name = "AuthError", | |
i | |
} | |
return h(t, e), | |
t.prototype.setCorrelationId = function(e) { | |
this.correlationId = e | |
} | |
, | |
t.createUnexpectedError = function(e) { | |
return new t(V.unexpectedError.code,V.unexpectedError.desc + ": " + e) | |
} | |
, | |
t.createPostRequestFailed = function(e) { | |
return new t(V.postRequestFailed.code,V.postRequestFailed.desc + ": " + e) | |
} | |
, | |
t | |
}(Error), Q = { | |
clientInfoDecodingError: { | |
code: "client_info_decoding_error", | |
desc: "The client info could not be parsed/decoded correctly. Please review the trace to determine the root cause." | |
}, | |
clientInfoEmptyError: { | |
code: "client_info_empty_error", | |
desc: "The client info was empty. Please review the trace to determine the root cause." | |
}, | |
tokenParsingError: { | |
code: "token_parsing_error", | |
desc: "Token cannot be parsed. Please review stack trace to determine root cause." | |
}, | |
nullOrEmptyToken: { | |
code: "null_or_empty_token", | |
desc: "The token is null or empty. Please review the trace to determine the root cause." | |
}, | |
endpointResolutionError: { | |
code: "endpoints_resolution_error", | |
desc: "Error: could not resolve endpoints. Please check network and try again." | |
}, | |
networkError: { | |
code: "network_error", | |
desc: "Network request failed. Please check network trace to determine root cause." | |
}, | |
unableToGetOpenidConfigError: { | |
code: "openid_config_error", | |
desc: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints." | |
}, | |
hashNotDeserialized: { | |
code: "hash_not_deserialized", | |
desc: "The hash parameters could not be deserialized. Please review the trace to determine the root cause." | |
}, | |
blankGuidGenerated: { | |
code: "blank_guid_generated", | |
desc: "The guid generated was blank. Please review the trace to determine the root cause." | |
}, | |
invalidStateError: { | |
code: "invalid_state", | |
desc: "State was not the expected format. Please check the logs to determine whether the request was sent using ProtocolUtils.setRequestState()." | |
}, | |
stateMismatchError: { | |
code: "state_mismatch", | |
desc: "State mismatch error. Please check your network. Continued requests may cause cache overflow." | |
}, | |
stateNotFoundError: { | |
code: "state_not_found", | |
desc: "State not found" | |
}, | |
nonceMismatchError: { | |
code: "nonce_mismatch", | |
desc: "Nonce mismatch error. This may be caused by a race condition in concurrent requests." | |
}, | |
nonceNotFoundError: { | |
code: "nonce_not_found", | |
desc: "nonce not found" | |
}, | |
noTokensFoundError: { | |
code: "no_tokens_found", | |
desc: "No tokens were found for the given scopes, and no authorization code was passed to acquireToken. You must retrieve an authorization code before making a call to acquireToken()." | |
}, | |
multipleMatchingTokens: { | |
code: "multiple_matching_tokens", | |
desc: "The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account." | |
}, | |
multipleMatchingAccounts: { | |
code: "multiple_matching_accounts", | |
desc: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account" | |
}, | |
multipleMatchingAppMetadata: { | |
code: "multiple_matching_appMetadata", | |
desc: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata" | |
}, | |
tokenRequestCannotBeMade: { | |
code: "request_cannot_be_made", | |
desc: "Token request cannot be made without authorization code or refresh token." | |
}, | |
appendEmptyScopeError: { | |
code: "cannot_append_empty_scope", | |
desc: "Cannot append null or empty scope to ScopeSet. Please check the stack trace for more info." | |
}, | |
removeEmptyScopeError: { | |
code: "cannot_remove_empty_scope", | |
desc: "Cannot remove null or empty scope from ScopeSet. Please check the stack trace for more info." | |
}, | |
appendScopeSetError: { | |
code: "cannot_append_scopeset", | |
desc: "Cannot append ScopeSet due to error." | |
}, | |
emptyInputScopeSetError: { | |
code: "empty_input_scopeset", | |
desc: "Empty input ScopeSet cannot be processed." | |
}, | |
DeviceCodePollingCancelled: { | |
code: "device_code_polling_cancelled", | |
desc: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true." | |
}, | |
DeviceCodeExpired: { | |
code: "device_code_expired", | |
desc: "Device code is expired." | |
}, | |
DeviceCodeUnknownError: { | |
code: "device_code_unknown_error", | |
desc: "Device code stopped polling for unknown reasons." | |
}, | |
NoAccountInSilentRequest: { | |
code: "no_account_in_silent_request", | |
desc: "Please pass an account object, silent flow is not supported without account information" | |
}, | |
invalidCacheRecord: { | |
code: "invalid_cache_record", | |
desc: "Cache record object was null or undefined." | |
}, | |
invalidCacheEnvironment: { | |
code: "invalid_cache_environment", | |
desc: "Invalid environment when attempting to create cache entry" | |
}, | |
noAccountFound: { | |
code: "no_account_found", | |
desc: "No account found in cache for given key." | |
}, | |
CachePluginError: { | |
code: "no cache plugin set on CacheManager", | |
desc: "ICachePlugin needs to be set before using readFromStorage or writeFromStorage" | |
}, | |
noCryptoObj: { | |
code: "no_crypto_object", | |
desc: "No crypto object detected. This is required for the following operation: " | |
}, | |
invalidCacheType: { | |
code: "invalid_cache_type", | |
desc: "Invalid cache type" | |
}, | |
unexpectedAccountType: { | |
code: "unexpected_account_type", | |
desc: "Unexpected account type." | |
}, | |
unexpectedCredentialType: { | |
code: "unexpected_credential_type", | |
desc: "Unexpected credential type." | |
}, | |
invalidAssertion: { | |
code: "invalid_assertion", | |
desc: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515" | |
}, | |
invalidClientCredential: { | |
code: "invalid_client_credential", | |
desc: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential" | |
}, | |
tokenRefreshRequired: { | |
code: "token_refresh_required", | |
desc: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired." | |
}, | |
userTimeoutReached: { | |
code: "user_timeout_reached", | |
desc: "User defined timeout for device code polling reached" | |
}, | |
tokenClaimsRequired: { | |
code: "token_claims_cnf_required_for_signedjwt", | |
desc: "Cannot generate a POP jwt if the token_claims are not populated" | |
}, | |
noAuthorizationCodeFromServer: { | |
code: "authorization_code_missing_from_server_response", | |
desc: "Server response does not contain an authorization code to proceed" | |
}, | |
noAzureRegionDetected: { | |
code: "no_azure_region_detected", | |
desc: "No azure region was detected and no fallback was made available" | |
}, | |
accessTokenEntityNullError: { | |
code: "access_token_entity_null", | |
desc: "Access token entity is null, please check logs and cache to ensure a valid access token is present." | |
}, | |
bindingKeyNotRemovedError: { | |
code: "binding_key_not_removed", | |
desc: "Could not remove the credential's binding key from storage." | |
}, | |
logoutNotSupported: { | |
code: "end_session_endpoint_not_supported", | |
desc: "Provided authority does not support logout." | |
}, | |
keyIdMissing: { | |
code: "key_id_missing", | |
desc: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key." | |
} | |
}, X = function(e) { | |
function t(r, n) { | |
var o = e.call(this, r, n) || this; | |
return o.name = "ClientAuthError", | |
Object.setPrototypeOf(o, t.prototype), | |
o | |
} | |
return h(t, e), | |
t.createClientInfoDecodingError = function(e) { | |
return new t(Q.clientInfoDecodingError.code,Q.clientInfoDecodingError.desc + " Failed with error: " + e) | |
} | |
, | |
t.createClientInfoEmptyError = function() { | |
return new t(Q.clientInfoEmptyError.code,"" + Q.clientInfoEmptyError.desc) | |
} | |
, | |
t.createTokenParsingError = function(e) { | |
return new t(Q.tokenParsingError.code,Q.tokenParsingError.desc + " Failed with error: " + e) | |
} | |
, | |
t.createTokenNullOrEmptyError = function(e) { | |
return new t(Q.nullOrEmptyToken.code,Q.nullOrEmptyToken.desc + " Raw Token Value: " + e) | |
} | |
, | |
t.createEndpointDiscoveryIncompleteError = function(e) { | |
return new t(Q.endpointResolutionError.code,Q.endpointResolutionError.desc + " Detail: " + e) | |
} | |
, | |
t.createNetworkError = function(e, r) { | |
return new t(Q.networkError.code,Q.networkError.desc + " | Fetch client threw: " + r + " | Attempted to reach: " + e.split("?")[0]) | |
} | |
, | |
t.createUnableToGetOpenidConfigError = function(e) { | |
return new t(Q.unableToGetOpenidConfigError.code,Q.unableToGetOpenidConfigError.desc + " Attempted to retrieve endpoints from: " + e) | |
} | |
, | |
t.createHashNotDeserializedError = function(e) { | |
return new t(Q.hashNotDeserialized.code,Q.hashNotDeserialized.desc + " Given Object: " + e) | |
} | |
, | |
t.createInvalidStateError = function(e, r) { | |
return new t(Q.invalidStateError.code,Q.invalidStateError.desc + " Invalid State: " + e + ", Root Err: " + r) | |
} | |
, | |
t.createStateMismatchError = function() { | |
return new t(Q.stateMismatchError.code,Q.stateMismatchError.desc) | |
} | |
, | |
t.createStateNotFoundError = function(e) { | |
return new t(Q.stateNotFoundError.code,Q.stateNotFoundError.desc + ": " + e) | |
} | |
, | |
t.createNonceMismatchError = function() { | |
return new t(Q.nonceMismatchError.code,Q.nonceMismatchError.desc) | |
} | |
, | |
t.createNonceNotFoundError = function(e) { | |
return new t(Q.nonceNotFoundError.code,Q.nonceNotFoundError.desc + ": " + e) | |
} | |
, | |
t.createMultipleMatchingTokensInCacheError = function() { | |
return new t(Q.multipleMatchingTokens.code,Q.multipleMatchingTokens.desc + ".") | |
} | |
, | |
t.createMultipleMatchingAccountsInCacheError = function() { | |
return new t(Q.multipleMatchingAccounts.code,Q.multipleMatchingAccounts.desc) | |
} | |
, | |
t.createMultipleMatchingAppMetadataInCacheError = function() { | |
return new t(Q.multipleMatchingAppMetadata.code,Q.multipleMatchingAppMetadata.desc) | |
} | |
, | |
t.createTokenRequestCannotBeMadeError = function() { | |
return new t(Q.tokenRequestCannotBeMade.code,Q.tokenRequestCannotBeMade.desc) | |
} | |
, | |
t.createAppendEmptyScopeToSetError = function(e) { | |
return new t(Q.appendEmptyScopeError.code,Q.appendEmptyScopeError.desc + " Given Scope: " + e) | |
} | |
, | |
t.createRemoveEmptyScopeFromSetError = function(e) { | |
return new t(Q.removeEmptyScopeError.code,Q.removeEmptyScopeError.desc + " Given Scope: " + e) | |
} | |
, | |
t.createAppendScopeSetError = function(e) { | |
return new t(Q.appendScopeSetError.code,Q.appendScopeSetError.desc + " Detail Error: " + e) | |
} | |
, | |
t.createEmptyInputScopeSetError = function() { | |
return new t(Q.emptyInputScopeSetError.code,"" + Q.emptyInputScopeSetError.desc) | |
} | |
, | |
t.createDeviceCodeCancelledError = function() { | |
return new t(Q.DeviceCodePollingCancelled.code,"" + Q.DeviceCodePollingCancelled.desc) | |
} | |
, | |
t.createDeviceCodeExpiredError = function() { | |
return new t(Q.DeviceCodeExpired.code,"" + Q.DeviceCodeExpired.desc) | |
} | |
, | |
t.createDeviceCodeUnknownError = function() { | |
return new t(Q.DeviceCodeUnknownError.code,"" + Q.DeviceCodeUnknownError.desc) | |
} | |
, | |
t.createNoAccountInSilentRequestError = function() { | |
return new t(Q.NoAccountInSilentRequest.code,"" + Q.NoAccountInSilentRequest.desc) | |
} | |
, | |
t.createNullOrUndefinedCacheRecord = function() { | |
return new t(Q.invalidCacheRecord.code,Q.invalidCacheRecord.desc) | |
} | |
, | |
t.createInvalidCacheEnvironmentError = function() { | |
return new t(Q.invalidCacheEnvironment.code,Q.invalidCacheEnvironment.desc) | |
} | |
, | |
t.createNoAccountFoundError = function() { | |
return new t(Q.noAccountFound.code,Q.noAccountFound.desc) | |
} | |
, | |
t.createCachePluginError = function() { | |
return new t(Q.CachePluginError.code,"" + Q.CachePluginError.desc) | |
} | |
, | |
t.createNoCryptoObjectError = function(e) { | |
return new t(Q.noCryptoObj.code,"" + Q.noCryptoObj.desc + e) | |
} | |
, | |
t.createInvalidCacheTypeError = function() { | |
return new t(Q.invalidCacheType.code,"" + Q.invalidCacheType.desc) | |
} | |
, | |
t.createUnexpectedAccountTypeError = function() { | |
return new t(Q.unexpectedAccountType.code,"" + Q.unexpectedAccountType.desc) | |
} | |
, | |
t.createUnexpectedCredentialTypeError = function() { | |
return new t(Q.unexpectedCredentialType.code,"" + Q.unexpectedCredentialType.desc) | |
} | |
, | |
t.createInvalidAssertionError = function() { | |
return new t(Q.invalidAssertion.code,"" + Q.invalidAssertion.desc) | |
} | |
, | |
t.createInvalidCredentialError = function() { | |
return new t(Q.invalidClientCredential.code,"" + Q.invalidClientCredential.desc) | |
} | |
, | |
t.createRefreshRequiredError = function() { | |
return new t(Q.tokenRefreshRequired.code,Q.tokenRefreshRequired.desc) | |
} | |
, | |
t.createUserTimeoutReachedError = function() { | |
return new t(Q.userTimeoutReached.code,Q.userTimeoutReached.desc) | |
} | |
, | |
t.createTokenClaimsRequiredError = function() { | |
return new t(Q.tokenClaimsRequired.code,Q.tokenClaimsRequired.desc) | |
} | |
, | |
t.createNoAuthCodeInServerResponseError = function() { | |
return new t(Q.noAuthorizationCodeFromServer.code,Q.noAuthorizationCodeFromServer.desc) | |
} | |
, | |
t.createBindingKeyNotRemovedError = function() { | |
return new t(Q.bindingKeyNotRemovedError.code,Q.bindingKeyNotRemovedError.desc) | |
} | |
, | |
t.createLogoutNotSupportedError = function() { | |
return new t(Q.logoutNotSupported.code,Q.logoutNotSupported.desc) | |
} | |
, | |
t.createKeyIdMissingError = function() { | |
return new t(Q.keyIdMissing.code,Q.keyIdMissing.desc) | |
} | |
, | |
t | |
}(J), $ = function() { | |
function e() {} | |
return e.decodeAuthToken = function(t) { | |
if (e.isEmpty(t)) | |
throw X.createTokenNullOrEmptyError(t); | |
var r = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(t); | |
if (!r || r.length < 4) | |
throw X.createTokenParsingError("Given token is malformed: " + JSON.stringify(t)); | |
return { | |
header: r[1], | |
JWSPayload: r[2], | |
JWSSig: r[3] | |
} | |
} | |
, | |
e.isEmpty = function(e) { | |
return void 0 === e || !e || 0 === e.length | |
} | |
, | |
e.isEmptyObj = function(t) { | |
if (t && !e.isEmpty(t)) | |
try { | |
var r = JSON.parse(t); | |
return 0 === Object.keys(r).length | |
} catch (e) {} | |
return !0 | |
} | |
, | |
e.startsWith = function(e, t) { | |
return 0 === e.indexOf(t) | |
} | |
, | |
e.endsWith = function(e, t) { | |
return e.length >= t.length && e.lastIndexOf(t) === e.length - t.length | |
} | |
, | |
e.queryStringToObject = function(e) { | |
var t = {} | |
, r = e.split("&") | |
, n = function(e) { | |
return decodeURIComponent(e.replace(/\+/g, " ")) | |
}; | |
return r.forEach((function(e) { | |
if (e.trim()) { | |
var r = e.split(/=(.+)/g, 2) | |
, o = r[0] | |
, i = r[1]; | |
o && i && (t[n(o)] = n(i)) | |
} | |
} | |
)), | |
t | |
} | |
, | |
e.trimArrayEntries = function(e) { | |
return e.map((function(e) { | |
return e.trim() | |
} | |
)) | |
} | |
, | |
e.removeEmptyStringsFromArray = function(t) { | |
return t.filter((function(t) { | |
return !e.isEmpty(t) | |
} | |
)) | |
} | |
, | |
e.jsonParseHelper = function(e) { | |
try { | |
return JSON.parse(e) | |
} catch (e) { | |
return null | |
} | |
} | |
, | |
e.matchPattern = function(e, t) { | |
return new RegExp(e.replace(/\\/g, "\\\\").replace(/\*/g, "[^ ]*").replace(/\?/g, "\\?")).test(t) | |
} | |
, | |
e | |
}(); | |
function Z(e, t) { | |
if ($.isEmpty(e)) | |
throw X.createClientInfoEmptyError(); | |
try { | |
var r = t.base64Decode(e); | |
return JSON.parse(r) | |
} catch (e) { | |
throw X.createClientInfoDecodingError(e.message) | |
} | |
} | |
function ee(e) { | |
if ($.isEmpty(e)) | |
throw X.createClientInfoDecodingError("Home account ID was empty."); | |
var t = e.split(N.CLIENT_INFO_SEPARATOR, 2); | |
return { | |
uid: t[0], | |
utid: t.length < 2 ? T.EMPTY_STRING : t[1] | |
} | |
} | |
!function(e) { | |
e[e.Default = 0] = "Default", | |
e[e.Adfs = 1] = "Adfs" | |
}(W || (W = {})); | |
var te, re = function() { | |
function e() {} | |
return e.prototype.generateAccountId = function() { | |
return [this.homeAccountId, this.environment].join(N.CACHE_KEY_SEPARATOR).toLowerCase() | |
} | |
, | |
e.prototype.generateAccountKey = function() { | |
return e.generateAccountCacheKey({ | |
homeAccountId: this.homeAccountId, | |
environment: this.environment, | |
tenantId: this.realm, | |
username: this.username, | |
localAccountId: this.localAccountId | |
}) | |
} | |
, | |
e.prototype.generateType = function() { | |
switch (this.authorityType) { | |
case k.ADFS_ACCOUNT_TYPE: | |
return M.ADFS; | |
case k.MSAV1_ACCOUNT_TYPE: | |
return M.MSA; | |
case k.MSSTS_ACCOUNT_TYPE: | |
return M.MSSTS; | |
case k.GENERIC_ACCOUNT_TYPE: | |
return M.GENERIC; | |
default: | |
throw X.createUnexpectedAccountTypeError() | |
} | |
} | |
, | |
e.prototype.getAccountInfo = function() { | |
return { | |
homeAccountId: this.homeAccountId, | |
environment: this.environment, | |
tenantId: this.realm, | |
username: this.username, | |
localAccountId: this.localAccountId, | |
name: this.name, | |
idTokenClaims: this.idTokenClaims, | |
nativeAccountId: this.nativeAccountId | |
} | |
} | |
, | |
e.generateAccountCacheKey = function(e) { | |
return [e.homeAccountId, e.environment || T.EMPTY_STRING, e.tenantId || T.EMPTY_STRING].join(N.CACHE_KEY_SEPARATOR).toLowerCase() | |
} | |
, | |
e.createAccount = function(t, r, n, o, i, a, s, c) { | |
var u, l, d, h, p, g, f = new e; | |
f.authorityType = k.MSSTS_ACCOUNT_TYPE, | |
f.clientInfo = t, | |
f.homeAccountId = r, | |
f.nativeAccountId = c; | |
var m = s || o && o.getPreferredCache(); | |
if (!m) | |
throw X.createInvalidCacheEnvironmentError(); | |
return f.environment = m, | |
f.realm = (null === (u = null == n ? void 0 : n.claims) || void 0 === u ? void 0 : u.tid) || T.EMPTY_STRING, | |
n && (f.idTokenClaims = n.claims, | |
f.localAccountId = (null === (l = null == n ? void 0 : n.claims) || void 0 === l ? void 0 : l.oid) || (null === (d = null == n ? void 0 : n.claims) || void 0 === d ? void 0 : d.sub) || T.EMPTY_STRING, | |
f.username = (null === (h = null == n ? void 0 : n.claims) || void 0 === h ? void 0 : h.preferred_username) || ((null === (p = null == n ? void 0 : n.claims) || void 0 === p ? void 0 : p.emails) ? n.claims.emails[0] : T.EMPTY_STRING), | |
f.name = null === (g = null == n ? void 0 : n.claims) || void 0 === g ? void 0 : g.name), | |
f.cloudGraphHostName = i, | |
f.msGraphHost = a, | |
f | |
} | |
, | |
e.createGenericAccount = function(t, r, n, o, i, a) { | |
var s, c, u, l, d = new e; | |
d.authorityType = n && n.authorityType === W.Adfs ? k.ADFS_ACCOUNT_TYPE : k.GENERIC_ACCOUNT_TYPE, | |
d.homeAccountId = t, | |
d.realm = T.EMPTY_STRING; | |
var h = a || n && n.getPreferredCache(); | |
if (!h) | |
throw X.createInvalidCacheEnvironmentError(); | |
return r && (d.localAccountId = (null === (s = null == r ? void 0 : r.claims) || void 0 === s ? void 0 : s.oid) || (null === (c = null == r ? void 0 : r.claims) || void 0 === c ? void 0 : c.sub) || T.EMPTY_STRING, | |
d.username = (null === (u = null == r ? void 0 : r.claims) || void 0 === u ? void 0 : u.upn) || T.EMPTY_STRING, | |
d.name = (null === (l = null == r ? void 0 : r.claims) || void 0 === l ? void 0 : l.name) || T.EMPTY_STRING, | |
d.idTokenClaims = null == r ? void 0 : r.claims), | |
d.environment = h, | |
d.cloudGraphHostName = o, | |
d.msGraphHost = i, | |
d | |
} | |
, | |
e.generateHomeAccountId = function(e, t, r, n, o) { | |
var i, a = (null === (i = null == o ? void 0 : o.claims) || void 0 === i ? void 0 : i.sub) ? o.claims.sub : T.EMPTY_STRING; | |
if (t === W.Adfs) | |
return a; | |
if (e) | |
try { | |
var s = Z(e, n); | |
if (!$.isEmpty(s.uid) && !$.isEmpty(s.utid)) | |
return "" + s.uid + N.CLIENT_INFO_SEPARATOR + s.utid | |
} catch (e) {} | |
return r.verbose("No client info in response"), | |
a | |
} | |
, | |
e.isAccountEntity = function(e) { | |
return !!e && e.hasOwnProperty("homeAccountId") && e.hasOwnProperty("environment") && e.hasOwnProperty("realm") && e.hasOwnProperty("localAccountId") && e.hasOwnProperty("username") && e.hasOwnProperty("authorityType") | |
} | |
, | |
e.accountInfoIsEqual = function(e, t, r) { | |
if (!e || !t) | |
return !1; | |
var n = !0; | |
if (r) { | |
var o = e.idTokenClaims || {} | |
, i = t.idTokenClaims || {}; | |
n = o.iat === i.iat && o.nonce === i.nonce | |
} | |
return e.homeAccountId === t.homeAccountId && e.localAccountId === t.localAccountId && e.username === t.username && e.tenantId === t.tenantId && e.environment === t.environment && e.nativeAccountId === t.nativeAccountId && n | |
} | |
, | |
e | |
}(), ne = function() { | |
function e() {} | |
return e.prototype.generateAccountId = function() { | |
return e.generateAccountIdForCacheKey(this.homeAccountId, this.environment) | |
} | |
, | |
e.prototype.generateCredentialId = function() { | |
return e.generateCredentialIdForCacheKey(this.credentialType, this.clientId, this.realm, this.familyId) | |
} | |
, | |
e.prototype.generateTarget = function() { | |
return e.generateTargetForCacheKey(this.target) | |
} | |
, | |
e.prototype.generateCredentialKey = function() { | |
return e.generateCredentialCacheKey(this.homeAccountId, this.environment, this.credentialType, this.clientId, this.realm, this.target, this.familyId, this.tokenType, this.requestedClaimsHash) | |
} | |
, | |
e.prototype.generateType = function() { | |
switch (this.credentialType) { | |
case P.ID_TOKEN: | |
return M.ID_TOKEN; | |
case P.ACCESS_TOKEN: | |
case P.ACCESS_TOKEN_WITH_AUTH_SCHEME: | |
return M.ACCESS_TOKEN; | |
case P.REFRESH_TOKEN: | |
return M.REFRESH_TOKEN; | |
default: | |
throw X.createUnexpectedCredentialTypeError() | |
} | |
} | |
, | |
e.getCredentialType = function(e) { | |
return -1 !== e.indexOf(P.ACCESS_TOKEN.toLowerCase()) ? -1 !== e.indexOf(P.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) ? P.ACCESS_TOKEN_WITH_AUTH_SCHEME : P.ACCESS_TOKEN : -1 !== e.indexOf(P.ID_TOKEN.toLowerCase()) ? P.ID_TOKEN : -1 !== e.indexOf(P.REFRESH_TOKEN.toLowerCase()) ? P.REFRESH_TOKEN : T.NOT_DEFINED | |
} | |
, | |
e.generateCredentialCacheKey = function(e, t, r, n, o, i, a, s, c) { | |
return [this.generateAccountIdForCacheKey(e, t), this.generateCredentialIdForCacheKey(r, n, o, a), this.generateTargetForCacheKey(i), this.generateClaimsHashForCacheKey(c), this.generateSchemeForCacheKey(s)].join(N.CACHE_KEY_SEPARATOR).toLowerCase() | |
} | |
, | |
e.generateAccountIdForCacheKey = function(e, t) { | |
return [e, t].join(N.CACHE_KEY_SEPARATOR).toLowerCase() | |
} | |
, | |
e.generateCredentialIdForCacheKey = function(e, t, r, n) { | |
return [e, e === P.REFRESH_TOKEN && n || t, r || T.EMPTY_STRING].join(N.CACHE_KEY_SEPARATOR).toLowerCase() | |
} | |
, | |
e.generateTargetForCacheKey = function(e) { | |
return (e || T.EMPTY_STRING).toLowerCase() | |
} | |
, | |
e.generateClaimsHashForCacheKey = function(e) { | |
return (e || T.EMPTY_STRING).toLowerCase() | |
} | |
, | |
e.generateSchemeForCacheKey = function(e) { | |
return e && e.toLowerCase() !== F.BEARER.toLowerCase() ? e.toLowerCase() : T.EMPTY_STRING | |
} | |
, | |
e | |
}(), oe = { | |
redirectUriNotSet: { | |
code: "redirect_uri_empty", | |
desc: "A redirect URI is required for all calls, and none has been set." | |
}, | |
postLogoutUriNotSet: { | |
code: "post_logout_uri_empty", | |
desc: "A post logout redirect has not been set." | |
}, | |
claimsRequestParsingError: { | |
code: "claims_request_parsing_error", | |
desc: "Could not parse the given claims request object." | |
}, | |
authorityUriInsecure: { | |
code: "authority_uri_insecure", | |
desc: "Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options" | |
}, | |
urlParseError: { | |
code: "url_parse_error", | |
desc: "URL could not be parsed into appropriate segments." | |
}, | |
urlEmptyError: { | |
code: "empty_url_error", | |
desc: "URL was empty or null." | |
}, | |
emptyScopesError: { | |
code: "empty_input_scopes_error", | |
desc: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token." | |
}, | |
nonArrayScopesError: { | |
code: "nonarray_input_scopes_error", | |
desc: "Scopes cannot be passed as non-array." | |
}, | |
clientIdSingleScopeError: { | |
code: "clientid_input_scopes_error", | |
desc: "Client ID can only be provided as a single scope." | |
}, | |
invalidPrompt: { | |
code: "invalid_prompt_value", | |
desc: "Supported prompt values are 'login', 'select_account', 'consent', 'create' and 'none'. Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest" | |
}, | |
invalidClaimsRequest: { | |
code: "invalid_claims", | |
desc: "Given claims parameter must be a stringified JSON object." | |
}, | |
tokenRequestEmptyError: { | |
code: "token_request_empty", | |
desc: "Token request was empty and not found in cache." | |
}, | |
logoutRequestEmptyError: { | |
code: "logout_request_empty", | |
desc: "The logout request was null or undefined." | |
}, | |
invalidCodeChallengeMethod: { | |
code: "invalid_code_challenge_method", | |
desc: 'code_challenge_method passed is invalid. Valid values are "plain" and "S256".' | |
}, | |
invalidCodeChallengeParams: { | |
code: "pkce_params_missing", | |
desc: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request" | |
}, | |
invalidCloudDiscoveryMetadata: { | |
code: "invalid_cloud_discovery_metadata", | |
desc: "Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields" | |
}, | |
invalidAuthorityMetadata: { | |
code: "invalid_authority_metadata", | |
desc: "Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields." | |
}, | |
untrustedAuthority: { | |
code: "untrusted_authority", | |
desc: "The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter." | |
}, | |
invalidAzureCloudInstance: { | |
code: "invalid_azure_cloud_instance", | |
desc: "Invalid AzureCloudInstance provided. Please refer MSAL JS docs: aks.ms/msaljs/azure_cloud_instance for valid values" | |
}, | |
missingSshJwk: { | |
code: "missing_ssh_jwk", | |
desc: "Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme." | |
}, | |
missingSshKid: { | |
code: "missing_ssh_kid", | |
desc: "Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme." | |
}, | |
missingNonceAuthenticationHeader: { | |
code: "missing_nonce_authentication_header", | |
desc: "Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce." | |
}, | |
invalidAuthenticationHeader: { | |
code: "invalid_authentication_header", | |
desc: "Invalid authentication header provided" | |
} | |
}, ie = function(e) { | |
function t(r, n) { | |
var o = e.call(this, r, n) || this; | |
return o.name = "ClientConfigurationError", | |
Object.setPrototypeOf(o, t.prototype), | |
o | |
} | |
return h(t, e), | |
t.createRedirectUriEmptyError = function() { | |
return new t(oe.redirectUriNotSet.code,oe.redirectUriNotSet.desc) | |
} | |
, | |
t.createPostLogoutRedirectUriEmptyError = function() { | |
return new t(oe.postLogoutUriNotSet.code,oe.postLogoutUriNotSet.desc) | |
} | |
, | |
t.createClaimsRequestParsingError = function(e) { | |
return new t(oe.claimsRequestParsingError.code,oe.claimsRequestParsingError.desc + " Given value: " + e) | |
} | |
, | |
t.createInsecureAuthorityUriError = function(e) { | |
return new t(oe.authorityUriInsecure.code,oe.authorityUriInsecure.desc + " Given URI: " + e) | |
} | |
, | |
t.createUrlParseError = function(e) { | |
return new t(oe.urlParseError.code,oe.urlParseError.desc + " Given Error: " + e) | |
} | |
, | |
t.createUrlEmptyError = function() { | |
return new t(oe.urlEmptyError.code,oe.urlEmptyError.desc) | |
} | |
, | |
t.createEmptyScopesArrayError = function() { | |
return new t(oe.emptyScopesError.code,"" + oe.emptyScopesError.desc) | |
} | |
, | |
t.createClientIdSingleScopeError = function(e) { | |
return new t(oe.clientIdSingleScopeError.code,oe.clientIdSingleScopeError.desc + " Given Scopes: " + e) | |
} | |
, | |
t.createInvalidPromptError = function(e) { | |
return new t(oe.invalidPrompt.code,oe.invalidPrompt.desc + " Given value: " + e) | |
} | |
, | |
t.createInvalidClaimsRequestError = function() { | |
return new t(oe.invalidClaimsRequest.code,oe.invalidClaimsRequest.desc) | |
} | |
, | |
t.createEmptyLogoutRequestError = function() { | |
return new t(oe.logoutRequestEmptyError.code,oe.logoutRequestEmptyError.desc) | |
} | |
, | |
t.createEmptyTokenRequestError = function() { | |
return new t(oe.tokenRequestEmptyError.code,oe.tokenRequestEmptyError.desc) | |
} | |
, | |
t.createInvalidCodeChallengeMethodError = function() { | |
return new t(oe.invalidCodeChallengeMethod.code,oe.invalidCodeChallengeMethod.desc) | |
} | |
, | |
t.createInvalidCodeChallengeParamsError = function() { | |
return new t(oe.invalidCodeChallengeParams.code,oe.invalidCodeChallengeParams.desc) | |
} | |
, | |
t.createInvalidCloudDiscoveryMetadataError = function() { | |
return new t(oe.invalidCloudDiscoveryMetadata.code,oe.invalidCloudDiscoveryMetadata.desc) | |
} | |
, | |
t.createInvalidAuthorityMetadataError = function() { | |
return new t(oe.invalidAuthorityMetadata.code,oe.invalidAuthorityMetadata.desc) | |
} | |
, | |
t.createUntrustedAuthorityError = function() { | |
return new t(oe.untrustedAuthority.code,oe.untrustedAuthority.desc) | |
} | |
, | |
t.createInvalidAzureCloudInstanceError = function() { | |
return new t(oe.invalidAzureCloudInstance.code,oe.invalidAzureCloudInstance.desc) | |
} | |
, | |
t.createMissingSshJwkError = function() { | |
return new t(oe.missingSshJwk.code,oe.missingSshJwk.desc) | |
} | |
, | |
t.createMissingSshKidError = function() { | |
return new t(oe.missingSshKid.code,oe.missingSshKid.desc) | |
} | |
, | |
t.createMissingNonceAuthenticationHeadersError = function() { | |
return new t(oe.missingNonceAuthenticationHeader.code,oe.missingNonceAuthenticationHeader.desc) | |
} | |
, | |
t.createInvalidAuthenticationHeaderError = function(e, r) { | |
return new t(oe.invalidAuthenticationHeader.code,oe.invalidAuthenticationHeader.desc + ". Invalid header: " + e + ". Details: " + r) | |
} | |
, | |
t | |
}(X), ae = function() { | |
function e(e) { | |
var t = this | |
, r = e ? $.trimArrayEntries(m(e)) : [] | |
, n = r ? $.removeEmptyStringsFromArray(r) : []; | |
this.validateInputScopes(n), | |
this.scopes = new Set, | |
n.forEach((function(e) { | |
return t.scopes.add(e) | |
} | |
)) | |
} | |
return e.fromString = function(t) { | |
return new e((t || T.EMPTY_STRING).split(" ")) | |
} | |
, | |
e.prototype.validateInputScopes = function(e) { | |
if (!e || e.length < 1) | |
throw ie.createEmptyScopesArrayError() | |
} | |
, | |
e.prototype.containsScope = function(t) { | |
var r = new e(this.printScopesLowerCase().split(" ")); | |
return !$.isEmpty(t) && r.scopes.has(t.toLowerCase()) | |
} | |
, | |
e.prototype.containsScopeSet = function(e) { | |
var t = this; | |
return !(!e || e.scopes.size <= 0) && this.scopes.size >= e.scopes.size && e.asArray().every((function(e) { | |
return t.containsScope(e) | |
} | |
)) | |
} | |
, | |
e.prototype.containsOnlyOIDCScopes = function() { | |
var e = this | |
, t = 0; | |
return S.forEach((function(r) { | |
e.containsScope(r) && (t += 1) | |
} | |
)), | |
this.scopes.size === t | |
} | |
, | |
e.prototype.appendScope = function(e) { | |
$.isEmpty(e) || this.scopes.add(e.trim()) | |
} | |
, | |
e.prototype.appendScopes = function(e) { | |
var t = this; | |
try { | |
e.forEach((function(e) { | |
return t.appendScope(e) | |
} | |
)) | |
} catch (e) { | |
throw X.createAppendScopeSetError(e) | |
} | |
} | |
, | |
e.prototype.removeScope = function(e) { | |
if ($.isEmpty(e)) | |
throw X.createRemoveEmptyScopeFromSetError(e); | |
this.scopes.delete(e.trim()) | |
} | |
, | |
e.prototype.removeOIDCScopes = function() { | |
var e = this; | |
S.forEach((function(t) { | |
e.scopes.delete(t) | |
} | |
)) | |
} | |
, | |
e.prototype.unionScopeSets = function(e) { | |
if (!e) | |
throw X.createEmptyInputScopeSetError(); | |
var t = new Set; | |
return e.scopes.forEach((function(e) { | |
return t.add(e.toLowerCase()) | |
} | |
)), | |
this.scopes.forEach((function(e) { | |
return t.add(e.toLowerCase()) | |
} | |
)), | |
t | |
} | |
, | |
e.prototype.intersectingScopeSets = function(e) { | |
if (!e) | |
throw X.createEmptyInputScopeSetError(); | |
e.containsOnlyOIDCScopes() || e.removeOIDCScopes(); | |
var t = this.unionScopeSets(e) | |
, r = e.getScopeCount() | |
, n = this.getScopeCount(); | |
return t.size < n + r | |
} | |
, | |
e.prototype.getScopeCount = function() { | |
return this.scopes.size | |
} | |
, | |
e.prototype.asArray = function() { | |
var e = []; | |
return this.scopes.forEach((function(t) { | |
return e.push(t) | |
} | |
)), | |
e | |
} | |
, | |
e.prototype.printScopes = function() { | |
return this.scopes ? this.asArray().join(" ") : T.EMPTY_STRING | |
} | |
, | |
e.prototype.printScopesLowerCase = function() { | |
return this.printScopes().toLowerCase() | |
} | |
, | |
e | |
}(), se = function() { | |
function e(t, r) { | |
if ($.isEmpty(t)) | |
throw X.createTokenNullOrEmptyError(t); | |
this.rawToken = t, | |
this.claims = e.extractTokenClaims(t, r) | |
} | |
return e.extractTokenClaims = function(e, t) { | |
var r = $.decodeAuthToken(e); | |
try { | |
var n = r.JWSPayload | |
, o = t.base64Decode(n); | |
return JSON.parse(o) | |
} catch (e) { | |
throw X.createTokenParsingError(e) | |
} | |
} | |
, | |
e | |
}(), ce = function() { | |
function e(e, t) { | |
this.clientId = e, | |
this.cryptoImpl = t | |
} | |
return e.prototype.getAllAccounts = function() { | |
var t = this | |
, r = this.getAccountsFilteredBy() | |
, n = Object.keys(r).map((function(e) { | |
return r[e] | |
} | |
)); | |
return n.length < 1 ? [] : n.map((function(r) { | |
var n = e.toObject(new re, r).getAccountInfo() | |
, o = t.readIdTokenFromCache(t.clientId, n); | |
return o && !n.idTokenClaims && (n.idToken = o.secret, | |
n.idTokenClaims = new se(o.secret,t.cryptoImpl).claims), | |
n | |
} | |
)) | |
} | |
, | |
e.prototype.saveCacheRecord = function(e) { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
if (!e) | |
throw X.createNullOrUndefinedCacheRecord(); | |
return e.account && this.setAccount(e.account), | |
e.idToken && this.setIdTokenCredential(e.idToken), | |
e.accessToken ? [4, this.saveAccessToken(e.accessToken)] : [3, 2]; | |
case 1: | |
t.sent(), | |
t.label = 2; | |
case 2: | |
return e.refreshToken && this.setRefreshTokenCredential(e.refreshToken), | |
e.appMetadata && this.setAppMetadata(e.appMetadata), | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.saveAccessToken = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r, n, o, i = this; | |
return f(this, (function(a) { | |
switch (a.label) { | |
case 0: | |
return t = this.getCredentialsFilteredBy({ | |
clientId: e.clientId, | |
credentialType: e.credentialType, | |
environment: e.environment, | |
homeAccountId: e.homeAccountId, | |
realm: e.realm, | |
tokenType: e.tokenType, | |
requestedClaimsHash: e.requestedClaimsHash | |
}), | |
r = ae.fromString(e.target), | |
(n = Object.keys(t.accessTokens).map((function(e) { | |
return t.accessTokens[e] | |
} | |
))) ? (o = [], | |
n.forEach((function(e) { | |
ae.fromString(e.target).intersectingScopeSets(r) && o.push(i.removeCredential(e)) | |
} | |
)), | |
[4, Promise.all(o)]) : [3, 2]; | |
case 1: | |
a.sent(), | |
a.label = 2; | |
case 2: | |
return this.setAccessTokenCredential(e), | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getAccountsFilteredBy = function(e) { | |
return this.getAccountsFilteredByInternal(e ? e.homeAccountId : T.EMPTY_STRING, e ? e.environment : T.EMPTY_STRING, e ? e.realm : T.EMPTY_STRING, e ? e.nativeAccountId : T.EMPTY_STRING) | |
} | |
, | |
e.prototype.getAccountsFilteredByInternal = function(e, t, r, n) { | |
var o = this | |
, i = this.getKeys() | |
, a = {}; | |
return i.forEach((function(i) { | |
var s = o.getAccount(i); | |
s && (e && !o.matchHomeAccountId(s, e) || t && !o.matchEnvironment(s, t) || r && !o.matchRealm(s, r) || n && !o.matchNativeAccountId(s, n) || (a[i] = s)) | |
} | |
)), | |
a | |
} | |
, | |
e.prototype.getCredentialsFilteredBy = function(e) { | |
return this.getCredentialsFilteredByInternal(e.homeAccountId, e.environment, e.credentialType, e.clientId, e.familyId, e.realm, e.target, e.userAssertionHash, e.tokenType, e.keyId, e.requestedClaimsHash) | |
} | |
, | |
e.prototype.getCredentialsFilteredByInternal = function(e, t, r, n, o, i, a, s, c, u, l) { | |
var d = this | |
, h = this.getKeys() | |
, p = { | |
idTokens: {}, | |
accessTokens: {}, | |
refreshTokens: {} | |
}; | |
return h.forEach((function(h) { | |
var g = ne.getCredentialType(h); | |
if (g !== T.NOT_DEFINED) { | |
var f = d.getSpecificCredential(h, g); | |
if (f && (!s || d.matchUserAssertionHash(f, s)) && (!e || d.matchHomeAccountId(f, e)) && (!t || d.matchEnvironment(f, t)) && (!i || d.matchRealm(f, i)) && (!r || d.matchCredentialType(f, r)) && (!n || d.matchClientId(f, n)) && (!o || d.matchFamilyId(f, o)) && (!a || d.matchTarget(f, a)) && (!l && !f.requestedClaimsHash || f.requestedClaimsHash === l)) { | |
if (r === P.ACCESS_TOKEN_WITH_AUTH_SCHEME) { | |
if (c && !d.matchTokenType(f, c)) | |
return; | |
if (c === F.SSH && u && !d.matchKeyId(f, u)) | |
return | |
} | |
var m = d.updateCredentialCacheKey(h, f); | |
switch (g) { | |
case P.ID_TOKEN: | |
p.idTokens[m] = f; | |
break; | |
case P.ACCESS_TOKEN: | |
case P.ACCESS_TOKEN_WITH_AUTH_SCHEME: | |
p.accessTokens[m] = f; | |
break; | |
case P.REFRESH_TOKEN: | |
p.refreshTokens[m] = f | |
} | |
} | |
} | |
} | |
)), | |
p | |
} | |
, | |
e.prototype.getAppMetadataFilteredBy = function(e) { | |
return this.getAppMetadataFilteredByInternal(e.environment, e.clientId) | |
} | |
, | |
e.prototype.getAppMetadataFilteredByInternal = function(e, t) { | |
var r = this | |
, n = this.getKeys() | |
, o = {}; | |
return n.forEach((function(n) { | |
if (r.isAppMetadata(n)) { | |
var i = r.getAppMetadata(n); | |
i && (e && !r.matchEnvironment(i, e) || t && !r.matchClientId(i, t) || (o[n] = i)) | |
} | |
} | |
)), | |
o | |
} | |
, | |
e.prototype.getAuthorityMetadataByAlias = function(e) { | |
var t = this | |
, r = this.getAuthorityMetadataKeys() | |
, n = null; | |
return r.forEach((function(r) { | |
if (t.isAuthorityMetadata(r) && -1 !== r.indexOf(t.clientId)) { | |
var o = t.getAuthorityMetadata(r); | |
o && -1 !== o.aliases.indexOf(e) && (n = o) | |
} | |
} | |
)), | |
n | |
} | |
, | |
e.prototype.removeAllAccounts = function() { | |
return g(this, void 0, void 0, (function() { | |
var e, t, r = this; | |
return f(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return e = this.getKeys(), | |
t = [], | |
e.forEach((function(e) { | |
r.getAccount(e) && t.push(r.removeAccount(e)) | |
} | |
)), | |
[4, Promise.all(t)]; | |
case 1: | |
return n.sent(), | |
[2, !0] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.removeAccount = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t; | |
return f(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
if (!(t = this.getAccount(e))) | |
throw X.createNoAccountFoundError(); | |
return [4, this.removeAccountContext(t)]; | |
case 1: | |
return [2, r.sent() && this.removeItem(e, O.ACCOUNT)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.removeAccountContext = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r, n, o = this; | |
return f(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
return t = this.getKeys(), | |
r = e.generateAccountId(), | |
n = [], | |
t.forEach((function(e) { | |
var t = ne.getCredentialType(e); | |
if (t !== T.NOT_DEFINED) { | |
var i = o.getSpecificCredential(e, t); | |
i && r === i.generateAccountId() && n.push(o.removeCredential(i)) | |
} | |
} | |
)), | |
[4, Promise.all(n)]; | |
case 1: | |
return i.sent(), | |
[2, !0] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.removeCredential = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r; | |
return f(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
if (t = e.generateCredentialKey(), | |
e.credentialType.toLowerCase() !== P.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) | |
return [3, 4]; | |
if (e.tokenType !== F.POP) | |
return [3, 4]; | |
if (!(r = e.keyId)) | |
return [3, 4]; | |
n.label = 1; | |
case 1: | |
return n.trys.push([1, 3, , 4]), | |
[4, this.cryptoImpl.removeTokenBindingKey(r)]; | |
case 2: | |
return n.sent(), | |
[3, 4]; | |
case 3: | |
throw n.sent(), | |
X.createBindingKeyNotRemovedError(); | |
case 4: | |
return [2, this.removeItem(t, O.CREDENTIAL)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.removeAppMetadata = function() { | |
var e = this; | |
return this.getKeys().forEach((function(t) { | |
e.isAppMetadata(t) && e.removeItem(t, O.APP_METADATA) | |
} | |
)), | |
!0 | |
} | |
, | |
e.prototype.readCacheRecord = function(e, t, r, n) { | |
var o = this.readAccountFromCache(e) | |
, i = this.readIdTokenFromCache(t, e) | |
, a = this.readAccessTokenFromCache(t, e, r) | |
, s = this.readRefreshTokenFromCache(t, e, !1) | |
, c = this.readAppMetadataFromCache(n, t); | |
return o && i && (o.idTokenClaims = new se(i.secret,this.cryptoImpl).claims), | |
{ | |
account: o, | |
idToken: i, | |
accessToken: a, | |
refreshToken: s, | |
appMetadata: c | |
} | |
} | |
, | |
e.prototype.readAccountFromCache = function(e) { | |
var t = re.generateAccountCacheKey(e); | |
return this.getAccount(t) | |
} | |
, | |
e.prototype.readAccountFromCacheWithNativeAccountId = function(e) { | |
var t = { | |
nativeAccountId: e | |
} | |
, r = this.getAccountsFilteredBy(t) | |
, n = Object.keys(r).map((function(e) { | |
return r[e] | |
} | |
)); | |
if (n.length < 1) | |
return null; | |
if (n.length > 1) | |
throw X.createMultipleMatchingAccountsInCacheError(); | |
return r[0] | |
} | |
, | |
e.prototype.readIdTokenFromCache = function(e, t) { | |
var r = { | |
homeAccountId: t.homeAccountId, | |
environment: t.environment, | |
credentialType: P.ID_TOKEN, | |
clientId: e, | |
realm: t.tenantId | |
} | |
, n = this.getCredentialsFilteredBy(r) | |
, o = Object.keys(n.idTokens).map((function(e) { | |
return n.idTokens[e] | |
} | |
)) | |
, i = o.length; | |
if (i < 1) | |
return null; | |
if (i > 1) | |
throw X.createMultipleMatchingTokensInCacheError(); | |
return o[0] | |
} | |
, | |
e.prototype.readAccessTokenFromCache = function(e, t, r) { | |
var n = new ae(r.scopes || []) | |
, o = r.authenticationScheme || F.BEARER | |
, i = o && o.toLowerCase() !== F.BEARER.toLowerCase() ? P.ACCESS_TOKEN_WITH_AUTH_SCHEME : P.ACCESS_TOKEN | |
, a = { | |
homeAccountId: t.homeAccountId, | |
environment: t.environment, | |
credentialType: i, | |
clientId: e, | |
realm: t.tenantId, | |
target: n.printScopesLowerCase(), | |
tokenType: o, | |
keyId: r.sshKid, | |
requestedClaimsHash: r.requestedClaimsHash | |
} | |
, s = this.getCredentialsFilteredBy(a) | |
, c = Object.keys(s.accessTokens).map((function(e) { | |
return s.accessTokens[e] | |
} | |
)) | |
, u = c.length; | |
if (u < 1) | |
return null; | |
if (u > 1) | |
throw X.createMultipleMatchingTokensInCacheError(); | |
return c[0] | |
} | |
, | |
e.prototype.readRefreshTokenFromCache = function(e, t, r) { | |
var n = r ? L : void 0 | |
, o = { | |
homeAccountId: t.homeAccountId, | |
environment: t.environment, | |
credentialType: P.REFRESH_TOKEN, | |
clientId: e, | |
familyId: n | |
} | |
, i = this.getCredentialsFilteredBy(o) | |
, a = Object.keys(i.refreshTokens).map((function(e) { | |
return i.refreshTokens[e] | |
} | |
)); | |
return a.length < 1 ? null : a[0] | |
} | |
, | |
e.prototype.readAppMetadataFromCache = function(e, t) { | |
var r = { | |
environment: e, | |
clientId: t | |
} | |
, n = this.getAppMetadataFilteredBy(r) | |
, o = Object.keys(n).map((function(e) { | |
return n[e] | |
} | |
)) | |
, i = o.length; | |
if (i < 1) | |
return null; | |
if (i > 1) | |
throw X.createMultipleMatchingAppMetadataInCacheError(); | |
return o[0] | |
} | |
, | |
e.prototype.isAppMetadataFOCI = function(e, t) { | |
var r = this.readAppMetadataFromCache(e, t); | |
return !(!r || r.familyId !== L) | |
} | |
, | |
e.prototype.matchHomeAccountId = function(e, t) { | |
return !(!e.homeAccountId || t !== e.homeAccountId) | |
} | |
, | |
e.prototype.matchUserAssertionHash = function(e, t) { | |
return !(!e.userAssertionHash || t !== e.userAssertionHash) | |
} | |
, | |
e.prototype.matchEnvironment = function(e, t) { | |
var r = this.getAuthorityMetadataByAlias(t); | |
return !!(r && r.aliases.indexOf(e.environment) > -1) | |
} | |
, | |
e.prototype.matchCredentialType = function(e, t) { | |
return e.credentialType && t.toLowerCase() === e.credentialType.toLowerCase() | |
} | |
, | |
e.prototype.matchClientId = function(e, t) { | |
return !(!e.clientId || t !== e.clientId) | |
} | |
, | |
e.prototype.matchFamilyId = function(e, t) { | |
return !(!e.familyId || t !== e.familyId) | |
} | |
, | |
e.prototype.matchRealm = function(e, t) { | |
return !(!e.realm || t !== e.realm) | |
} | |
, | |
e.prototype.matchNativeAccountId = function(e, t) { | |
return !(!e.nativeAccountId || t !== e.nativeAccountId) | |
} | |
, | |
e.prototype.matchTarget = function(e, t) { | |
if (e.credentialType !== P.ACCESS_TOKEN && e.credentialType !== P.ACCESS_TOKEN_WITH_AUTH_SCHEME || !e.target) | |
return !1; | |
var r = ae.fromString(e.target) | |
, n = ae.fromString(t); | |
return n.containsOnlyOIDCScopes() ? n.removeScope(T.OFFLINE_ACCESS_SCOPE) : n.removeOIDCScopes(), | |
r.containsScopeSet(n) | |
} | |
, | |
e.prototype.matchTokenType = function(e, t) { | |
return !(!e.tokenType || e.tokenType !== t) | |
} | |
, | |
e.prototype.matchKeyId = function(e, t) { | |
return !(!e.keyId || e.keyId !== t) | |
} | |
, | |
e.prototype.isAppMetadata = function(e) { | |
return -1 !== e.indexOf(H) | |
} | |
, | |
e.prototype.isAuthorityMetadata = function(e) { | |
return -1 !== e.indexOf(D) | |
} | |
, | |
e.prototype.generateAuthorityMetadataCacheKey = function(e) { | |
return "authority-metadata-" + this.clientId + "-" + e | |
} | |
, | |
e.prototype.getSpecificCredential = function(e, t) { | |
switch (t) { | |
case P.ID_TOKEN: | |
return this.getIdTokenCredential(e); | |
case P.ACCESS_TOKEN: | |
case P.ACCESS_TOKEN_WITH_AUTH_SCHEME: | |
return this.getAccessTokenCredential(e); | |
case P.REFRESH_TOKEN: | |
return this.getRefreshTokenCredential(e); | |
default: | |
return null | |
} | |
} | |
, | |
e.toObject = function(e, t) { | |
for (var r in t) | |
e[r] = t[r]; | |
return e | |
} | |
, | |
e | |
}(), ue = function(e) { | |
function t() { | |
return null !== e && e.apply(this, arguments) || this | |
} | |
return h(t, e), | |
t.prototype.setAccount = function() { | |
throw J.createUnexpectedError("Storage interface - setAccount() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getAccount = function() { | |
throw J.createUnexpectedError("Storage interface - getAccount() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.setIdTokenCredential = function() { | |
throw J.createUnexpectedError("Storage interface - setIdTokenCredential() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getIdTokenCredential = function() { | |
throw J.createUnexpectedError("Storage interface - getIdTokenCredential() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.setAccessTokenCredential = function() { | |
throw J.createUnexpectedError("Storage interface - setAccessTokenCredential() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getAccessTokenCredential = function() { | |
throw J.createUnexpectedError("Storage interface - getAccessTokenCredential() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.setRefreshTokenCredential = function() { | |
throw J.createUnexpectedError("Storage interface - setRefreshTokenCredential() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getRefreshTokenCredential = function() { | |
throw J.createUnexpectedError("Storage interface - getRefreshTokenCredential() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.setAppMetadata = function() { | |
throw J.createUnexpectedError("Storage interface - setAppMetadata() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getAppMetadata = function() { | |
throw J.createUnexpectedError("Storage interface - getAppMetadata() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.setServerTelemetry = function() { | |
throw J.createUnexpectedError("Storage interface - setServerTelemetry() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getServerTelemetry = function() { | |
throw J.createUnexpectedError("Storage interface - getServerTelemetry() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.setAuthorityMetadata = function() { | |
throw J.createUnexpectedError("Storage interface - setAuthorityMetadata() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getAuthorityMetadata = function() { | |
throw J.createUnexpectedError("Storage interface - getAuthorityMetadata() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getAuthorityMetadataKeys = function() { | |
throw J.createUnexpectedError("Storage interface - getAuthorityMetadataKeys() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.setThrottlingCache = function() { | |
throw J.createUnexpectedError("Storage interface - setThrottlingCache() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getThrottlingCache = function() { | |
throw J.createUnexpectedError("Storage interface - getThrottlingCache() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.removeItem = function() { | |
throw J.createUnexpectedError("Storage interface - removeItem() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.containsKey = function() { | |
throw J.createUnexpectedError("Storage interface - containsKey() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.getKeys = function() { | |
throw J.createUnexpectedError("Storage interface - getKeys() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t.prototype.clear = function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Storage interface - clear() has not been implemented for the cacheStorage interface.") | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.updateCredentialCacheKey = function() { | |
throw J.createUnexpectedError("Storage interface - updateCredentialCacheKey() has not been implemented for the cacheStorage interface.") | |
} | |
, | |
t | |
}(ce), le = function(e) { | |
function t() { | |
return null !== e && e.apply(this, arguments) || this | |
} | |
return h(t, e), | |
t.createIdTokenEntity = function(e, r, n, o, i) { | |
var a = new t; | |
return a.credentialType = P.ID_TOKEN, | |
a.homeAccountId = e, | |
a.environment = r, | |
a.clientId = o, | |
a.secret = n, | |
a.realm = i, | |
a | |
} | |
, | |
t.isIdTokenEntity = function(e) { | |
return !!e && e.hasOwnProperty("homeAccountId") && e.hasOwnProperty("environment") && e.hasOwnProperty("credentialType") && e.hasOwnProperty("realm") && e.hasOwnProperty("clientId") && e.hasOwnProperty("secret") && e.credentialType === P.ID_TOKEN | |
} | |
, | |
t | |
}(ne), de = function() { | |
function e() {} | |
return e.nowSeconds = function() { | |
return Math.round((new Date).getTime() / 1e3) | |
} | |
, | |
e.isTokenExpired = function(t, r) { | |
var n = Number(t) || 0; | |
return e.nowSeconds() + r > n | |
} | |
, | |
e.wasClockTurnedBack = function(t) { | |
return Number(t) > e.nowSeconds() | |
} | |
, | |
e.delay = function(e, t) { | |
return new Promise((function(r) { | |
return setTimeout((function() { | |
return r(t) | |
} | |
), e) | |
} | |
)) | |
} | |
, | |
e | |
}(), he = function(e) { | |
function t() { | |
return null !== e && e.apply(this, arguments) || this | |
} | |
return h(t, e), | |
t.createAccessTokenEntity = function(e, r, n, o, i, a, s, c, u, l, d, h, p, g, f) { | |
var m, v, y = new t; | |
y.homeAccountId = e, | |
y.credentialType = P.ACCESS_TOKEN, | |
y.secret = n; | |
var E = de.nowSeconds(); | |
if (y.cachedAt = E.toString(), | |
y.expiresOn = s.toString(), | |
y.extendedExpiresOn = c.toString(), | |
l && (y.refreshOn = l.toString()), | |
y.environment = r, | |
y.clientId = o, | |
y.realm = i, | |
y.target = a, | |
y.userAssertionHash = h, | |
y.tokenType = $.isEmpty(d) ? F.BEARER : d, | |
g && (y.requestedClaims = g, | |
y.requestedClaimsHash = f), | |
(null === (m = y.tokenType) || void 0 === m ? void 0 : m.toLowerCase()) !== F.BEARER.toLowerCase()) | |
switch (y.credentialType = P.ACCESS_TOKEN_WITH_AUTH_SCHEME, | |
y.tokenType) { | |
case F.POP: | |
var _ = se.extractTokenClaims(n, u); | |
if (!(null === (v = null == _ ? void 0 : _.cnf) || void 0 === v ? void 0 : v.kid)) | |
throw X.createTokenClaimsRequiredError(); | |
y.keyId = _.cnf.kid; | |
break; | |
case F.SSH: | |
y.keyId = p | |
} | |
return y | |
} | |
, | |
t.isAccessTokenEntity = function(e) { | |
return !!e && e.hasOwnProperty("homeAccountId") && e.hasOwnProperty("environment") && e.hasOwnProperty("credentialType") && e.hasOwnProperty("realm") && e.hasOwnProperty("clientId") && e.hasOwnProperty("secret") && e.hasOwnProperty("target") && (e.credentialType === P.ACCESS_TOKEN || e.credentialType === P.ACCESS_TOKEN_WITH_AUTH_SCHEME) | |
} | |
, | |
t | |
}(ne), pe = function(e) { | |
function t() { | |
return null !== e && e.apply(this, arguments) || this | |
} | |
return h(t, e), | |
t.createRefreshTokenEntity = function(e, r, n, o, i, a) { | |
var s = new t; | |
return s.clientId = o, | |
s.credentialType = P.REFRESH_TOKEN, | |
s.environment = r, | |
s.homeAccountId = e, | |
s.secret = n, | |
s.userAssertionHash = a, | |
i && (s.familyId = i), | |
s | |
} | |
, | |
t.isRefreshTokenEntity = function(e) { | |
return !!e && e.hasOwnProperty("homeAccountId") && e.hasOwnProperty("environment") && e.hasOwnProperty("credentialType") && e.hasOwnProperty("clientId") && e.hasOwnProperty("secret") && e.credentialType === P.REFRESH_TOKEN | |
} | |
, | |
t | |
}(ne), ge = function() { | |
function e() {} | |
return e.prototype.generateAppMetadataKey = function() { | |
return e.generateAppMetadataCacheKey(this.environment, this.clientId) | |
} | |
, | |
e.generateAppMetadataCacheKey = function(e, t) { | |
return [H, e, t].join(N.CACHE_KEY_SEPARATOR).toLowerCase() | |
} | |
, | |
e.createAppMetadataEntity = function(t, r, n) { | |
var o = new e; | |
return o.clientId = t, | |
o.environment = r, | |
n && (o.familyId = n), | |
o | |
} | |
, | |
e.isAppMetadataEntity = function(e, t) { | |
return !!t && 0 === e.indexOf(H) && t.hasOwnProperty("clientId") && t.hasOwnProperty("environment") | |
} | |
, | |
e | |
}(), fe = function() { | |
function e() { | |
this.failedRequests = [], | |
this.errors = [], | |
this.cacheHits = 0 | |
} | |
return e.isServerTelemetryEntity = function(e, t) { | |
var r = 0 === e.indexOf(x.CACHE_KEY) | |
, n = !0; | |
return t && (n = t.hasOwnProperty("failedRequests") && t.hasOwnProperty("errors") && t.hasOwnProperty("cacheHits")), | |
r && n | |
} | |
, | |
e | |
}(), me = function() { | |
function e() { | |
this.expiresAt = de.nowSeconds() + 86400 | |
} | |
return e.prototype.updateCloudDiscoveryMetadata = function(e, t) { | |
this.aliases = e.aliases, | |
this.preferred_cache = e.preferred_cache, | |
this.preferred_network = e.preferred_network, | |
this.aliasesFromNetwork = t | |
} | |
, | |
e.prototype.updateEndpointMetadata = function(e, t) { | |
this.authorization_endpoint = e.authorization_endpoint, | |
this.token_endpoint = e.token_endpoint, | |
this.end_session_endpoint = e.end_session_endpoint, | |
this.issuer = e.issuer, | |
this.endpointsFromNetwork = t, | |
this.jwks_uri = e.jwks_uri | |
} | |
, | |
e.prototype.updateCanonicalAuthority = function(e) { | |
this.canonical_authority = e | |
} | |
, | |
e.prototype.resetExpiresAt = function() { | |
this.expiresAt = de.nowSeconds() + 86400 | |
} | |
, | |
e.prototype.isExpired = function() { | |
return this.expiresAt <= de.nowSeconds() | |
} | |
, | |
e.isAuthorityMetadataEntity = function(e, t) { | |
return !!t && 0 === e.indexOf(D) && t.hasOwnProperty("aliases") && t.hasOwnProperty("preferred_cache") && t.hasOwnProperty("preferred_network") && t.hasOwnProperty("canonical_authority") && t.hasOwnProperty("authorization_endpoint") && t.hasOwnProperty("token_endpoint") && t.hasOwnProperty("issuer") && t.hasOwnProperty("aliasesFromNetwork") && t.hasOwnProperty("endpointsFromNetwork") && t.hasOwnProperty("expiresAt") && t.hasOwnProperty("jwks_uri") | |
} | |
, | |
e | |
}(), ve = function() { | |
function e() {} | |
return e.isThrottlingEntity = function(e, t) { | |
var r = !1; | |
e && (r = 0 === e.indexOf("throttling")); | |
var n = !0; | |
return t && (n = t.hasOwnProperty("throttleTime")), | |
r && n | |
} | |
, | |
e | |
}(), ye = function() { | |
function e() {} | |
return e.setRequestState = function(t, r, n) { | |
var o = e.generateLibraryState(t, n); | |
return $.isEmpty(r) ? o : "" + o + T.RESOURCE_DELIM + r | |
} | |
, | |
e.generateLibraryState = function(e, t) { | |
if (!e) | |
throw X.createNoCryptoObjectError("generateLibraryState"); | |
var r = { | |
id: e.createNewGuid() | |
}; | |
t && (r.meta = t); | |
var n = JSON.stringify(r); | |
return e.base64Encode(n) | |
} | |
, | |
e.parseRequestState = function(e, t) { | |
if (!e) | |
throw X.createNoCryptoObjectError("parseRequestState"); | |
if ($.isEmpty(t)) | |
throw X.createInvalidStateError(t, "Null, undefined or empty state"); | |
try { | |
var r = t.split(T.RESOURCE_DELIM) | |
, n = r[0] | |
, o = r.length > 1 ? r.slice(1).join(T.RESOURCE_DELIM) : T.EMPTY_STRING | |
, i = e.base64Decode(n) | |
, a = JSON.parse(i); | |
return { | |
userRequestState: $.isEmpty(o) ? T.EMPTY_STRING : o, | |
libraryState: a | |
} | |
} catch (e) { | |
throw X.createInvalidStateError(t, e) | |
} | |
} | |
, | |
e | |
}(); | |
!function(e) { | |
e.HOME_ACCOUNT_ID = "home_account_id", | |
e.UPN = "UPN" | |
}(te || (te = {})); | |
var Ee, _e, Ce, Te, we, Se, Ie, Ae, be = { | |
createNewGuid: function() { | |
throw J.createUnexpectedError("Crypto interface - createNewGuid() has not been implemented") | |
}, | |
base64Decode: function() { | |
throw J.createUnexpectedError("Crypto interface - base64Decode() has not been implemented") | |
}, | |
base64Encode: function() { | |
throw J.createUnexpectedError("Crypto interface - base64Encode() has not been implemented") | |
}, | |
generatePkceCodes: function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Crypto interface - generatePkceCodes() has not been implemented") | |
} | |
)) | |
} | |
)) | |
}, | |
getPublicKeyThumbprint: function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Crypto interface - getPublicKeyThumbprint() has not been implemented") | |
} | |
)) | |
} | |
)) | |
}, | |
removeTokenBindingKey: function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Crypto interface - removeTokenBindingKey() has not been implemented") | |
} | |
)) | |
} | |
)) | |
}, | |
clearKeystore: function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Crypto interface - clearKeystore() has not been implemented") | |
} | |
)) | |
} | |
)) | |
}, | |
signJwt: function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Crypto interface - signJwt() has not been implemented") | |
} | |
)) | |
} | |
)) | |
}, | |
hashString: function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Crypto interface - hashString() has not been implemented") | |
} | |
)) | |
} | |
)) | |
} | |
}, Re = { | |
pkceNotGenerated: { | |
code: "pkce_not_created", | |
desc: "The PKCE code challenge and verifier could not be generated." | |
}, | |
cryptoDoesNotExist: { | |
code: "crypto_nonexistent", | |
desc: "The crypto object or function is not available." | |
}, | |
httpMethodNotImplementedError: { | |
code: "http_method_not_implemented", | |
desc: "The HTTP method given has not been implemented in this library." | |
}, | |
emptyNavigateUriError: { | |
code: "empty_navigate_uri", | |
desc: "Navigation URI is empty. Please check stack trace for more info." | |
}, | |
hashEmptyError: { | |
code: "hash_empty_error", | |
desc: "Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. For more visit: aka.ms/msaljs/browser-errors." | |
}, | |
hashDoesNotContainStateError: { | |
code: "no_state_in_hash", | |
desc: "Hash does not contain state. Please verify that the request originated from msal." | |
}, | |
hashDoesNotContainKnownPropertiesError: { | |
code: "hash_does_not_contain_known_properties", | |
desc: "Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. For more visit: aka.ms/msaljs/browser-errors." | |
}, | |
unableToParseStateError: { | |
code: "unable_to_parse_state", | |
desc: "Unable to parse state. Please verify that the request originated from msal." | |
}, | |
stateInteractionTypeMismatchError: { | |
code: "state_interaction_type_mismatch", | |
desc: "Hash contains state but the interaction type does not match the caller." | |
}, | |
interactionInProgress: { | |
code: "interaction_in_progress", | |
desc: "Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. For more visit: aka.ms/msaljs/browser-errors." | |
}, | |
popupWindowError: { | |
code: "popup_window_error", | |
desc: "Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser." | |
}, | |
emptyWindowError: { | |
code: "empty_window_error", | |
desc: "window.open returned null or undefined window object." | |
}, | |
userCancelledError: { | |
code: "user_cancelled", | |
desc: "User cancelled the flow." | |
}, | |
monitorPopupTimeoutError: { | |
code: "monitor_window_timeout", | |
desc: "Token acquisition in popup failed due to timeout. For more visit: aka.ms/msaljs/browser-errors." | |
}, | |
monitorIframeTimeoutError: { | |
code: "monitor_window_timeout", | |
desc: "Token acquisition in iframe failed due to timeout. For more visit: aka.ms/msaljs/browser-errors." | |
}, | |
redirectInIframeError: { | |
code: "redirect_in_iframe", | |
desc: "Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs." | |
}, | |
blockTokenRequestsInHiddenIframeError: { | |
code: "block_iframe_reload", | |
desc: "Request was blocked inside an iframe because MSAL detected an authentication response. For more visit: aka.ms/msaljs/browser-errors" | |
}, | |
blockAcquireTokenInPopupsError: { | |
code: "block_nested_popups", | |
desc: "Request was blocked inside a popup because MSAL detected it was running in a popup." | |
}, | |
iframeClosedPrematurelyError: { | |
code: "iframe_closed_prematurely", | |
desc: "The iframe being monitored was closed prematurely." | |
}, | |
silentLogoutUnsupportedError: { | |
code: "silent_logout_unsupported", | |
desc: "Silent logout not supported. Please call logoutRedirect or logoutPopup instead." | |
}, | |
noAccountError: { | |
code: "no_account_error", | |
desc: "No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request." | |
}, | |
silentPromptValueError: { | |
code: "silent_prompt_value_error", | |
desc: "The value given for the prompt value is not valid for silent requests - must be set to 'none'." | |
}, | |
noTokenRequestCacheError: { | |
code: "no_token_request_cache_error", | |
desc: "No token request found in cache." | |
}, | |
unableToParseTokenRequestCacheError: { | |
code: "unable_to_parse_token_request_cache_error", | |
desc: "The cached token request could not be parsed." | |
}, | |
noCachedAuthorityError: { | |
code: "no_cached_authority_error", | |
desc: "No cached authority found." | |
}, | |
authRequestNotSet: { | |
code: "auth_request_not_set_error", | |
desc: "Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler" | |
}, | |
invalidCacheType: { | |
code: "invalid_cache_type", | |
desc: "Invalid cache type" | |
}, | |
notInBrowserEnvironment: { | |
code: "non_browser_environment", | |
desc: "Login and token requests are not supported in non-browser environments." | |
}, | |
databaseNotOpen: { | |
code: "database_not_open", | |
desc: "Database is not open!" | |
}, | |
noNetworkConnectivity: { | |
code: "no_network_connectivity", | |
desc: "No network connectivity. Check your internet connection." | |
}, | |
postRequestFailed: { | |
code: "post_request_failed", | |
desc: "Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'" | |
}, | |
getRequestFailed: { | |
code: "get_request_failed", | |
desc: "Network request failed. Please check the network trace to determine root cause." | |
}, | |
failedToParseNetworkResponse: { | |
code: "failed_to_parse_response", | |
desc: "Failed to parse network response. Check network trace." | |
}, | |
unableToLoadTokenError: { | |
code: "unable_to_load_token", | |
desc: "Error loading token to cache." | |
}, | |
signingKeyNotFoundInStorage: { | |
code: "crypto_key_not_found", | |
desc: "Cryptographic Key or Keypair not found in browser storage." | |
}, | |
authCodeRequired: { | |
code: "auth_code_required", | |
desc: "An authorization code must be provided (as the `code` property on the request) to this flow." | |
}, | |
authCodeOrNativeAccountRequired: { | |
code: "auth_code_or_nativeAccountId_required", | |
desc: "An authorization code or nativeAccountId must be provided to this flow." | |
}, | |
databaseUnavailable: { | |
code: "database_unavailable", | |
desc: "IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts." | |
}, | |
unableToAcquireTokenFromNativePlatform: { | |
code: "unable_to_acquire_token_from_native_platform", | |
desc: "Unable to acquire token from native platform. For a list of possible reasons visit aka.ms/msaljs/browser-errors." | |
}, | |
nativeHandshakeTimeout: { | |
code: "native_handshake_timeout", | |
desc: "Timed out while attempting to establish connection to browser extension" | |
}, | |
nativeExtensionNotInstalled: { | |
code: "native_extension_not_installed", | |
desc: "Native extension is not installed. If you think this is a mistake call the initialize function." | |
}, | |
nativeConnectionNotEstablished: { | |
code: "native_connection_not_established", | |
desc: "Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). For more please visit aka.ms/msaljs/browser-errors." | |
}, | |
nativeBrokerCalledBeforeInitialize: { | |
code: "native_broker_called_before_initialize", | |
desc: "You must call and await the initialize function before attempting to call any other MSAL API when native brokering is enabled. For more please visit aka.ms/msaljs/browser-errors." | |
}, | |
nativePromptNotSupported: { | |
code: "native_prompt_not_supported", | |
desc: "The provided prompt is not supported by the native platform. This request should be routed to the web based flow." | |
} | |
}, ke = function(e) { | |
function t(r, n) { | |
var o = e.call(this, r, n) || this; | |
return Object.setPrototypeOf(o, t.prototype), | |
o.name = "BrowserAuthError", | |
o | |
} | |
return i(t, e), | |
t.createPkceNotGeneratedError = function(e) { | |
return new t(Re.pkceNotGenerated.code,Re.pkceNotGenerated.desc + " Detail:" + e) | |
} | |
, | |
t.createCryptoNotAvailableError = function(e) { | |
return new t(Re.cryptoDoesNotExist.code,Re.cryptoDoesNotExist.desc + " Detail:" + e) | |
} | |
, | |
t.createHttpMethodNotImplementedError = function(e) { | |
return new t(Re.httpMethodNotImplementedError.code,Re.httpMethodNotImplementedError.desc + " Given Method: " + e) | |
} | |
, | |
t.createEmptyNavigationUriError = function() { | |
return new t(Re.emptyNavigateUriError.code,Re.emptyNavigateUriError.desc) | |
} | |
, | |
t.createEmptyHashError = function(e) { | |
return new t(Re.hashEmptyError.code,Re.hashEmptyError.desc + " Given Url: " + e) | |
} | |
, | |
t.createHashDoesNotContainStateError = function() { | |
return new t(Re.hashDoesNotContainStateError.code,Re.hashDoesNotContainStateError.desc) | |
} | |
, | |
t.createHashDoesNotContainKnownPropertiesError = function() { | |
return new t(Re.hashDoesNotContainKnownPropertiesError.code,Re.hashDoesNotContainKnownPropertiesError.desc) | |
} | |
, | |
t.createUnableToParseStateError = function() { | |
return new t(Re.unableToParseStateError.code,Re.unableToParseStateError.desc) | |
} | |
, | |
t.createStateInteractionTypeMismatchError = function() { | |
return new t(Re.stateInteractionTypeMismatchError.code,Re.stateInteractionTypeMismatchError.desc) | |
} | |
, | |
t.createInteractionInProgressError = function() { | |
return new t(Re.interactionInProgress.code,Re.interactionInProgress.desc) | |
} | |
, | |
t.createPopupWindowError = function(e) { | |
var r = Re.popupWindowError.desc; | |
return r = $.isEmpty(e) ? r : r + " Details: " + e, | |
new t(Re.popupWindowError.code,r) | |
} | |
, | |
t.createEmptyWindowCreatedError = function() { | |
return new t(Re.emptyWindowError.code,Re.emptyWindowError.desc) | |
} | |
, | |
t.createUserCancelledError = function() { | |
return new t(Re.userCancelledError.code,Re.userCancelledError.desc) | |
} | |
, | |
t.createMonitorPopupTimeoutError = function() { | |
return new t(Re.monitorPopupTimeoutError.code,Re.monitorPopupTimeoutError.desc) | |
} | |
, | |
t.createMonitorIframeTimeoutError = function() { | |
return new t(Re.monitorIframeTimeoutError.code,Re.monitorIframeTimeoutError.desc) | |
} | |
, | |
t.createRedirectInIframeError = function(e) { | |
return new t(Re.redirectInIframeError.code,Re.redirectInIframeError.desc + " (window.parent !== window) => " + e) | |
} | |
, | |
t.createBlockReloadInHiddenIframeError = function() { | |
return new t(Re.blockTokenRequestsInHiddenIframeError.code,Re.blockTokenRequestsInHiddenIframeError.desc) | |
} | |
, | |
t.createBlockAcquireTokenInPopupsError = function() { | |
return new t(Re.blockAcquireTokenInPopupsError.code,Re.blockAcquireTokenInPopupsError.desc) | |
} | |
, | |
t.createIframeClosedPrematurelyError = function() { | |
return new t(Re.iframeClosedPrematurelyError.code,Re.iframeClosedPrematurelyError.desc) | |
} | |
, | |
t.createSilentLogoutUnsupportedError = function() { | |
return new t(Re.silentLogoutUnsupportedError.code,Re.silentLogoutUnsupportedError.desc) | |
} | |
, | |
t.createNoAccountError = function() { | |
return new t(Re.noAccountError.code,Re.noAccountError.desc) | |
} | |
, | |
t.createSilentPromptValueError = function(e) { | |
return new t(Re.silentPromptValueError.code,Re.silentPromptValueError.desc + " Given value: " + e) | |
} | |
, | |
t.createUnableToParseTokenRequestCacheError = function() { | |
return new t(Re.unableToParseTokenRequestCacheError.code,Re.unableToParseTokenRequestCacheError.desc) | |
} | |
, | |
t.createNoTokenRequestCacheError = function() { | |
return new t(Re.noTokenRequestCacheError.code,Re.noTokenRequestCacheError.desc) | |
} | |
, | |
t.createAuthRequestNotSetError = function() { | |
return new t(Re.authRequestNotSet.code,Re.authRequestNotSet.desc) | |
} | |
, | |
t.createNoCachedAuthorityError = function() { | |
return new t(Re.noCachedAuthorityError.code,Re.noCachedAuthorityError.desc) | |
} | |
, | |
t.createInvalidCacheTypeError = function() { | |
return new t(Re.invalidCacheType.code,"" + Re.invalidCacheType.desc) | |
} | |
, | |
t.createNonBrowserEnvironmentError = function() { | |
return new t(Re.notInBrowserEnvironment.code,Re.notInBrowserEnvironment.desc) | |
} | |
, | |
t.createDatabaseNotOpenError = function() { | |
return new t(Re.databaseNotOpen.code,Re.databaseNotOpen.desc) | |
} | |
, | |
t.createNoNetworkConnectivityError = function() { | |
return new t(Re.noNetworkConnectivity.code,Re.noNetworkConnectivity.desc) | |
} | |
, | |
t.createPostRequestFailedError = function(e, r) { | |
return new t(Re.postRequestFailed.code,Re.postRequestFailed.desc + " | Network client threw: " + e + " | Attempted to reach: " + r.split("?")[0]) | |
} | |
, | |
t.createGetRequestFailedError = function(e, r) { | |
return new t(Re.getRequestFailed.code,Re.getRequestFailed.desc + " | Network client threw: " + e + " | Attempted to reach: " + r.split("?")[0]) | |
} | |
, | |
t.createFailedToParseNetworkResponseError = function(e) { | |
return new t(Re.failedToParseNetworkResponse.code,Re.failedToParseNetworkResponse.desc + " | Attempted to reach: " + e.split("?")[0]) | |
} | |
, | |
t.createUnableToLoadTokenError = function(e) { | |
return new t(Re.unableToLoadTokenError.code,Re.unableToLoadTokenError.desc + " | " + e) | |
} | |
, | |
t.createSigningKeyNotFoundInStorageError = function(e) { | |
return new t(Re.signingKeyNotFoundInStorage.code,Re.signingKeyNotFoundInStorage.desc + " | No match found for KeyId: " + e) | |
} | |
, | |
t.createAuthCodeRequiredError = function() { | |
return new t(Re.authCodeRequired.code,Re.authCodeRequired.desc) | |
} | |
, | |
t.createAuthCodeOrNativeAccountIdRequiredError = function() { | |
return new t(Re.authCodeOrNativeAccountRequired.code,Re.authCodeOrNativeAccountRequired.desc) | |
} | |
, | |
t.createDatabaseUnavailableError = function() { | |
return new t(Re.databaseUnavailable.code,Re.databaseUnavailable.desc) | |
} | |
, | |
t.createUnableToAcquireTokenFromNativePlatformError = function() { | |
return new t(Re.unableToAcquireTokenFromNativePlatform.code,Re.unableToAcquireTokenFromNativePlatform.desc) | |
} | |
, | |
t.createNativeHandshakeTimeoutError = function() { | |
return new t(Re.nativeHandshakeTimeout.code,Re.nativeHandshakeTimeout.desc) | |
} | |
, | |
t.createNativeExtensionNotInstalledError = function() { | |
return new t(Re.nativeExtensionNotInstalled.code,Re.nativeExtensionNotInstalled.desc) | |
} | |
, | |
t.createNativeConnectionNotEstablishedError = function() { | |
return new t(Re.nativeConnectionNotEstablished.code,Re.nativeConnectionNotEstablished.desc) | |
} | |
, | |
t.createNativeBrokerCalledBeforeInitialize = function() { | |
return new t(Re.nativeBrokerCalledBeforeInitialize.code,Re.nativeBrokerCalledBeforeInitialize.desc) | |
} | |
, | |
t.createNativePromptParameterNotSupportedError = function() { | |
return new t(Re.nativePromptNotSupported.code,Re.nativePromptNotSupported.desc) | |
} | |
, | |
t | |
}(J), Ne = { | |
INTERACTION_IN_PROGRESS_VALUE: "interaction_in_progress", | |
INVALID_GRANT_ERROR: "invalid_grant", | |
POPUP_WIDTH: 483, | |
POPUP_HEIGHT: 600, | |
POPUP_NAME_PREFIX: "msal", | |
POLL_INTERVAL_MS: 50, | |
MSAL_SKU: "msal.js.browser" | |
}, Pe = "53ee284d-920a-4b59-9d30-a60315b26836"; | |
!function(e) { | |
e.HandshakeRequest = "Handshake", | |
e.HandshakeResponse = "HandshakeResponse", | |
e.GetToken = "GetToken", | |
e.Response = "Response" | |
}(Ee || (Ee = {})), | |
function(e) { | |
e.LocalStorage = "localStorage", | |
e.SessionStorage = "sessionStorage", | |
e.MemoryStorage = "memoryStorage" | |
}(_e || (_e = {})), | |
function(e) { | |
e.GET = "GET", | |
e.POST = "POST" | |
}(Ce || (Ce = {})), | |
function(e) { | |
e.AUTHORITY = "authority", | |
e.ACQUIRE_TOKEN_ACCOUNT = "acquireToken.account", | |
e.SESSION_STATE = "session.state", | |
e.REQUEST_STATE = "request.state", | |
e.NONCE_IDTOKEN = "nonce.id_token", | |
e.ORIGIN_URI = "request.origin", | |
e.RENEW_STATUS = "token.renew.status", | |
e.URL_HASH = "urlHash", | |
e.REQUEST_PARAMS = "request.params", | |
e.SCOPES = "scopes", | |
e.INTERACTION_STATUS_KEY = "interaction.status", | |
e.CCS_CREDENTIAL = "ccs.credential", | |
e.CORRELATION_ID = "request.correlationId", | |
e.NATIVE_REQUEST = "request.native" | |
}(Te || (Te = {})), | |
function(e) { | |
e.WRAPPER_SKU = "wrapper.sku", | |
e.WRAPPER_VER = "wrapper.version" | |
}(we || (we = {})), | |
function(e) { | |
e[e.acquireTokenRedirect = 861] = "acquireTokenRedirect", | |
e[e.acquireTokenPopup = 862] = "acquireTokenPopup", | |
e[e.ssoSilent = 863] = "ssoSilent", | |
e[e.acquireTokenSilent_authCode = 864] = "acquireTokenSilent_authCode", | |
e[e.handleRedirectPromise = 865] = "handleRedirectPromise", | |
e[e.acquireTokenByCode = 866] = "acquireTokenByCode", | |
e[e.acquireTokenSilent_silentFlow = 61] = "acquireTokenSilent_silentFlow", | |
e[e.logout = 961] = "logout", | |
e[e.logoutPopup = 962] = "logoutPopup" | |
}(Se || (Se = {})), | |
function(e) { | |
e.Redirect = "redirect", | |
e.Popup = "popup", | |
e.Silent = "silent", | |
e.None = "none" | |
}(Ie || (Ie = {})), | |
function(e) { | |
e.Startup = "startup", | |
e.Login = "login", | |
e.Logout = "logout", | |
e.AcquireToken = "acquireToken", | |
e.SsoSilent = "ssoSilent", | |
e.HandleRedirect = "handleRedirect", | |
e.None = "none" | |
}(Ae || (Ae = {})); | |
var Oe, Me = { | |
scopes: w | |
}, Ue = "jwk"; | |
!function(e) { | |
e.React = "@azure/msal-react", | |
e.Angular = "@azure/msal-angular" | |
}(Oe || (Oe = {})); | |
var qe, He = "msal.db", Le = { | |
redirectUriNotSet: { | |
code: "redirect_uri_empty", | |
desc: "A redirect URI is required for all calls, and none has been set." | |
}, | |
postLogoutUriNotSet: { | |
code: "post_logout_uri_empty", | |
desc: "A post logout redirect has not been set." | |
}, | |
storageNotSupportedError: { | |
code: "storage_not_supported", | |
desc: "Given storage configuration option was not supported." | |
}, | |
noRedirectCallbacksSet: { | |
code: "no_redirect_callbacks", | |
desc: "No redirect callbacks have been set. Please call setRedirectCallbacks() with the appropriate function arguments before continuing. More information is available here: https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/MSAL-basics." | |
}, | |
invalidCallbackObject: { | |
code: "invalid_callback_object", | |
desc: "The object passed for the callback was invalid. More information is available here: https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/MSAL-basics." | |
}, | |
stubPcaInstanceCalled: { | |
code: "stubbed_public_client_application_called", | |
desc: "Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors" | |
}, | |
inMemRedirectUnavailable: { | |
code: "in_mem_redirect_unavailable", | |
desc: "Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true." | |
} | |
}, De = function(e) { | |
function t(r, n) { | |
var o = e.call(this, r, n) || this; | |
return o.name = "BrowserConfigurationAuthError", | |
Object.setPrototypeOf(o, t.prototype), | |
o | |
} | |
return i(t, e), | |
t.createRedirectUriEmptyError = function() { | |
return new t(Le.redirectUriNotSet.code,Le.redirectUriNotSet.desc) | |
} | |
, | |
t.createPostLogoutRedirectUriEmptyError = function() { | |
return new t(Le.postLogoutUriNotSet.code,Le.postLogoutUriNotSet.desc) | |
} | |
, | |
t.createStorageNotSupportedError = function(e) { | |
return new t(Le.storageNotSupportedError.code,Le.storageNotSupportedError.desc + " Given Location: " + e) | |
} | |
, | |
t.createRedirectCallbacksNotSetError = function() { | |
return new t(Le.noRedirectCallbacksSet.code,Le.noRedirectCallbacksSet.desc) | |
} | |
, | |
t.createStubPcaInstanceCalledError = function() { | |
return new t(Le.stubPcaInstanceCalled.code,Le.stubPcaInstanceCalled.desc) | |
} | |
, | |
t.createInMemoryRedirectUnavailableError = function() { | |
return new t(Le.inMemRedirectUnavailable.code,Le.inMemRedirectUnavailable.desc) | |
} | |
, | |
t | |
}(J), Fe = function() { | |
function e(e) { | |
this.validateWindowStorage(e), | |
this.windowStorage = window[e] | |
} | |
return e.prototype.validateWindowStorage = function(e) { | |
if (e !== _e.LocalStorage && e !== _e.SessionStorage) | |
throw De.createStorageNotSupportedError(e); | |
if (!window[e]) | |
throw De.createStorageNotSupportedError(e) | |
} | |
, | |
e.prototype.getItem = function(e) { | |
return this.windowStorage.getItem(e) | |
} | |
, | |
e.prototype.setItem = function(e, t) { | |
this.windowStorage.setItem(e, t) | |
} | |
, | |
e.prototype.removeItem = function(e) { | |
this.windowStorage.removeItem(e) | |
} | |
, | |
e.prototype.getKeys = function() { | |
return Object.keys(this.windowStorage) | |
} | |
, | |
e.prototype.containsKey = function(e) { | |
return this.windowStorage.hasOwnProperty(e) | |
} | |
, | |
e | |
}(), xe = function() { | |
function e() { | |
this.cache = new Map | |
} | |
return e.prototype.getItem = function(e) { | |
return this.cache.get(e) || null | |
} | |
, | |
e.prototype.setItem = function(e, t) { | |
this.cache.set(e, t) | |
} | |
, | |
e.prototype.removeItem = function(e) { | |
this.cache.delete(e) | |
} | |
, | |
e.prototype.getKeys = function() { | |
var e = []; | |
return this.cache.forEach((function(t, r) { | |
e.push(r) | |
} | |
)), | |
e | |
} | |
, | |
e.prototype.containsKey = function(e) { | |
return this.cache.has(e) | |
} | |
, | |
e.prototype.clear = function() { | |
this.cache.clear() | |
} | |
, | |
e | |
}(), Ke = function() { | |
function e(t) { | |
if (this._urlString = t, | |
$.isEmpty(this._urlString)) | |
throw ie.createUrlEmptyError(); | |
$.isEmpty(this.getHash()) && (this._urlString = e.canonicalizeUri(t)) | |
} | |
return Object.defineProperty(e.prototype, "urlString", { | |
get: function() { | |
return this._urlString | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
e.canonicalizeUri = function(e) { | |
if (e) { | |
var t = e.toLowerCase(); | |
return $.endsWith(t, "?") ? t = t.slice(0, -1) : $.endsWith(t, "?/") && (t = t.slice(0, -2)), | |
$.endsWith(t, "/") || (t += "/"), | |
t | |
} | |
return e | |
} | |
, | |
e.prototype.validateAsUri = function() { | |
var e; | |
try { | |
e = this.getUrlComponents() | |
} catch (e) { | |
throw ie.createUrlParseError(e) | |
} | |
if (!e.HostNameAndPort || !e.PathSegments) | |
throw ie.createUrlParseError("Given url string: " + this.urlString); | |
if (!e.Protocol || "https:" !== e.Protocol.toLowerCase()) | |
throw ie.createInsecureAuthorityUriError(this.urlString) | |
} | |
, | |
e.appendQueryString = function(e, t) { | |
return $.isEmpty(t) ? e : e.indexOf("?") < 0 ? e + "?" + t : e + "&" + t | |
} | |
, | |
e.removeHashFromUrl = function(t) { | |
return e.canonicalizeUri(t.split("#")[0]) | |
} | |
, | |
e.prototype.replaceTenantPath = function(t) { | |
var r = this.getUrlComponents() | |
, n = r.PathSegments; | |
return !t || 0 === n.length || n[0] !== E.COMMON && n[0] !== E.ORGANIZATIONS || (n[0] = t), | |
e.constructAuthorityUriFromObject(r) | |
} | |
, | |
e.prototype.getHash = function() { | |
return e.parseHash(this.urlString) | |
} | |
, | |
e.prototype.getUrlComponents = function() { | |
var e = RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?") | |
, t = this.urlString.match(e); | |
if (!t) | |
throw ie.createUrlParseError("Given url string: " + this.urlString); | |
var r = { | |
Protocol: t[1], | |
HostNameAndPort: t[4], | |
AbsolutePath: t[5], | |
QueryString: t[7] | |
} | |
, n = r.AbsolutePath.split("/"); | |
return n = n.filter((function(e) { | |
return e && e.length > 0 | |
} | |
)), | |
r.PathSegments = n, | |
!$.isEmpty(r.QueryString) && r.QueryString.endsWith("/") && (r.QueryString = r.QueryString.substring(0, r.QueryString.length - 1)), | |
r | |
} | |
, | |
e.getDomainFromUrl = function(e) { | |
var t = RegExp("^([^:/?#]+://)?([^/?#]*)") | |
, r = e.match(t); | |
if (!r) | |
throw ie.createUrlParseError("Given url string: " + e); | |
return r[2] | |
} | |
, | |
e.getAbsoluteUrl = function(t, r) { | |
if (t[0] === T.FORWARD_SLASH) { | |
var n = new e(r).getUrlComponents(); | |
return n.Protocol + "//" + n.HostNameAndPort + t | |
} | |
return t | |
} | |
, | |
e.parseHash = function(e) { | |
var t = e.indexOf("#") | |
, r = e.indexOf("#/"); | |
return r > -1 ? e.substring(r + 2) : t > -1 ? e.substring(t + 1) : T.EMPTY_STRING | |
} | |
, | |
e.parseQueryString = function(e) { | |
var t = e.indexOf("?") | |
, r = e.indexOf("/?"); | |
return r > -1 ? e.substring(r + 2) : t > -1 ? e.substring(t + 1) : T.EMPTY_STRING | |
} | |
, | |
e.constructAuthorityUriFromObject = function(t) { | |
return new e(t.Protocol + "//" + t.HostNameAndPort + "/" + t.PathSegments.join("/")) | |
} | |
, | |
e.getDeserializedHash = function(t) { | |
if ($.isEmpty(t)) | |
return {}; | |
var r = e.parseHash(t) | |
, n = $.queryStringToObject($.isEmpty(r) ? t : r); | |
if (!n) | |
throw X.createHashNotDeserializedError(JSON.stringify(n)); | |
return n | |
} | |
, | |
e.getDeserializedQueryString = function(t) { | |
if ($.isEmpty(t)) | |
return {}; | |
var r = e.parseQueryString(t) | |
, n = $.queryStringToObject($.isEmpty(r) ? t : r); | |
if (!n) | |
throw X.createHashNotDeserializedError(JSON.stringify(n)); | |
return n | |
} | |
, | |
e.hashContainsKnownProperties = function(t) { | |
if ($.isEmpty(t) || t.indexOf("=") < 0) | |
return !1; | |
var r = e.getDeserializedHash(t); | |
return !!(r.code || r.error_description || r.error || r.state) | |
} | |
, | |
e | |
}(), Be = function() { | |
function e() {} | |
return e.extractBrowserRequestState = function(e, t) { | |
if ($.isEmpty(t)) | |
return null; | |
try { | |
return ye.parseRequestState(e, t).libraryState.meta | |
} catch (e) { | |
throw X.createInvalidStateError(t, e) | |
} | |
} | |
, | |
e.parseServerResponseFromHash = function(e) { | |
if (!e) | |
return {}; | |
var t = new Ke(e); | |
return Ke.getDeserializedHash(t.getHash()) | |
} | |
, | |
e | |
}(), Ge = function(e) { | |
function t(t, r, n, o) { | |
var i = e.call(this, t, n) || this; | |
return i.COOKIE_LIFE_MULTIPLIER = 864e5, | |
i.cacheConfig = r, | |
i.logger = o, | |
i.internalStorage = new xe, | |
i.browserStorage = i.setupBrowserStorage(i.cacheConfig.cacheLocation), | |
i.temporaryCacheStorage = i.setupTemporaryCacheStorage(i.cacheConfig.cacheLocation), | |
i.migrateCacheEntries(), | |
i | |
} | |
return i(t, e), | |
t.prototype.setupBrowserStorage = function(e) { | |
switch (e) { | |
case _e.LocalStorage: | |
case _e.SessionStorage: | |
try { | |
return new Fe(e) | |
} catch (e) { | |
this.logger.verbose(e); | |
break | |
} | |
} | |
return this.cacheConfig.cacheLocation = _e.MemoryStorage, | |
new xe | |
} | |
, | |
t.prototype.setupTemporaryCacheStorage = function(e) { | |
switch (e) { | |
case _e.LocalStorage: | |
case _e.SessionStorage: | |
try { | |
return new Fe(_e.SessionStorage) | |
} catch (e) { | |
return this.logger.verbose(e), | |
this.internalStorage | |
} | |
case _e.MemoryStorage: | |
default: | |
return this.internalStorage | |
} | |
} | |
, | |
t.prototype.migrateCacheEntries = function() { | |
var e = this | |
, t = T.CACHE_PREFIX + "." + y.ID_TOKEN | |
, r = T.CACHE_PREFIX + "." + y.CLIENT_INFO | |
, n = T.CACHE_PREFIX + "." + y.ERROR | |
, o = T.CACHE_PREFIX + "." + y.ERROR_DESC | |
, i = [this.browserStorage.getItem(t), this.browserStorage.getItem(r), this.browserStorage.getItem(n), this.browserStorage.getItem(o)]; | |
[y.ID_TOKEN, y.CLIENT_INFO, y.ERROR, y.ERROR_DESC].forEach((function(t, r) { | |
return e.migrateCacheEntry(t, i[r]) | |
} | |
)) | |
} | |
, | |
t.prototype.migrateCacheEntry = function(e, t) { | |
t && this.setTemporaryCache(e, t, !0) | |
} | |
, | |
t.prototype.validateAndParseJson = function(e) { | |
try { | |
var t = JSON.parse(e); | |
return t && "object" == typeof t ? t : null | |
} catch (e) { | |
return null | |
} | |
} | |
, | |
t.prototype.getItem = function(e) { | |
return this.browserStorage.getItem(e) | |
} | |
, | |
t.prototype.setItem = function(e, t) { | |
this.browserStorage.setItem(e, t) | |
} | |
, | |
t.prototype.getAccount = function(e) { | |
var t = this.getItem(e); | |
if (!t) | |
return null; | |
var r = this.validateAndParseJson(t); | |
return r && re.isAccountEntity(r) ? ce.toObject(new re, r) : null | |
} | |
, | |
t.prototype.setAccount = function(e) { | |
this.logger.trace("BrowserCacheManager.setAccount called"); | |
var t = e.generateAccountKey(); | |
this.setItem(t, JSON.stringify(e)) | |
} | |
, | |
t.prototype.getIdTokenCredential = function(e) { | |
var t = this.getItem(e); | |
if (!t) | |
return this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"), | |
null; | |
var r = this.validateAndParseJson(t); | |
return r && le.isIdTokenEntity(r) ? (this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"), | |
ce.toObject(new le, r)) : (this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"), | |
null) | |
} | |
, | |
t.prototype.setIdTokenCredential = function(e) { | |
this.logger.trace("BrowserCacheManager.setIdTokenCredential called"); | |
var t = e.generateCredentialKey(); | |
this.setItem(t, JSON.stringify(e)) | |
} | |
, | |
t.prototype.getAccessTokenCredential = function(e) { | |
var t = this.getItem(e); | |
if (!t) | |
return this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"), | |
null; | |
var r = this.validateAndParseJson(t); | |
return r && he.isAccessTokenEntity(r) ? (this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"), | |
ce.toObject(new he, r)) : (this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"), | |
null) | |
} | |
, | |
t.prototype.setAccessTokenCredential = function(e) { | |
this.logger.trace("BrowserCacheManager.setAccessTokenCredential called"); | |
var t = e.generateCredentialKey(); | |
this.setItem(t, JSON.stringify(e)) | |
} | |
, | |
t.prototype.getRefreshTokenCredential = function(e) { | |
var t = this.getItem(e); | |
if (!t) | |
return this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"), | |
null; | |
var r = this.validateAndParseJson(t); | |
return r && pe.isRefreshTokenEntity(r) ? (this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"), | |
ce.toObject(new pe, r)) : (this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"), | |
null) | |
} | |
, | |
t.prototype.setRefreshTokenCredential = function(e) { | |
this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called"); | |
var t = e.generateCredentialKey(); | |
this.setItem(t, JSON.stringify(e)) | |
} | |
, | |
t.prototype.getAppMetadata = function(e) { | |
var t = this.getItem(e); | |
if (!t) | |
return this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"), | |
null; | |
var r = this.validateAndParseJson(t); | |
return r && ge.isAppMetadataEntity(e, r) ? (this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"), | |
ce.toObject(new ge, r)) : (this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"), | |
null) | |
} | |
, | |
t.prototype.setAppMetadata = function(e) { | |
this.logger.trace("BrowserCacheManager.setAppMetadata called"); | |
var t = e.generateAppMetadataKey(); | |
this.setItem(t, JSON.stringify(e)) | |
} | |
, | |
t.prototype.getServerTelemetry = function(e) { | |
var t = this.getItem(e); | |
if (!t) | |
return this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"), | |
null; | |
var r = this.validateAndParseJson(t); | |
return r && fe.isServerTelemetryEntity(e, r) ? (this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"), | |
ce.toObject(new fe, r)) : (this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"), | |
null) | |
} | |
, | |
t.prototype.setServerTelemetry = function(e, t) { | |
this.logger.trace("BrowserCacheManager.setServerTelemetry called"), | |
this.setItem(e, JSON.stringify(t)) | |
} | |
, | |
t.prototype.getAuthorityMetadata = function(e) { | |
var t = this.internalStorage.getItem(e); | |
if (!t) | |
return this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"), | |
null; | |
var r = this.validateAndParseJson(t); | |
return r && me.isAuthorityMetadataEntity(e, r) ? (this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"), | |
ce.toObject(new me, r)) : null | |
} | |
, | |
t.prototype.getAuthorityMetadataKeys = function() { | |
var e = this; | |
return this.internalStorage.getKeys().filter((function(t) { | |
return e.isAuthorityMetadata(t) | |
} | |
)) | |
} | |
, | |
t.prototype.setWrapperMetadata = function(e, t) { | |
this.internalStorage.setItem(we.WRAPPER_SKU, e), | |
this.internalStorage.setItem(we.WRAPPER_VER, t) | |
} | |
, | |
t.prototype.getWrapperMetadata = function() { | |
return [this.internalStorage.getItem(we.WRAPPER_SKU) || T.EMPTY_STRING, this.internalStorage.getItem(we.WRAPPER_VER) || T.EMPTY_STRING] | |
} | |
, | |
t.prototype.setAuthorityMetadata = function(e, t) { | |
this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"), | |
this.internalStorage.setItem(e, JSON.stringify(t)) | |
} | |
, | |
t.prototype.getActiveAccount = function() { | |
var e = this.generateCacheKey(y.ACTIVE_ACCOUNT_FILTERS) | |
, t = this.getItem(e); | |
if (!t) { | |
this.logger.trace("No active account filters cache schema found, looking for legacy schema"); | |
var r = this.generateCacheKey(y.ACTIVE_ACCOUNT) | |
, n = this.getItem(r); | |
if (!n) | |
return this.logger.trace("No active account found"), | |
null; | |
var o = this.getAccountInfoByFilter({ | |
localAccountId: n | |
})[0] || null; | |
return o ? (this.logger.trace("Legacy active account cache schema found"), | |
this.logger.trace("Adding active account filters cache schema"), | |
this.setActiveAccount(o), | |
o) : null | |
} | |
var i = this.validateAndParseJson(t); | |
return i ? (this.logger.trace("Active account filters schema found"), | |
this.getAccountInfoByFilter({ | |
homeAccountId: i.homeAccountId, | |
localAccountId: i.localAccountId | |
})[0] || null) : (this.logger.trace("No active account found"), | |
null) | |
} | |
, | |
t.prototype.setActiveAccount = function(e) { | |
var t = this.generateCacheKey(y.ACTIVE_ACCOUNT_FILTERS) | |
, r = this.generateCacheKey(y.ACTIVE_ACCOUNT); | |
if (e) { | |
this.logger.verbose("setActiveAccount: Active account set"); | |
var n = { | |
homeAccountId: e.homeAccountId, | |
localAccountId: e.localAccountId | |
}; | |
this.browserStorage.setItem(t, JSON.stringify(n)), | |
this.browserStorage.setItem(r, e.localAccountId) | |
} else | |
this.logger.verbose("setActiveAccount: No account passed, active account not set"), | |
this.browserStorage.removeItem(t), | |
this.browserStorage.removeItem(r) | |
} | |
, | |
t.prototype.getAccountInfoByFilter = function(e) { | |
return this.getAllAccounts().filter((function(t) { | |
return !(e.username && e.username.toLowerCase() !== t.username.toLowerCase() || e.homeAccountId && e.homeAccountId !== t.homeAccountId || e.localAccountId && e.localAccountId !== t.localAccountId || e.tenantId && e.tenantId !== t.tenantId || e.environment && e.environment !== t.environment) | |
} | |
)) | |
} | |
, | |
t.prototype.getAccountInfoByHints = function(e, t) { | |
var r = this.getAllAccounts().filter((function(r) { | |
if (t) { | |
var n = r.idTokenClaims && r.idTokenClaims.sid; | |
return t === n | |
} | |
return !!e && e === r.username | |
} | |
)); | |
if (1 === r.length) | |
return r[0]; | |
if (r.length > 1) | |
throw X.createMultipleMatchingAccountsInCacheError(); | |
return null | |
} | |
, | |
t.prototype.getThrottlingCache = function(e) { | |
var t = this.getItem(e); | |
if (!t) | |
return this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"), | |
null; | |
var r = this.validateAndParseJson(t); | |
return r && ve.isThrottlingEntity(e, r) ? (this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"), | |
ce.toObject(new ve, r)) : (this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"), | |
null) | |
} | |
, | |
t.prototype.setThrottlingCache = function(e, t) { | |
this.logger.trace("BrowserCacheManager.setThrottlingCache called"), | |
this.setItem(e, JSON.stringify(t)) | |
} | |
, | |
t.prototype.getTemporaryCache = function(e, t) { | |
var r = t ? this.generateCacheKey(e) : e; | |
if (this.cacheConfig.storeAuthStateInCookie) { | |
var n = this.getItemCookie(r); | |
if (n) | |
return this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"), | |
n | |
} | |
var o = this.temporaryCacheStorage.getItem(r); | |
if (!o) { | |
if (this.cacheConfig.cacheLocation === _e.LocalStorage) { | |
var i = this.browserStorage.getItem(r); | |
if (i) | |
return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"), | |
i | |
} | |
return this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"), | |
null | |
} | |
return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"), | |
o | |
} | |
, | |
t.prototype.setTemporaryCache = function(e, t, r) { | |
var n = r ? this.generateCacheKey(e) : e; | |
this.temporaryCacheStorage.setItem(n, t), | |
this.cacheConfig.storeAuthStateInCookie && (this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"), | |
this.setItemCookie(n, t)) | |
} | |
, | |
t.prototype.removeItem = function(e) { | |
return this.browserStorage.removeItem(e), | |
this.temporaryCacheStorage.removeItem(e), | |
this.cacheConfig.storeAuthStateInCookie && (this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"), | |
this.clearItemCookie(e)), | |
!0 | |
} | |
, | |
t.prototype.containsKey = function(e) { | |
return this.browserStorage.containsKey(e) || this.temporaryCacheStorage.containsKey(e) | |
} | |
, | |
t.prototype.getKeys = function() { | |
return l(this.browserStorage.getKeys(), this.temporaryCacheStorage.getKeys()) | |
} | |
, | |
t.prototype.clear = function() { | |
return s(this, void 0, void 0, (function() { | |
var e = this; | |
return c(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
return [4, this.removeAllAccounts()]; | |
case 1: | |
return t.sent(), | |
this.removeAppMetadata(), | |
this.getKeys().forEach((function(t) { | |
!e.browserStorage.containsKey(t) && !e.temporaryCacheStorage.containsKey(t) || -1 === t.indexOf(T.CACHE_PREFIX) && -1 === t.indexOf(e.clientId) || e.removeItem(t) | |
} | |
)), | |
this.internalStorage.clear(), | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.setItemCookie = function(e, t, r) { | |
var n = encodeURIComponent(e) + "=" + encodeURIComponent(t) + ";path=/;SameSite=Lax;"; | |
r && (n += "expires=" + this.getCookieExpirationTime(r) + ";"), | |
this.cacheConfig.secureCookies && (n += "Secure;"), | |
document.cookie = n | |
} | |
, | |
t.prototype.getItemCookie = function(e) { | |
for (var t = encodeURIComponent(e) + "=", r = document.cookie.split(";"), n = 0; n < r.length; n++) { | |
for (var o = r[n]; " " === o.charAt(0); ) | |
o = o.substring(1); | |
if (0 === o.indexOf(t)) | |
return decodeURIComponent(o.substring(t.length, o.length)) | |
} | |
return T.EMPTY_STRING | |
} | |
, | |
t.prototype.clearMsalCookies = function() { | |
var e = this | |
, t = T.CACHE_PREFIX + "." + this.clientId; | |
document.cookie.split(";").forEach((function(r) { | |
for (; " " === r.charAt(0); ) | |
r = r.substring(1); | |
if (0 === r.indexOf(t)) { | |
var n = r.split("=")[0]; | |
e.clearItemCookie(n) | |
} | |
} | |
)) | |
} | |
, | |
t.prototype.clearItemCookie = function(e) { | |
this.setItemCookie(e, T.EMPTY_STRING, -1) | |
} | |
, | |
t.prototype.getCookieExpirationTime = function(e) { | |
var t = new Date; | |
return new Date(t.getTime() + e * this.COOKIE_LIFE_MULTIPLIER).toUTCString() | |
} | |
, | |
t.prototype.getCache = function() { | |
return this.browserStorage | |
} | |
, | |
t.prototype.setCache = function() {} | |
, | |
t.prototype.generateCacheKey = function(e) { | |
return this.validateAndParseJson(e) ? JSON.stringify(e) : $.startsWith(e, T.CACHE_PREFIX) || $.startsWith(e, y.ADAL_ID_TOKEN) ? e : T.CACHE_PREFIX + "." + this.clientId + "." + e | |
} | |
, | |
t.prototype.generateAuthorityKey = function(e) { | |
var t = ye.parseRequestState(this.cryptoImpl, e).libraryState.id; | |
return this.generateCacheKey(Te.AUTHORITY + "." + t) | |
} | |
, | |
t.prototype.generateNonceKey = function(e) { | |
var t = ye.parseRequestState(this.cryptoImpl, e).libraryState.id; | |
return this.generateCacheKey(Te.NONCE_IDTOKEN + "." + t) | |
} | |
, | |
t.prototype.generateStateKey = function(e) { | |
var t = ye.parseRequestState(this.cryptoImpl, e).libraryState.id; | |
return this.generateCacheKey(Te.REQUEST_STATE + "." + t) | |
} | |
, | |
t.prototype.getCachedAuthority = function(e) { | |
var t = this.generateStateKey(e) | |
, r = this.getTemporaryCache(t); | |
if (!r) | |
return null; | |
var n = this.generateAuthorityKey(r); | |
return this.getTemporaryCache(n) | |
} | |
, | |
t.prototype.updateCacheEntries = function(e, t, r, n, o) { | |
this.logger.trace("BrowserCacheManager.updateCacheEntries called"); | |
var i = this.generateStateKey(e); | |
this.setTemporaryCache(i, e, !1); | |
var a = this.generateNonceKey(e); | |
this.setTemporaryCache(a, t, !1); | |
var s = this.generateAuthorityKey(e); | |
if (this.setTemporaryCache(s, r, !1), | |
o) { | |
var c = { | |
credential: o.homeAccountId, | |
type: te.HOME_ACCOUNT_ID | |
}; | |
this.setTemporaryCache(Te.CCS_CREDENTIAL, JSON.stringify(c), !0) | |
} else | |
$.isEmpty(n) || (c = { | |
credential: n, | |
type: te.UPN | |
}, | |
this.setTemporaryCache(Te.CCS_CREDENTIAL, JSON.stringify(c), !0)) | |
} | |
, | |
t.prototype.resetRequestCache = function(e) { | |
var t = this; | |
this.logger.trace("BrowserCacheManager.resetRequestCache called"), | |
$.isEmpty(e) || this.getKeys().forEach((function(r) { | |
-1 !== r.indexOf(e) && t.removeItem(r) | |
} | |
)), | |
e && (this.removeItem(this.generateStateKey(e)), | |
this.removeItem(this.generateNonceKey(e)), | |
this.removeItem(this.generateAuthorityKey(e))), | |
this.removeItem(this.generateCacheKey(Te.REQUEST_PARAMS)), | |
this.removeItem(this.generateCacheKey(Te.ORIGIN_URI)), | |
this.removeItem(this.generateCacheKey(Te.URL_HASH)), | |
this.removeItem(this.generateCacheKey(Te.CORRELATION_ID)), | |
this.removeItem(this.generateCacheKey(Te.CCS_CREDENTIAL)), | |
this.removeItem(this.generateCacheKey(Te.NATIVE_REQUEST)), | |
this.setInteractionInProgress(!1) | |
} | |
, | |
t.prototype.cleanRequestByState = function(e) { | |
if (this.logger.trace("BrowserCacheManager.cleanRequestByState called"), | |
e) { | |
var t = this.generateStateKey(e) | |
, r = this.temporaryCacheStorage.getItem(t); | |
this.logger.infoPii("BrowserCacheManager.cleanRequestByState: Removing temporary cache items for state: " + r), | |
this.resetRequestCache(r || T.EMPTY_STRING) | |
} | |
this.clearMsalCookies() | |
} | |
, | |
t.prototype.cleanRequestByInteractionType = function(e) { | |
var t = this; | |
this.logger.trace("BrowserCacheManager.cleanRequestByInteractionType called"), | |
this.getKeys().forEach((function(r) { | |
if (-1 !== r.indexOf(Te.REQUEST_STATE)) { | |
var n = t.temporaryCacheStorage.getItem(r); | |
if (n) { | |
var o = Be.extractBrowserRequestState(t.cryptoImpl, n); | |
o && o.interactionType === e && (t.logger.infoPii("BrowserCacheManager.cleanRequestByInteractionType: Removing temporary cache items for state: " + n), | |
t.resetRequestCache(n)) | |
} | |
} | |
} | |
)), | |
this.clearMsalCookies(), | |
this.setInteractionInProgress(!1) | |
} | |
, | |
t.prototype.cacheCodeRequest = function(e, t) { | |
this.logger.trace("BrowserCacheManager.cacheCodeRequest called"); | |
var r = t.base64Encode(JSON.stringify(e)); | |
this.setTemporaryCache(Te.REQUEST_PARAMS, r, !0) | |
} | |
, | |
t.prototype.getCachedRequest = function(e, t) { | |
this.logger.trace("BrowserCacheManager.getCachedRequest called"); | |
var r = this.getTemporaryCache(Te.REQUEST_PARAMS, !0); | |
if (!r) | |
throw ke.createNoTokenRequestCacheError(); | |
var n = this.validateAndParseJson(t.base64Decode(r)); | |
if (!n) | |
throw ke.createUnableToParseTokenRequestCacheError(); | |
if (this.removeItem(this.generateCacheKey(Te.REQUEST_PARAMS)), | |
$.isEmpty(n.authority)) { | |
var o = this.generateAuthorityKey(e) | |
, i = this.getTemporaryCache(o); | |
if (!i) | |
throw ke.createNoCachedAuthorityError(); | |
n.authority = i | |
} | |
return n | |
} | |
, | |
t.prototype.getCachedNativeRequest = function() { | |
this.logger.trace("BrowserCacheManager.getCachedNativeRequest called"); | |
var e = this.getTemporaryCache(Te.NATIVE_REQUEST, !0); | |
return e ? this.validateAndParseJson(e) || (this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"), | |
null) : (this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found"), | |
null) | |
} | |
, | |
t.prototype.isInteractionInProgress = function(e) { | |
var t = this.getInteractionInProgress(); | |
return e ? t === this.clientId : !!t | |
} | |
, | |
t.prototype.getInteractionInProgress = function() { | |
var e = T.CACHE_PREFIX + "." + Te.INTERACTION_STATUS_KEY; | |
return this.getTemporaryCache(e, !1) | |
} | |
, | |
t.prototype.setInteractionInProgress = function(e) { | |
var t = T.CACHE_PREFIX + "." + Te.INTERACTION_STATUS_KEY; | |
if (e) { | |
if (this.getInteractionInProgress()) | |
throw ke.createInteractionInProgressError(); | |
this.setTemporaryCache(t, this.clientId, !1) | |
} else | |
e || this.getInteractionInProgress() !== this.clientId || this.removeItem(t) | |
} | |
, | |
t.prototype.getLegacyLoginHint = function() { | |
var e = this.getTemporaryCache(y.ADAL_ID_TOKEN); | |
e && (this.browserStorage.removeItem(y.ADAL_ID_TOKEN), | |
this.logger.verbose("Cached ADAL id token retrieved.")); | |
var t = this.getTemporaryCache(y.ID_TOKEN, !0); | |
t && (this.removeItem(this.generateCacheKey(y.ID_TOKEN)), | |
this.logger.verbose("Cached MSAL.js v1 id token retrieved")); | |
var r = t || e; | |
if (r) { | |
var n = new se(r,this.cryptoImpl); | |
if (n.claims && n.claims.preferred_username) | |
return this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 preferred_username as loginHint"), | |
n.claims.preferred_username; | |
if (n.claims && n.claims.upn) | |
return this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 upn as loginHint"), | |
n.claims.upn; | |
this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, however, no account hint claim found. Enable preferred_username or upn id token claim to get SSO.") | |
} | |
return null | |
} | |
, | |
t.prototype.updateCredentialCacheKey = function(e, t) { | |
var r = t.generateCredentialKey(); | |
if (e !== r) { | |
var n = this.getItem(e); | |
if (n) | |
return this.removeItem(e), | |
this.setItem(r, n), | |
this.logger.verbose("Updated an outdated " + t.credentialType + " cache key"), | |
r; | |
this.logger.error("Attempted to update an outdated " + t.credentialType + " cache key but no item matching the outdated key was found in storage") | |
} | |
return e | |
} | |
, | |
t | |
}(ce); | |
!function(e) { | |
e[e.Error = 0] = "Error", | |
e[e.Warning = 1] = "Warning", | |
e[e.Info = 2] = "Info", | |
e[e.Verbose = 3] = "Verbose", | |
e[e.Trace = 4] = "Trace" | |
}(qe || (qe = {})); | |
var ze, je = function() { | |
function e(e, t, r) { | |
this.level = qe.Info, | |
this.localCallback = e.loggerCallback || function() {} | |
, | |
this.piiLoggingEnabled = e.piiLoggingEnabled || !1, | |
this.level = "number" == typeof e.logLevel ? e.logLevel : qe.Info, | |
this.correlationId = e.correlationId || T.EMPTY_STRING, | |
this.packageName = t || T.EMPTY_STRING, | |
this.packageVersion = r || T.EMPTY_STRING | |
} | |
return e.prototype.clone = function(t, r, n) { | |
return new e({ | |
loggerCallback: this.localCallback, | |
piiLoggingEnabled: this.piiLoggingEnabled, | |
logLevel: this.level, | |
correlationId: n || this.correlationId | |
},t,r) | |
} | |
, | |
e.prototype.logMessage = function(e, t) { | |
if (!(t.logLevel > this.level || !this.piiLoggingEnabled && t.containsPii)) { | |
var r = (new Date).toUTCString() | |
, n = ($.isEmpty(t.correlationId) ? $.isEmpty(this.correlationId) ? "[" + r + "]" : "[" + r + "] : [" + this.correlationId + "]" : "[" + r + "] : [" + t.correlationId + "]") + " : " + this.packageName + "@" + this.packageVersion + " : " + qe[t.logLevel] + " - " + e; | |
this.executeCallback(t.logLevel, n, t.containsPii || !1) | |
} | |
} | |
, | |
e.prototype.executeCallback = function(e, t, r) { | |
this.localCallback && this.localCallback(e, t, r) | |
} | |
, | |
e.prototype.error = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Error, | |
containsPii: !1, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.errorPii = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Error, | |
containsPii: !0, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.warning = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Warning, | |
containsPii: !1, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.warningPii = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Warning, | |
containsPii: !0, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.info = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Info, | |
containsPii: !1, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.infoPii = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Info, | |
containsPii: !0, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.verbose = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Verbose, | |
containsPii: !1, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.verbosePii = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Verbose, | |
containsPii: !0, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.trace = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Trace, | |
containsPii: !1, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.tracePii = function(e, t) { | |
this.logMessage(e, { | |
logLevel: qe.Trace, | |
containsPii: !0, | |
correlationId: t || T.EMPTY_STRING | |
}) | |
} | |
, | |
e.prototype.isPiiLoggingEnabled = function() { | |
return this.piiLoggingEnabled || !1 | |
} | |
, | |
e | |
}(), Ye = "7.4.1"; | |
!function(e) { | |
e[e.None = 0] = "None", | |
e.AzurePublic = "https://login.microsoftonline.com", | |
e.AzurePpe = "https://login.windows-ppe.net", | |
e.AzureChina = "https://login.chinacloudapi.cn", | |
e.AzureGermany = "https://login.microsoftonline.de", | |
e.AzureUsGovernment = "https://login.microsoftonline.us" | |
}(ze || (ze = {})); | |
var We, Ve = { | |
tokenRenewalOffsetSeconds: 300, | |
preventCorsPreflight: !1, | |
proxyUrl: T.EMPTY_STRING | |
}, Je = { | |
loggerCallback: function() {}, | |
piiLoggingEnabled: !1, | |
logLevel: qe.Info, | |
correlationId: T.EMPTY_STRING | |
}, Qe = { | |
sendGetRequestAsync: function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Network interface - sendGetRequestAsync() has not been implemented") | |
} | |
)) | |
} | |
)) | |
}, | |
sendPostRequestAsync: function() { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(e) { | |
throw J.createUnexpectedError("Network interface - sendPostRequestAsync() has not been implemented") | |
} | |
)) | |
} | |
)) | |
} | |
}, Xe = { | |
sku: T.SKU, | |
version: Ye, | |
cpu: T.EMPTY_STRING, | |
os: T.EMPTY_STRING | |
}, $e = { | |
clientSecret: T.EMPTY_STRING, | |
clientAssertion: void 0 | |
}, Ze = { | |
azureCloudInstance: ze.None, | |
tenant: "" + T.DEFAULT_COMMON_TENANT | |
}, et = { | |
application: { | |
appName: "", | |
appVersion: "" | |
} | |
}, tt = function(e) { | |
function t(r, n, o) { | |
var i = e.call(this, r, n, o) || this; | |
return i.name = "ServerError", | |
Object.setPrototypeOf(i, t.prototype), | |
i | |
} | |
return h(t, e), | |
t | |
}(J), rt = function() { | |
function e() {} | |
return e.generateThrottlingStorageKey = function(e) { | |
return "throttling." + JSON.stringify(e) | |
} | |
, | |
e.preProcess = function(t, r) { | |
var n, o = e.generateThrottlingStorageKey(r), i = t.getThrottlingCache(o); | |
if (i) { | |
if (i.throttleTime < Date.now()) | |
return void t.removeItem(o, O.THROTTLING); | |
throw new tt((null === (n = i.errorCodes) || void 0 === n ? void 0 : n.join(" ")) || T.EMPTY_STRING,i.errorMessage,i.subError) | |
} | |
} | |
, | |
e.postProcess = function(t, r, n) { | |
if (e.checkResponseStatus(n) || e.checkResponseForRetryAfter(n)) { | |
var o = { | |
throttleTime: e.calculateThrottleTime(parseInt(n.headers[v.RETRY_AFTER])), | |
error: n.body.error, | |
errorCodes: n.body.error_codes, | |
errorMessage: n.body.error_description, | |
subError: n.body.suberror | |
}; | |
t.setThrottlingCache(e.generateThrottlingStorageKey(r), o) | |
} | |
} | |
, | |
e.checkResponseStatus = function(e) { | |
return 429 === e.status || e.status >= 500 && e.status < 600 | |
} | |
, | |
e.checkResponseForRetryAfter = function(e) { | |
return !!e.headers && e.headers.hasOwnProperty(v.RETRY_AFTER) && (e.status < 200 || e.status >= 300) | |
} | |
, | |
e.calculateThrottleTime = function(e) { | |
var t = e <= 0 ? 0 : e | |
, r = Date.now() / 1e3; | |
return Math.floor(1e3 * Math.min(r + (t || 60), r + 3600)) | |
} | |
, | |
e.removeThrottle = function(e, t, r, n) { | |
var o = { | |
clientId: t, | |
authority: r.authority, | |
scopes: r.scopes, | |
homeAccountIdentifier: n, | |
claims: r.claims, | |
authenticationScheme: r.authenticationScheme, | |
resourceRequestMethod: r.resourceRequestMethod, | |
resourceRequestUri: r.resourceRequestUri, | |
shrClaims: r.shrClaims, | |
sshKid: r.sshKid | |
} | |
, i = this.generateThrottlingStorageKey(o); | |
return e.removeItem(i, O.THROTTLING) | |
} | |
, | |
e | |
}(), nt = function() { | |
function e(e, t) { | |
this.networkClient = e, | |
this.cacheManager = t | |
} | |
return e.prototype.sendPostRequest = function(e, t, r) { | |
return g(this, void 0, void 0, (function() { | |
var n, o; | |
return f(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
rt.preProcess(this.cacheManager, e), | |
i.label = 1; | |
case 1: | |
return i.trys.push([1, 3, , 4]), | |
[4, this.networkClient.sendPostRequestAsync(t, r)]; | |
case 2: | |
return n = i.sent(), | |
[3, 4]; | |
case 3: | |
throw (o = i.sent())instanceof J ? o : X.createNetworkError(t, o); | |
case 4: | |
return rt.postProcess(this.cacheManager, e, n), | |
[2, n] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}(), ot = function() { | |
function e(e, t) { | |
var r, n, o, i, a, s, c, u, l, d, h, g, f, m, v; | |
this.config = (o = (r = e).authOptions, | |
i = r.systemOptions, | |
a = r.loggerOptions, | |
s = r.storageInterface, | |
c = r.networkInterface, | |
u = r.cryptoInterface, | |
l = r.clientCredentials, | |
d = r.libraryInfo, | |
h = r.telemetry, | |
g = r.serverTelemetryManager, | |
f = r.persistencePlugin, | |
m = r.serializableCache, | |
v = p(p({}, Je), a), | |
{ | |
authOptions: (n = o, | |
p({ | |
clientCapabilities: [], | |
azureCloudOptions: Ze, | |
skipAuthorityMetadataCache: !1 | |
}, n)), | |
systemOptions: p(p({}, Ve), i), | |
loggerOptions: v, | |
storageInterface: s || new ue(o.clientId,be), | |
networkInterface: c || Qe, | |
cryptoInterface: u || be, | |
clientCredentials: l || $e, | |
libraryInfo: p(p({}, Xe), d), | |
telemetry: p(p({}, et), h), | |
serverTelemetryManager: g || null, | |
persistencePlugin: f || null, | |
serializableCache: m || null | |
}), | |
this.logger = new je(this.config.loggerOptions,"@azure/msal-common",Ye), | |
this.cryptoUtils = this.config.cryptoInterface, | |
this.cacheManager = this.config.storageInterface, | |
this.networkClient = this.config.networkInterface, | |
this.networkManager = new nt(this.networkClient,this.cacheManager), | |
this.serverTelemetryManager = this.config.serverTelemetryManager, | |
this.authority = this.config.authOptions.authority, | |
this.performanceClient = t | |
} | |
return e.prototype.createTokenRequestHeaders = function(e) { | |
var t = {}; | |
if (t[v.CONTENT_TYPE] = T.URL_FORM_CONTENT_TYPE, | |
!this.config.systemOptions.preventCorsPreflight && e) | |
switch (e.type) { | |
case te.HOME_ACCOUNT_ID: | |
try { | |
var r = ee(e.credential); | |
t[v.CCS_HEADER] = "Oid:" + r.uid + "@" + r.utid | |
} catch (e) { | |
this.logger.verbose("Could not parse home account ID for CCS Header: " + e) | |
} | |
break; | |
case te.UPN: | |
t[v.CCS_HEADER] = "UPN: " + e.credential | |
} | |
return t | |
} | |
, | |
e.prototype.executePostToTokenEndpoint = function(e, t, r, n) { | |
return g(this, void 0, void 0, (function() { | |
var o; | |
return f(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
return [4, this.networkManager.sendPostRequest(n, e, { | |
body: t, | |
headers: r, | |
proxyUrl: this.config.systemOptions.proxyUrl | |
})]; | |
case 1: | |
return o = i.sent(), | |
this.config.serverTelemetryManager && o.status < 500 && 429 !== o.status && this.config.serverTelemetryManager.clearTelemetryCache(), | |
[2, o] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.updateAuthority = function(e) { | |
if (!e.discoveryComplete()) | |
throw X.createEndpointDiscoveryIncompleteError("Updated authority has not completed endpoint discovery."); | |
this.authority = e | |
} | |
, | |
e | |
}(), it = function() { | |
function e() {} | |
return e.validateRedirectUri = function(e) { | |
if ($.isEmpty(e)) | |
throw ie.createRedirectUriEmptyError() | |
} | |
, | |
e.validatePrompt = function(e) { | |
var t = []; | |
for (var r in A) | |
t.push(A[r]); | |
if (t.indexOf(e) < 0) | |
throw ie.createInvalidPromptError(e) | |
} | |
, | |
e.validateClaims = function(e) { | |
try { | |
JSON.parse(e) | |
} catch (e) { | |
throw ie.createInvalidClaimsRequestError() | |
} | |
} | |
, | |
e.validateCodeChallengeParams = function(e, t) { | |
if ($.isEmpty(e) || $.isEmpty(t)) | |
throw ie.createInvalidCodeChallengeParamsError(); | |
this.validateCodeChallengeMethod(t) | |
} | |
, | |
e.validateCodeChallengeMethod = function(e) { | |
if ([U.PLAIN, U.S256].indexOf(e) < 0) | |
throw ie.createInvalidCodeChallengeMethodError() | |
} | |
, | |
e.sanitizeEQParams = function(e, t) { | |
return e ? (t.forEach((function(t, r) { | |
e[r] && delete e[r] | |
} | |
)), | |
e) : {} | |
} | |
, | |
e | |
}(), at = function() { | |
function e() { | |
this.parameters = new Map | |
} | |
return e.prototype.addResponseTypeCode = function() { | |
this.parameters.set(_.RESPONSE_TYPE, encodeURIComponent(T.CODE_RESPONSE_TYPE)) | |
} | |
, | |
e.prototype.addResponseTypeForTokenAndIdToken = function() { | |
this.parameters.set(_.RESPONSE_TYPE, encodeURIComponent(T.TOKEN_RESPONSE_TYPE + " " + T.ID_TOKEN_RESPONSE_TYPE)) | |
} | |
, | |
e.prototype.addResponseMode = function(e) { | |
this.parameters.set(_.RESPONSE_MODE, encodeURIComponent(e || b.QUERY)) | |
} | |
, | |
e.prototype.addNativeBroker = function() { | |
this.parameters.set(_.NATIVE_BROKER, encodeURIComponent("1")) | |
} | |
, | |
e.prototype.addScopes = function(e, t) { | |
void 0 === t && (t = !0); | |
var r = t ? m(e || [], w) : e || [] | |
, n = new ae(r); | |
this.parameters.set(_.SCOPE, encodeURIComponent(n.printScopes())) | |
} | |
, | |
e.prototype.addClientId = function(e) { | |
this.parameters.set(_.CLIENT_ID, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addRedirectUri = function(e) { | |
it.validateRedirectUri(e), | |
this.parameters.set(_.REDIRECT_URI, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addPostLogoutRedirectUri = function(e) { | |
it.validateRedirectUri(e), | |
this.parameters.set(_.POST_LOGOUT_URI, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addIdTokenHint = function(e) { | |
this.parameters.set(_.ID_TOKEN_HINT, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addDomainHint = function(e) { | |
this.parameters.set(I.DOMAIN_HINT, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addLoginHint = function(e) { | |
this.parameters.set(I.LOGIN_HINT, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addCcsUpn = function(e) { | |
this.parameters.set(v.CCS_HEADER, encodeURIComponent("UPN:" + e)) | |
} | |
, | |
e.prototype.addCcsOid = function(e) { | |
this.parameters.set(v.CCS_HEADER, encodeURIComponent("Oid:" + e.uid + "@" + e.utid)) | |
} | |
, | |
e.prototype.addSid = function(e) { | |
this.parameters.set(I.SID, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addClaims = function(e, t) { | |
var r = this.addClientCapabilitiesToClaims(e, t); | |
it.validateClaims(r), | |
this.parameters.set(_.CLAIMS, encodeURIComponent(r)) | |
} | |
, | |
e.prototype.addCorrelationId = function(e) { | |
this.parameters.set(_.CLIENT_REQUEST_ID, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addLibraryInfo = function(e) { | |
this.parameters.set(_.X_CLIENT_SKU, e.sku), | |
this.parameters.set(_.X_CLIENT_VER, e.version), | |
e.os && this.parameters.set(_.X_CLIENT_OS, e.os), | |
e.cpu && this.parameters.set(_.X_CLIENT_CPU, e.cpu) | |
} | |
, | |
e.prototype.addApplicationTelemetry = function(e) { | |
(null == e ? void 0 : e.appName) && this.parameters.set(_.X_APP_NAME, e.appName), | |
(null == e ? void 0 : e.appVersion) && this.parameters.set(_.X_APP_VER, e.appVersion) | |
} | |
, | |
e.prototype.addPrompt = function(e) { | |
it.validatePrompt(e), | |
this.parameters.set("" + _.PROMPT, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addState = function(e) { | |
$.isEmpty(e) || this.parameters.set(_.STATE, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addNonce = function(e) { | |
this.parameters.set(_.NONCE, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addCodeChallengeParams = function(e, t) { | |
if (it.validateCodeChallengeParams(e, t), | |
!e || !t) | |
throw ie.createInvalidCodeChallengeParamsError(); | |
this.parameters.set(_.CODE_CHALLENGE, encodeURIComponent(e)), | |
this.parameters.set(_.CODE_CHALLENGE_METHOD, encodeURIComponent(t)) | |
} | |
, | |
e.prototype.addAuthorizationCode = function(e) { | |
this.parameters.set(_.CODE, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addDeviceCode = function(e) { | |
this.parameters.set(_.DEVICE_CODE, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addRefreshToken = function(e) { | |
this.parameters.set(_.REFRESH_TOKEN, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addCodeVerifier = function(e) { | |
this.parameters.set(_.CODE_VERIFIER, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addClientSecret = function(e) { | |
this.parameters.set(_.CLIENT_SECRET, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addClientAssertion = function(e) { | |
$.isEmpty(e) || this.parameters.set(_.CLIENT_ASSERTION, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addClientAssertionType = function(e) { | |
$.isEmpty(e) || this.parameters.set(_.CLIENT_ASSERTION_TYPE, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addOboAssertion = function(e) { | |
this.parameters.set(_.OBO_ASSERTION, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addRequestTokenUse = function(e) { | |
this.parameters.set(_.REQUESTED_TOKEN_USE, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addGrantType = function(e) { | |
this.parameters.set(_.GRANT_TYPE, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addClientInfo = function() { | |
this.parameters.set("client_info", "1") | |
} | |
, | |
e.prototype.addExtraQueryParameters = function(e) { | |
var t = this; | |
it.sanitizeEQParams(e, this.parameters), | |
Object.keys(e).forEach((function(r) { | |
t.parameters.set(r, e[r]) | |
} | |
)) | |
} | |
, | |
e.prototype.addClientCapabilitiesToClaims = function(e, t) { | |
var r; | |
if (e) | |
try { | |
r = JSON.parse(e) | |
} catch (e) { | |
throw ie.createInvalidClaimsRequestError() | |
} | |
else | |
r = {}; | |
return t && t.length > 0 && (r.hasOwnProperty(C.ACCESS_TOKEN) || (r[C.ACCESS_TOKEN] = {}), | |
r[C.ACCESS_TOKEN][C.XMS_CC] = { | |
values: t | |
}), | |
JSON.stringify(r) | |
} | |
, | |
e.prototype.addUsername = function(e) { | |
this.parameters.set(K.username, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addPassword = function(e) { | |
this.parameters.set(K.password, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.addPopToken = function(e) { | |
$.isEmpty(e) || (this.parameters.set(_.TOKEN_TYPE, F.POP), | |
this.parameters.set(_.REQ_CNF, encodeURIComponent(e))) | |
} | |
, | |
e.prototype.addSshJwk = function(e) { | |
$.isEmpty(e) || (this.parameters.set(_.TOKEN_TYPE, F.SSH), | |
this.parameters.set(_.REQ_CNF, encodeURIComponent(e))) | |
} | |
, | |
e.prototype.addServerTelemetry = function(e) { | |
this.parameters.set(_.X_CLIENT_CURR_TELEM, e.generateCurrentRequestHeaderValue()), | |
this.parameters.set(_.X_CLIENT_LAST_TELEM, e.generateLastRequestHeaderValue()) | |
} | |
, | |
e.prototype.addThrottling = function() { | |
this.parameters.set(_.X_MS_LIB_CAPABILITY, "retry-after, h429") | |
} | |
, | |
e.prototype.addLogoutHint = function(e) { | |
this.parameters.set(_.LOGOUT_HINT, encodeURIComponent(e)) | |
} | |
, | |
e.prototype.createQueryString = function() { | |
var e = new Array; | |
return this.parameters.forEach((function(t, r) { | |
e.push(r + "=" + t) | |
} | |
)), | |
e.join("&") | |
} | |
, | |
e | |
}(), st = ["interaction_required", "consent_required", "login_required"], ct = ["message_only", "additional_action", "basic_action", "user_password_expired", "consent_required"], ut = { | |
noTokensFoundError: { | |
code: "no_tokens_found", | |
desc: "No refresh token found in the cache. Please sign-in." | |
}, | |
native_account_unavailable: { | |
code: "native_account_unavailable", | |
desc: "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API." | |
} | |
}, lt = function(e) { | |
function t(r, n, o) { | |
var i = e.call(this, r, n, o) || this; | |
return i.name = "InteractionRequiredAuthError", | |
Object.setPrototypeOf(i, t.prototype), | |
i | |
} | |
return h(t, e), | |
t.isInteractionRequiredError = function(e, t, r) { | |
var n = !!e && st.indexOf(e) > -1 | |
, o = !!r && ct.indexOf(r) > -1 | |
, i = !!t && st.some((function(e) { | |
return t.indexOf(e) > -1 | |
} | |
)); | |
return n || i || o | |
} | |
, | |
t.createNoTokensFoundError = function() { | |
return new t(ut.noTokensFoundError.code,ut.noTokensFoundError.desc) | |
} | |
, | |
t.createNativeAccountUnavailableError = function() { | |
return new t(ut.native_account_unavailable.code,ut.native_account_unavailable.desc) | |
} | |
, | |
t | |
}(J), dt = function(e, t, r, n, o) { | |
this.account = e || null, | |
this.idToken = t || null, | |
this.accessToken = r || null, | |
this.refreshToken = n || null, | |
this.appMetadata = o || null | |
}; | |
!function(e) { | |
e.SW = "sw", | |
e.UHW = "uhw" | |
}(We || (We = {})); | |
var ht, pt, gt = function() { | |
function e(e) { | |
this.cryptoUtils = e | |
} | |
return e.prototype.generateCnf = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r, n; | |
return f(this, (function(o) { | |
switch (o.label) { | |
case 0: | |
return [4, this.generateKid(e)]; | |
case 1: | |
return t = o.sent(), | |
r = this.cryptoUtils.base64Encode(JSON.stringify(t)), | |
n = { | |
kid: t.kid, | |
reqCnfString: r | |
}, | |
[4, this.cryptoUtils.hashString(r)]; | |
case 2: | |
return [2, (n.reqCnfHash = o.sent(), | |
n)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.generateKid = function(e) { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
return [4, this.cryptoUtils.getPublicKeyThumbprint(e)]; | |
case 1: | |
return [2, { | |
kid: t.sent(), | |
xms_ksl: We.SW | |
}] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.signPopToken = function(e, t, r) { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(n) { | |
return [2, this.signPayload(e, t, r)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.signPayload = function(e, t, r, n) { | |
return g(this, void 0, void 0, (function() { | |
var o, i, a, s, c, u; | |
return f(this, (function(l) { | |
switch (l.label) { | |
case 0: | |
return o = r.resourceRequestMethod, | |
i = r.resourceRequestUri, | |
a = r.shrClaims, | |
s = r.shrNonce, | |
c = i ? new Ke(i) : void 0, | |
u = null == c ? void 0 : c.getUrlComponents(), | |
[4, this.cryptoUtils.signJwt(p({ | |
at: e, | |
ts: de.nowSeconds(), | |
m: null == o ? void 0 : o.toUpperCase(), | |
u: null == u ? void 0 : u.HostNameAndPort, | |
nonce: s || this.cryptoUtils.createNewGuid(), | |
p: null == u ? void 0 : u.AbsolutePath, | |
q: (null == u ? void 0 : u.QueryString) ? [[], u.QueryString] : void 0, | |
client_claims: a || void 0 | |
}, n), t, r.correlationId)]; | |
case 1: | |
return [2, l.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}(), ft = function() { | |
function e(e, t) { | |
this.cache = e, | |
this.hasChanged = t | |
} | |
return Object.defineProperty(e.prototype, "cacheHasChanged", { | |
get: function() { | |
return this.hasChanged | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "tokenCache", { | |
get: function() { | |
return this.cache | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
e | |
}(), mt = function() { | |
function e(e, t, r, n, o, i) { | |
this.clientId = e, | |
this.cacheStorage = t, | |
this.cryptoObj = r, | |
this.logger = n, | |
this.serializableCache = o, | |
this.persistencePlugin = i | |
} | |
return e.prototype.validateServerAuthorizationCodeResponse = function(e, t, r) { | |
if (!e.state || !t) | |
throw e.state ? X.createStateNotFoundError("Cached State") : X.createStateNotFoundError("Server State"); | |
if (decodeURIComponent(e.state) !== decodeURIComponent(t)) | |
throw X.createStateMismatchError(); | |
if (e.error || e.error_description || e.suberror) { | |
if (lt.isInteractionRequiredError(e.error, e.error_description, e.suberror)) | |
throw new lt(e.error || T.EMPTY_STRING,e.error_description,e.suberror); | |
throw new tt(e.error || T.EMPTY_STRING,e.error_description,e.suberror) | |
} | |
e.client_info && Z(e.client_info, r) | |
} | |
, | |
e.prototype.validateTokenResponse = function(e) { | |
if (e.error || e.error_description || e.suberror) { | |
if (lt.isInteractionRequiredError(e.error, e.error_description, e.suberror)) | |
throw new lt(e.error,e.error_description,e.suberror); | |
var t = e.error_codes + " - [" + e.timestamp + "]: " + e.error_description + " - Correlation ID: " + e.correlation_id + " - Trace ID: " + e.trace_id; | |
throw new tt(e.error,t,e.suberror) | |
} | |
} | |
, | |
e.prototype.handleServerTokenResponse = function(t, r, n, o, i, a, s, c) { | |
return g(this, void 0, void 0, (function() { | |
var u, l, d, h, p; | |
return f(this, (function(g) { | |
switch (g.label) { | |
case 0: | |
if (t.id_token && (u = new se(t.id_token || T.EMPTY_STRING,this.cryptoObj), | |
i && !$.isEmpty(i.nonce) && u.claims.nonce !== i.nonce)) | |
throw X.createNonceMismatchError(); | |
this.homeAccountIdentifier = re.generateHomeAccountId(t.client_info || T.EMPTY_STRING, r.authorityType, this.logger, this.cryptoObj, u), | |
i && i.state && (l = ye.parseRequestState(this.cryptoObj, i.state)), | |
t.key_id = t.key_id || o.sshKid || void 0, | |
d = this.generateCacheRecord(t, r, n, o, u, a, i), | |
g.label = 1; | |
case 1: | |
return g.trys.push([1, , 5, 8]), | |
this.persistencePlugin && this.serializableCache ? (this.logger.verbose("Persistence enabled, calling beforeCacheAccess"), | |
h = new ft(this.serializableCache,!0), | |
[4, this.persistencePlugin.beforeCacheAccess(h)]) : [3, 3]; | |
case 2: | |
g.sent(), | |
g.label = 3; | |
case 3: | |
return !s || c || !d.account || (p = d.account.generateAccountKey(), | |
this.cacheStorage.getAccount(p)) ? [4, this.cacheStorage.saveCacheRecord(d)] : (this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"), | |
[2, e.generateAuthenticationResult(this.cryptoObj, r, d, !1, o, u, l, void 0)]); | |
case 4: | |
return g.sent(), | |
[3, 8]; | |
case 5: | |
return this.persistencePlugin && this.serializableCache && h ? (this.logger.verbose("Persistence enabled, calling afterCacheAccess"), | |
[4, this.persistencePlugin.afterCacheAccess(h)]) : [3, 7]; | |
case 6: | |
g.sent(), | |
g.label = 7; | |
case 7: | |
return [7]; | |
case 8: | |
return [2, e.generateAuthenticationResult(this.cryptoObj, r, d, !1, o, u, l, t.spa_code)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.generateCacheRecord = function(e, t, r, n, o, i, a) { | |
var s, c, u = t.getPreferredCache(); | |
if ($.isEmpty(u)) | |
throw X.createInvalidCacheEnvironmentError(); | |
!$.isEmpty(e.id_token) && o && (s = le.createIdTokenEntity(this.homeAccountIdentifier, u, e.id_token || T.EMPTY_STRING, this.clientId, o.claims.tid || T.EMPTY_STRING), | |
c = this.generateAccountEntity(e, o, t, a)); | |
var l = null; | |
if (!$.isEmpty(e.access_token)) { | |
var d = e.scope ? ae.fromString(e.scope) : new ae(n.scopes || []) | |
, h = ("string" == typeof e.expires_in ? parseInt(e.expires_in, 10) : e.expires_in) || 0 | |
, p = ("string" == typeof e.ext_expires_in ? parseInt(e.ext_expires_in, 10) : e.ext_expires_in) || 0 | |
, g = ("string" == typeof e.refresh_in ? parseInt(e.refresh_in, 10) : e.refresh_in) || void 0 | |
, f = r + h | |
, m = f + p | |
, v = g && g > 0 ? r + g : void 0; | |
l = he.createAccessTokenEntity(this.homeAccountIdentifier, u, e.access_token || T.EMPTY_STRING, this.clientId, o ? o.claims.tid || T.EMPTY_STRING : t.tenant, d.printScopes(), f, m, this.cryptoObj, v, e.token_type, i, e.key_id, n.claims, n.requestedClaimsHash) | |
} | |
var y = null; | |
$.isEmpty(e.refresh_token) || (y = pe.createRefreshTokenEntity(this.homeAccountIdentifier, u, e.refresh_token || T.EMPTY_STRING, this.clientId, e.foci, i)); | |
var E = null; | |
return $.isEmpty(e.foci) || (E = ge.createAppMetadataEntity(this.clientId, u, e.foci)), | |
new dt(c,s,l,y,E) | |
} | |
, | |
e.prototype.generateAccountEntity = function(e, t, r, n) { | |
var o = r.authorityType | |
, i = n ? n.cloud_graph_host_name : T.EMPTY_STRING | |
, a = n ? n.msgraph_host : T.EMPTY_STRING; | |
if (o === W.Adfs) | |
return this.logger.verbose("Authority type is ADFS, creating ADFS account"), | |
re.createGenericAccount(this.homeAccountIdentifier, t, r, i, a); | |
if ($.isEmpty(e.client_info) && "AAD" === r.protocolMode) | |
throw X.createClientInfoEmptyError(); | |
return e.client_info ? re.createAccount(e.client_info, this.homeAccountIdentifier, t, r, i, a) : re.createGenericAccount(this.homeAccountIdentifier, t, r, i, a) | |
} | |
, | |
e.generateAuthenticationResult = function(e, t, r, n, o, i, a, s) { | |
var c, u, l; | |
return g(this, void 0, void 0, (function() { | |
var d, h, p, g, m, v, y, E, _, C, w; | |
return f(this, (function(f) { | |
switch (f.label) { | |
case 0: | |
if (d = T.EMPTY_STRING, | |
h = [], | |
p = null, | |
m = T.EMPTY_STRING, | |
!r.accessToken) | |
return [3, 4]; | |
if (r.accessToken.tokenType !== F.POP) | |
return [3, 2]; | |
if (v = new gt(e), | |
y = r.accessToken, | |
E = y.secret, | |
!(_ = y.keyId)) | |
throw X.createKeyIdMissingError(); | |
return [4, v.signPopToken(E, _, o)]; | |
case 1: | |
return d = f.sent(), | |
[3, 3]; | |
case 2: | |
d = r.accessToken.secret, | |
f.label = 3; | |
case 3: | |
h = ae.fromString(r.accessToken.target).asArray(), | |
p = new Date(1e3 * Number(r.accessToken.expiresOn)), | |
g = new Date(1e3 * Number(r.accessToken.extendedExpiresOn)), | |
f.label = 4; | |
case 4: | |
return r.appMetadata && (m = r.appMetadata.familyId === L ? L : T.EMPTY_STRING), | |
C = (null == i ? void 0 : i.claims.oid) || (null == i ? void 0 : i.claims.sub) || T.EMPTY_STRING, | |
w = (null == i ? void 0 : i.claims.tid) || T.EMPTY_STRING, | |
[2, { | |
authority: t.canonicalAuthority, | |
uniqueId: C, | |
tenantId: w, | |
scopes: h, | |
account: r.account ? r.account.getAccountInfo() : null, | |
idToken: i ? i.rawToken : T.EMPTY_STRING, | |
idTokenClaims: i ? i.claims : {}, | |
accessToken: d, | |
fromCache: n, | |
expiresOn: p, | |
correlationId: o.correlationId, | |
extExpiresOn: g, | |
familyId: m, | |
tokenType: (null === (c = r.accessToken) || void 0 === c ? void 0 : c.tokenType) || T.EMPTY_STRING, | |
state: a ? a.userRequestState : T.EMPTY_STRING, | |
cloudGraphHostName: (null === (u = r.account) || void 0 === u ? void 0 : u.cloudGraphHostName) || T.EMPTY_STRING, | |
msGraphHost: (null === (l = r.account) || void 0 === l ? void 0 : l.msGraphHost) || T.EMPTY_STRING, | |
code: s, | |
fromNativeBroker: !1 | |
}] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}(), vt = function(e) { | |
function t(t) { | |
var r = e.call(this, t) || this; | |
return r.includeRedirectUri = !0, | |
r | |
} | |
return h(t, e), | |
t.prototype.getAuthCodeUrl = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t; | |
return f(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return [4, this.createAuthCodeUrlQueryString(e)]; | |
case 1: | |
return t = r.sent(), | |
[2, Ke.appendQueryString(this.authority.authorizationEndpoint, t)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.acquireToken = function(e, t) { | |
return g(this, void 0, void 0, (function() { | |
var r, n, o; | |
return f(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
if (this.logger.info("in acquireToken call"), | |
!e || $.isEmpty(e.code)) | |
throw X.createTokenRequestCannotBeMadeError(); | |
return r = de.nowSeconds(), | |
[4, this.executeTokenRequest(this.authority, e)]; | |
case 1: | |
return n = i.sent(), | |
(o = new mt(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin)).validateTokenResponse(n.body), | |
[4, o.handleServerTokenResponse(n.body, this.authority, r, e, t)]; | |
case 2: | |
return [2, i.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.handleFragmentResponse = function(e, t) { | |
var r = new mt(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,null,null) | |
, n = new Ke(e) | |
, o = Ke.getDeserializedHash(n.getHash()); | |
if (r.validateServerAuthorizationCodeResponse(o, t, this.cryptoUtils), | |
!o.code) | |
throw X.createNoAuthCodeInServerResponseError(); | |
return p(p({}, o), { | |
code: o.code | |
}) | |
} | |
, | |
t.prototype.getLogoutUri = function(e) { | |
if (!e) | |
throw ie.createEmptyLogoutRequestError(); | |
var t = this.createLogoutUrlQueryString(e); | |
return Ke.appendQueryString(this.authority.endSessionEndpoint, t) | |
} | |
, | |
t.prototype.executeTokenRequest = function(e, t) { | |
return g(this, void 0, void 0, (function() { | |
var r, n, o, i, a, s, c; | |
return f(this, (function(u) { | |
switch (u.label) { | |
case 0: | |
return r = { | |
clientId: this.config.authOptions.clientId, | |
authority: e.canonicalAuthority, | |
scopes: t.scopes, | |
claims: t.claims, | |
authenticationScheme: t.authenticationScheme, | |
resourceRequestMethod: t.resourceRequestMethod, | |
resourceRequestUri: t.resourceRequestUri, | |
shrClaims: t.shrClaims, | |
sshKid: t.sshKid | |
}, | |
[4, this.createTokenRequestBody(t)]; | |
case 1: | |
if (n = u.sent(), | |
o = this.createTokenQueryParameters(t), | |
i = void 0, | |
t.clientInfo) | |
try { | |
a = Z(t.clientInfo, this.cryptoUtils), | |
i = { | |
credential: "" + a.uid + N.CLIENT_INFO_SEPARATOR + a.utid, | |
type: te.HOME_ACCOUNT_ID | |
} | |
} catch (e) { | |
this.logger.verbose("Could not parse client info for CCS Header: " + e) | |
} | |
return s = this.createTokenRequestHeaders(i || t.ccsCredential), | |
c = $.isEmpty(o) ? e.tokenEndpoint : e.tokenEndpoint + "?" + o, | |
[2, this.executePostToTokenEndpoint(c, n, s, r)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.createTokenQueryParameters = function(e) { | |
var t = new at; | |
return e.tokenQueryParameters && t.addExtraQueryParameters(e.tokenQueryParameters), | |
t.createQueryString() | |
} | |
, | |
t.prototype.createTokenRequestBody = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r, n, o, i, a, s; | |
return f(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return (t = new at).addClientId(this.config.authOptions.clientId), | |
this.includeRedirectUri ? t.addRedirectUri(e.redirectUri) : it.validateRedirectUri(e.redirectUri), | |
t.addScopes(e.scopes), | |
t.addAuthorizationCode(e.code), | |
t.addLibraryInfo(this.config.libraryInfo), | |
t.addApplicationTelemetry(this.config.telemetry.application), | |
t.addThrottling(), | |
this.serverTelemetryManager && t.addServerTelemetry(this.serverTelemetryManager), | |
e.codeVerifier && t.addCodeVerifier(e.codeVerifier), | |
this.config.clientCredentials.clientSecret && t.addClientSecret(this.config.clientCredentials.clientSecret), | |
this.config.clientCredentials.clientAssertion && (r = this.config.clientCredentials.clientAssertion, | |
t.addClientAssertion(r.assertion), | |
t.addClientAssertionType(r.assertionType)), | |
t.addGrantType(R.AUTHORIZATION_CODE_GRANT), | |
t.addClientInfo(), | |
e.authenticationScheme !== F.POP ? [3, 2] : [4, new gt(this.cryptoUtils).generateCnf(e)]; | |
case 1: | |
return n = c.sent(), | |
t.addPopToken(n.reqCnfString), | |
[3, 3]; | |
case 2: | |
if (e.authenticationScheme === F.SSH) { | |
if (!e.sshJwk) | |
throw ie.createMissingSshJwkError(); | |
t.addSshJwk(e.sshJwk) | |
} | |
c.label = 3; | |
case 3: | |
if (o = e.correlationId || this.config.cryptoInterface.createNewGuid(), | |
t.addCorrelationId(o), | |
(!$.isEmptyObj(e.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) && t.addClaims(e.claims, this.config.authOptions.clientCapabilities), | |
i = void 0, | |
e.clientInfo) | |
try { | |
a = Z(e.clientInfo, this.cryptoUtils), | |
i = { | |
credential: "" + a.uid + N.CLIENT_INFO_SEPARATOR + a.utid, | |
type: te.HOME_ACCOUNT_ID | |
} | |
} catch (e) { | |
this.logger.verbose("Could not parse client info for CCS Header: " + e) | |
} | |
else | |
i = e.ccsCredential; | |
if (this.config.systemOptions.preventCorsPreflight && i) | |
switch (i.type) { | |
case te.HOME_ACCOUNT_ID: | |
try { | |
a = ee(i.credential), | |
t.addCcsOid(a) | |
} catch (e) { | |
this.logger.verbose("Could not parse home account ID for CCS Header: " + e) | |
} | |
break; | |
case te.UPN: | |
t.addCcsUpn(i.credential) | |
} | |
return e.tokenBodyParameters && t.addExtraQueryParameters(e.tokenBodyParameters), | |
!e.enableSpaAuthorizationCode || e.tokenBodyParameters && e.tokenBodyParameters[_.RETURN_SPA_CODE] || t.addExtraQueryParameters(((s = {})[_.RETURN_SPA_CODE] = "1", | |
s)), | |
[2, t.createQueryString()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.createAuthCodeUrlQueryString = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r, n, o, i, a, s; | |
return f(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
if ((t = new at).addClientId(this.config.authOptions.clientId), | |
r = m(e.scopes || [], e.extraScopesToConsent || []), | |
t.addScopes(r), | |
t.addRedirectUri(e.redirectUri), | |
n = e.correlationId || this.config.cryptoInterface.createNewGuid(), | |
t.addCorrelationId(n), | |
t.addResponseMode(e.responseMode), | |
t.addResponseTypeCode(), | |
t.addLibraryInfo(this.config.libraryInfo), | |
t.addApplicationTelemetry(this.config.telemetry.application), | |
t.addClientInfo(), | |
e.codeChallenge && e.codeChallengeMethod && t.addCodeChallengeParams(e.codeChallenge, e.codeChallengeMethod), | |
e.prompt && t.addPrompt(e.prompt), | |
e.domainHint && t.addDomainHint(e.domainHint), | |
e.prompt !== A.SELECT_ACCOUNT) | |
if (e.sid && e.prompt === A.NONE) | |
this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"), | |
t.addSid(e.sid); | |
else if (e.account) { | |
if (o = this.extractAccountSid(e.account), | |
i = this.extractLoginHint(e.account)) { | |
this.logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"), | |
t.addLoginHint(i); | |
try { | |
a = ee(e.account.homeAccountId), | |
t.addCcsOid(a) | |
} catch (e) { | |
this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header") | |
} | |
} else if (o && e.prompt === A.NONE) { | |
this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"), | |
t.addSid(o); | |
try { | |
a = ee(e.account.homeAccountId), | |
t.addCcsOid(a) | |
} catch (e) { | |
this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header") | |
} | |
} else if (e.loginHint) | |
this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"), | |
t.addLoginHint(e.loginHint), | |
t.addCcsUpn(e.loginHint); | |
else if (e.account.username) { | |
this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"), | |
t.addLoginHint(e.account.username); | |
try { | |
a = ee(e.account.homeAccountId), | |
t.addCcsOid(a) | |
} catch (e) { | |
this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header") | |
} | |
} | |
} else | |
e.loginHint && (this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"), | |
t.addLoginHint(e.loginHint), | |
t.addCcsUpn(e.loginHint)); | |
else | |
this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints"); | |
return e.nonce && t.addNonce(e.nonce), | |
e.state && t.addState(e.state), | |
(!$.isEmpty(e.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) && t.addClaims(e.claims, this.config.authOptions.clientCapabilities), | |
e.extraQueryParameters && t.addExtraQueryParameters(e.extraQueryParameters), | |
e.nativeBroker ? (t.addNativeBroker(), | |
e.authenticationScheme !== F.POP ? [3, 2] : [4, new gt(this.cryptoUtils).generateCnf(e)]) : [3, 2]; | |
case 1: | |
s = c.sent(), | |
t.addPopToken(s.reqCnfHash), | |
c.label = 2; | |
case 2: | |
return [2, t.createQueryString()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.createLogoutUrlQueryString = function(e) { | |
var t = new at; | |
return e.postLogoutRedirectUri && t.addPostLogoutRedirectUri(e.postLogoutRedirectUri), | |
e.correlationId && t.addCorrelationId(e.correlationId), | |
e.idTokenHint && t.addIdTokenHint(e.idTokenHint), | |
e.state && t.addState(e.state), | |
e.logoutHint && t.addLogoutHint(e.logoutHint), | |
e.extraQueryParameters && t.addExtraQueryParameters(e.extraQueryParameters), | |
t.createQueryString() | |
} | |
, | |
t.prototype.extractAccountSid = function(e) { | |
var t; | |
return (null === (t = e.idTokenClaims) || void 0 === t ? void 0 : t.sid) || null | |
} | |
, | |
t.prototype.extractLoginHint = function(e) { | |
var t; | |
return (null === (t = e.idTokenClaims) || void 0 === t ? void 0 : t.login_hint) || null | |
} | |
, | |
t | |
}(ot); | |
function yt(e) { | |
return e.hasOwnProperty("authorization_endpoint") && e.hasOwnProperty("token_endpoint") && e.hasOwnProperty("issuer") && e.hasOwnProperty("jwks_uri") | |
} | |
!function(e) { | |
e.AcquireTokenByCode = "acquireTokenByCode", | |
e.AcquireTokenByRefreshToken = "acquireTokenByRefreshToken", | |
e.AcquireTokenSilent = "acquireTokenSilent", | |
e.AcquireTokenSilentAsync = "acquireTokenSilentAsync", | |
e.AcquireTokenPopup = "acquireTokenPopup", | |
e.CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint", | |
e.CryptoOptsSignJwt = "cryptoOptsSignJwt", | |
e.SilentCacheClientAcquireToken = "silentCacheClientAcquireToken", | |
e.SilentIframeClientAcquireToken = "silentIframeClientAcquireToken", | |
e.SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken", | |
e.SsoSilent = "ssoSilent", | |
e.StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority", | |
e.FetchAccountIdWithNativeBroker = "fetchAccountIdWithNativeBroker", | |
e.NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken", | |
e.RefreshTokenClientExecuteTokenRequest = "refreshTokenClientExecuteTokenRequest", | |
e.BaseClientCreateTokenRequestHeaders = "baseClientCreateTokenRequestHeaders", | |
e.BrokerHandhshake = "brokerHandshake", | |
e.AcquireTokenByRefreshTokenInBroker = "acquireTokenByRefreshTokenInBroker", | |
e.AcquireTokenByBroker = "acquireTokenByBroker" | |
}(ht || (ht = {})), | |
function(e) { | |
e[e.NotStarted = 0] = "NotStarted", | |
e[e.InProgress = 1] = "InProgress", | |
e[e.Completed = 2] = "Completed" | |
}(pt || (pt = {})); | |
var Et, _t = { | |
"https://login.microsoftonline.com/common/": { | |
token_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.microsoftonline.com/common/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.microsoftonline.com/{tenantid}/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo", | |
authorization_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.microsoftonline.com/common/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "microsoftonline.com", | |
cloud_graph_host_name: "graph.windows.net", | |
msgraph_host: "graph.microsoft.com", | |
rbac_url: "https://pas.windows.net" | |
}, | |
"https://login.chinacloudapi.cn/common/": { | |
token_endpoint: "https://login.chinacloudapi.cn/common/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.chinacloudapi.cn/common/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.partner.microsoftonline.cn/{tenantid}/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://microsoftgraph.chinacloudapi.cn/oidc/userinfo", | |
authorization_endpoint: "https://login.chinacloudapi.cn/common/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.chinacloudapi.cn/common/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.chinacloudapi.cn/common/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.chinacloudapi.cn/common/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "partner.microsoftonline.cn", | |
cloud_graph_host_name: "graph.chinacloudapi.cn", | |
msgraph_host: "microsoftgraph.chinacloudapi.cn", | |
rbac_url: "https://pas.chinacloudapi.cn" | |
}, | |
"https://login.microsoftonline.us/common/": { | |
token_endpoint: "https://login.microsoftonline.us/common/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.microsoftonline.us/common/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.microsoftonline.us/{tenantid}/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo", | |
authorization_endpoint: "https://login.microsoftonline.us/common/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.microsoftonline.us/common/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.microsoftonline.us/common/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.microsoftonline.us/common/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "microsoftonline.us", | |
cloud_graph_host_name: "graph.windows.net", | |
msgraph_host: "graph.microsoft.com", | |
rbac_url: "https://pasff.usgovcloudapi.net" | |
}, | |
"https://login.microsoftonline.com/consumers/": { | |
token_endpoint: "https://login.microsoftonline.com/consumers/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.microsoftonline.com/consumers/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo", | |
authorization_endpoint: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.microsoftonline.com/consumers/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.microsoftonline.com/consumers/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "microsoftonline.com", | |
cloud_graph_host_name: "graph.windows.net", | |
msgraph_host: "graph.microsoft.com", | |
rbac_url: "https://pas.windows.net" | |
}, | |
"https://login.chinacloudapi.cn/consumers/": { | |
token_endpoint: "https://login.chinacloudapi.cn/consumers/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.chinacloudapi.cn/consumers/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.partner.microsoftonline.cn/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://microsoftgraph.chinacloudapi.cn/oidc/userinfo", | |
authorization_endpoint: "https://login.chinacloudapi.cn/consumers/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.chinacloudapi.cn/consumers/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.chinacloudapi.cn/consumers/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.chinacloudapi.cn/consumers/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "partner.microsoftonline.cn", | |
cloud_graph_host_name: "graph.chinacloudapi.cn", | |
msgraph_host: "microsoftgraph.chinacloudapi.cn", | |
rbac_url: "https://pas.chinacloudapi.cn" | |
}, | |
"https://login.microsoftonline.us/consumers/": { | |
token_endpoint: "https://login.microsoftonline.us/consumers/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.microsoftonline.us/consumers/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.microsoftonline.us/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo", | |
authorization_endpoint: "https://login.microsoftonline.us/consumers/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.microsoftonline.us/consumers/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.microsoftonline.us/consumers/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.microsoftonline.us/consumers/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "microsoftonline.us", | |
cloud_graph_host_name: "graph.windows.net", | |
msgraph_host: "graph.microsoft.com", | |
rbac_url: "https://pasff.usgovcloudapi.net" | |
}, | |
"https://login.microsoftonline.com/organizations/": { | |
token_endpoint: "https://login.microsoftonline.com/organizations/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.microsoftonline.com/organizations/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.microsoftonline.com/{tenantid}/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo", | |
authorization_endpoint: "https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.microsoftonline.com/organizations/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.microsoftonline.com/organizations/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "microsoftonline.com", | |
cloud_graph_host_name: "graph.windows.net", | |
msgraph_host: "graph.microsoft.com", | |
rbac_url: "https://pas.windows.net" | |
}, | |
"https://login.chinacloudapi.cn/organizations/": { | |
token_endpoint: "https://login.chinacloudapi.cn/organizations/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.chinacloudapi.cn/organizations/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.partner.microsoftonline.cn/{tenantid}/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://microsoftgraph.chinacloudapi.cn/oidc/userinfo", | |
authorization_endpoint: "https://login.chinacloudapi.cn/organizations/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.chinacloudapi.cn/organizations/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.chinacloudapi.cn/organizations/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.chinacloudapi.cn/organizations/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "partner.microsoftonline.cn", | |
cloud_graph_host_name: "graph.chinacloudapi.cn", | |
msgraph_host: "microsoftgraph.chinacloudapi.cn", | |
rbac_url: "https://pas.chinacloudapi.cn" | |
}, | |
"https://login.microsoftonline.us/organizations/": { | |
token_endpoint: "https://login.microsoftonline.us/organizations/oauth2/v2.0/token", | |
token_endpoint_auth_methods_supported: ["client_secret_post", "private_key_jwt", "client_secret_basic"], | |
jwks_uri: "https://login.microsoftonline.us/organizations/discovery/v2.0/keys", | |
response_modes_supported: ["query", "fragment", "form_post"], | |
subject_types_supported: ["pairwise"], | |
id_token_signing_alg_values_supported: ["RS256"], | |
response_types_supported: ["code", "id_token", "code id_token", "id_token token"], | |
scopes_supported: ["openid", "profile", "email", "offline_access"], | |
issuer: "https://login.microsoftonline.us/{tenantid}/v2.0", | |
request_uri_parameter_supported: !1, | |
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo", | |
authorization_endpoint: "https://login.microsoftonline.us/organizations/oauth2/v2.0/authorize", | |
device_authorization_endpoint: "https://login.microsoftonline.us/organizations/oauth2/v2.0/devicecode", | |
http_logout_supported: !0, | |
frontchannel_logout_supported: !0, | |
end_session_endpoint: "https://login.microsoftonline.us/organizations/oauth2/v2.0/logout", | |
claims_supported: ["sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email"], | |
kerberos_endpoint: "https://login.microsoftonline.us/organizations/kerberos", | |
tenant_region_scope: null, | |
cloud_instance_name: "microsoftonline.us", | |
cloud_graph_host_name: "graph.windows.net", | |
msgraph_host: "graph.microsoft.com", | |
rbac_url: "https://pasff.usgovcloudapi.net" | |
} | |
}, Ct = { | |
"https://login.microsoftonline.com/common/": { | |
tenant_discovery_endpoint: "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
}, | |
"https://login.chinacloudapi.cn/common/": { | |
tenant_discovery_endpoint: "https://login.chinacloudapi.cn/common/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
}, | |
"https://login.microsoftonline.us/common/": { | |
tenant_discovery_endpoint: "https://login.microsoftonline.us/common/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
}, | |
"https://login.microsoftonline.com/consumers/": { | |
tenant_discovery_endpoint: "https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
}, | |
"https://login.chinacloudapi.cn/consumers/": { | |
tenant_discovery_endpoint: "https://login.chinacloudapi.cn/consumers/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
}, | |
"https://login.microsoftonline.us/consumers/": { | |
tenant_discovery_endpoint: "https://login.microsoftonline.us/consumers/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
}, | |
"https://login.microsoftonline.com/organizations/": { | |
tenant_discovery_endpoint: "https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
}, | |
"https://login.chinacloudapi.cn/organizations/": { | |
tenant_discovery_endpoint: "https://login.chinacloudapi.cn/organizations/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
}, | |
"https://login.microsoftonline.us/organizations/": { | |
tenant_discovery_endpoint: "https://login.microsoftonline.us/organizations/v2.0/.well-known/openid-configuration", | |
"api-version": "1.1", | |
metadata: [{ | |
preferred_network: "login.microsoftonline.com", | |
preferred_cache: "login.windows.net", | |
aliases: ["login.microsoftonline.com", "login.windows.net", "login.microsoft.com", "sts.windows.net"] | |
}, { | |
preferred_network: "login.partner.microsoftonline.cn", | |
preferred_cache: "login.partner.microsoftonline.cn", | |
aliases: ["login.partner.microsoftonline.cn", "login.chinacloudapi.cn"] | |
}, { | |
preferred_network: "login.microsoftonline.de", | |
preferred_cache: "login.microsoftonline.de", | |
aliases: ["login.microsoftonline.de"] | |
}, { | |
preferred_network: "login.microsoftonline.us", | |
preferred_cache: "login.microsoftonline.us", | |
aliases: ["login.microsoftonline.us", "login.usgovcloudapi.net"] | |
}, { | |
preferred_network: "login-us.microsoftonline.com", | |
preferred_cache: "login-us.microsoftonline.com", | |
aliases: ["login-us.microsoftonline.com"] | |
}] | |
} | |
}; | |
!function(e) { | |
e.AAD = "AAD", | |
e.OIDC = "OIDC" | |
}(Et || (Et = {})); | |
var Tt, wt, St = function() { | |
function e(e) { | |
this.networkInterface = e | |
} | |
return e.prototype.detectRegion = function(t, r, n) { | |
return g(this, void 0, void 0, (function() { | |
var o, i, a, s, c; | |
return f(this, (function(u) { | |
switch (u.label) { | |
case 0: | |
if (o = t) | |
return [3, 8]; | |
i = e.IMDS_OPTIONS, | |
n && (i.proxyUrl = n), | |
u.label = 1; | |
case 1: | |
return u.trys.push([1, 6, , 7]), | |
[4, this.getRegionFromIMDS(T.IMDS_VERSION, i)]; | |
case 2: | |
return (a = u.sent()).status === B.httpSuccess && (o = a.body, | |
r.region_source = G.IMDS), | |
a.status !== B.httpBadRequest ? [3, 5] : [4, this.getCurrentVersion(i)]; | |
case 3: | |
return (s = u.sent()) ? [4, this.getRegionFromIMDS(s, i)] : (r.region_source = G.FAILED_AUTO_DETECTION, | |
[2, null]); | |
case 4: | |
(c = u.sent()).status === B.httpSuccess && (o = c.body, | |
r.region_source = G.IMDS), | |
u.label = 5; | |
case 5: | |
return [3, 7]; | |
case 6: | |
return u.sent(), | |
r.region_source = G.FAILED_AUTO_DETECTION, | |
[2, null]; | |
case 7: | |
return [3, 9]; | |
case 8: | |
r.region_source = G.ENVIRONMENT_VARIABLE, | |
u.label = 9; | |
case 9: | |
return o || (r.region_source = G.FAILED_AUTO_DETECTION), | |
[2, o || null] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getRegionFromIMDS = function(e, t) { | |
return g(this, void 0, void 0, (function() { | |
return f(this, (function(r) { | |
return [2, this.networkInterface.sendGetRequestAsync(T.IMDS_ENDPOINT + "?api-version=" + e + "&format=text", t, T.IMDS_TIMEOUT)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getCurrentVersion = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t; | |
return f(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return r.trys.push([0, 2, , 3]), | |
[4, this.networkInterface.sendGetRequestAsync(T.IMDS_ENDPOINT + "?format=json", e)]; | |
case 1: | |
return (t = r.sent()).status === B.httpBadRequest && t.body && t.body["newest-versions"] && t.body["newest-versions"].length > 0 ? [2, t.body["newest-versions"][0]] : [2, null]; | |
case 2: | |
return r.sent(), | |
[2, null]; | |
case 3: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.IMDS_OPTIONS = { | |
headers: { | |
Metadata: "true" | |
} | |
}, | |
e | |
}(), It = function() { | |
function e(e, t, r, n, o) { | |
this.canonicalAuthority = e, | |
this._canonicalAuthority.validateAsUri(), | |
this.networkInterface = t, | |
this.cacheManager = r, | |
this.authorityOptions = n, | |
this.regionDiscovery = new St(t), | |
this.regionDiscoveryMetadata = { | |
region_used: void 0, | |
region_source: void 0, | |
region_outcome: void 0 | |
}, | |
this.proxyUrl = o || T.EMPTY_STRING | |
} | |
return Object.defineProperty(e.prototype, "authorityType", { | |
get: function() { | |
var e = this.canonicalAuthorityUrlComponents.PathSegments; | |
return e.length && e[0].toLowerCase() === T.ADFS ? W.Adfs : W.Default | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "protocolMode", { | |
get: function() { | |
return this.authorityOptions.protocolMode | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "options", { | |
get: function() { | |
return this.authorityOptions | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "canonicalAuthority", { | |
get: function() { | |
return this._canonicalAuthority.urlString | |
}, | |
set: function(e) { | |
this._canonicalAuthority = new Ke(e), | |
this._canonicalAuthority.validateAsUri(), | |
this._canonicalAuthorityUrlComponents = null | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "canonicalAuthorityUrlComponents", { | |
get: function() { | |
return this._canonicalAuthorityUrlComponents || (this._canonicalAuthorityUrlComponents = this._canonicalAuthority.getUrlComponents()), | |
this._canonicalAuthorityUrlComponents | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "hostnameAndPort", { | |
get: function() { | |
return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase() | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "tenant", { | |
get: function() { | |
return this.canonicalAuthorityUrlComponents.PathSegments[0] | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "authorizationEndpoint", { | |
get: function() { | |
if (this.discoveryComplete()) { | |
var e = this.replacePath(this.metadata.authorization_endpoint); | |
return this.replaceTenant(e) | |
} | |
throw X.createEndpointDiscoveryIncompleteError("Discovery incomplete.") | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "tokenEndpoint", { | |
get: function() { | |
if (this.discoveryComplete()) { | |
var e = this.replacePath(this.metadata.token_endpoint); | |
return this.replaceTenant(e) | |
} | |
throw X.createEndpointDiscoveryIncompleteError("Discovery incomplete.") | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "deviceCodeEndpoint", { | |
get: function() { | |
if (this.discoveryComplete()) { | |
var e = this.replacePath(this.metadata.token_endpoint.replace("/token", "/devicecode")); | |
return this.replaceTenant(e) | |
} | |
throw X.createEndpointDiscoveryIncompleteError("Discovery incomplete.") | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "endSessionEndpoint", { | |
get: function() { | |
if (this.discoveryComplete()) { | |
if (!this.metadata.end_session_endpoint) | |
throw X.createLogoutNotSupportedError(); | |
var e = this.replacePath(this.metadata.end_session_endpoint); | |
return this.replaceTenant(e) | |
} | |
throw X.createEndpointDiscoveryIncompleteError("Discovery incomplete.") | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "selfSignedJwtAudience", { | |
get: function() { | |
if (this.discoveryComplete()) { | |
var e = this.replacePath(this.metadata.issuer); | |
return this.replaceTenant(e) | |
} | |
throw X.createEndpointDiscoveryIncompleteError("Discovery incomplete.") | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
Object.defineProperty(e.prototype, "jwksUri", { | |
get: function() { | |
if (this.discoveryComplete()) { | |
var e = this.replacePath(this.metadata.jwks_uri); | |
return this.replaceTenant(e) | |
} | |
throw X.createEndpointDiscoveryIncompleteError("Discovery incomplete.") | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
e.prototype.replaceTenant = function(e) { | |
return e.replace(/{tenant}|{tenantid}/g, this.tenant) | |
} | |
, | |
e.prototype.replacePath = function(e) { | |
var t = e | |
, r = new Ke(this.metadata.canonical_authority).getUrlComponents().PathSegments; | |
return this.canonicalAuthorityUrlComponents.PathSegments.forEach((function(e, n) { | |
var o = r[n]; | |
e !== o && (t = t.replace("/" + o + "/", "/" + e + "/")) | |
} | |
)), | |
t | |
} | |
, | |
Object.defineProperty(e.prototype, "defaultOpenIdConfigurationEndpoint", { | |
get: function() { | |
return this.authorityType === W.Adfs || this.protocolMode === Et.OIDC ? this.canonicalAuthority + ".well-known/openid-configuration" : this.canonicalAuthority + "v2.0/.well-known/openid-configuration" | |
}, | |
enumerable: !1, | |
configurable: !0 | |
}), | |
e.prototype.discoveryComplete = function() { | |
return !!this.metadata | |
} | |
, | |
e.prototype.resolveEndpointsAsync = function() { | |
return g(this, void 0, void 0, (function() { | |
var e, t, r, n; | |
return f(this, (function(o) { | |
switch (o.label) { | |
case 0: | |
return (e = this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort)) || (e = new me).updateCanonicalAuthority(this.canonicalAuthority), | |
[4, this.updateCloudDiscoveryMetadata(e)]; | |
case 1: | |
return t = o.sent(), | |
this.canonicalAuthority = this.canonicalAuthority.replace(this.hostnameAndPort, e.preferred_network), | |
[4, this.updateEndpointMetadata(e)]; | |
case 2: | |
return r = o.sent(), | |
t !== q.CACHE && r !== q.CACHE && (e.resetExpiresAt(), | |
e.updateCanonicalAuthority(this.canonicalAuthority)), | |
n = this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache), | |
this.cacheManager.setAuthorityMetadata(n, e), | |
this.metadata = e, | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.updateEndpointMetadata = function(e) { | |
var t, r; | |
return g(this, void 0, void 0, (function() { | |
var n, o; | |
return f(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
return (n = this.getEndpointMetadataFromConfig()) ? (e.updateEndpointMetadata(n, !1), | |
[2, q.CONFIG]) : this.isAuthoritySameType(e) && e.endpointsFromNetwork && !e.isExpired() ? [2, q.CACHE] : (o = this.getEndpointMetadataFromHardcodedValues(), | |
[4, this.getEndpointMetadataFromNetwork()]); | |
case 1: | |
return (n = i.sent()) ? (null === (t = this.authorityOptions.azureRegionConfiguration) || void 0 === t ? void 0 : t.azureRegion) ? [4, this.updateMetadataWithRegionalInformation(n)] : [3, 3] : [3, 4]; | |
case 2: | |
n = i.sent(), | |
i.label = 3; | |
case 3: | |
return e.updateEndpointMetadata(n, !0), | |
[2, q.NETWORK]; | |
case 4: | |
return !o || this.authorityOptions.skipAuthorityMetadataCache ? [3, 7] : (null === (r = this.authorityOptions.azureRegionConfiguration) || void 0 === r ? void 0 : r.azureRegion) ? [4, this.updateMetadataWithRegionalInformation(o)] : [3, 6]; | |
case 5: | |
o = i.sent(), | |
i.label = 6; | |
case 6: | |
return e.updateEndpointMetadata(o, !1), | |
[2, q.HARDCODED_VALUES]; | |
case 7: | |
throw X.createUnableToGetOpenidConfigError(this.defaultOpenIdConfigurationEndpoint) | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.isAuthoritySameType = function(e) { | |
return new Ke(e.canonical_authority).getUrlComponents().PathSegments.length === this.canonicalAuthorityUrlComponents.PathSegments.length | |
} | |
, | |
e.prototype.getEndpointMetadataFromConfig = function() { | |
if (this.authorityOptions.authorityMetadata) | |
try { | |
return JSON.parse(this.authorityOptions.authorityMetadata) | |
} catch (e) { | |
throw ie.createInvalidAuthorityMetadataError() | |
} | |
return null | |
} | |
, | |
e.prototype.getEndpointMetadataFromNetwork = function() { | |
return g(this, void 0, void 0, (function() { | |
var e, t; | |
return f(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
e = {}, | |
this.proxyUrl && (e.proxyUrl = this.proxyUrl), | |
r.label = 1; | |
case 1: | |
return r.trys.push([1, 3, , 4]), | |
[4, this.networkInterface.sendGetRequestAsync(this.defaultOpenIdConfigurationEndpoint, e)]; | |
case 2: | |
return [2, yt((t = r.sent()).body) ? t.body : null]; | |
case 3: | |
return r.sent(), | |
[2, null]; | |
case 4: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getEndpointMetadataFromHardcodedValues = function() { | |
return this.canonicalAuthority in _t ? _t[this.canonicalAuthority] : null | |
} | |
, | |
e.prototype.updateMetadataWithRegionalInformation = function(t) { | |
var r, n, o, i, a; | |
return g(this, void 0, void 0, (function() { | |
var s, c; | |
return f(this, (function(u) { | |
switch (u.label) { | |
case 0: | |
return [4, this.regionDiscovery.detectRegion(null === (r = this.authorityOptions.azureRegionConfiguration) || void 0 === r ? void 0 : r.environmentRegion, this.regionDiscoveryMetadata, this.proxyUrl)]; | |
case 1: | |
return s = u.sent(), | |
c = (null === (n = this.authorityOptions.azureRegionConfiguration) || void 0 === n ? void 0 : n.azureRegion) === T.AZURE_REGION_AUTO_DISCOVER_FLAG ? s : null === (o = this.authorityOptions.azureRegionConfiguration) || void 0 === o ? void 0 : o.azureRegion, | |
(null === (i = this.authorityOptions.azureRegionConfiguration) || void 0 === i ? void 0 : i.azureRegion) === T.AZURE_REGION_AUTO_DISCOVER_FLAG ? this.regionDiscoveryMetadata.region_outcome = s ? z.AUTO_DETECTION_REQUESTED_SUCCESSFUL : z.AUTO_DETECTION_REQUESTED_FAILED : this.regionDiscoveryMetadata.region_outcome = s ? (null === (a = this.authorityOptions.azureRegionConfiguration) || void 0 === a ? void 0 : a.azureRegion) === s ? z.CONFIGURED_MATCHES_DETECTED : z.CONFIGURED_NOT_DETECTED : z.CONFIGURED_NO_AUTO_DETECTION, | |
c ? (this.regionDiscoveryMetadata.region_used = c, | |
[2, e.replaceWithRegionalInformation(t, c)]) : [2, t] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.updateCloudDiscoveryMetadata = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r; | |
return f(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return (t = this.getCloudDiscoveryMetadataFromConfig()) ? (e.updateCloudDiscoveryMetadata(t, !1), | |
[2, q.CONFIG]) : this.isAuthoritySameType(e) && e.aliasesFromNetwork && !e.isExpired() ? [2, q.CACHE] : (r = this.getCloudDiscoveryMetadataFromHarcodedValues(), | |
[4, this.getCloudDiscoveryMetadataFromNetwork()]); | |
case 1: | |
if (t = n.sent()) | |
return e.updateCloudDiscoveryMetadata(t, !0), | |
[2, q.NETWORK]; | |
if (r && !this.options.skipAuthorityMetadataCache) | |
return e.updateCloudDiscoveryMetadata(r, !1), | |
[2, q.HARDCODED_VALUES]; | |
throw ie.createUntrustedAuthorityError() | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getCloudDiscoveryMetadataFromConfig = function() { | |
if (this.authorityOptions.cloudDiscoveryMetadata) | |
try { | |
var t = JSON.parse(this.authorityOptions.cloudDiscoveryMetadata) | |
, r = e.getCloudDiscoveryMetadataFromNetworkResponse(t.metadata, this.hostnameAndPort); | |
if (r) | |
return r | |
} catch (e) { | |
throw ie.createInvalidCloudDiscoveryMetadataError() | |
} | |
return this.isInKnownAuthorities() ? e.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort) : null | |
} | |
, | |
e.prototype.getCloudDiscoveryMetadataFromNetwork = function() { | |
return g(this, void 0, void 0, (function() { | |
var t, r, n, o, i; | |
return f(this, (function(a) { | |
switch (a.label) { | |
case 0: | |
t = "" + T.AAD_INSTANCE_DISCOVERY_ENDPT + this.canonicalAuthority + "oauth2/v2.0/authorize", | |
r = {}, | |
this.proxyUrl && (r.proxyUrl = this.proxyUrl), | |
n = null, | |
a.label = 1; | |
case 1: | |
return a.trys.push([1, 3, , 4]), | |
[4, this.networkInterface.sendGetRequestAsync(t, r)]; | |
case 2: | |
return o = a.sent(), | |
i = function(e) { | |
return e.hasOwnProperty("tenant_discovery_endpoint") && e.hasOwnProperty("metadata") | |
}(o.body) ? o.body.metadata : [], | |
0 === i.length ? [2, null] : (n = e.getCloudDiscoveryMetadataFromNetworkResponse(i, this.hostnameAndPort), | |
[3, 4]); | |
case 3: | |
return a.sent(), | |
[2, null]; | |
case 4: | |
return n || (n = e.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)), | |
[2, n] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getCloudDiscoveryMetadataFromHarcodedValues = function() { | |
return this.canonicalAuthority in Ct ? Ct[this.canonicalAuthority] : null | |
} | |
, | |
e.prototype.isInKnownAuthorities = function() { | |
var e = this; | |
return this.authorityOptions.knownAuthorities.filter((function(t) { | |
return Ke.getDomainFromUrl(t).toLowerCase() === e.hostnameAndPort | |
} | |
)).length > 0 | |
} | |
, | |
e.generateAuthority = function(e, t) { | |
var r; | |
if (t && t.azureCloudInstance !== ze.None) { | |
var n = t.tenant ? t.tenant : T.DEFAULT_COMMON_TENANT; | |
r = t.azureCloudInstance + "/" + n + "/" | |
} | |
return r || e | |
} | |
, | |
e.createCloudDiscoveryMetadataFromHost = function(e) { | |
return { | |
preferred_network: e, | |
preferred_cache: e, | |
aliases: [e] | |
} | |
} | |
, | |
e.getCloudDiscoveryMetadataFromNetworkResponse = function(e, t) { | |
for (var r = 0; r < e.length; r++) { | |
var n = e[r]; | |
if (n.aliases.indexOf(t) > -1) | |
return n | |
} | |
return null | |
} | |
, | |
e.prototype.getPreferredCache = function() { | |
if (this.discoveryComplete()) | |
return this.metadata.preferred_cache; | |
throw X.createEndpointDiscoveryIncompleteError("Discovery incomplete.") | |
} | |
, | |
e.prototype.isAlias = function(e) { | |
return this.metadata.aliases.indexOf(e) > -1 | |
} | |
, | |
e.isPublicCloudAuthority = function(e) { | |
return T.KNOWN_PUBLIC_CLOUDS.indexOf(e) >= 0 | |
} | |
, | |
e.buildRegionalAuthorityString = function(e, t, r) { | |
var n = new Ke(e); | |
n.validateAsUri(); | |
var o = n.getUrlComponents() | |
, i = t + "." + o.HostNameAndPort; | |
this.isPublicCloudAuthority(o.HostNameAndPort) && (i = t + "." + T.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX); | |
var a = Ke.constructAuthorityUriFromObject(p(p({}, n.getUrlComponents()), { | |
HostNameAndPort: i | |
})).urlString; | |
return r ? a + "?" + r : a | |
} | |
, | |
e.replaceWithRegionalInformation = function(t, r) { | |
return t.authorization_endpoint = e.buildRegionalAuthorityString(t.authorization_endpoint, r), | |
t.token_endpoint = e.buildRegionalAuthorityString(t.token_endpoint, r, "allowestsrnonmsi=true"), | |
t.end_session_endpoint && (t.end_session_endpoint = e.buildRegionalAuthorityString(t.end_session_endpoint, r)), | |
t | |
} | |
, | |
e | |
}(), At = function() { | |
function e() {} | |
return e.createDiscoveredInstance = function(t, r, n, o, i) { | |
return g(this, void 0, void 0, (function() { | |
var a, s; | |
return f(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
a = e.createInstance(t, r, n, o, i), | |
c.label = 1; | |
case 1: | |
return c.trys.push([1, 3, , 4]), | |
[4, a.resolveEndpointsAsync()]; | |
case 2: | |
return c.sent(), | |
[2, a]; | |
case 3: | |
throw s = c.sent(), | |
X.createEndpointDiscoveryIncompleteError(s); | |
case 4: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.createInstance = function(e, t, r, n, o) { | |
if ($.isEmpty(e)) | |
throw ie.createUrlEmptyError(); | |
return new It(e,t,r,n,o) | |
} | |
, | |
e | |
}(), bt = function() { | |
function e(e, t) { | |
this.cacheOutcome = j.NO_CACHE_HIT, | |
this.cacheManager = t, | |
this.apiId = e.apiId, | |
this.correlationId = e.correlationId, | |
this.wrapperSKU = e.wrapperSKU || T.EMPTY_STRING, | |
this.wrapperVer = e.wrapperVer || T.EMPTY_STRING, | |
this.telemetryCacheKey = x.CACHE_KEY + N.CACHE_KEY_SEPARATOR + e.clientId | |
} | |
return e.prototype.generateCurrentRequestHeaderValue = function() { | |
var e = "" + this.apiId + x.VALUE_SEPARATOR + this.cacheOutcome | |
, t = [this.wrapperSKU, this.wrapperVer].join(x.VALUE_SEPARATOR) | |
, r = [e, this.getRegionDiscoveryFields()].join(x.VALUE_SEPARATOR); | |
return [x.SCHEMA_VERSION, r, t].join(x.CATEGORY_SEPARATOR) | |
} | |
, | |
e.prototype.generateLastRequestHeaderValue = function() { | |
var t = this.getLastRequests() | |
, r = e.maxErrorsToSend(t) | |
, n = t.failedRequests.slice(0, 2 * r).join(x.VALUE_SEPARATOR) | |
, o = t.errors.slice(0, r).join(x.VALUE_SEPARATOR) | |
, i = t.errors.length | |
, a = [i, r < i ? x.OVERFLOW_TRUE : x.OVERFLOW_FALSE].join(x.VALUE_SEPARATOR); | |
return [x.SCHEMA_VERSION, t.cacheHits, n, o, a].join(x.CATEGORY_SEPARATOR) | |
} | |
, | |
e.prototype.cacheFailedRequest = function(e) { | |
var t = this.getLastRequests(); | |
t.errors.length >= x.MAX_CACHED_ERRORS && (t.failedRequests.shift(), | |
t.failedRequests.shift(), | |
t.errors.shift()), | |
t.failedRequests.push(this.apiId, this.correlationId), | |
$.isEmpty(e.subError) ? $.isEmpty(e.errorCode) ? e && e.toString() ? t.errors.push(e.toString()) : t.errors.push(x.UNKNOWN_ERROR) : t.errors.push(e.errorCode) : t.errors.push(e.subError), | |
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, t) | |
} | |
, | |
e.prototype.incrementCacheHits = function() { | |
var e = this.getLastRequests(); | |
return e.cacheHits += 1, | |
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, e), | |
e.cacheHits | |
} | |
, | |
e.prototype.getLastRequests = function() { | |
var e = new fe; | |
return this.cacheManager.getServerTelemetry(this.telemetryCacheKey) || e | |
} | |
, | |
e.prototype.clearTelemetryCache = function() { | |
var t = this.getLastRequests() | |
, r = e.maxErrorsToSend(t); | |
if (r === t.errors.length) | |
this.cacheManager.removeItem(this.telemetryCacheKey); | |
else { | |
var n = new fe; | |
n.failedRequests = t.failedRequests.slice(2 * r), | |
n.errors = t.errors.slice(r), | |
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, n) | |
} | |
} | |
, | |
e.maxErrorsToSend = function(e) { | |
var t, r = 0, n = 0, o = e.errors.length; | |
for (t = 0; t < o; t++) { | |
var i = e.failedRequests[2 * t] || T.EMPTY_STRING | |
, a = e.failedRequests[2 * t + 1] || T.EMPTY_STRING | |
, s = e.errors[t] || T.EMPTY_STRING; | |
if (!((n += i.toString().length + a.toString().length + s.length + 3) < x.MAX_LAST_HEADER_BYTES)) | |
break; | |
r += 1 | |
} | |
return r | |
} | |
, | |
e.prototype.getRegionDiscoveryFields = function() { | |
var e = []; | |
return e.push(this.regionUsed || T.EMPTY_STRING), | |
e.push(this.regionSource || T.EMPTY_STRING), | |
e.push(this.regionOutcome || T.EMPTY_STRING), | |
e.join(",") | |
} | |
, | |
e.prototype.updateRegionDiscoveryMetadata = function(e) { | |
this.regionUsed = e.region_used, | |
this.regionSource = e.region_source, | |
this.regionOutcome = e.region_outcome | |
} | |
, | |
e.prototype.setCacheOutcome = function(e) { | |
this.cacheOutcome = e | |
} | |
, | |
e | |
}(), Rt = "@azure/msal-browser", kt = "2.28.3", Nt = function() { | |
function e() {} | |
return e.prototype.sendGetRequestAsync = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r, n, o; | |
return c(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
return i.trys.push([0, 2, , 3]), | |
[4, fetch(e, { | |
method: Ce.GET, | |
headers: this.getFetchHeaders(t) | |
})]; | |
case 1: | |
return r = i.sent(), | |
[3, 3]; | |
case 2: | |
throw n = i.sent(), | |
window.navigator.onLine ? ke.createGetRequestFailedError(n, e) : ke.createNoNetworkConnectivityError(); | |
case 3: | |
return i.trys.push([3, 5, , 6]), | |
o = { | |
headers: this.getHeaderDict(r.headers) | |
}, | |
[4, r.json()]; | |
case 4: | |
return [2, (o.body = i.sent(), | |
o.status = r.status, | |
o)]; | |
case 5: | |
throw i.sent(), | |
ke.createFailedToParseNetworkResponseError(e); | |
case 6: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.sendPostRequestAsync = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r, n, o, i; | |
return c(this, (function(a) { | |
switch (a.label) { | |
case 0: | |
r = t && t.body || T.EMPTY_STRING, | |
a.label = 1; | |
case 1: | |
return a.trys.push([1, 3, , 4]), | |
[4, fetch(e, { | |
method: Ce.POST, | |
headers: this.getFetchHeaders(t), | |
body: r | |
})]; | |
case 2: | |
return n = a.sent(), | |
[3, 4]; | |
case 3: | |
throw o = a.sent(), | |
window.navigator.onLine ? ke.createPostRequestFailedError(o, e) : ke.createNoNetworkConnectivityError(); | |
case 4: | |
return a.trys.push([4, 6, , 7]), | |
i = { | |
headers: this.getHeaderDict(n.headers) | |
}, | |
[4, n.json()]; | |
case 5: | |
return [2, (i.body = a.sent(), | |
i.status = n.status, | |
i)]; | |
case 6: | |
throw a.sent(), | |
ke.createFailedToParseNetworkResponseError(e); | |
case 7: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getFetchHeaders = function(e) { | |
var t = new Headers; | |
if (!e || !e.headers) | |
return t; | |
var r = e.headers; | |
return Object.keys(r).forEach((function(e) { | |
t.append(e, r[e]) | |
} | |
)), | |
t | |
} | |
, | |
e.prototype.getHeaderDict = function(e) { | |
var t = {}; | |
return e.forEach((function(e, r) { | |
t[r] = e | |
} | |
)), | |
t | |
} | |
, | |
e | |
}(), Pt = function() { | |
function e() {} | |
return e.prototype.sendGetRequestAsync = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(r) { | |
return [2, this.sendRequestAsync(e, Ce.GET, t)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.sendPostRequestAsync = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(r) { | |
return [2, this.sendRequestAsync(e, Ce.POST, t)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.sendRequestAsync = function(e, t, r) { | |
var n = this; | |
return new Promise((function(o, i) { | |
var a = new XMLHttpRequest; | |
if (a.open(t, e, !0), | |
n.setXhrHeaders(a, r), | |
a.onload = function() { | |
(a.status < 200 || a.status >= 300) && (t === Ce.POST ? i(ke.createPostRequestFailedError("Failed with status " + a.status, e)) : i(ke.createGetRequestFailedError("Failed with status " + a.status, e))); | |
try { | |
var r = JSON.parse(a.responseText) | |
, s = { | |
headers: n.getHeaderDict(a), | |
body: r, | |
status: a.status | |
}; | |
o(s) | |
} catch (t) { | |
i(ke.createFailedToParseNetworkResponseError(e)) | |
} | |
} | |
, | |
a.onerror = function() { | |
window.navigator.onLine ? t === Ce.POST ? i(ke.createPostRequestFailedError("Failed with status " + a.status, e)) : i(ke.createGetRequestFailedError("Failed with status " + a.status, e)) : i(ke.createNoNetworkConnectivityError()) | |
} | |
, | |
t === Ce.POST && r && r.body) | |
a.send(r.body); | |
else { | |
if (t !== Ce.GET) | |
throw ke.createHttpMethodNotImplementedError(t); | |
a.send() | |
} | |
} | |
)) | |
} | |
, | |
e.prototype.setXhrHeaders = function(e, t) { | |
if (t && t.headers) { | |
var r = t.headers; | |
Object.keys(r).forEach((function(t) { | |
e.setRequestHeader(t, r[t]) | |
} | |
)) | |
} | |
} | |
, | |
e.prototype.getHeaderDict = function(e) { | |
var t = e.getAllResponseHeaders().trim().split(/[\r\n]+/) | |
, r = {}; | |
return t.forEach((function(e) { | |
var t = e.split(": ") | |
, n = t.shift() | |
, o = t.join(": "); | |
n && o && (r[n] = o) | |
} | |
)), | |
r | |
} | |
, | |
e | |
}(), Ot = function() { | |
function e() {} | |
return e.clearHash = function(e) { | |
e.location.hash = T.EMPTY_STRING, | |
"function" == typeof e.history.replaceState && e.history.replaceState(null, T.EMPTY_STRING, "" + e.location.origin + e.location.pathname + e.location.search) | |
} | |
, | |
e.replaceHash = function(e) { | |
var t = e.split("#"); | |
t.shift(), | |
window.location.hash = t.length > 0 ? t.join("#") : T.EMPTY_STRING | |
} | |
, | |
e.isInIframe = function() { | |
return window.parent !== window | |
} | |
, | |
e.isInPopup = function() { | |
return "undefined" != typeof window && !!window.opener && window.opener !== window && "string" == typeof window.name && 0 === window.name.indexOf(Ne.POPUP_NAME_PREFIX + ".") | |
} | |
, | |
e.getCurrentUri = function() { | |
return window.location.href.split("?")[0].split("#")[0] | |
} | |
, | |
e.getHomepage = function() { | |
var e = new Ke(window.location.href).getUrlComponents(); | |
return e.Protocol + "//" + e.HostNameAndPort + "/" | |
} | |
, | |
e.getBrowserNetworkClient = function() { | |
return window.fetch && window.Headers ? new Nt : new Pt | |
} | |
, | |
e.blockReloadInHiddenIframes = function() { | |
if (Ke.hashContainsKnownProperties(window.location.hash) && e.isInIframe()) | |
throw ke.createBlockReloadInHiddenIframeError() | |
} | |
, | |
e.blockRedirectInIframe = function(t, r) { | |
var n = e.isInIframe(); | |
if (t === Ie.Redirect && n && !r) | |
throw ke.createRedirectInIframeError(n) | |
} | |
, | |
e.blockAcquireTokenInPopups = function() { | |
if (e.isInPopup()) | |
throw ke.createBlockAcquireTokenInPopupsError() | |
} | |
, | |
e.blockNonBrowserEnvironment = function(e) { | |
if (!e) | |
throw ke.createNonBrowserEnvironmentError() | |
} | |
, | |
e.blockNativeBrokerCalledBeforeInitialized = function(e, t) { | |
if (e && !t) | |
throw ke.createNativeBrokerCalledBeforeInitialize() | |
} | |
, | |
e.detectIEOrEdge = function() { | |
var e = window.navigator.userAgent | |
, t = e.indexOf("MSIE ") | |
, r = e.indexOf("Trident/") | |
, n = e.indexOf("Edge/"); | |
return t > 0 || r > 0 || n > 0 | |
} | |
, | |
e | |
}(), Mt = function() { | |
function e(e, t, r, n, o, i, a, s, c) { | |
this.config = e, | |
this.browserStorage = t, | |
this.browserCrypto = r, | |
this.networkClient = this.config.system.networkClient, | |
this.eventHandler = o, | |
this.navigationClient = i, | |
this.nativeMessageHandler = s, | |
this.correlationId = c || this.browserCrypto.createNewGuid(), | |
this.logger = n.clone(Ne.MSAL_SKU, kt, this.correlationId), | |
this.performanceClient = a | |
} | |
return e.prototype.clearCacheOnLogout = function(e) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
if (!e) | |
return [3, 5]; | |
re.accountInfoIsEqual(e, this.browserStorage.getActiveAccount(), !1) && (this.logger.verbose("Setting active account to null"), | |
this.browserStorage.setActiveAccount(null)), | |
t.label = 1; | |
case 1: | |
return t.trys.push([1, 3, , 4]), | |
[4, this.browserStorage.removeAccount(re.generateAccountCacheKey(e))]; | |
case 2: | |
return t.sent(), | |
this.logger.verbose("Cleared cache items belonging to the account provided in the logout request."), | |
[3, 4]; | |
case 3: | |
return t.sent(), | |
this.logger.error("Account provided in logout request was not found. Local cache unchanged."), | |
[3, 4]; | |
case 4: | |
return [3, 9]; | |
case 5: | |
return t.trys.push([5, 8, , 9]), | |
this.logger.verbose("No account provided in logout request, clearing all cache items.", this.correlationId), | |
[4, this.browserStorage.clear()]; | |
case 6: | |
return t.sent(), | |
[4, this.browserCrypto.clearKeystore()]; | |
case 7: | |
return t.sent(), | |
[3, 9]; | |
case 8: | |
return t.sent(), | |
this.logger.error("Attempted to clear all MSAL cache items and failed. Local cache unchanged."), | |
[3, 9]; | |
case 9: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.initializeBaseRequest = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o; | |
return c(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
if (this.logger.verbose("Initializing BaseAuthRequest"), | |
t = e.authority || this.config.auth.authority, | |
r = l(e && e.scopes || []), | |
(n = a(a({}, e), { | |
correlationId: this.correlationId, | |
authority: t, | |
scopes: r | |
})).authenticationScheme) { | |
if (n.authenticationScheme === F.SSH) { | |
if (!e.sshJwk) | |
throw ie.createMissingSshJwkError(); | |
if (!e.sshKid) | |
throw ie.createMissingSshKidError() | |
} | |
this.logger.verbose('Authentication Scheme set to "' + n.authenticationScheme + '" as configured in Auth request') | |
} else | |
n.authenticationScheme = F.BEARER, | |
this.logger.verbose('Authentication Scheme wasn\'t explicitly set in request, defaulting to "Bearer" request'); | |
return !e.claims || $.isEmpty(e.claims) ? [3, 2] : (o = n, | |
[4, this.browserCrypto.hashString(e.claims)]); | |
case 1: | |
o.requestedClaimsHash = i.sent(), | |
i.label = 2; | |
case 2: | |
return [2, n] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getRedirectUri = function(e) { | |
this.logger.verbose("getRedirectUri called"); | |
var t = e || this.config.auth.redirectUri || Ot.getCurrentUri(); | |
return Ke.getAbsoluteUrl(t, Ot.getCurrentUri()) | |
} | |
, | |
e.prototype.initializeServerTelemetryManager = function(e, t) { | |
this.logger.verbose("initializeServerTelemetryManager called"); | |
var r = { | |
clientId: this.config.auth.clientId, | |
correlationId: this.correlationId, | |
apiId: e, | |
forceRefresh: t || !1, | |
wrapperSKU: this.browserStorage.getWrapperMetadata()[0], | |
wrapperVer: this.browserStorage.getWrapperMetadata()[1] | |
}; | |
return new bt(r,this.browserStorage) | |
} | |
, | |
e.prototype.getDiscoveredAuthority = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return this.logger.verbose("getDiscoveredAuthority called"), | |
t = { | |
protocolMode: this.config.auth.protocolMode, | |
knownAuthorities: this.config.auth.knownAuthorities, | |
cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata, | |
authorityMetadata: this.config.auth.authorityMetadata | |
}, | |
e ? (this.logger.verbose("Creating discovered authority with request authority"), | |
[4, At.createDiscoveredInstance(e, this.config.system.networkClient, this.browserStorage, t)]) : [3, 2]; | |
case 1: | |
case 3: | |
return [2, r.sent()]; | |
case 2: | |
return this.logger.verbose("Creating discovered authority with configured authority"), | |
[4, At.createDiscoveredInstance(this.config.auth.authority, this.config.system.networkClient, this.browserStorage, t)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}(), Ut = function(e) { | |
function t() { | |
return null !== e && e.apply(this, arguments) || this | |
} | |
return i(t, e), | |
t.prototype.initializeAuthorizationCodeRequest = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return this.logger.verbose("initializeAuthorizationRequest called", e.correlationId), | |
[4, this.browserCrypto.generatePkceCodes()]; | |
case 1: | |
return t = n.sent(), | |
r = a(a({}, e), { | |
redirectUri: e.redirectUri, | |
code: T.EMPTY_STRING, | |
codeVerifier: t.verifier | |
}), | |
e.codeChallenge = t.challenge, | |
e.codeChallengeMethod = T.S256_CODE_CHALLENGE_METHOD, | |
[2, r] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.initializeLogoutRequest = function(e) { | |
this.logger.verbose("initializeLogoutRequest called", null == e ? void 0 : e.correlationId); | |
var t = a({ | |
correlationId: this.correlationId || this.browserCrypto.createNewGuid() | |
}, e); | |
if (e) | |
if (e.logoutHint) | |
this.logger.verbose("logoutHint has already been set in logoutRequest"); | |
else if (e.account) { | |
var r = this.getLogoutHintFromIdTokenClaims(e.account); | |
r && (this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided"), | |
t.logoutHint = r) | |
} else | |
this.logger.verbose("logoutHint was not set and account was not passed into logout request, logoutHint will not be set"); | |
else | |
this.logger.verbose("logoutHint will not be set since no logout request was configured"); | |
return e && null === e.postLogoutRedirectUri ? this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri", t.correlationId) : e && e.postLogoutRedirectUri ? (this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request", t.correlationId), | |
t.postLogoutRedirectUri = Ke.getAbsoluteUrl(e.postLogoutRedirectUri, Ot.getCurrentUri())) : null === this.config.auth.postLogoutRedirectUri ? this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect", t.correlationId) : this.config.auth.postLogoutRedirectUri ? (this.logger.verbose("Setting postLogoutRedirectUri to configured uri", t.correlationId), | |
t.postLogoutRedirectUri = Ke.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri, Ot.getCurrentUri())) : (this.logger.verbose("Setting postLogoutRedirectUri to current page", t.correlationId), | |
t.postLogoutRedirectUri = Ke.getAbsoluteUrl(Ot.getCurrentUri(), Ot.getCurrentUri())), | |
t | |
} | |
, | |
t.prototype.getLogoutHintFromIdTokenClaims = function(e) { | |
var t = e.idTokenClaims; | |
if (t) { | |
if (t.login_hint) | |
return t.login_hint; | |
this.logger.verbose("The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request") | |
} else | |
this.logger.verbose("The provided account does not contain ID Token Claims, logoutHint will not be added to logout request"); | |
return null | |
} | |
, | |
t.prototype.createAuthCodeClient = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n; | |
return c(this, (function(o) { | |
switch (o.label) { | |
case 0: | |
return [4, this.getClientConfiguration(e, t, r)]; | |
case 1: | |
return n = o.sent(), | |
[2, new vt(n)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.getClientConfiguration = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n; | |
return c(this, (function(o) { | |
switch (o.label) { | |
case 0: | |
return this.logger.verbose("getClientConfiguration called", this.correlationId), | |
[4, this.getDiscoveredAuthority(t, r)]; | |
case 1: | |
return n = o.sent(), | |
[2, { | |
authOptions: { | |
clientId: this.config.auth.clientId, | |
authority: n, | |
clientCapabilities: this.config.auth.clientCapabilities | |
}, | |
systemOptions: { | |
tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds, | |
preventCorsPreflight: !0 | |
}, | |
loggerOptions: { | |
loggerCallback: this.config.system.loggerOptions.loggerCallback, | |
piiLoggingEnabled: this.config.system.loggerOptions.piiLoggingEnabled, | |
logLevel: this.config.system.loggerOptions.logLevel, | |
correlationId: this.correlationId | |
}, | |
cryptoInterface: this.browserCrypto, | |
networkInterface: this.networkClient, | |
storageInterface: this.browserStorage, | |
serverTelemetryManager: e, | |
libraryInfo: { | |
sku: Ne.MSAL_SKU, | |
version: kt, | |
cpu: T.EMPTY_STRING, | |
os: T.EMPTY_STRING | |
}, | |
telemetry: this.config.telemetry | |
}] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.validateAndExtractStateFromHash = function(e, t, r) { | |
if (this.logger.verbose("validateAndExtractStateFromHash called", r), | |
!e.state) | |
throw ke.createHashDoesNotContainStateError(); | |
var n = Be.extractBrowserRequestState(this.browserCrypto, e.state); | |
if (!n) | |
throw ke.createUnableToParseStateError(); | |
if (n.interactionType !== t) | |
throw ke.createStateInteractionTypeMismatchError(); | |
return this.logger.verbose("Returning state from hash", r), | |
e.state | |
} | |
, | |
t.prototype.getDiscoveredAuthority = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r, n, o, i; | |
return c(this, (function(a) { | |
switch (a.label) { | |
case 0: | |
return this.logger.verbose("getDiscoveredAuthority called", this.correlationId), | |
r = this.performanceClient.startMeasurement(ht.StandardInteractionClientGetDiscoveredAuthority, this.correlationId), | |
n = { | |
protocolMode: this.config.auth.protocolMode, | |
knownAuthorities: this.config.auth.knownAuthorities, | |
cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata, | |
authorityMetadata: this.config.auth.authorityMetadata, | |
skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache | |
}, | |
o = e || this.config.auth.authority, | |
i = It.generateAuthority(o, t || this.config.auth.azureCloudOptions), | |
this.logger.verbose("Creating discovered authority with configured authority", this.correlationId), | |
[4, At.createDiscoveredInstance(i, this.config.system.networkClient, this.browserStorage, n).then((function(e) { | |
return r.endMeasurement({ | |
success: !0 | |
}), | |
e | |
} | |
)).catch((function(e) { | |
throw r.endMeasurement({ | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
success: !1 | |
}), | |
e | |
} | |
))]; | |
case 1: | |
return [2, a.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.initializeAuthorizationRequest = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r, n, o, i, s, u, l; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return this.logger.verbose("initializeAuthorizationRequest called", this.correlationId), | |
r = this.getRedirectUri(e.redirectUri), | |
n = { | |
interactionType: t | |
}, | |
o = ye.setRequestState(this.browserCrypto, e && e.state || T.EMPTY_STRING, n), | |
s = [{}], | |
[4, this.initializeBaseRequest(e)]; | |
case 1: | |
return i = a.apply(void 0, [a.apply(void 0, s.concat([c.sent()])), { | |
redirectUri: r, | |
state: o, | |
nonce: e.nonce || this.browserCrypto.createNewGuid(), | |
responseMode: b.FRAGMENT | |
}]), | |
(u = e.account || this.browserStorage.getActiveAccount()) && (this.logger.verbose("Setting validated request account", this.correlationId), | |
this.logger.verbosePii("Setting validated request account: " + u.homeAccountId, this.correlationId), | |
i.account = u), | |
$.isEmpty(i.loginHint) && !u && (l = this.browserStorage.getLegacyLoginHint()) && (i.loginHint = l), | |
[2, i] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(Mt), qt = function() { | |
function e(e, t, r, n) { | |
this.authModule = e, | |
this.browserStorage = t, | |
this.authCodeRequest = r, | |
this.logger = n | |
} | |
return e.prototype.handleCodeResponseFromHash = function(e, t, r, n) { | |
return s(this, void 0, void 0, (function() { | |
var o, i, a; | |
return c(this, (function(s) { | |
if (this.logger.verbose("InteractionHandler.handleCodeResponse called"), | |
$.isEmpty(e)) | |
throw ke.createEmptyHashError(e); | |
if (o = this.browserStorage.generateStateKey(t), | |
!(i = this.browserStorage.getTemporaryCache(o))) | |
throw X.createStateNotFoundError("Cached State"); | |
try { | |
a = this.authModule.handleFragmentResponse(e, i) | |
} catch (e) { | |
throw e instanceof tt && e.subError === Re.userCancelledError.code ? ke.createUserCancelledError() : e | |
} | |
return [2, this.handleCodeResponseFromServer(a, t, r, n)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.handleCodeResponseFromServer = function(e, t, r, n, o) { | |
return void 0 === o && (o = !0), | |
s(this, void 0, void 0, (function() { | |
var i, a, s, u, l, d; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
if (this.logger.trace("InteractionHandler.handleCodeResponseFromServer called"), | |
i = this.browserStorage.generateStateKey(t), | |
!(a = this.browserStorage.getTemporaryCache(i))) | |
throw X.createStateNotFoundError("Cached State"); | |
return s = this.browserStorage.generateNonceKey(a), | |
u = this.browserStorage.getTemporaryCache(s), | |
this.authCodeRequest.code = e.code, | |
e.cloud_instance_host_name ? [4, this.updateTokenEndpointAuthority(e.cloud_instance_host_name, r, n)] : [3, 2]; | |
case 1: | |
c.sent(), | |
c.label = 2; | |
case 2: | |
return o && (e.nonce = u || void 0), | |
e.state = a, | |
e.client_info ? this.authCodeRequest.clientInfo = e.client_info : (l = this.checkCcsCredentials()) && (this.authCodeRequest.ccsCredential = l), | |
[4, this.authModule.acquireToken(this.authCodeRequest, e)]; | |
case 3: | |
return d = c.sent(), | |
this.browserStorage.cleanRequestByState(t), | |
[2, d] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.updateTokenEndpointAuthority = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n, o; | |
return c(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
return n = "https://" + e + "/" + t.tenant + "/", | |
[4, At.createDiscoveredInstance(n, r, this.browserStorage, t.options)]; | |
case 1: | |
return o = i.sent(), | |
this.authModule.updateAuthority(o), | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.checkCcsCredentials = function() { | |
var e = this.browserStorage.getTemporaryCache(Te.CCS_CREDENTIAL, !0); | |
if (e) | |
try { | |
return JSON.parse(e) | |
} catch (t) { | |
this.authModule.logger.error("Cache credential could not be parsed"), | |
this.authModule.logger.errorPii("Cache credential could not be parsed: " + e) | |
} | |
return null | |
} | |
, | |
e | |
}(), Ht = function(e) { | |
function t(t, r, n, o, i) { | |
var a = e.call(this, t, r, n, o) || this; | |
return a.browserCrypto = i, | |
a | |
} | |
return i(t, e), | |
t.prototype.initiateAuthRequest = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return this.logger.verbose("RedirectHandler.initiateAuthRequest called"), | |
$.isEmpty(e) ? [3, 7] : (t.redirectStartPage && (this.logger.verbose("RedirectHandler.initiateAuthRequest: redirectStartPage set, caching start page"), | |
this.browserStorage.setTemporaryCache(Te.ORIGIN_URI, t.redirectStartPage, !0)), | |
this.browserStorage.setTemporaryCache(Te.CORRELATION_ID, this.authCodeRequest.correlationId, !0), | |
this.browserStorage.cacheCodeRequest(this.authCodeRequest, this.browserCrypto), | |
this.logger.infoPii("RedirectHandler.initiateAuthRequest: Navigate to: " + e), | |
r = { | |
apiId: Se.acquireTokenRedirect, | |
timeout: t.redirectTimeout, | |
noHistory: !1 | |
}, | |
"function" != typeof t.onRedirectNavigate ? [3, 4] : (this.logger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"), | |
!1 === t.onRedirectNavigate(e) ? [3, 2] : (this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"), | |
[4, t.navigationClient.navigateExternal(e, r)]))); | |
case 1: | |
case 5: | |
return n.sent(), | |
[2]; | |
case 2: | |
return this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation"), | |
[2]; | |
case 3: | |
return [3, 6]; | |
case 4: | |
return this.logger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"), | |
[4, t.navigationClient.navigateExternal(e, r)]; | |
case 6: | |
return [3, 8]; | |
case 7: | |
throw this.logger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"), | |
ke.createEmptyNavigationUriError(); | |
case 8: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.handleCodeResponseFromHash = function(e, t, r, n) { | |
return s(this, void 0, void 0, (function() { | |
var o, i, a, s, u, l, d; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
if (this.logger.verbose("RedirectHandler.handleCodeResponse called"), | |
$.isEmpty(e)) | |
throw ke.createEmptyHashError(e); | |
if (this.browserStorage.setInteractionInProgress(!1), | |
o = this.browserStorage.generateStateKey(t), | |
!(i = this.browserStorage.getTemporaryCache(o))) | |
throw X.createStateNotFoundError("Cached State"); | |
try { | |
a = this.authModule.handleFragmentResponse(e, i) | |
} catch (e) { | |
throw e instanceof tt && e.subError === Re.userCancelledError.code ? ke.createUserCancelledError() : e | |
} | |
return s = this.browserStorage.generateNonceKey(i), | |
u = this.browserStorage.getTemporaryCache(s), | |
this.authCodeRequest.code = a.code, | |
a.cloud_instance_host_name ? [4, this.updateTokenEndpointAuthority(a.cloud_instance_host_name, r, n)] : [3, 2]; | |
case 1: | |
c.sent(), | |
c.label = 2; | |
case 2: | |
return a.nonce = u || void 0, | |
a.state = i, | |
a.client_info ? this.authCodeRequest.clientInfo = a.client_info : (l = this.checkCcsCredentials()) && (this.authCodeRequest.ccsCredential = l), | |
[4, this.authModule.acquireToken(this.authCodeRequest, a)]; | |
case 3: | |
return d = c.sent(), | |
this.browserStorage.cleanRequestByState(t), | |
[2, d] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(qt); | |
!function(e) { | |
e.INITIALIZE_START = "msal:initializeStart", | |
e.INITIALIZE_END = "msal:initializeEnd", | |
e.ACCOUNT_ADDED = "msal:accountAdded", | |
e.ACCOUNT_REMOVED = "msal:accountRemoved", | |
e.LOGIN_START = "msal:loginStart", | |
e.LOGIN_SUCCESS = "msal:loginSuccess", | |
e.LOGIN_FAILURE = "msal:loginFailure", | |
e.ACQUIRE_TOKEN_START = "msal:acquireTokenStart", | |
e.ACQUIRE_TOKEN_SUCCESS = "msal:acquireTokenSuccess", | |
e.ACQUIRE_TOKEN_FAILURE = "msal:acquireTokenFailure", | |
e.ACQUIRE_TOKEN_NETWORK_START = "msal:acquireTokenFromNetworkStart", | |
e.SSO_SILENT_START = "msal:ssoSilentStart", | |
e.SSO_SILENT_SUCCESS = "msal:ssoSilentSuccess", | |
e.SSO_SILENT_FAILURE = "msal:ssoSilentFailure", | |
e.ACQUIRE_TOKEN_BY_CODE_START = "msal:acquireTokenByCodeStart", | |
e.ACQUIRE_TOKEN_BY_CODE_SUCCESS = "msal:acquireTokenByCodeSuccess", | |
e.ACQUIRE_TOKEN_BY_CODE_FAILURE = "msal:acquireTokenByCodeFailure", | |
e.HANDLE_REDIRECT_START = "msal:handleRedirectStart", | |
e.HANDLE_REDIRECT_END = "msal:handleRedirectEnd", | |
e.POPUP_OPENED = "msal:popupOpened", | |
e.LOGOUT_START = "msal:logoutStart", | |
e.LOGOUT_SUCCESS = "msal:logoutSuccess", | |
e.LOGOUT_FAILURE = "msal:logoutFailure", | |
e.LOGOUT_END = "msal:logoutEnd" | |
}(Tt || (Tt = {})), | |
function(e) { | |
e.USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED", | |
e.USER_CANCEL = "USER_CANCEL", | |
e.NO_NETWORK = "NO_NETWORK", | |
e.TRANSIENT_ERROR = "TRANSIENT_ERROR", | |
e.PERSISTENT_ERROR = "PERSISTENT_ERROR", | |
e.DISABLED = "DISABLED", | |
e.ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE" | |
}(wt || (wt = {})); | |
var Lt, Dt = function(e) { | |
function t(r, n, o) { | |
var i = e.call(this, r, n) || this; | |
return Object.setPrototypeOf(i, t.prototype), | |
i.name = "NativeAuthError", | |
i.ext = o, | |
i | |
} | |
return i(t, e), | |
t.prototype.isFatal = function() { | |
return !(!this.ext || !this.ext.status || this.ext.status !== wt.PERSISTENT_ERROR && this.ext.status !== wt.DISABLED) || "ContentError" === this.errorCode | |
} | |
, | |
t.createError = function(e, r, n) { | |
if (n && n.status) | |
switch (n.status) { | |
case wt.ACCOUNT_UNAVAILABLE: | |
return lt.createNativeAccountUnavailableError(); | |
case wt.USER_INTERACTION_REQUIRED: | |
return new lt(e,r); | |
case wt.USER_CANCEL: | |
return ke.createUserCancelledError(); | |
case wt.NO_NETWORK: | |
return ke.createNoNetworkConnectivityError() | |
} | |
return new t(e,r,n) | |
} | |
, | |
t.createUserSwitchError = function() { | |
return new t("user_switch","User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again.") | |
} | |
, | |
t.createTokensNotFoundInCacheError = function() { | |
return new t("tokens_not_found_in_internal_memory_cache","Tokens not cached in MSAL JS internal memory, please make the WAM request") | |
} | |
, | |
t | |
}(J), Ft = function(e) { | |
function t(t, r) { | |
return e.call(this, t, r) || this | |
} | |
return h(t, e), | |
t.prototype.acquireToken = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r, n; | |
return f(this, (function(o) { | |
switch (o.label) { | |
case 0: | |
return t = de.nowSeconds(), | |
[4, this.executeTokenRequest(e, this.authority)]; | |
case 1: | |
return r = o.sent(), | |
(n = new mt(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin)).validateTokenResponse(r.body), | |
[2, n.handleServerTokenResponse(r.body, this.authority, t, e, void 0, void 0, !0, e.forceCache)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.acquireTokenByRefreshToken = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t, r; | |
return f(this, (function(n) { | |
if (!e) | |
throw ie.createEmptyTokenRequestError(); | |
if (!e.account) | |
throw X.createNoAccountInSilentRequestError(); | |
if (this.cacheManager.isAppMetadataFOCI(e.account.environment, this.config.authOptions.clientId)) | |
try { | |
return [2, this.acquireTokenWithCachedRefreshToken(e, !0)] | |
} catch (n) { | |
if (t = n instanceof lt && n.errorCode === ut.noTokensFoundError.code, | |
r = n instanceof tt && "invalid_grant" === n.errorCode && "client_mismatch" === n.subError, | |
t || r) | |
return [2, this.acquireTokenWithCachedRefreshToken(e, !1)]; | |
throw n | |
} | |
return [2, this.acquireTokenWithCachedRefreshToken(e, !1)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.acquireTokenWithCachedRefreshToken = function(e, t) { | |
return g(this, void 0, void 0, (function() { | |
var r, n; | |
return f(this, (function(o) { | |
if (!(r = this.cacheManager.readRefreshTokenFromCache(this.config.authOptions.clientId, e.account, t))) | |
throw lt.createNoTokensFoundError(); | |
return n = p(p({}, e), { | |
refreshToken: r.secret, | |
authenticationScheme: e.authenticationScheme || F.BEARER, | |
ccsCredential: { | |
credential: e.account.homeAccountId, | |
type: te.HOME_ACCOUNT_ID | |
} | |
}), | |
[2, this.acquireToken(n)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.executeTokenRequest = function(e, t) { | |
var r; | |
return g(this, void 0, void 0, (function() { | |
var n, o, i, a, s, c; | |
return f(this, (function(u) { | |
switch (u.label) { | |
case 0: | |
return n = null === (r = this.performanceClient) || void 0 === r ? void 0 : r.startMeasurement(ht.RefreshTokenClientExecuteTokenRequest, e.correlationId), | |
[4, this.createTokenRequestBody(e)]; | |
case 1: | |
return o = u.sent(), | |
i = this.createTokenQueryParameters(e), | |
a = this.createTokenRequestHeaders(e.ccsCredential), | |
s = { | |
clientId: this.config.authOptions.clientId, | |
authority: t.canonicalAuthority, | |
scopes: e.scopes, | |
claims: e.claims, | |
authenticationScheme: e.authenticationScheme, | |
resourceRequestMethod: e.resourceRequestMethod, | |
resourceRequestUri: e.resourceRequestUri, | |
shrClaims: e.shrClaims, | |
sshKid: e.sshKid | |
}, | |
c = Ke.appendQueryString(t.tokenEndpoint, i), | |
[2, this.executePostToTokenEndpoint(c, o, a, s).then((function(e) { | |
return null == n || n.endMeasurement({ | |
success: !0 | |
}), | |
e | |
} | |
)).catch((function(e) { | |
throw null == n || n.endMeasurement({ | |
success: !1 | |
}), | |
e | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.createTokenQueryParameters = function(e) { | |
var t = new at; | |
return e.tokenQueryParameters && t.addExtraQueryParameters(e.tokenQueryParameters), | |
t.createQueryString() | |
} | |
, | |
t.prototype.createTokenRequestBody = function(e) { | |
var t; | |
return g(this, void 0, void 0, (function() { | |
var r, n, o, i, a, s; | |
return f(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return r = e.correlationId, | |
n = null === (t = this.performanceClient) || void 0 === t ? void 0 : t.startMeasurement(ht.BaseClientCreateTokenRequestHeaders, r), | |
(o = new at).addClientId(this.config.authOptions.clientId), | |
o.addScopes(e.scopes), | |
o.addGrantType(R.REFRESH_TOKEN_GRANT), | |
o.addClientInfo(), | |
o.addLibraryInfo(this.config.libraryInfo), | |
o.addApplicationTelemetry(this.config.telemetry.application), | |
o.addThrottling(), | |
this.serverTelemetryManager && o.addServerTelemetry(this.serverTelemetryManager), | |
o.addCorrelationId(r), | |
o.addRefreshToken(e.refreshToken), | |
this.config.clientCredentials.clientSecret && o.addClientSecret(this.config.clientCredentials.clientSecret), | |
this.config.clientCredentials.clientAssertion && (i = this.config.clientCredentials.clientAssertion, | |
o.addClientAssertion(i.assertion), | |
o.addClientAssertionType(i.assertionType)), | |
e.authenticationScheme !== F.POP ? [3, 2] : [4, new gt(this.cryptoUtils).generateCnf(e)]; | |
case 1: | |
return a = c.sent(), | |
o.addPopToken(a.reqCnfString), | |
[3, 3]; | |
case 2: | |
if (e.authenticationScheme === F.SSH) { | |
if (!e.sshJwk) | |
throw null == n || n.endMeasurement({ | |
success: !1 | |
}), | |
ie.createMissingSshJwkError(); | |
o.addSshJwk(e.sshJwk) | |
} | |
c.label = 3; | |
case 3: | |
if ((!$.isEmptyObj(e.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) && o.addClaims(e.claims, this.config.authOptions.clientCapabilities), | |
this.config.systemOptions.preventCorsPreflight && e.ccsCredential) | |
switch (e.ccsCredential.type) { | |
case te.HOME_ACCOUNT_ID: | |
try { | |
s = ee(e.ccsCredential.credential), | |
o.addCcsOid(s) | |
} catch (e) { | |
this.logger.verbose("Could not parse home account ID for CCS Header: " + e) | |
} | |
break; | |
case te.UPN: | |
o.addCcsUpn(e.ccsCredential.credential) | |
} | |
return null == n || n.endMeasurement({ | |
success: !0 | |
}), | |
[2, o.createQueryString()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(ot), xt = function(e) { | |
function t(t, r) { | |
return e.call(this, t, r) || this | |
} | |
return h(t, e), | |
t.prototype.acquireToken = function(e) { | |
return g(this, void 0, void 0, (function() { | |
var t; | |
return f(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return r.trys.push([0, 2, , 3]), | |
[4, this.acquireCachedToken(e)]; | |
case 1: | |
return [2, r.sent()]; | |
case 2: | |
if ((t = r.sent())instanceof X && t.errorCode === Q.tokenRefreshRequired.code) | |
return [2, new Ft(this.config,this.performanceClient).acquireTokenByRefreshToken(e)]; | |
throw t; | |
case 3: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.acquireCachedToken = function(e) { | |
var t, r, n, o; | |
return g(this, void 0, void 0, (function() { | |
var i, a; | |
return f(this, (function(s) { | |
switch (s.label) { | |
case 0: | |
if (!e) | |
throw ie.createEmptyTokenRequestError(); | |
if (e.forceRefresh) | |
throw null === (t = this.serverTelemetryManager) || void 0 === t || t.setCacheOutcome(j.FORCE_REFRESH), | |
this.logger.info("SilentFlowClient:acquireCachedToken - Skipping cache because forceRefresh is true."), | |
X.createRefreshRequiredError(); | |
if (!e.account) | |
throw X.createNoAccountInSilentRequestError(); | |
if (i = e.authority || this.authority.getPreferredCache(), | |
!(a = this.cacheManager.readCacheRecord(e.account, this.config.authOptions.clientId, e, i)).accessToken) | |
throw null === (r = this.serverTelemetryManager) || void 0 === r || r.setCacheOutcome(j.NO_CACHED_ACCESS_TOKEN), | |
this.logger.info("SilentFlowClient:acquireCachedToken - No access token found in cache for the given properties."), | |
X.createRefreshRequiredError(); | |
if (de.wasClockTurnedBack(a.accessToken.cachedAt) || de.isTokenExpired(a.accessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) | |
throw null === (n = this.serverTelemetryManager) || void 0 === n || n.setCacheOutcome(j.CACHED_ACCESS_TOKEN_EXPIRED), | |
this.logger.info("SilentFlowClient:acquireCachedToken - Cached access token is expired or will expire within " + this.config.systemOptions.tokenRenewalOffsetSeconds + " seconds."), | |
X.createRefreshRequiredError(); | |
if (a.accessToken.refreshOn && de.isTokenExpired(a.accessToken.refreshOn, 0)) | |
throw null === (o = this.serverTelemetryManager) || void 0 === o || o.setCacheOutcome(j.REFRESH_CACHED_ACCESS_TOKEN), | |
this.logger.info("SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'."), | |
X.createRefreshRequiredError(); | |
return this.config.serverTelemetryManager && this.config.serverTelemetryManager.incrementCacheHits(), | |
[4, this.generateResultFromCacheRecord(a, e)]; | |
case 1: | |
return [2, s.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.generateResultFromCacheRecord = function(e, t) { | |
return g(this, void 0, void 0, (function() { | |
var r; | |
return f(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return e.idToken && (r = new se(e.idToken.secret,this.config.cryptoInterface)), | |
[4, mt.generateAuthenticationResult(this.cryptoUtils, this.authority, e, !0, t, r)]; | |
case 1: | |
return [2, n.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(ot), Kt = function(e) { | |
function t() { | |
return null !== e && e.apply(this, arguments) || this | |
} | |
return i(t, e), | |
t.prototype.acquireToken = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i; | |
return c(this, (function(a) { | |
switch (a.label) { | |
case 0: | |
return t = this.performanceClient.startMeasurement(ht.SilentCacheClientAcquireToken, e.correlationId), | |
r = this.initializeServerTelemetryManager(Se.acquireTokenSilent_silentFlow), | |
[4, this.createSilentFlowClient(r, e.authority, e.azureCloudOptions)]; | |
case 1: | |
n = a.sent(), | |
this.logger.verbose("Silent auth client created"), | |
a.label = 2; | |
case 2: | |
return a.trys.push([2, 4, , 5]), | |
[4, n.acquireCachedToken(e)]; | |
case 3: | |
return o = a.sent(), | |
t.endMeasurement({ | |
success: !0, | |
fromCache: !0 | |
}), | |
[2, o]; | |
case 4: | |
throw (i = a.sent())instanceof ke && i.errorCode === Re.signingKeyNotFoundInStorage.code && this.logger.verbose("Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair."), | |
t.endMeasurement({ | |
errorCode: i instanceof J && i.errorCode || void 0, | |
subErrorCode: i instanceof J && i.subError || void 0, | |
success: !1 | |
}), | |
i; | |
case 5: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.logout = function() { | |
return Promise.reject(ke.createSilentLogoutUnsupportedError()) | |
} | |
, | |
t.prototype.createSilentFlowClient = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n; | |
return c(this, (function(o) { | |
switch (o.label) { | |
case 0: | |
return [4, this.getClientConfiguration(e, t, r)]; | |
case 1: | |
return n = o.sent(), | |
[2, new xt(n,this.performanceClient)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.initializeSilentRequest = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return r = [a({}, e)], | |
[4, this.initializeBaseRequest(e)]; | |
case 1: | |
return [2, a.apply(void 0, [a.apply(void 0, r.concat([n.sent()])), { | |
account: t, | |
forceRefresh: e.forceRefresh || !1 | |
}])] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(Ut), Bt = function(e) { | |
function t(t, r, n, o, i, a, s, c, u, l, d, h) { | |
var p = e.call(this, t, r, n, o, i, a, c, u, h) || this; | |
return p.apiId = s, | |
p.accountId = l, | |
p.nativeMessageHandler = u, | |
p.nativeStorageManager = d, | |
p.silentCacheClient = new Kt(t,p.nativeStorageManager,n,o,i,a,c,u,h), | |
p | |
} | |
return i(t, e), | |
t.prototype.acquireToken = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, a, s; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return this.logger.trace("NativeInteractionClient - acquireToken called."), | |
t = this.performanceClient.startMeasurement(ht.NativeInteractionClientAcquireToken, e.correlationId), | |
r = de.nowSeconds(), | |
[4, this.initializeNativeRequest(e)]; | |
case 1: | |
n = c.sent(), | |
c.label = 2; | |
case 2: | |
return c.trys.push([2, 4, , 5]), | |
[4, this.acquireTokensFromCache(this.accountId, n)]; | |
case 3: | |
return o = c.sent(), | |
t.endMeasurement({ | |
success: !0, | |
isNativeBroker: !0, | |
fromCache: !0 | |
}), | |
[2, o]; | |
case 4: | |
return c.sent(), | |
this.logger.info("MSAL internal Cache does not contain tokens, proceed to make a native call"), | |
[3, 5]; | |
case 5: | |
return i = { | |
method: Ee.GetToken, | |
request: n | |
}, | |
[4, this.nativeMessageHandler.sendMessage(i)]; | |
case 6: | |
return a = c.sent(), | |
s = this.validateNativeResponse(a), | |
[2, this.handleNativeResponse(s, n, r).then((function(e) { | |
return t.endMeasurement({ | |
success: !0, | |
isNativeBroker: !0 | |
}), | |
e | |
} | |
)).catch((function(e) { | |
throw t.endMeasurement({ | |
success: !1, | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
isNativeBroker: !0 | |
}), | |
e | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.createSilentCacheRequest = function(e, t) { | |
return { | |
authority: e.authority, | |
correlationId: this.correlationId, | |
scopes: ae.fromString(e.scope).asArray(), | |
account: t, | |
forceRefresh: !1 | |
} | |
} | |
, | |
t.prototype.acquireTokensFromCache = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r, n, o; | |
return c(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
if (!(r = this.browserStorage.readAccountFromCacheWithNativeAccountId(e))) | |
throw X.createNoAccountFoundError(); | |
n = r.getAccountInfo(), | |
i.label = 1; | |
case 1: | |
return i.trys.push([1, 3, , 4]), | |
o = this.createSilentCacheRequest(t, n), | |
[4, this.silentCacheClient.acquireToken(o)]; | |
case 2: | |
return [2, i.sent()]; | |
case 3: | |
throw i.sent(); | |
case 4: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.acquireTokenRedirect = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, a; | |
return c(this, (function(s) { | |
switch (s.label) { | |
case 0: | |
return this.logger.trace("NativeInteractionClient - acquireTokenRedirect called."), | |
[4, this.initializeNativeRequest(e)]; | |
case 1: | |
t = s.sent(), | |
r = { | |
method: Ee.GetToken, | |
request: t | |
}, | |
s.label = 2; | |
case 2: | |
return s.trys.push([2, 4, , 5]), | |
[4, this.nativeMessageHandler.sendMessage(r)]; | |
case 3: | |
return n = s.sent(), | |
this.validateNativeResponse(n), | |
[3, 5]; | |
case 4: | |
if ((o = s.sent())instanceof Dt && o.isFatal()) | |
throw o; | |
return [3, 5]; | |
case 5: | |
return this.browserStorage.setTemporaryCache(Te.NATIVE_REQUEST, JSON.stringify(t), !0), | |
i = { | |
apiId: Se.acquireTokenRedirect, | |
timeout: this.config.system.redirectNavigationTimeout, | |
noHistory: !1 | |
}, | |
a = this.config.auth.navigateToLoginRequestUrl ? window.location.href : this.getRedirectUri(e.redirectUri), | |
[4, this.navigationClient.navigateExternal(a, i)]; | |
case 6: | |
return s.sent(), | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.handleRedirectPromise = function() { | |
return s(this, void 0, void 0, (function() { | |
var e, t, r, n, o, i; | |
return c(this, (function(a) { | |
switch (a.label) { | |
case 0: | |
if (this.logger.trace("NativeInteractionClient - handleRedirectPromise called."), | |
!this.browserStorage.isInteractionInProgress(!0)) | |
return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."), | |
[2, null]; | |
if (!(e = this.browserStorage.getCachedNativeRequest())) | |
return this.logger.verbose("NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null."), | |
[2, null]; | |
this.browserStorage.removeItem(this.browserStorage.generateCacheKey(Te.NATIVE_REQUEST)), | |
t = { | |
method: Ee.GetToken, | |
request: e | |
}, | |
r = de.nowSeconds(), | |
a.label = 1; | |
case 1: | |
return a.trys.push([1, 3, , 4]), | |
this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker."), | |
[4, this.nativeMessageHandler.sendMessage(t)]; | |
case 2: | |
return n = a.sent(), | |
this.validateNativeResponse(n), | |
o = this.handleNativeResponse(n, e, r), | |
this.browserStorage.setInteractionInProgress(!1), | |
[2, o]; | |
case 3: | |
throw i = a.sent(), | |
this.browserStorage.setInteractionInProgress(!1), | |
i; | |
case 4: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.logout = function() { | |
return this.logger.trace("NativeInteractionClient - logout called."), | |
Promise.reject("Logout not implemented yet") | |
} | |
, | |
t.prototype.handleNativeResponse = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n, o, i, a, s, u, l, d, h, p, g, f, m, v, y, E, _, C, w, S = this; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
if (this.logger.trace("NativeInteractionClient - handleNativeResponse called."), | |
e.account.id !== t.accountId) | |
throw Dt.createUserSwitchError(); | |
return n = new se(e.id_token || T.EMPTY_STRING,this.browserCrypto), | |
[4, this.getDiscoveredAuthority(t.authority)]; | |
case 1: | |
return o = c.sent(), | |
i = o.getPreferredCache(), | |
a = re.generateHomeAccountId(e.client_info || T.EMPTY_STRING, W.Default, this.logger, this.browserCrypto, n), | |
s = re.createAccount(e.client_info, a, n, void 0, void 0, void 0, i, e.account.id), | |
this.browserStorage.setAccount(s), | |
u = e.scope ? ae.fromString(e.scope) : ae.fromString(t.scope), | |
l = e.account.properties || {}, | |
d = l.UID || n.claims.oid || n.claims.sub || T.EMPTY_STRING, | |
h = l.TenantId || n.claims.tid || T.EMPTY_STRING, | |
g = F.BEARER, | |
t.tokenType === F.POP ? [3, 2] : [3, 4]; | |
case 2: | |
if (g = F.POP, | |
e.shr) | |
return this.logger.trace("handleNativeServerResponse: SHR is enabled in native layer"), | |
p = e.shr, | |
[3, 5]; | |
if (f = new gt(this.browserCrypto), | |
m = { | |
resourceRequestMethod: t.resourceRequestMethod, | |
resourceRequestUri: t.resourceRequestUri, | |
shrClaims: t.shrClaims, | |
shrNonce: t.shrNonce | |
}, | |
!t.keyId) | |
throw X.createKeyIdMissingError(); | |
return [4, f.signPopToken(e.access_token, t.keyId, m)]; | |
case 3: | |
return p = c.sent(), | |
[3, 5]; | |
case 4: | |
p = e.access_token, | |
c.label = 5; | |
case 5: | |
return v = this.getMATSFromResponse(e), | |
y = { | |
authority: o.canonicalAuthority, | |
uniqueId: d, | |
tenantId: h, | |
scopes: u.asArray(), | |
account: s.getAccountInfo(), | |
idToken: e.id_token, | |
idTokenClaims: n.claims, | |
accessToken: p, | |
fromCache: !!v && this.isResponseFromCache(v), | |
expiresOn: new Date(1e3 * Number(r + e.expires_in)), | |
tokenType: g, | |
correlationId: this.correlationId, | |
state: e.state, | |
fromNativeBroker: !0 | |
}, | |
E = le.createIdTokenEntity(a, t.authority, e.id_token || T.EMPTY_STRING, t.clientId, n.claims.tid || T.EMPTY_STRING), | |
this.nativeStorageManager.setIdTokenCredential(E), | |
_ = g === F.POP ? T.SHR_NONCE_VALIDITY : ("string" == typeof e.expires_in ? parseInt(e.expires_in, 10) : e.expires_in) || 0, | |
C = r + _, | |
w = he.createAccessTokenEntity(a, t.authority, p, t.clientId, h, u.printScopes(), C, 0, this.browserCrypto), | |
this.nativeStorageManager.setAccessTokenCredential(w), | |
this.browserStorage.removeAccountContext(s).catch((function(e) { | |
S.logger.error("Error occurred while removing account context from browser storage. " + e) | |
} | |
)), | |
[2, y] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.validateNativeResponse = function(e) { | |
if (e.hasOwnProperty("access_token") && e.hasOwnProperty("id_token") && e.hasOwnProperty("client_info") && e.hasOwnProperty("account") && e.hasOwnProperty("scope") && e.hasOwnProperty("expires_in")) | |
return e; | |
throw Dt.createUnexpectedError("Response missing expected properties.") | |
} | |
, | |
t.prototype.getMATSFromResponse = function(e) { | |
if (e.properties.MATS) | |
try { | |
return JSON.parse(e.properties.MATS) | |
} catch (e) { | |
this.logger.error("NativeInteractionClient - Error parsing MATS telemetry, returning null instead") | |
} | |
return null | |
} | |
, | |
t.prototype.isResponseFromCache = function(e) { | |
return void 0 === e.is_cached ? (this.logger.verbose("NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false."), | |
!1) : !!e.is_cached | |
} | |
, | |
t.prototype.initializeNativeRequest = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, s, u, l, d, h = this; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return this.logger.trace("NativeInteractionClient - initializeNativeRequest called"), | |
t = e.authority || this.config.auth.authority, | |
(r = new Ke(t)).validateAsUri(), | |
n = e.scopes, | |
o = function(e, t) { | |
var r = {}; | |
for (var n in e) | |
Object.prototype.hasOwnProperty.call(e, n) && t.indexOf(n) < 0 && (r[n] = e[n]); | |
if (null != e && "function" == typeof Object.getOwnPropertySymbols) { | |
var o = 0; | |
for (n = Object.getOwnPropertySymbols(e); o < n.length; o++) | |
t.indexOf(n[o]) < 0 && Object.prototype.propertyIsEnumerable.call(e, n[o]) && (r[n[o]] = e[n[o]]) | |
} | |
return r | |
}(e, ["scopes"]), | |
(i = new ae(n || [])).appendScopes(w), | |
s = function() { | |
switch (h.apiId) { | |
case Se.ssoSilent: | |
case Se.acquireTokenSilent_silentFlow: | |
return h.logger.trace("initializeNativeRequest: silent request sets prompt to none"), | |
A.NONE | |
} | |
if (e.prompt) | |
switch (e.prompt) { | |
case A.NONE: | |
case A.CONSENT: | |
case A.LOGIN: | |
return h.logger.trace("initializeNativeRequest: prompt is compatible with native flow"), | |
e.prompt; | |
default: | |
throw h.logger.trace("initializeNativeRequest: prompt = " + e.prompt + " is not compatible with native flow"), | |
ke.createNativePromptParameterNotSupportedError() | |
} | |
else | |
h.logger.trace("initializeNativeRequest: prompt was not provided") | |
} | |
, | |
u = a(a({}, o), { | |
accountId: this.accountId, | |
clientId: this.config.auth.clientId, | |
authority: r.urlString, | |
scope: i.printScopes(), | |
redirectUri: this.getRedirectUri(e.redirectUri), | |
prompt: s(), | |
correlationId: this.correlationId, | |
tokenType: e.authenticationScheme, | |
windowTitleSubstring: document.title, | |
extraParameters: a(a(a({}, e.extraQueryParameters), e.tokenQueryParameters), { | |
telemetry: "MATS" | |
}), | |
extendedExpiryToken: !1 | |
}), | |
e.authenticationScheme !== F.POP ? [3, 2] : (l = { | |
resourceRequestUri: e.resourceRequestUri, | |
resourceRequestMethod: e.resourceRequestMethod, | |
shrClaims: e.shrClaims, | |
shrNonce: e.shrNonce | |
}, | |
[4, new gt(this.browserCrypto).generateCnf(l)]); | |
case 1: | |
d = c.sent(), | |
u.reqCnf = d.reqCnfHash, | |
u.keyId = d.kid, | |
c.label = 2; | |
case 2: | |
return [2, u] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(Mt), Gt = function() { | |
function e(e, t, r) { | |
this.logger = e, | |
this.handshakeTimeoutMs = t, | |
this.extensionId = r, | |
this.resolvers = new Map, | |
this.handshakeResolvers = new Map, | |
this.responseId = 0, | |
this.messageChannel = new MessageChannel, | |
this.windowListener = this.onWindowMessage.bind(this) | |
} | |
return e.prototype.sendMessage = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r = this; | |
return c(this, (function(n) { | |
return this.logger.trace("NativeMessageHandler - sendMessage called."), | |
t = { | |
channel: Pe, | |
extensionId: this.extensionId, | |
responseId: this.responseId++, | |
body: e | |
}, | |
this.logger.trace("NativeMessageHandler - Sending request to browser extension"), | |
this.logger.tracePii("NativeMessageHandler - Sending request to browser extension: " + JSON.stringify(t)), | |
this.messageChannel.port1.postMessage(t), | |
[2, new Promise((function(e, n) { | |
r.resolvers.set(t.responseId, { | |
resolve: e, | |
reject: n | |
}) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.createProvider = function(t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n, o; | |
return c(this, (function(i) { | |
switch (i.label) { | |
case 0: | |
t.trace("NativeMessageHandler - createProvider called."), | |
i.label = 1; | |
case 1: | |
return i.trys.push([1, 3, , 5]), | |
[4, (n = new e(t,r,"ppnbnpeolgkicgegkbkbjmhlideopiji")).sendHandshakeRequest()]; | |
case 2: | |
return i.sent(), | |
[2, n]; | |
case 3: | |
return i.sent(), | |
[4, (o = new e(t,r)).sendHandshakeRequest()]; | |
case 4: | |
return i.sent(), | |
[2, o]; | |
case 5: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.sendHandshakeRequest = function() { | |
return s(this, void 0, void 0, (function() { | |
var e, t = this; | |
return c(this, (function(r) { | |
return this.logger.trace("NativeMessageHandler - sendHandshakeRequest called."), | |
window.addEventListener("message", this.windowListener, !1), | |
e = { | |
channel: Pe, | |
extensionId: this.extensionId, | |
responseId: this.responseId++, | |
body: { | |
method: Ee.HandshakeRequest | |
} | |
}, | |
this.messageChannel.port1.onmessage = function(e) { | |
t.onChannelMessage(e) | |
} | |
, | |
window.postMessage(e, window.origin, [this.messageChannel.port2]), | |
[2, new Promise((function(r, n) { | |
t.handshakeResolvers.set(e.responseId, { | |
resolve: r, | |
reject: n | |
}), | |
t.timeoutId = window.setTimeout((function() { | |
window.removeEventListener("message", t.windowListener, !1), | |
t.messageChannel.port1.close(), | |
t.messageChannel.port2.close(), | |
n(ke.createNativeHandshakeTimeoutError()), | |
t.handshakeResolvers.delete(e.responseId) | |
} | |
), t.handshakeTimeoutMs) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.onWindowMessage = function(e) { | |
if (this.logger.trace("NativeMessageHandler - onWindowMessage called"), | |
e.source === window) { | |
var t = e.data; | |
if (t.channel && t.channel === Pe && (!t.extensionId || t.extensionId === this.extensionId) && t.body.method === Ee.HandshakeRequest) { | |
this.logger.verbose(t.extensionId ? "Extension with id: " + t.extensionId + " not installed" : "No extension installed"), | |
clearTimeout(this.timeoutId), | |
this.messageChannel.port1.close(), | |
this.messageChannel.port2.close(), | |
window.removeEventListener("message", this.windowListener, !1); | |
var r = this.handshakeResolvers.get(t.responseId); | |
r && r.reject(ke.createNativeExtensionNotInstalledError()) | |
} | |
} | |
} | |
, | |
e.prototype.onChannelMessage = function(e) { | |
this.logger.trace("NativeMessageHandler - onChannelMessage called."); | |
var t = e.data | |
, r = this.resolvers.get(t.responseId) | |
, n = this.handshakeResolvers.get(t.responseId); | |
try { | |
var o = t.body.method; | |
if (o === Ee.Response) { | |
if (!r) | |
return; | |
var i = t.body.response; | |
if (this.logger.trace("NativeMessageHandler - Received response from browser extension"), | |
this.logger.tracePii("NativeMessageHandler - Received response from browser extension: " + JSON.stringify(i)), | |
"Success" !== i.status) | |
r.reject(Dt.createError(i.code, i.description, i.ext)); | |
else { | |
if (!i.result) | |
throw J.createUnexpectedError("Event does not contain result."); | |
i.result.code && i.result.description ? r.reject(Dt.createError(i.result.code, i.result.description, i.result.ext)) : r.resolve(i.result) | |
} | |
this.resolvers.delete(t.responseId) | |
} else if (o === Ee.HandshakeResponse) { | |
if (!n) | |
return; | |
clearTimeout(this.timeoutId), | |
window.removeEventListener("message", this.windowListener, !1), | |
this.extensionId = t.extensionId, | |
this.logger.verbose("NativeMessageHandler - Received HandshakeResponse from extension: " + this.extensionId), | |
n.resolve(), | |
this.handshakeResolvers.delete(t.responseId) | |
} | |
} catch (t) { | |
this.logger.error("Error parsing response from WAM Extension"), | |
this.logger.errorPii("Error parsing response from WAM Extension: " + t.toString()), | |
this.logger.errorPii("Unable to parse " + e), | |
r ? r.reject(t) : n && n.reject(t) | |
} | |
} | |
, | |
e.isNativeAvailable = function(e, t, r, n) { | |
if (t.trace("isNativeAvailable called"), | |
!e.system.allowNativeBroker) | |
return t.trace("isNativeAvailable: allowNativeBroker is not enabled, returning false"), | |
!1; | |
if (!r) | |
return t.trace("isNativeAvailable: WAM extension provider is not initialized, returning false"), | |
!1; | |
if (n) | |
switch (n) { | |
case F.BEARER: | |
case F.POP: | |
return t.trace("isNativeAvailable: authenticationScheme is supported, returning true"), | |
!0; | |
default: | |
return t.trace("isNativeAvailable: authenticationScheme is not supported, returning false"), | |
!1 | |
} | |
return !0 | |
} | |
, | |
e | |
}(), zt = function(e) { | |
function t(t, r, n, o, i, a, s, c, u, l) { | |
var d = e.call(this, t, r, n, o, i, a, s, u, l) || this; | |
return d.nativeStorage = c, | |
d | |
} | |
return i(t, e), | |
t.prototype.acquireToken = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, s, u, l, d, h = this; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return [4, this.initializeAuthorizationRequest(e, Ie.Redirect)]; | |
case 1: | |
t = c.sent(), | |
this.browserStorage.updateCacheEntries(t.state, t.nonce, t.authority, t.loginHint || T.EMPTY_STRING, t.account || null), | |
r = this.initializeServerTelemetryManager(Se.acquireTokenRedirect), | |
n = function(e) { | |
e.persisted && (h.logger.verbose("Page was restored from back/forward cache. Clearing temporary cache."), | |
h.browserStorage.cleanRequestByState(t.state)) | |
} | |
, | |
c.label = 2; | |
case 2: | |
return c.trys.push([2, 7, , 8]), | |
[4, this.initializeAuthorizationCodeRequest(t)]; | |
case 3: | |
return o = c.sent(), | |
[4, this.createAuthCodeClient(r, t.authority, t.azureCloudOptions)]; | |
case 4: | |
return i = c.sent(), | |
this.logger.verbose("Auth code client created"), | |
s = new Ht(i,this.browserStorage,o,this.logger,this.browserCrypto), | |
[4, i.getAuthCodeUrl(a(a({}, t), { | |
nativeBroker: Gt.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, e.authenticationScheme) | |
}))]; | |
case 5: | |
return u = c.sent(), | |
l = this.getRedirectStartPage(e.redirectStartPage), | |
this.logger.verbosePii("Redirect start page: " + l), | |
window.addEventListener("pageshow", n), | |
[4, s.initiateAuthRequest(u, { | |
navigationClient: this.navigationClient, | |
redirectTimeout: this.config.system.redirectNavigationTimeout, | |
redirectStartPage: l, | |
onRedirectNavigate: e.onRedirectNavigate | |
})]; | |
case 6: | |
return [2, c.sent()]; | |
case 7: | |
throw (d = c.sent())instanceof J && d.setCorrelationId(this.correlationId), | |
window.removeEventListener("pageshow", n), | |
r.cacheFailedRequest(d), | |
this.browserStorage.cleanRequestByState(t.state), | |
d; | |
case 8: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.handleRedirectPromise = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, a, s, u, l, d, h, p; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
t = this.initializeServerTelemetryManager(Se.handleRedirectPromise), | |
c.label = 1; | |
case 1: | |
if (c.trys.push([1, 10, , 11]), | |
!this.browserStorage.isInteractionInProgress(!0)) | |
return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."), | |
[2, null]; | |
if (!(r = this.getRedirectResponseHash(e || window.location.hash))) | |
return this.logger.info("handleRedirectPromise did not detect a response hash as a result of a redirect. Cleaning temporary cache."), | |
this.browserStorage.cleanRequestByInteractionType(Ie.Redirect), | |
[2, null]; | |
n = void 0; | |
try { | |
o = Ke.getDeserializedHash(r), | |
n = this.validateAndExtractStateFromHash(o, Ie.Redirect), | |
this.logger.verbose("State extracted from hash") | |
} catch (e) { | |
return this.logger.info("handleRedirectPromise was unable to extract state due to: " + e), | |
this.browserStorage.cleanRequestByInteractionType(Ie.Redirect), | |
[2, null] | |
} | |
return i = this.browserStorage.getTemporaryCache(Te.ORIGIN_URI, !0) || T.EMPTY_STRING, | |
a = Ke.removeHashFromUrl(i), | |
s = Ke.removeHashFromUrl(window.location.href), | |
a === s && this.config.auth.navigateToLoginRequestUrl ? (this.logger.verbose("Current page is loginRequestUrl, handling hash"), | |
[4, this.handleHash(r, n, t)]) : [3, 3]; | |
case 2: | |
return u = c.sent(), | |
i.indexOf("#") > -1 && Ot.replaceHash(i), | |
[2, u]; | |
case 3: | |
return this.config.auth.navigateToLoginRequestUrl ? [3, 4] : (this.logger.verbose("NavigateToLoginRequestUrl set to false, handling hash"), | |
[2, this.handleHash(r, n, t)]); | |
case 4: | |
return Ot.isInIframe() && !this.config.system.allowRedirectInIframe ? [3, 9] : (this.browserStorage.setTemporaryCache(Te.URL_HASH, r, !0), | |
l = { | |
apiId: Se.handleRedirectPromise, | |
timeout: this.config.system.redirectNavigationTimeout, | |
noHistory: !0 | |
}, | |
d = !0, | |
i && "null" !== i ? [3, 6] : (h = Ot.getHomepage(), | |
this.browserStorage.setTemporaryCache(Te.ORIGIN_URI, h, !0), | |
this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"), | |
[4, this.navigationClient.navigateInternal(h, l)])); | |
case 5: | |
return d = c.sent(), | |
[3, 8]; | |
case 6: | |
return this.logger.verbose("Navigating to loginRequestUrl: " + i), | |
[4, this.navigationClient.navigateInternal(i, l)]; | |
case 7: | |
d = c.sent(), | |
c.label = 8; | |
case 8: | |
if (!d) | |
return [2, this.handleHash(r, n, t)]; | |
c.label = 9; | |
case 9: | |
return [2, null]; | |
case 10: | |
throw (p = c.sent())instanceof J && p.setCorrelationId(this.correlationId), | |
t.cacheFailedRequest(p), | |
this.browserStorage.cleanRequestByInteractionType(Ie.Redirect), | |
p; | |
case 11: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.getRedirectResponseHash = function(e) { | |
if (this.logger.verbose("getRedirectResponseHash called"), | |
Ke.hashContainsKnownProperties(e)) | |
return Ot.clearHash(window), | |
this.logger.verbose("Hash contains known properties, returning response hash"), | |
e; | |
var t = this.browserStorage.getTemporaryCache(Te.URL_HASH, !0); | |
return this.browserStorage.removeItem(this.browserStorage.generateCacheKey(Te.URL_HASH)), | |
this.logger.verbose("Hash does not contain known properties, returning cached hash"), | |
t | |
} | |
, | |
t.prototype.handleHash = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n, o, i, s, u, l, d = this; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
if (n = this.browserStorage.getCachedRequest(t, this.browserCrypto), | |
this.logger.verbose("handleHash called, retrieved cached request"), | |
(o = Ke.getDeserializedHash(e)).accountId) { | |
if (this.logger.verbose("Account id found in hash, calling WAM for token"), | |
!this.nativeMessageHandler) | |
throw ke.createNativeConnectionNotEstablishedError(); | |
return i = new Bt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,Se.acquireTokenPopup,this.performanceClient,this.nativeMessageHandler,o.accountId,this.browserStorage,n.correlationId), | |
s = ye.parseRequestState(this.browserCrypto, t).userRequestState, | |
[2, i.acquireToken(a(a({}, n), { | |
state: s, | |
prompt: void 0 | |
})).finally((function() { | |
d.browserStorage.cleanRequestByState(t) | |
} | |
))] | |
} | |
if (!(u = this.browserStorage.getCachedAuthority(t))) | |
throw ke.createNoCachedAuthorityError(); | |
return [4, this.createAuthCodeClient(r, u)]; | |
case 1: | |
return l = c.sent(), | |
this.logger.verbose("Auth code client created"), | |
rt.removeThrottle(this.browserStorage, this.config.auth.clientId, n), | |
[4, new Ht(l,this.browserStorage,n,this.logger,this.browserCrypto).handleCodeResponseFromHash(e, t, l.authority, this.networkClient)]; | |
case 2: | |
return [2, c.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.logout = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, a; | |
return c(this, (function(s) { | |
switch (s.label) { | |
case 0: | |
this.logger.verbose("logoutRedirect called"), | |
t = this.initializeLogoutRequest(e), | |
r = this.initializeServerTelemetryManager(Se.logout), | |
s.label = 1; | |
case 1: | |
return s.trys.push([1, 10, , 11]), | |
this.eventHandler.emitEvent(Tt.LOGOUT_START, Ie.Redirect, e), | |
[4, this.clearCacheOnLogout(t.account)]; | |
case 2: | |
return s.sent(), | |
n = { | |
apiId: Se.logout, | |
timeout: this.config.system.redirectNavigationTimeout, | |
noHistory: !1 | |
}, | |
[4, this.createAuthCodeClient(r, e && e.authority)]; | |
case 3: | |
return o = s.sent(), | |
this.logger.verbose("Auth code client created"), | |
i = o.getLogoutUri(t), | |
this.eventHandler.emitEvent(Tt.LOGOUT_SUCCESS, Ie.Redirect, t), | |
e && "function" == typeof e.onRedirectNavigate ? !1 === e.onRedirectNavigate(i) ? [3, 5] : (this.logger.verbose("Logout onRedirectNavigate did not return false, navigating"), | |
this.browserStorage.getInteractionInProgress() || this.browserStorage.setInteractionInProgress(!0), | |
[4, this.navigationClient.navigateExternal(i, n)]) : [3, 7]; | |
case 4: | |
return s.sent(), | |
[2]; | |
case 5: | |
this.browserStorage.setInteractionInProgress(!1), | |
this.logger.verbose("Logout onRedirectNavigate returned false, stopping navigation"), | |
s.label = 6; | |
case 6: | |
return [3, 9]; | |
case 7: | |
return this.browserStorage.getInteractionInProgress() || this.browserStorage.setInteractionInProgress(!0), | |
[4, this.navigationClient.navigateExternal(i, n)]; | |
case 8: | |
return s.sent(), | |
[2]; | |
case 9: | |
return [3, 11]; | |
case 10: | |
throw (a = s.sent())instanceof J && a.setCorrelationId(this.correlationId), | |
r.cacheFailedRequest(a), | |
this.eventHandler.emitEvent(Tt.LOGOUT_FAILURE, Ie.Redirect, null, a), | |
this.eventHandler.emitEvent(Tt.LOGOUT_END, Ie.Redirect), | |
a; | |
case 11: | |
return this.eventHandler.emitEvent(Tt.LOGOUT_END, Ie.Redirect), | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.getRedirectStartPage = function(e) { | |
var t = e || window.location.href; | |
return Ke.getAbsoluteUrl(t, Ot.getCurrentUri()) | |
} | |
, | |
t | |
}(Ut), jt = function(e) { | |
function t(t, r, n, o, i, a, s, c, u, l) { | |
var d = e.call(this, t, r, n, o, i, a, s, u, l) || this; | |
return d.unloadWindow = d.unloadWindow.bind(d), | |
d.nativeStorage = c, | |
d | |
} | |
return i(t, e), | |
t.prototype.acquireToken = function(e) { | |
try { | |
var t = this.generatePopupName(e.scopes || w, e.authority || this.config.auth.authority) | |
, r = e.popupWindowAttributes || {}; | |
if (this.config.system.asyncPopups) | |
return this.logger.verbose("asyncPopups set to true, acquiring token"), | |
this.acquireTokenPopupAsync(e, t, r); | |
this.logger.verbose("asyncPopup set to false, opening popup before acquiring token"); | |
var n = this.openSizedPopup("about:blank", t, r); | |
return this.acquireTokenPopupAsync(e, t, r, n) | |
} catch (e) { | |
return Promise.reject(e) | |
} | |
} | |
, | |
t.prototype.logout = function(e) { | |
try { | |
this.logger.verbose("logoutPopup called"); | |
var t = this.initializeLogoutRequest(e) | |
, r = this.generateLogoutPopupName(t) | |
, n = e && e.authority | |
, o = e && e.mainWindowRedirectUri | |
, i = (null == e ? void 0 : e.popupWindowAttributes) || {}; | |
if (this.config.system.asyncPopups) | |
return this.logger.verbose("asyncPopups set to true"), | |
this.logoutPopupAsync(t, r, i, n, void 0, o); | |
this.logger.verbose("asyncPopup set to false, opening popup"); | |
var a = this.openSizedPopup("about:blank", r, i); | |
return this.logoutPopupAsync(t, r, i, n, a, o) | |
} catch (e) { | |
return Promise.reject(e) | |
} | |
} | |
, | |
t.prototype.acquireTokenPopupAsync = function(e, t, r, n) { | |
return s(this, void 0, void 0, (function() { | |
var o, i, s, u, l, d, h, p, g, f, m, v, y, E, _, C, w = this; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return this.logger.verbose("acquireTokenPopupAsync called"), | |
o = this.initializeServerTelemetryManager(Se.acquireTokenPopup), | |
[4, this.initializeAuthorizationRequest(e, Ie.Popup)]; | |
case 1: | |
i = c.sent(), | |
this.browserStorage.updateCacheEntries(i.state, i.nonce, i.authority, i.loginHint || T.EMPTY_STRING, i.account || null), | |
c.label = 2; | |
case 2: | |
return c.trys.push([2, 8, , 9]), | |
[4, this.initializeAuthorizationCodeRequest(i)]; | |
case 3: | |
return s = c.sent(), | |
[4, this.createAuthCodeClient(o, i.authority, i.azureCloudOptions)]; | |
case 4: | |
return u = c.sent(), | |
this.logger.verbose("Auth code client created"), | |
l = Gt.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, e.authenticationScheme), | |
d = void 0, | |
l && (d = this.performanceClient.startMeasurement(ht.FetchAccountIdWithNativeBroker, e.correlationId)), | |
[4, u.getAuthCodeUrl(a(a({}, i), { | |
nativeBroker: l | |
}))]; | |
case 5: | |
return h = c.sent(), | |
p = new qt(u,this.browserStorage,s,this.logger), | |
g = { | |
popup: n, | |
popupName: t, | |
popupWindowAttributes: r | |
}, | |
f = this.initiateAuthRequest(h, g), | |
this.eventHandler.emitEvent(Tt.POPUP_OPENED, Ie.Popup, { | |
popupWindow: f | |
}, null), | |
[4, this.monitorPopupForHash(f)]; | |
case 6: | |
if (m = c.sent(), | |
v = Ke.getDeserializedHash(m), | |
y = this.validateAndExtractStateFromHash(v, Ie.Popup, i.correlationId), | |
rt.removeThrottle(this.browserStorage, this.config.auth.clientId, s), | |
v.accountId) { | |
if (this.logger.verbose("Account id found in hash, calling WAM for token"), | |
d && d.endMeasurement({ | |
success: !0, | |
isNativeBroker: !0 | |
}), | |
!this.nativeMessageHandler) | |
throw ke.createNativeConnectionNotEstablishedError(); | |
return E = new Bt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,Se.acquireTokenPopup,this.performanceClient,this.nativeMessageHandler,v.accountId,this.nativeStorage,i.correlationId), | |
_ = ye.parseRequestState(this.browserCrypto, y).userRequestState, | |
[2, E.acquireToken(a(a({}, i), { | |
state: _, | |
prompt: void 0 | |
})).finally((function() { | |
w.browserStorage.cleanRequestByState(y) | |
} | |
))] | |
} | |
return [4, p.handleCodeResponseFromHash(m, y, u.authority, this.networkClient)]; | |
case 7: | |
return [2, c.sent()]; | |
case 8: | |
throw C = c.sent(), | |
n && n.close(), | |
C instanceof J && C.setCorrelationId(this.correlationId), | |
o.cacheFailedRequest(C), | |
this.browserStorage.cleanRequestByState(i.state), | |
C; | |
case 9: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.logoutPopupAsync = function(e, t, r, n, o, i) { | |
return s(this, void 0, void 0, (function() { | |
var a, s, u, l, d, h, p; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
this.logger.verbose("logoutPopupAsync called"), | |
this.eventHandler.emitEvent(Tt.LOGOUT_START, Ie.Popup, e), | |
a = this.initializeServerTelemetryManager(Se.logoutPopup), | |
c.label = 1; | |
case 1: | |
return c.trys.push([1, 5, , 6]), | |
[4, this.clearCacheOnLogout(e.account)]; | |
case 2: | |
return c.sent(), | |
[4, this.createAuthCodeClient(a, n)]; | |
case 3: | |
return s = c.sent(), | |
this.logger.verbose("Auth code client created"), | |
u = s.getLogoutUri(e), | |
this.eventHandler.emitEvent(Tt.LOGOUT_SUCCESS, Ie.Popup, e), | |
l = this.openPopup(u, { | |
popupName: t, | |
popupWindowAttributes: r, | |
popup: o | |
}), | |
this.eventHandler.emitEvent(Tt.POPUP_OPENED, Ie.Popup, { | |
popupWindow: l | |
}, null), | |
[4, this.waitForLogoutPopup(l)]; | |
case 4: | |
return c.sent(), | |
i ? (d = { | |
apiId: Se.logoutPopup, | |
timeout: this.config.system.redirectNavigationTimeout, | |
noHistory: !1 | |
}, | |
h = Ke.getAbsoluteUrl(i, Ot.getCurrentUri()), | |
this.logger.verbose("Redirecting main window to url specified in the request"), | |
this.logger.verbosePii("Redirecting main window to: " + h), | |
this.navigationClient.navigateInternal(h, d)) : this.logger.verbose("No main window navigation requested"), | |
[3, 6]; | |
case 5: | |
throw p = c.sent(), | |
o && o.close(), | |
p instanceof J && p.setCorrelationId(this.correlationId), | |
this.browserStorage.setInteractionInProgress(!1), | |
this.eventHandler.emitEvent(Tt.LOGOUT_FAILURE, Ie.Popup, null, p), | |
this.eventHandler.emitEvent(Tt.LOGOUT_END, Ie.Popup), | |
a.cacheFailedRequest(p), | |
p; | |
case 6: | |
return this.eventHandler.emitEvent(Tt.LOGOUT_END, Ie.Popup), | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.initiateAuthRequest = function(e, t) { | |
if ($.isEmpty(e)) | |
throw this.logger.error("Navigate url is empty"), | |
ke.createEmptyNavigationUriError(); | |
return this.logger.infoPii("Navigate to: " + e), | |
this.openPopup(e, t) | |
} | |
, | |
t.prototype.monitorPopupForHash = function(e) { | |
var t = this; | |
return new Promise((function(r, n) { | |
var o = t.config.system.windowHashTimeout / Ne.POLL_INTERVAL_MS | |
, i = 0; | |
t.logger.verbose("PopupHandler.monitorPopupForHash - polling started"); | |
var a = setInterval((function() { | |
if (e.closed) | |
return t.logger.error("PopupHandler.monitorPopupForHash - window closed"), | |
t.cleanPopup(), | |
clearInterval(a), | |
void n(ke.createUserCancelledError()); | |
var s = T.EMPTY_STRING | |
, c = T.EMPTY_STRING; | |
try { | |
s = e.location.href, | |
c = e.location.hash | |
} catch (e) {} | |
$.isEmpty(s) || "about:blank" === s || (t.logger.verbose("PopupHandler.monitorPopupForHash - popup window is on same origin as caller"), | |
i++, | |
c ? (t.logger.verbose("PopupHandler.monitorPopupForHash - found hash in url"), | |
clearInterval(a), | |
t.cleanPopup(e), | |
Ke.hashContainsKnownProperties(c) ? (t.logger.verbose("PopupHandler.monitorPopupForHash - hash contains known properties, returning."), | |
r(c)) : (t.logger.error("PopupHandler.monitorPopupForHash - found hash in url but it does not contain known properties. Check that your router is not changing the hash prematurely."), | |
t.logger.errorPii("PopupHandler.monitorPopupForHash - hash found: " + c), | |
n(ke.createHashDoesNotContainKnownPropertiesError()))) : i > o && (t.logger.error("PopupHandler.monitorPopupForHash - unable to find hash in url, timing out"), | |
clearInterval(a), | |
n(ke.createMonitorPopupTimeoutError()))) | |
} | |
), Ne.POLL_INTERVAL_MS) | |
} | |
)) | |
} | |
, | |
t.prototype.waitForLogoutPopup = function(e) { | |
var t = this; | |
return new Promise((function(r) { | |
t.logger.verbose("PopupHandler.waitForLogoutPopup - polling started"); | |
var n = setInterval((function() { | |
e.closed && (t.logger.error("PopupHandler.waitForLogoutPopup - window closed"), | |
t.cleanPopup(), | |
clearInterval(n), | |
r()); | |
var o = T.EMPTY_STRING; | |
try { | |
o = e.location.href | |
} catch (e) {} | |
$.isEmpty(o) || "about:blank" === o || (t.logger.verbose("PopupHandler.waitForLogoutPopup - popup window is on same origin as caller, closing."), | |
clearInterval(n), | |
t.cleanPopup(e), | |
r()) | |
} | |
), Ne.POLL_INTERVAL_MS) | |
} | |
)) | |
} | |
, | |
t.prototype.openPopup = function(e, t) { | |
try { | |
var r = void 0; | |
if (t.popup ? (r = t.popup, | |
this.logger.verbosePii("Navigating popup window to: " + e), | |
r.location.assign(e)) : void 0 === t.popup && (this.logger.verbosePii("Opening popup window to: " + e), | |
r = this.openSizedPopup(e, t.popupName, t.popupWindowAttributes)), | |
!r) | |
throw ke.createEmptyWindowCreatedError(); | |
return r.focus && r.focus(), | |
this.currentWindow = r, | |
window.addEventListener("beforeunload", this.unloadWindow), | |
r | |
} catch (e) { | |
throw this.logger.error("error opening popup " + e.message), | |
this.browserStorage.setInteractionInProgress(!1), | |
ke.createPopupWindowError(e.toString()) | |
} | |
} | |
, | |
t.prototype.openSizedPopup = function(e, t, r) { | |
var n, o, i, a, s = window.screenLeft ? window.screenLeft : window.screenX, c = window.screenTop ? window.screenTop : window.screenY, u = window.innerWidth || document.documentElement.clientWidth || document.body.clientWidth, l = window.innerHeight || document.documentElement.clientHeight || document.body.clientHeight, d = null === (n = r.popupSize) || void 0 === n ? void 0 : n.width, h = null === (o = r.popupSize) || void 0 === o ? void 0 : o.height, p = null === (i = r.popupPosition) || void 0 === i ? void 0 : i.top, g = null === (a = r.popupPosition) || void 0 === a ? void 0 : a.left; | |
return (!d || d < 0 || d > u) && (this.logger.verbose("Default popup window width used. Window width not configured or invalid."), | |
d = Ne.POPUP_WIDTH), | |
(!h || h < 0 || h > l) && (this.logger.verbose("Default popup window height used. Window height not configured or invalid."), | |
h = Ne.POPUP_HEIGHT), | |
(!p || p < 0 || p > l) && (this.logger.verbose("Default popup window top position used. Window top not configured or invalid."), | |
p = Math.max(0, l / 2 - Ne.POPUP_HEIGHT / 2 + c)), | |
(!g || g < 0 || g > u) && (this.logger.verbose("Default popup window left position used. Window left not configured or invalid."), | |
g = Math.max(0, u / 2 - Ne.POPUP_WIDTH / 2 + s)), | |
window.open(e, t, "width=" + d + ", height=" + h + ", top=" + p + ", left=" + g + ", scrollbars=yes") | |
} | |
, | |
t.prototype.unloadWindow = function(e) { | |
this.browserStorage.cleanRequestByInteractionType(Ie.Popup), | |
this.currentWindow && this.currentWindow.close(), | |
e.preventDefault() | |
} | |
, | |
t.prototype.cleanPopup = function(e) { | |
e && e.close(), | |
window.removeEventListener("beforeunload", this.unloadWindow), | |
this.browserStorage.setInteractionInProgress(!1) | |
} | |
, | |
t.prototype.generatePopupName = function(e, t) { | |
return Ne.POPUP_NAME_PREFIX + "." + this.config.auth.clientId + "." + e.join("-") + "." + t + "." + this.correlationId | |
} | |
, | |
t.prototype.generateLogoutPopupName = function(e) { | |
var t = e.account && e.account.homeAccountId; | |
return Ne.POPUP_NAME_PREFIX + "." + this.config.auth.clientId + "." + t + "." + this.correlationId | |
} | |
, | |
t | |
}(Ut), Yt = { | |
sendGetRequestAsync: function() { | |
return Promise.reject(J.createUnexpectedError("Network interface - sendGetRequestAsync() has not been implemented for the Network interface.")) | |
}, | |
sendPostRequestAsync: function() { | |
return Promise.reject(J.createUnexpectedError("Network interface - sendPostRequestAsync() has not been implemented for the Network interface.")) | |
} | |
}, Wt = function() { | |
function e() {} | |
return e.prototype.navigateInternal = function(t, r) { | |
return e.defaultNavigateWindow(t, r) | |
} | |
, | |
e.prototype.navigateExternal = function(t, r) { | |
return e.defaultNavigateWindow(t, r) | |
} | |
, | |
e.defaultNavigateWindow = function(e, t) { | |
return t.noHistory ? window.location.replace(e) : window.location.assign(e), | |
new Promise((function(e) { | |
setTimeout((function() { | |
e(!0) | |
} | |
), t.timeout) | |
} | |
)) | |
} | |
, | |
e | |
}(), Vt = 6e3, Jt = function(e) { | |
function t(t, r, n, o, i) { | |
var a = e.call(this, t, r, n, o) || this; | |
return a.navigateFrameWait = i, | |
a | |
} | |
return i(t, e), | |
t.prototype.initiateAuthRequest = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
if ($.isEmpty(e)) | |
throw this.logger.info("Navigate url is empty"), | |
ke.createEmptyNavigationUriError(); | |
return this.navigateFrameWait ? [4, this.loadFrame(e)] : [3, 2]; | |
case 1: | |
return t = r.sent(), | |
[3, 3]; | |
case 2: | |
t = this.loadFrameSync(e), | |
r.label = 3; | |
case 3: | |
return [2, t] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.monitorIframeForHash = function(e, t) { | |
var r = this; | |
return new Promise((function(n, o) { | |
t < Vt && r.logger.warning("system.loadFrameTimeout or system.iframeHashTimeout set to lower (" + t + "ms) than the default (" + Vt + "ms). This may result in timeouts."); | |
var i = window.performance.now() + t | |
, a = setInterval((function() { | |
if (window.performance.now() > i) | |
return r.removeHiddenIframe(e), | |
clearInterval(a), | |
void o(ke.createMonitorIframeTimeoutError()); | |
var t = T.EMPTY_STRING | |
, s = e.contentWindow; | |
try { | |
t = s ? s.location.href : T.EMPTY_STRING | |
} catch (e) {} | |
if (!$.isEmpty(t)) { | |
var c = s ? s.location.hash : T.EMPTY_STRING; | |
return Ke.hashContainsKnownProperties(c) ? (r.removeHiddenIframe(e), | |
clearInterval(a), | |
void n(c)) : void 0 | |
} | |
} | |
), Ne.POLL_INTERVAL_MS) | |
} | |
)) | |
} | |
, | |
t.prototype.loadFrame = function(e) { | |
var t = this; | |
return new Promise((function(r, n) { | |
var o = t.createHiddenIframe(); | |
setTimeout((function() { | |
o ? (o.src = e, | |
r(o)) : n("Unable to load iframe") | |
} | |
), t.navigateFrameWait) | |
} | |
)) | |
} | |
, | |
t.prototype.loadFrameSync = function(e) { | |
var t = this.createHiddenIframe(); | |
return t.src = e, | |
t | |
} | |
, | |
t.prototype.createHiddenIframe = function() { | |
var e = document.createElement("iframe"); | |
return e.style.visibility = "hidden", | |
e.style.position = "absolute", | |
e.style.width = e.style.height = "0", | |
e.style.border = "0", | |
e.setAttribute("sandbox", "allow-scripts allow-same-origin allow-forms"), | |
document.getElementsByTagName("body")[0].appendChild(e), | |
e | |
} | |
, | |
t.prototype.removeHiddenIframe = function(e) { | |
document.body === e.parentNode && document.body.removeChild(e) | |
} | |
, | |
t | |
}(qt), Qt = function(e) { | |
function t(t, r, n, o, i, a, s, c, u, l, d) { | |
var h = e.call(this, t, r, n, o, i, a, c, l, d) || this; | |
return h.apiId = s, | |
h.nativeStorage = u, | |
h | |
} | |
return i(t, e), | |
t.prototype.acquireToken = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i; | |
return c(this, (function(s) { | |
switch (s.label) { | |
case 0: | |
if (this.logger.verbose("acquireTokenByIframe called"), | |
t = this.performanceClient.startMeasurement(ht.SilentIframeClientAcquireToken, e.correlationId), | |
$.isEmpty(e.loginHint) && $.isEmpty(e.sid) && (!e.account || $.isEmpty(e.account.username)) && this.logger.warning("No user hint provided. The authorization server may need more information to complete this request."), | |
e.prompt && e.prompt !== A.NONE) | |
throw t.endMeasurement({ | |
success: !1 | |
}), | |
ke.createSilentPromptValueError(e.prompt); | |
return [4, this.initializeAuthorizationRequest(a(a({}, e), { | |
prompt: A.NONE | |
}), Ie.Silent)]; | |
case 1: | |
r = s.sent(), | |
this.browserStorage.updateCacheEntries(r.state, r.nonce, r.authority, r.loginHint || T.EMPTY_STRING, r.account || null), | |
n = this.initializeServerTelemetryManager(this.apiId), | |
s.label = 2; | |
case 2: | |
return s.trys.push([2, 5, , 6]), | |
[4, this.createAuthCodeClient(n, r.authority, r.azureCloudOptions)]; | |
case 3: | |
return o = s.sent(), | |
this.logger.verbose("Auth code client created"), | |
[4, this.silentTokenHelper(o, r).then((function(e) { | |
return t.endMeasurement({ | |
success: !0, | |
fromCache: !1 | |
}), | |
e | |
} | |
))]; | |
case 4: | |
return [2, s.sent()]; | |
case 5: | |
throw (i = s.sent())instanceof J && i.setCorrelationId(this.correlationId), | |
n.cacheFailedRequest(i), | |
this.browserStorage.cleanRequestByState(r.state), | |
t.endMeasurement({ | |
errorCode: i instanceof J && i.errorCode || void 0, | |
subErrorCode: i instanceof J && i.subError || void 0, | |
success: !1 | |
}), | |
i; | |
case 6: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.logout = function() { | |
return Promise.reject(ke.createSilentLogoutUnsupportedError()) | |
} | |
, | |
t.prototype.silentTokenHelper = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r, n, o, i, s, u, l, d, h, p = this; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return [4, this.initializeAuthorizationCodeRequest(t)]; | |
case 1: | |
return r = c.sent(), | |
[4, e.getAuthCodeUrl(a(a({}, t), { | |
nativeBroker: Gt.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, t.authenticationScheme) | |
}))]; | |
case 2: | |
return n = c.sent(), | |
[4, (o = new Jt(e,this.browserStorage,r,this.logger,this.config.system.navigateFrameWait)).initiateAuthRequest(n)]; | |
case 3: | |
return i = c.sent(), | |
[4, o.monitorIframeForHash(i, this.config.system.iframeHashTimeout)]; | |
case 4: | |
if (s = c.sent(), | |
u = Ke.getDeserializedHash(s), | |
l = this.validateAndExtractStateFromHash(u, Ie.Silent, r.correlationId), | |
u.accountId) { | |
if (this.logger.verbose("Account id found in hash, calling WAM for token"), | |
!this.nativeMessageHandler) | |
throw ke.createNativeConnectionNotEstablishedError(); | |
return d = new Bt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.apiId,this.performanceClient,this.nativeMessageHandler,u.accountId,this.browserStorage,this.correlationId), | |
h = ye.parseRequestState(this.browserCrypto, l).userRequestState, | |
[2, d.acquireToken(a(a({}, t), { | |
state: h, | |
prompt: A.NONE | |
})).finally((function() { | |
p.browserStorage.cleanRequestByState(l) | |
} | |
))] | |
} | |
return [2, o.handleCodeResponseFromHash(s, l, e.authority, this.networkClient)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(Ut), Xt = function(e) { | |
function t() { | |
return null !== e && e.apply(this, arguments) || this | |
} | |
return i(t, e), | |
t.prototype.acquireToken = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, s = this; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return r = [a({}, e)], | |
[4, this.initializeBaseRequest(e)]; | |
case 1: | |
return t = a.apply(void 0, r.concat([c.sent()])), | |
n = this.performanceClient.startMeasurement(ht.SilentRefreshClientAcquireToken, t.correlationId), | |
o = this.initializeServerTelemetryManager(Se.acquireTokenSilent_silentFlow), | |
[4, this.createRefreshTokenClient(o, t.authority, t.azureCloudOptions)]; | |
case 2: | |
return i = c.sent(), | |
this.logger.verbose("Refresh token client created"), | |
[2, i.acquireTokenByRefreshToken(t).then((function(e) { | |
return n.endMeasurement({ | |
success: !0, | |
fromCache: e.fromCache | |
}), | |
e | |
} | |
)).catch((function(e) { | |
throw e instanceof J && e.setCorrelationId(s.correlationId), | |
o.cacheFailedRequest(e), | |
n.endMeasurement({ | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
success: !1 | |
}), | |
e | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.logout = function() { | |
return Promise.reject(ke.createSilentLogoutUnsupportedError()) | |
} | |
, | |
t.prototype.createRefreshTokenClient = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n; | |
return c(this, (function(o) { | |
switch (o.label) { | |
case 0: | |
return [4, this.getClientConfiguration(e, t, r)]; | |
case 1: | |
return n = o.sent(), | |
[2, new Ft(n,this.performanceClient)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(Ut), $t = function() { | |
function e(e, t) { | |
this.eventCallbacks = new Map, | |
this.logger = e, | |
this.browserCrypto = t, | |
this.listeningToStorageEvents = !1, | |
this.handleAccountCacheChange = this.handleAccountCacheChange.bind(this) | |
} | |
return e.prototype.addEventCallback = function(e) { | |
if ("undefined" != typeof window) { | |
var t = this.browserCrypto.createNewGuid(); | |
return this.eventCallbacks.set(t, e), | |
this.logger.verbose("Event callback registered with id: " + t), | |
t | |
} | |
return null | |
} | |
, | |
e.prototype.removeEventCallback = function(e) { | |
this.eventCallbacks.delete(e), | |
this.logger.verbose("Event callback " + e + " removed.") | |
} | |
, | |
e.prototype.enableAccountStorageEvents = function() { | |
"undefined" != typeof window && (this.listeningToStorageEvents ? this.logger.verbose("Account storage listener already registered.") : (this.logger.verbose("Adding account storage listener."), | |
this.listeningToStorageEvents = !0, | |
window.addEventListener("storage", this.handleAccountCacheChange))) | |
} | |
, | |
e.prototype.disableAccountStorageEvents = function() { | |
"undefined" != typeof window && (this.listeningToStorageEvents ? (this.logger.verbose("Removing account storage listener."), | |
window.removeEventListener("storage", this.handleAccountCacheChange), | |
this.listeningToStorageEvents = !1) : this.logger.verbose("No account storage listener registered.")) | |
} | |
, | |
e.prototype.emitEvent = function(e, t, r, n) { | |
var o = this; | |
if ("undefined" != typeof window) { | |
var i = { | |
eventType: e, | |
interactionType: t || null, | |
payload: r || null, | |
error: n || null, | |
timestamp: Date.now() | |
}; | |
this.logger.info("Emitting event: " + e), | |
this.eventCallbacks.forEach((function(t, r) { | |
o.logger.verbose("Emitting event to callback " + r + ": " + e), | |
t.apply(null, [i]) | |
} | |
)) | |
} | |
} | |
, | |
e.prototype.handleAccountCacheChange = function(e) { | |
try { | |
var t = e.newValue || e.oldValue; | |
if (!t) | |
return; | |
var r = JSON.parse(t); | |
if ("object" != typeof r || !re.isAccountEntity(r)) | |
return; | |
var n = ce.toObject(new re, r).getAccountInfo(); | |
!e.oldValue && e.newValue ? (this.logger.info("Account was added to cache in a different window"), | |
this.emitEvent(Tt.ACCOUNT_ADDED, void 0, n)) : !e.newValue && e.oldValue && (this.logger.info("Account was removed from cache in a different window"), | |
this.emitEvent(Tt.ACCOUNT_REMOVED, void 0, n)) | |
} catch (e) { | |
return | |
} | |
} | |
, | |
e | |
}(), Zt = function(e) { | |
function t(r, n) { | |
var o = e.call(this, r, n) || this; | |
return o.name = "JoseHeaderError", | |
Object.setPrototypeOf(o, t.prototype), | |
o | |
} | |
return h(t, e), | |
t.createMissingKidError = function() { | |
return new t("missing_kid_error","The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.") | |
} | |
, | |
t.createMissingAlgError = function() { | |
return new t("missing_alg_error","The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided.") | |
} | |
, | |
t | |
}(J), er = function() { | |
function e(e) { | |
this.typ = e.typ, | |
this.alg = e.alg, | |
this.kid = e.kid | |
} | |
return e.getShrHeaderString = function(t) { | |
if (!t.kid) | |
throw Zt.createMissingKidError(); | |
if (!t.alg) | |
throw Zt.createMissingAlgError(); | |
var r = new e({ | |
typ: t.typ || Y.Jwt, | |
kid: t.kid, | |
alg: t.alg | |
}); | |
return JSON.stringify(r) | |
} | |
, | |
e | |
}(), tr = function() { | |
function e() {} | |
return e.decimalToHex = function(e) { | |
for (var t = e.toString(16); t.length < 2; ) | |
t = "0" + t; | |
return t | |
} | |
, | |
e | |
}(), rr = function() { | |
function e(e) { | |
this.cryptoObj = e | |
} | |
return e.prototype.generateGuid = function() { | |
try { | |
var e = new Uint8Array(16); | |
return this.cryptoObj.getRandomValues(e), | |
e[6] |= 64, | |
e[6] &= 79, | |
e[8] |= 128, | |
e[8] &= 191, | |
tr.decimalToHex(e[0]) + tr.decimalToHex(e[1]) + tr.decimalToHex(e[2]) + tr.decimalToHex(e[3]) + "-" + tr.decimalToHex(e[4]) + tr.decimalToHex(e[5]) + "-" + tr.decimalToHex(e[6]) + tr.decimalToHex(e[7]) + "-" + tr.decimalToHex(e[8]) + tr.decimalToHex(e[9]) + "-" + tr.decimalToHex(e[10]) + tr.decimalToHex(e[11]) + tr.decimalToHex(e[12]) + tr.decimalToHex(e[13]) + tr.decimalToHex(e[14]) + tr.decimalToHex(e[15]) | |
} catch (e) { | |
for (var t = "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx", r = "0123456789abcdef", n = 0, o = T.EMPTY_STRING, i = 0; i < 36; i++) | |
"-" !== t[i] && "4" !== t[i] && (n = 16 * Math.random() | 0), | |
"x" === t[i] ? o += r[n] : "y" === t[i] ? (n &= 3, | |
o += r[n |= 8]) : o += t[i]; | |
return o | |
} | |
} | |
, | |
e.prototype.isGuid = function(e) { | |
return /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(e) | |
} | |
, | |
e | |
}(), nr = function() { | |
function e() {} | |
return e.stringToUtf8Arr = function(e) { | |
for (var t, r = 0, n = e.length, o = 0; o < n; o++) | |
r += (t = e.charCodeAt(o)) < 128 ? 1 : t < 2048 ? 2 : t < 65536 ? 3 : t < 2097152 ? 4 : t < 67108864 ? 5 : 6; | |
for (var i = new Uint8Array(r), a = 0, s = 0; a < r; s++) | |
(t = e.charCodeAt(s)) < 128 ? i[a++] = t : t < 2048 ? (i[a++] = 192 + (t >>> 6), | |
i[a++] = 128 + (63 & t)) : t < 65536 ? (i[a++] = 224 + (t >>> 12), | |
i[a++] = 128 + (t >>> 6 & 63), | |
i[a++] = 128 + (63 & t)) : t < 2097152 ? (i[a++] = 240 + (t >>> 18), | |
i[a++] = 128 + (t >>> 12 & 63), | |
i[a++] = 128 + (t >>> 6 & 63), | |
i[a++] = 128 + (63 & t)) : t < 67108864 ? (i[a++] = 248 + (t >>> 24), | |
i[a++] = 128 + (t >>> 18 & 63), | |
i[a++] = 128 + (t >>> 12 & 63), | |
i[a++] = 128 + (t >>> 6 & 63), | |
i[a++] = 128 + (63 & t)) : (i[a++] = 252 + (t >>> 30), | |
i[a++] = 128 + (t >>> 24 & 63), | |
i[a++] = 128 + (t >>> 18 & 63), | |
i[a++] = 128 + (t >>> 12 & 63), | |
i[a++] = 128 + (t >>> 6 & 63), | |
i[a++] = 128 + (63 & t)); | |
return i | |
} | |
, | |
e.stringToArrayBuffer = function(e) { | |
for (var t = new ArrayBuffer(e.length), r = new Uint8Array(t), n = 0; n < e.length; n++) | |
r[n] = e.charCodeAt(n); | |
return t | |
} | |
, | |
e.utf8ArrToString = function(e) { | |
for (var t = T.EMPTY_STRING, r = void 0, n = e.length, o = 0; o < n; o++) | |
r = e[o], | |
t += String.fromCharCode(r > 251 && r < 254 && o + 5 < n ? 1073741824 * (r - 252) + (e[++o] - 128 << 24) + (e[++o] - 128 << 18) + (e[++o] - 128 << 12) + (e[++o] - 128 << 6) + e[++o] - 128 : r > 247 && r < 252 && o + 4 < n ? (r - 248 << 24) + (e[++o] - 128 << 18) + (e[++o] - 128 << 12) + (e[++o] - 128 << 6) + e[++o] - 128 : r > 239 && r < 248 && o + 3 < n ? (r - 240 << 18) + (e[++o] - 128 << 12) + (e[++o] - 128 << 6) + e[++o] - 128 : r > 223 && r < 240 && o + 2 < n ? (r - 224 << 12) + (e[++o] - 128 << 6) + e[++o] - 128 : r > 191 && r < 224 && o + 1 < n ? (r - 192 << 6) + e[++o] - 128 : r); | |
return t | |
} | |
, | |
e | |
}(), or = function() { | |
function e() {} | |
return e.prototype.urlEncode = function(e) { | |
return encodeURIComponent(this.encode(e).replace(/=/g, T.EMPTY_STRING).replace(/\+/g, "-").replace(/\//g, "_")) | |
} | |
, | |
e.prototype.urlEncodeArr = function(e) { | |
return this.base64EncArr(e).replace(/=/g, T.EMPTY_STRING).replace(/\+/g, "-").replace(/\//g, "_") | |
} | |
, | |
e.prototype.encode = function(e) { | |
var t = nr.stringToUtf8Arr(e); | |
return this.base64EncArr(t) | |
} | |
, | |
e.prototype.base64EncArr = function(e) { | |
for (var t = (3 - e.length % 3) % 3, r = T.EMPTY_STRING, n = void 0, o = e.length, i = 0, a = 0; a < o; a++) | |
n = a % 3, | |
i |= e[a] << (16 >>> n & 24), | |
2 !== n && e.length - a != 1 || (r += String.fromCharCode(this.uint6ToB64(i >>> 18 & 63), this.uint6ToB64(i >>> 12 & 63), this.uint6ToB64(i >>> 6 & 63), this.uint6ToB64(63 & i)), | |
i = 0); | |
return 0 === t ? r : r.substring(0, r.length - t) + (1 === t ? "=" : "==") | |
} | |
, | |
e.prototype.uint6ToB64 = function(e) { | |
return e < 26 ? e + 65 : e < 52 ? e + 71 : e < 62 ? e - 4 : 62 === e ? 43 : 63 === e ? 47 : 65 | |
} | |
, | |
e | |
}(), ir = function() { | |
function e() {} | |
return e.prototype.decode = function(e) { | |
var t = e.replace(/-/g, "+").replace(/_/g, "/"); | |
switch (t.length % 4) { | |
case 0: | |
break; | |
case 2: | |
t += "=="; | |
break; | |
case 3: | |
t += "="; | |
break; | |
default: | |
throw new Error("Invalid base64 string") | |
} | |
var r = this.base64DecToArr(t); | |
return nr.utf8ArrToString(r) | |
} | |
, | |
e.prototype.base64DecToArr = function(e, t) { | |
for (var r = e.replace(/[^A-Za-z0-9\+\/]/g, T.EMPTY_STRING), n = r.length, o = t ? Math.ceil((3 * n + 1 >>> 2) / t) * t : 3 * n + 1 >>> 2, i = new Uint8Array(o), a = void 0, s = void 0, c = 0, u = 0, l = 0; l < n; l++) | |
if (s = 3 & l, | |
c |= this.b64ToUint6(r.charCodeAt(l)) << 18 - 6 * s, | |
3 === s || n - l == 1) { | |
for (a = 0; a < 3 && u < o; a++, | |
u++) | |
i[u] = c >>> (16 >>> a & 24) & 255; | |
c = 0 | |
} | |
return i | |
} | |
, | |
e.prototype.b64ToUint6 = function(e) { | |
return e > 64 && e < 91 ? e - 65 : e > 96 && e < 123 ? e - 71 : e > 47 && e < 58 ? e + 4 : 43 === e ? 62 : 47 === e ? 63 : 0 | |
} | |
, | |
e | |
}(), ar = function() { | |
function e(e) { | |
this.base64Encode = new or, | |
this.cryptoObj = e | |
} | |
return e.prototype.generateCodes = function() { | |
return s(this, void 0, void 0, (function() { | |
var e, t; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return e = this.generateCodeVerifier(), | |
[4, this.generateCodeChallengeFromVerifier(e)]; | |
case 1: | |
return t = r.sent(), | |
[2, { | |
verifier: e, | |
challenge: t | |
}] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.generateCodeVerifier = function() { | |
try { | |
var e = new Uint8Array(32); | |
return this.cryptoObj.getRandomValues(e), | |
this.base64Encode.urlEncodeArr(e) | |
} catch (e) { | |
throw ke.createPkceNotGeneratedError(e) | |
} | |
} | |
, | |
e.prototype.generateCodeChallengeFromVerifier = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return n.trys.push([0, 2, , 3]), | |
[4, this.cryptoObj.sha256Digest(e)]; | |
case 1: | |
return t = n.sent(), | |
[2, this.base64Encode.urlEncodeArr(new Uint8Array(t))]; | |
case 2: | |
throw r = n.sent(), | |
ke.createPkceNotGeneratedError(r); | |
case 3: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}(), sr = "SHA-256", cr = new Uint8Array([1, 0, 1]), ur = function() { | |
function e(e) { | |
if (this.logger = e, | |
!this.hasCryptoAPI()) | |
throw ke.createCryptoNotAvailableError("Browser crypto or msCrypto object not available."); | |
this._keygenAlgorithmOptions = { | |
name: "RSASSA-PKCS1-v1_5", | |
hash: sr, | |
modulusLength: 2048, | |
publicExponent: cr | |
} | |
} | |
return e.prototype.sha256Digest = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t; | |
return c(this, (function(r) { | |
return t = nr.stringToUtf8Arr(e), | |
[2, this.hasIECrypto() ? this.getMSCryptoDigest(sr, t) : this.getSubtleCryptoDigest(sr, t)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getRandomValues = function(e) { | |
var t = window.msCrypto || window.crypto; | |
if (!t.getRandomValues) | |
throw ke.createCryptoNotAvailableError("getRandomValues does not exist."); | |
t.getRandomValues(e) | |
} | |
, | |
e.prototype.generateKeyPair = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(r) { | |
return [2, this.hasIECrypto() ? this.msCryptoGenerateKey(e, t) : window.crypto.subtle.generateKey(this._keygenAlgorithmOptions, e, t)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.exportJwk = function(e) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(t) { | |
return [2, this.hasIECrypto() ? this.msCryptoExportJwk(e) : window.crypto.subtle.exportKey(Ue, e)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.importJwk = function(t, r, n) { | |
return s(this, void 0, void 0, (function() { | |
var o, i; | |
return c(this, (function(a) { | |
return o = e.getJwkString(t), | |
i = nr.stringToArrayBuffer(o), | |
[2, this.hasIECrypto() ? this.msCryptoImportKey(i, r, n) : window.crypto.subtle.importKey(Ue, t, this._keygenAlgorithmOptions, r, n)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.sign = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(r) { | |
return [2, this.hasIECrypto() ? this.msCryptoSign(e, t) : window.crypto.subtle.sign(this._keygenAlgorithmOptions, e, t)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.hasCryptoAPI = function() { | |
return this.hasIECrypto() || this.hasBrowserCrypto() | |
} | |
, | |
e.prototype.hasIECrypto = function() { | |
return "msCrypto"in window | |
} | |
, | |
e.prototype.hasBrowserCrypto = function() { | |
return "crypto"in window | |
} | |
, | |
e.prototype.getSubtleCryptoDigest = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(r) { | |
return [2, window.crypto.subtle.digest(e, t)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getMSCryptoDigest = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(r) { | |
return [2, new Promise((function(r, n) { | |
var o = window.msCrypto.subtle.digest(e, t.buffer); | |
o.addEventListener("complete", (function(e) { | |
r(e.target.result) | |
} | |
)), | |
o.addEventListener("error", (function(e) { | |
n(e) | |
} | |
)) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.msCryptoGenerateKey = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r = this; | |
return c(this, (function(n) { | |
return [2, new Promise((function(n, o) { | |
var i = window.msCrypto.subtle.generateKey(r._keygenAlgorithmOptions, e, t); | |
i.addEventListener("complete", (function(e) { | |
n(e.target.result) | |
} | |
)), | |
i.addEventListener("error", (function(e) { | |
o(e) | |
} | |
)) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.msCryptoExportJwk = function(e) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(t) { | |
return [2, new Promise((function(t, r) { | |
var n = window.msCrypto.subtle.exportKey(Ue, e); | |
n.addEventListener("complete", (function(e) { | |
var n = e.target.result | |
, o = nr.utf8ArrToString(new Uint8Array(n)).replace(/\r/g, T.EMPTY_STRING).replace(/\n/g, T.EMPTY_STRING).replace(/\t/g, T.EMPTY_STRING).split(" ").join(T.EMPTY_STRING).replace("\0", T.EMPTY_STRING); | |
try { | |
t(JSON.parse(o)) | |
} catch (e) { | |
r(e) | |
} | |
} | |
)), | |
n.addEventListener("error", (function(e) { | |
r(e) | |
} | |
)) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.msCryptoImportKey = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
var n = this; | |
return c(this, (function(o) { | |
return [2, new Promise((function(o, i) { | |
var a = window.msCrypto.subtle.importKey(Ue, e, n._keygenAlgorithmOptions, t, r); | |
a.addEventListener("complete", (function(e) { | |
o(e.target.result) | |
} | |
)), | |
a.addEventListener("error", (function(e) { | |
i(e) | |
} | |
)) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.msCryptoSign = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r = this; | |
return c(this, (function(n) { | |
return [2, new Promise((function(n, o) { | |
var i = window.msCrypto.subtle.sign(r._keygenAlgorithmOptions, e, t); | |
i.addEventListener("complete", (function(e) { | |
n(e.target.result) | |
} | |
)), | |
i.addEventListener("error", (function(e) { | |
o(e) | |
} | |
)) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.getJwkString = function(e) { | |
return JSON.stringify(e, Object.keys(e).sort()) | |
} | |
, | |
e | |
}(), lr = function() { | |
function e() { | |
this.dbName = He, | |
this.version = 1, | |
this.tableName = "msal.db.keys", | |
this.dbOpen = !1 | |
} | |
return e.prototype.open = function() { | |
return s(this, void 0, void 0, (function() { | |
var e = this; | |
return c(this, (function(t) { | |
return [2, new Promise((function(t, r) { | |
var n = window.indexedDB.open(e.dbName, e.version); | |
n.addEventListener("upgradeneeded", (function(t) { | |
t.target.result.createObjectStore(e.tableName) | |
} | |
)), | |
n.addEventListener("success", (function(r) { | |
var n = r; | |
e.db = n.target.result, | |
e.dbOpen = !0, | |
t() | |
} | |
)), | |
n.addEventListener("error", (function() { | |
return r(ke.createDatabaseUnavailableError()) | |
} | |
)) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.closeConnection = function() { | |
var e = this.db; | |
e && this.dbOpen && (e.close(), | |
this.dbOpen = !1) | |
} | |
, | |
e.prototype.validateDbIsOpen = function() { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(e) { | |
switch (e.label) { | |
case 0: | |
return this.dbOpen ? [3, 2] : [4, this.open()]; | |
case 1: | |
return [2, e.sent()]; | |
case 2: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getItem = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t = this; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return [4, this.validateDbIsOpen()]; | |
case 1: | |
return r.sent(), | |
[2, new Promise((function(r, n) { | |
if (!t.db) | |
return n(ke.createDatabaseNotOpenError()); | |
var o = t.db.transaction([t.tableName], "readonly").objectStore(t.tableName).get(e); | |
o.addEventListener("success", (function(e) { | |
var n = e; | |
t.closeConnection(), | |
r(n.target.result) | |
} | |
)), | |
o.addEventListener("error", (function(e) { | |
t.closeConnection(), | |
n(e) | |
} | |
)) | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.setItem = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r = this; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return [4, this.validateDbIsOpen()]; | |
case 1: | |
return n.sent(), | |
[2, new Promise((function(n, o) { | |
if (!r.db) | |
return o(ke.createDatabaseNotOpenError()); | |
var i = r.db.transaction([r.tableName], "readwrite").objectStore(r.tableName).put(t, e); | |
i.addEventListener("success", (function() { | |
r.closeConnection(), | |
n() | |
} | |
)), | |
i.addEventListener("error", (function(e) { | |
r.closeConnection(), | |
o(e) | |
} | |
)) | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.removeItem = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t = this; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return [4, this.validateDbIsOpen()]; | |
case 1: | |
return r.sent(), | |
[2, new Promise((function(r, n) { | |
if (!t.db) | |
return n(ke.createDatabaseNotOpenError()); | |
var o = t.db.transaction([t.tableName], "readwrite").objectStore(t.tableName).delete(e); | |
o.addEventListener("success", (function() { | |
t.closeConnection(), | |
r() | |
} | |
)), | |
o.addEventListener("error", (function(e) { | |
t.closeConnection(), | |
n(e) | |
} | |
)) | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getKeys = function() { | |
return s(this, void 0, void 0, (function() { | |
var e = this; | |
return c(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
return [4, this.validateDbIsOpen()]; | |
case 1: | |
return t.sent(), | |
[2, new Promise((function(t, r) { | |
if (!e.db) | |
return r(ke.createDatabaseNotOpenError()); | |
var n = e.db.transaction([e.tableName], "readonly").objectStore(e.tableName).getAllKeys(); | |
n.addEventListener("success", (function(r) { | |
var n = r; | |
e.closeConnection(), | |
t(n.target.result) | |
} | |
)), | |
n.addEventListener("error", (function(t) { | |
e.closeConnection(), | |
r(t) | |
} | |
)) | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.containsKey = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t = this; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return [4, this.validateDbIsOpen()]; | |
case 1: | |
return r.sent(), | |
[2, new Promise((function(r, n) { | |
if (!t.db) | |
return n(ke.createDatabaseNotOpenError()); | |
var o = t.db.transaction([t.tableName], "readonly").objectStore(t.tableName).count(e); | |
o.addEventListener("success", (function(e) { | |
var n = e; | |
t.closeConnection(), | |
r(1 === n.target.result) | |
} | |
)), | |
o.addEventListener("error", (function(e) { | |
t.closeConnection(), | |
n(e) | |
} | |
)) | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.deleteDatabase = function() { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(e) { | |
return this.db && this.dbOpen && this.closeConnection(), | |
[2, new Promise((function(e, t) { | |
var r = window.indexedDB.deleteDatabase(He); | |
r.addEventListener("success", (function() { | |
return e(!0) | |
} | |
)), | |
r.addEventListener("blocked", (function() { | |
return e(!0) | |
} | |
)), | |
r.addEventListener("error", (function() { | |
return t(!1) | |
} | |
)) | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}(), dr = function() { | |
function e(e, t) { | |
this.inMemoryCache = new xe, | |
this.indexedDBCache = new lr, | |
this.logger = e, | |
this.storeName = t | |
} | |
return e.prototype.handleDatabaseAccessError = function(e) { | |
if (!(e instanceof ke && e.errorCode === Re.databaseUnavailable.code)) | |
throw e; | |
this.logger.error("Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.") | |
} | |
, | |
e.prototype.getItem = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
if (t = this.inMemoryCache.getItem(e)) | |
return [3, 4]; | |
n.label = 1; | |
case 1: | |
return n.trys.push([1, 3, , 4]), | |
this.logger.verbose("Queried item not found in in-memory cache, now querying persistent storage."), | |
[4, this.indexedDBCache.getItem(e)]; | |
case 2: | |
return [2, n.sent()]; | |
case 3: | |
return r = n.sent(), | |
this.handleDatabaseAccessError(r), | |
[3, 4]; | |
case 4: | |
return [2, t] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.setItem = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
this.inMemoryCache.setItem(e, t), | |
n.label = 1; | |
case 1: | |
return n.trys.push([1, 3, , 4]), | |
[4, this.indexedDBCache.setItem(e, t)]; | |
case 2: | |
return n.sent(), | |
[3, 4]; | |
case 3: | |
return r = n.sent(), | |
this.handleDatabaseAccessError(r), | |
[3, 4]; | |
case 4: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.removeItem = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
this.inMemoryCache.removeItem(e), | |
r.label = 1; | |
case 1: | |
return r.trys.push([1, 3, , 4]), | |
[4, this.indexedDBCache.removeItem(e)]; | |
case 2: | |
return r.sent(), | |
[3, 4]; | |
case 3: | |
return t = r.sent(), | |
this.handleDatabaseAccessError(t), | |
[3, 4]; | |
case 4: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getKeys = function() { | |
return s(this, void 0, void 0, (function() { | |
var e, t; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
if (0 !== (e = this.inMemoryCache.getKeys()).length) | |
return [3, 4]; | |
r.label = 1; | |
case 1: | |
return r.trys.push([1, 3, , 4]), | |
this.logger.verbose("In-memory cache is empty, now querying persistent storage."), | |
[4, this.indexedDBCache.getKeys()]; | |
case 2: | |
return [2, r.sent()]; | |
case 3: | |
return t = r.sent(), | |
this.handleDatabaseAccessError(t), | |
[3, 4]; | |
case 4: | |
return [2, e] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.containsKey = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
if (t = this.inMemoryCache.containsKey(e)) | |
return [3, 4]; | |
n.label = 1; | |
case 1: | |
return n.trys.push([1, 3, , 4]), | |
this.logger.verbose("Key not found in in-memory cache, now querying persistent storage."), | |
[4, this.indexedDBCache.containsKey(e)]; | |
case 2: | |
return [2, n.sent()]; | |
case 3: | |
return r = n.sent(), | |
this.handleDatabaseAccessError(r), | |
[3, 4]; | |
case 4: | |
return [2, t] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.clearInMemory = function() { | |
this.logger.verbose("Deleting in-memory keystore " + this.storeName), | |
this.inMemoryCache.clear(), | |
this.logger.verbose("In-memory keystore " + this.storeName + " deleted") | |
} | |
, | |
e.prototype.clearPersistent = function() { | |
return s(this, void 0, void 0, (function() { | |
var e, t; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
return r.trys.push([0, 2, , 3]), | |
this.logger.verbose("Deleting persistent keystore"), | |
[4, this.indexedDBCache.deleteDatabase()]; | |
case 1: | |
return (e = r.sent()) && this.logger.verbose("Persistent keystore deleted"), | |
[2, e]; | |
case 2: | |
return t = r.sent(), | |
this.handleDatabaseAccessError(t), | |
[2, !1]; | |
case 3: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}(); | |
!function(e) { | |
e.asymmetricKeys = "asymmetricKeys", | |
e.symmetricKeys = "symmetricKeys" | |
}(Lt || (Lt = {})); | |
var hr = function() { | |
function e(e) { | |
this.logger = e, | |
this.asymmetricKeys = new dr(this.logger,Lt.asymmetricKeys), | |
this.symmetricKeys = new dr(this.logger,Lt.symmetricKeys) | |
} | |
return e.prototype.clear = function() { | |
return s(this, void 0, void 0, (function() { | |
var e; | |
return c(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
this.asymmetricKeys.clearInMemory(), | |
this.symmetricKeys.clearInMemory(), | |
t.label = 1; | |
case 1: | |
return t.trys.push([1, 3, , 4]), | |
[4, this.asymmetricKeys.clearPersistent()]; | |
case 2: | |
return t.sent(), | |
[2, !0]; | |
case 3: | |
return (e = t.sent())instanceof Error ? this.logger.error("Clearing keystore failed with error: " + e.message) : this.logger.error("Clearing keystore failed with unknown error"), | |
[2, !1]; | |
case 4: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}() | |
, pr = function() { | |
function e(e, t) { | |
this.logger = e, | |
this.browserCrypto = new ur(this.logger), | |
this.b64Encode = new or, | |
this.b64Decode = new ir, | |
this.guidGenerator = new rr(this.browserCrypto), | |
this.pkceGenerator = new ar(this.browserCrypto), | |
this.cache = new hr(this.logger), | |
this.performanceClient = t | |
} | |
return e.prototype.createNewGuid = function() { | |
return this.guidGenerator.generateGuid() | |
} | |
, | |
e.prototype.base64Encode = function(e) { | |
return this.b64Encode.encode(e) | |
} | |
, | |
e.prototype.base64Decode = function(e) { | |
return this.b64Decode.decode(e) | |
} | |
, | |
e.prototype.generatePkceCodes = function() { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(e) { | |
return [2, this.pkceGenerator.generateCodes()] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.getPublicKeyThumbprint = function(t) { | |
var r; | |
return s(this, void 0, void 0, (function() { | |
var n, o, i, a, s, u, l, d; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return n = null === (r = this.performanceClient) || void 0 === r ? void 0 : r.startMeasurement(ht.CryptoOptsGetPublicKeyThumbprint, t.correlationId), | |
[4, this.browserCrypto.generateKeyPair(e.EXTRACTABLE, e.POP_KEY_USAGES)]; | |
case 1: | |
return o = c.sent(), | |
[4, this.browserCrypto.exportJwk(o.publicKey)]; | |
case 2: | |
return i = c.sent(), | |
a = { | |
e: i.e, | |
kty: i.kty, | |
n: i.n | |
}, | |
s = ur.getJwkString(a), | |
[4, this.hashString(s)]; | |
case 3: | |
return u = c.sent(), | |
[4, this.browserCrypto.exportJwk(o.privateKey)]; | |
case 4: | |
return l = c.sent(), | |
[4, this.browserCrypto.importJwk(l, !1, ["sign"])]; | |
case 5: | |
return d = c.sent(), | |
[4, this.cache.asymmetricKeys.setItem(u, { | |
privateKey: d, | |
publicKey: o.publicKey, | |
requestMethod: t.resourceRequestMethod, | |
requestUri: t.resourceRequestUri | |
})]; | |
case 6: | |
return c.sent(), | |
n && n.endMeasurement({ | |
success: !0 | |
}), | |
[2, u] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.removeTokenBindingKey = function(e) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
return [4, this.cache.asymmetricKeys.removeItem(e)]; | |
case 1: | |
return t.sent(), | |
[4, this.cache.asymmetricKeys.containsKey(e)]; | |
case 2: | |
return [2, !t.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.clearKeystore = function() { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(e) { | |
switch (e.label) { | |
case 0: | |
return [4, this.cache.clear()]; | |
case 1: | |
return [2, e.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.signJwt = function(e, t, r) { | |
var n; | |
return s(this, void 0, void 0, (function() { | |
var o, i, a, s, u, l, d, h, p, g, f, m, v; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
return o = null === (n = this.performanceClient) || void 0 === n ? void 0 : n.startMeasurement(ht.CryptoOptsSignJwt, r), | |
[4, this.cache.asymmetricKeys.getItem(t)]; | |
case 1: | |
if (!(i = c.sent())) | |
throw ke.createSigningKeyNotFoundInStorageError(t); | |
return [4, this.browserCrypto.exportJwk(i.publicKey)]; | |
case 2: | |
return a = c.sent(), | |
s = ur.getJwkString(a), | |
u = this.b64Encode.urlEncode(JSON.stringify({ | |
kid: t | |
})), | |
l = er.getShrHeaderString({ | |
kid: u, | |
alg: a.alg | |
}), | |
d = this.b64Encode.urlEncode(l), | |
e.cnf = { | |
jwk: JSON.parse(s) | |
}, | |
h = this.b64Encode.urlEncode(JSON.stringify(e)), | |
p = d + "." + h, | |
g = nr.stringToArrayBuffer(p), | |
[4, this.browserCrypto.sign(i.privateKey, g)]; | |
case 3: | |
return f = c.sent(), | |
m = this.b64Encode.urlEncodeArr(new Uint8Array(f)), | |
v = p + "." + m, | |
o && o.endMeasurement({ | |
success: !0 | |
}), | |
[2, v] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.hashString = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r; | |
return c(this, (function(n) { | |
switch (n.label) { | |
case 0: | |
return [4, this.browserCrypto.sha256Digest(e)]; | |
case 1: | |
return t = n.sent(), | |
r = new Uint8Array(t), | |
[2, this.b64Encode.urlEncodeArr(r)] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.POP_KEY_USAGES = ["sign", "verify"], | |
e.EXTRACTABLE = !0, | |
e | |
}() | |
, gr = function() { | |
function e(e, t, r, n, o, i) { | |
this.authority = t, | |
this.libraryName = n, | |
this.libraryVersion = o, | |
this.applicationTelemetry = i, | |
this.clientId = e, | |
this.logger = r, | |
this.callbacks = new Map, | |
this.eventsByCorrelationId = new Map, | |
this.measurementsById = new Map | |
} | |
return e.prototype.startMeasurement = function(e, t) { | |
var r, n, o = this, i = t || this.generateId(); | |
t || this.logger.info("PerformanceClient: No correlation id provided for " + e + ", generating", i), | |
this.logger.trace("PerformanceClient: Performance measurement started for " + e, i); | |
var a = this.startPerformanceMeasuremeant(e, i); | |
a.startMeasurement(); | |
var s = { | |
eventId: this.generateId(), | |
status: pt.InProgress, | |
authority: this.authority, | |
libraryName: this.libraryName, | |
libraryVersion: this.libraryVersion, | |
appName: null === (r = this.applicationTelemetry) || void 0 === r ? void 0 : r.appName, | |
appVersion: null === (n = this.applicationTelemetry) || void 0 === n ? void 0 : n.appVersion, | |
clientId: this.clientId, | |
name: e, | |
startTimeMs: Date.now(), | |
correlationId: i | |
}; | |
return this.cacheEventByCorrelationId(s), | |
this.cacheMeasurement(s, a), | |
{ | |
endMeasurement: function(e) { | |
var t = o.endMeasurement(p(p({}, s), e)); | |
return t && o.cacheEventByCorrelationId(t), | |
t | |
}, | |
flushMeasurement: function() { | |
return o.flushMeasurements(s.name, s.correlationId) | |
}, | |
discardMeasurement: function() { | |
return o.discardMeasurements(s.correlationId) | |
}, | |
measurement: a, | |
event: s | |
} | |
} | |
, | |
e.prototype.endMeasurement = function(e) { | |
var t = this.measurementsById.get(e.eventId); | |
if (t) { | |
this.measurementsById.delete(e.eventId), | |
t.endMeasurement(); | |
var r = t.flushMeasurement(); | |
if (null !== r) | |
return this.logger.trace("PerformanceClient: Performance measurement ended for " + e.name + ": " + r + " ms", e.correlationId), | |
p(p({ | |
durationMs: Math.round(r) | |
}, e), { | |
status: pt.Completed | |
}); | |
this.logger.trace("PerformanceClient: Performance measurement not taken", e.correlationId) | |
} else | |
this.logger.trace("PerformanceClient: Measurement not found for " + e.eventId, e.correlationId); | |
return null | |
} | |
, | |
e.prototype.cacheEventByCorrelationId = function(e) { | |
var t = this.eventsByCorrelationId.get(e.correlationId); | |
t ? (this.logger.trace("PerformanceClient: Performance measurement for " + e.name + " added/updated", e.correlationId), | |
t.set(e.eventId, e)) : (this.logger.trace("PerformanceClient: Performance measurement for " + e.name + " started", e.correlationId), | |
this.eventsByCorrelationId.set(e.correlationId, (new Map).set(e.eventId, e))) | |
} | |
, | |
e.prototype.cacheMeasurement = function(e, t) { | |
this.measurementsById.set(e.eventId, t) | |
} | |
, | |
e.prototype.flushMeasurements = function(e, t) { | |
var r = this; | |
this.logger.trace("PerformanceClient: Performance measurements flushed for " + e, t); | |
var n = this.eventsByCorrelationId.get(t); | |
if (n) { | |
this.discardMeasurements(t); | |
var o = []; | |
n.forEach((function(n) { | |
if (n.name !== e && n.status !== pt.Completed) { | |
r.logger.trace("PerformanceClient: Incomplete submeasurement " + n.name + " found for " + e, t); | |
var i = r.endMeasurement(n); | |
i && o.push(i) | |
} | |
o.push(n) | |
} | |
)); | |
var i = o.sort((function(e, t) { | |
return e.startTimeMs - t.startTimeMs | |
} | |
)) | |
, a = i.filter((function(t) { | |
return t.name === e && t.status === pt.Completed | |
} | |
)); | |
if (a.length > 0) { | |
a.length > 1 && this.logger.verbose("PerformanceClient: Multiple distinct top-level performance events found, using the first", t); | |
var s = a[0]; | |
this.logger.verbose("PerformanceClient: Measurement found for " + e, t); | |
var c = i.reduce((function(n, o) { | |
if (o.name !== e) { | |
r.logger.trace("PerformanceClient: Complete submeasurement found for " + o.name, t); | |
var i = o.name + "DurationMs"; | |
n[i] ? r.logger.verbose("PerformanceClient: Submeasurement for " + e + " already exists for " + o.name + ", ignoring", t) : n[i] = o.durationMs, | |
o.accessTokenSize && (n.accessTokenSize = o.accessTokenSize), | |
o.idTokenSize && (n.idTokenSize = o.idTokenSize) | |
} | |
return n | |
} | |
), s); | |
this.emitEvents([c], c.correlationId) | |
} else | |
this.logger.verbose("PerformanceClient: No completed top-level measurements found for " + e, t) | |
} else | |
this.logger.verbose("PerformanceClient: No measurements found", t) | |
} | |
, | |
e.prototype.discardMeasurements = function(e) { | |
this.logger.trace("PerformanceClient: Performance measurements discarded", e), | |
this.eventsByCorrelationId.delete(e) | |
} | |
, | |
e.prototype.addPerformanceCallback = function(e) { | |
var t = this.generateId(); | |
return this.callbacks.set(t, e), | |
this.logger.verbose("PerformanceClient: Performance callback registered with id: " + t), | |
t | |
} | |
, | |
e.prototype.removePerformanceCallback = function(e) { | |
var t = this.callbacks.delete(e); | |
return t ? this.logger.verbose("PerformanceClient: Performance callback " + e + " removed.") : this.logger.verbose("PerformanceClient: Performance callback " + e + " not removed."), | |
t | |
} | |
, | |
e.prototype.emitEvents = function(e, t) { | |
var r = this; | |
this.logger.verbose("PerformanceClient: Emitting performance events", t), | |
this.callbacks.forEach((function(n, o) { | |
r.logger.trace("PerformanceClient: Emitting event to callback " + o, t), | |
n.apply(null, [e]) | |
} | |
)) | |
} | |
, | |
e | |
}() | |
, fr = function() { | |
function e() {} | |
return e.prototype.startMeasurement = function() {} | |
, | |
e.prototype.endMeasurement = function() {} | |
, | |
e.prototype.flushMeasurement = function() { | |
return null | |
} | |
, | |
e | |
}() | |
, mr = function(e) { | |
function t() { | |
return null !== e && e.apply(this, arguments) || this | |
} | |
return h(t, e), | |
t.prototype.generateId = function() { | |
return "callback-id" | |
} | |
, | |
t.prototype.startPerformanceMeasuremeant = function() { | |
return new fr | |
} | |
, | |
t | |
}(gr) | |
, vr = function() { | |
function e(e, t, r, n) { | |
this.isBrowserEnvironment = "undefined" != typeof window, | |
this.config = e, | |
this.storage = t, | |
this.logger = r, | |
this.cryptoObj = n | |
} | |
return e.prototype.loadExternalTokens = function(e, t, r) { | |
if (this.logger.info("TokenCache - loadExternalTokens called"), | |
!t.id_token) | |
throw ke.createUnableToLoadTokenError("Please ensure server response includes id token."); | |
if (e.account) | |
this.loadIdToken(t.id_token, e.account.homeAccountId, e.account.environment, e.account.tenantId, r), | |
this.loadAccessToken(e, t, e.account.homeAccountId, e.account.environment, e.account.tenantId, r); | |
else { | |
if (!e.authority) | |
throw ke.createUnableToLoadTokenError("Please provide a request with an account or a request with authority."); | |
var n = It.generateAuthority(e.authority, e.azureCloudOptions) | |
, o = { | |
protocolMode: this.config.auth.protocolMode, | |
knownAuthorities: this.config.auth.knownAuthorities, | |
cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata, | |
authorityMetadata: this.config.auth.authorityMetadata, | |
skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache | |
} | |
, i = new It(n,this.config.system.networkClient,this.storage,o); | |
if (r.clientInfo) | |
this.logger.trace("TokenCache - homeAccountId from options"), | |
this.loadIdToken(t.id_token, r.clientInfo, i.hostnameAndPort, i.tenant, r), | |
this.loadAccessToken(e, t, r.clientInfo, i.hostnameAndPort, i.tenant, r); | |
else { | |
if (!t.client_info) | |
throw ke.createUnableToLoadTokenError("Please provide clientInfo in the response or options."); | |
this.logger.trace("TokenCache - homeAccountId from response"), | |
this.loadIdToken(t.id_token, t.client_info, i.hostnameAndPort, i.tenant, r), | |
this.loadAccessToken(e, t, t.client_info, i.hostnameAndPort, i.tenant, r) | |
} | |
} | |
} | |
, | |
e.prototype.loadIdToken = function(e, t, r, n, o) { | |
var i = le.createIdTokenEntity(t, r, e, this.config.auth.clientId, n) | |
, a = new se(e,this.cryptoObj) | |
, s = o.clientInfo ? re.createAccount(o.clientInfo, t, a, void 0, void 0, void 0, r) : re.createGenericAccount(t, a, void 0, void 0, void 0, r); | |
if (!this.isBrowserEnvironment) | |
throw ke.createUnableToLoadTokenError("loadExternalTokens is designed to work in browser environments only."); | |
this.logger.verbose("TokenCache - loading id token"), | |
this.storage.setAccount(s), | |
this.storage.setIdTokenCredential(i) | |
} | |
, | |
e.prototype.loadAccessToken = function(e, t, r, n, o, i) { | |
if (t.access_token) { | |
if (!t.expires_in) | |
throw ke.createUnableToLoadTokenError("Please ensure server response includes expires_in value."); | |
if (!i.extendedExpiresOn) | |
throw ke.createUnableToLoadTokenError("Please provide an extendedExpiresOn value in the options."); | |
var a = new ae(e.scopes).printScopes() | |
, s = i.expiresOn || t.expires_in + (new Date).getTime() / 1e3 | |
, c = i.extendedExpiresOn | |
, u = he.createAccessTokenEntity(r, n, t.access_token, this.config.auth.clientId, o, a, s, c, this.cryptoObj); | |
if (!this.isBrowserEnvironment) | |
throw ke.createUnableToLoadTokenError("loadExternalTokens is designed to work in browser environments only."); | |
this.logger.verbose("TokenCache - loading access token"), | |
this.storage.setAccessTokenCredential(u) | |
} else | |
this.logger.verbose("TokenCache - No access token provided for caching") | |
} | |
, | |
e | |
}() | |
, yr = function(e) { | |
function t(t) { | |
var r = e.call(this, t) || this; | |
return r.includeRedirectUri = !1, | |
r | |
} | |
return i(t, e), | |
t | |
}(vt) | |
, Er = function(e) { | |
function t(t, r, n, o, i, a, s, c, u, l) { | |
var d = e.call(this, t, r, n, o, i, a, c, u, l) || this; | |
return d.apiId = s, | |
d | |
} | |
return i(t, e), | |
t.prototype.acquireToken = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, s; | |
return c(this, (function(c) { | |
switch (c.label) { | |
case 0: | |
if (this.logger.trace("SilentAuthCodeClient.acquireToken called"), | |
!e.code) | |
throw ke.createAuthCodeRequiredError(); | |
return [4, this.initializeAuthorizationRequest(e, Ie.Silent)]; | |
case 1: | |
t = c.sent(), | |
this.browserStorage.updateCacheEntries(t.state, t.nonce, t.authority, t.loginHint || T.EMPTY_STRING, t.account || null), | |
r = this.initializeServerTelemetryManager(this.apiId), | |
c.label = 2; | |
case 2: | |
return c.trys.push([2, 4, , 5]), | |
n = a(a({}, t), { | |
code: e.code | |
}), | |
[4, this.getClientConfiguration(r, t.authority)]; | |
case 3: | |
return o = c.sent(), | |
i = new yr(o), | |
this.logger.verbose("Auth code client created"), | |
[2, new Jt(i,this.browserStorage,n,this.logger,this.config.system.navigateFrameWait).handleCodeResponseFromServer({ | |
code: e.code, | |
msgraph_host: e.msGraphHost, | |
cloud_graph_host_name: e.cloudGraphHostName, | |
cloud_instance_host_name: e.cloudInstanceHostName | |
}, t.state, i.authority, this.networkClient, !1)]; | |
case 4: | |
throw (s = c.sent())instanceof J && s.setCorrelationId(this.correlationId), | |
r.cacheFailedRequest(s), | |
this.browserStorage.cleanRequestByState(t.state), | |
s; | |
case 5: | |
return [2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.logout = function() { | |
return Promise.reject(ke.createSilentLogoutUnsupportedError()) | |
} | |
, | |
t | |
}(Ut) | |
, _r = function() { | |
function e(e, t) { | |
this.correlationId = t, | |
this.measureName = "msal.measure." + e + "." + this.correlationId, | |
this.startMark = "msal.start." + e + "." + this.correlationId, | |
this.endMark = "msal.end." + e + "." + this.correlationId | |
} | |
return e.supportsBrowserPerformance = function() { | |
return "undefined" != typeof window && void 0 !== window.performance && "function" == typeof window.performance.mark && "function" == typeof window.performance.measure && "function" == typeof window.performance.clearMarks && "function" == typeof window.performance.clearMeasures && "function" == typeof window.performance.getEntriesByName | |
} | |
, | |
e.prototype.startMeasurement = function() { | |
if (e.supportsBrowserPerformance()) | |
try { | |
window.performance.mark(this.startMark) | |
} catch (e) {} | |
} | |
, | |
e.prototype.endMeasurement = function() { | |
if (e.supportsBrowserPerformance()) | |
try { | |
window.performance.mark(this.endMark), | |
window.performance.measure(this.measureName, this.startMark, this.endMark) | |
} catch (e) {} | |
} | |
, | |
e.prototype.flushMeasurement = function() { | |
if (e.supportsBrowserPerformance()) | |
try { | |
var t = window.performance.getEntriesByName(this.measureName, "measure"); | |
if (t.length > 0) { | |
var r = t[0].duration; | |
return window.performance.clearMeasures(this.measureName), | |
window.performance.clearMarks(this.startMark), | |
window.performance.clearMarks(this.endMark), | |
r | |
} | |
} catch (e) {} | |
return null | |
} | |
, | |
e | |
}() | |
, Cr = function(e) { | |
function t(t, r, n, o, i, a) { | |
var s = e.call(this, t, r, n, o, i, a) || this; | |
return s.browserCrypto = new ur(s.logger), | |
s.guidGenerator = new rr(s.browserCrypto), | |
s | |
} | |
return i(t, e), | |
t.prototype.startPerformanceMeasuremeant = function(e, t) { | |
return new _r(e,t) | |
} | |
, | |
t.prototype.generateId = function() { | |
return this.guidGenerator.generateGuid() | |
} | |
, | |
t.prototype.getPageVisibility = function() { | |
var e; | |
return (null === (e = document.visibilityState) || void 0 === e ? void 0 : e.toString()) || null | |
} | |
, | |
t.prototype.startMeasurement = function(t, r) { | |
var n = this | |
, o = this.getPageVisibility() | |
, i = e.prototype.startMeasurement.call(this, t, r); | |
return a(a({}, i), { | |
endMeasurement: function(e) { | |
return i.endMeasurement(a({ | |
startPageVisibility: o, | |
endPageVisibility: n.getPageVisibility() | |
}, e)) | |
} | |
}) | |
} | |
, | |
t | |
}(gr) | |
, Tr = function() { | |
function e(e) { | |
var t, r, n; | |
this.isBrowserEnvironment = "undefined" != typeof window, | |
this.config = function(e, t) { | |
var r = e.auth | |
, n = e.cache | |
, o = e.system | |
, i = e.telemetry | |
, s = { | |
clientId: T.EMPTY_STRING, | |
authority: "" + T.DEFAULT_AUTHORITY, | |
knownAuthorities: [], | |
cloudDiscoveryMetadata: T.EMPTY_STRING, | |
authorityMetadata: T.EMPTY_STRING, | |
redirectUri: T.EMPTY_STRING, | |
postLogoutRedirectUri: T.EMPTY_STRING, | |
navigateToLoginRequestUrl: !0, | |
clientCapabilities: [], | |
protocolMode: Et.AAD, | |
azureCloudOptions: { | |
azureCloudInstance: ze.None, | |
tenant: T.EMPTY_STRING | |
}, | |
skipAuthorityMetadataCache: !1 | |
} | |
, c = { | |
cacheLocation: _e.SessionStorage, | |
storeAuthStateInCookie: !1, | |
secureCookies: !1 | |
} | |
, u = { | |
loggerCallback: function() {}, | |
logLevel: qe.Info, | |
piiLoggingEnabled: !1 | |
} | |
, l = a(a({}, Ve), { | |
loggerOptions: u, | |
networkClient: t ? Ot.getBrowserNetworkClient() : Yt, | |
navigationClient: new Wt, | |
loadFrameTimeout: 0, | |
windowHashTimeout: (null == o ? void 0 : o.loadFrameTimeout) || 6e4, | |
iframeHashTimeout: (null == o ? void 0 : o.loadFrameTimeout) || Vt, | |
navigateFrameWait: t && Ot.detectIEOrEdge() ? 500 : 0, | |
redirectNavigationTimeout: 3e4, | |
asyncPopups: !1, | |
allowRedirectInIframe: !1, | |
allowNativeBroker: !1, | |
nativeBrokerHandshakeTimeout: (null == o ? void 0 : o.nativeBrokerHandshakeTimeout) || 2e3 | |
}) | |
, d = { | |
application: { | |
appName: T.EMPTY_STRING, | |
appVersion: T.EMPTY_STRING | |
} | |
}; | |
return { | |
auth: a(a({}, s), r), | |
cache: a(a({}, c), n), | |
system: a(a({}, l), o), | |
telemetry: a(a({}, d), i) | |
} | |
}(e, this.isBrowserEnvironment), | |
this.initialized = !1, | |
this.logger = new je(this.config.system.loggerOptions,Rt,kt), | |
this.networkClient = this.config.system.networkClient, | |
this.navigationClient = this.config.system.navigationClient, | |
this.redirectResponse = new Map, | |
this.hybridAuthCodeResponses = new Map, | |
this.performanceClient = this.isBrowserEnvironment ? new Cr(this.config.auth.clientId,this.config.auth.authority,this.logger,Rt,kt,this.config.telemetry.application) : new mr(this.config.auth.clientId,this.config.auth.authority,this.logger,Rt,kt,this.config.telemetry.application), | |
this.browserCrypto = this.isBrowserEnvironment ? new pr(this.logger,this.performanceClient) : be, | |
this.eventHandler = new $t(this.logger,this.browserCrypto), | |
this.browserStorage = this.isBrowserEnvironment ? new Ge(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger) : (t = this.config.auth.clientId, | |
r = this.logger, | |
n = { | |
cacheLocation: _e.MemoryStorage, | |
storeAuthStateInCookie: !1, | |
secureCookies: !1 | |
}, | |
new Ge(t,n,be,r)); | |
var o = { | |
cacheLocation: _e.MemoryStorage, | |
storeAuthStateInCookie: !1, | |
secureCookies: !1 | |
}; | |
this.nativeInternalStorage = new Ge(this.config.auth.clientId,o,this.browserCrypto,this.logger), | |
this.tokenCache = new vr(this.config,this.browserStorage,this.logger,this.browserCrypto) | |
} | |
return e.prototype.initialize = function() { | |
return s(this, void 0, void 0, (function() { | |
var e, t; | |
return c(this, (function(r) { | |
switch (r.label) { | |
case 0: | |
if (this.logger.trace("initialize called"), | |
this.initialized) | |
return this.logger.info("initialize has already been called, exiting early."), | |
[2]; | |
if (this.eventHandler.emitEvent(Tt.INITIALIZE_START), | |
!this.config.system.allowNativeBroker) | |
return [3, 4]; | |
r.label = 1; | |
case 1: | |
return r.trys.push([1, 3, , 4]), | |
e = this, | |
[4, Gt.createProvider(this.logger, this.config.system.nativeBrokerHandshakeTimeout)]; | |
case 2: | |
return e.nativeExtensionProvider = r.sent(), | |
[3, 4]; | |
case 3: | |
return t = r.sent(), | |
this.logger.verbose(t), | |
[3, 4]; | |
case 4: | |
return this.initialized = !0, | |
this.eventHandler.emitEvent(Tt.INITIALIZE_END), | |
[2] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.handleRedirectPromise = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, a, s, u, l = this; | |
return c(this, (function(c) { | |
return this.logger.verbose("handleRedirectPromise called"), | |
Ot.blockNativeBrokerCalledBeforeInitialized(this.config.system.allowNativeBroker, this.initialized), | |
t = this.getAllAccounts(), | |
this.isBrowserEnvironment ? (r = e || T.EMPTY_STRING, | |
void 0 === (n = this.redirectResponse.get(r)) ? (this.eventHandler.emitEvent(Tt.HANDLE_REDIRECT_START, Ie.Redirect), | |
this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise"), | |
o = this.browserStorage.getCachedNativeRequest(), | |
i = void 0, | |
o && Gt.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider) && this.nativeExtensionProvider && !e ? (this.logger.trace("handleRedirectPromise - acquiring token from native platform"), | |
a = new Bt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,Se.handleRedirectPromise,this.performanceClient,this.nativeExtensionProvider,o.accountId,this.nativeInternalStorage,o.correlationId), | |
i = a.handleRedirectPromise()) : (this.logger.trace("handleRedirectPromise - acquiring token from web flow"), | |
s = this.browserStorage.getTemporaryCache(Te.CORRELATION_ID, !0) || T.EMPTY_STRING, | |
u = this.createRedirectClient(s), | |
i = u.handleRedirectPromise(e)), | |
n = i.then((function(e) { | |
return e && (t.length < l.getAllAccounts().length ? (l.eventHandler.emitEvent(Tt.LOGIN_SUCCESS, Ie.Redirect, e), | |
l.logger.verbose("handleRedirectResponse returned result, login success")) : (l.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_SUCCESS, Ie.Redirect, e), | |
l.logger.verbose("handleRedirectResponse returned result, acquire token success"))), | |
l.eventHandler.emitEvent(Tt.HANDLE_REDIRECT_END, Ie.Redirect), | |
e | |
} | |
)).catch((function(e) { | |
throw t.length > 0 ? l.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_FAILURE, Ie.Redirect, null, e) : l.eventHandler.emitEvent(Tt.LOGIN_FAILURE, Ie.Redirect, null, e), | |
l.eventHandler.emitEvent(Tt.HANDLE_REDIRECT_END, Ie.Redirect), | |
e | |
} | |
)), | |
this.redirectResponse.set(r, n)) : this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"), | |
[2, n]) : (this.logger.verbose("handleRedirectPromise returns null, not browser environment"), | |
[2, null]) | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.acquireTokenRedirect = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, a = this; | |
return c(this, (function(s) { | |
return t = this.getRequestCorrelationId(e), | |
this.logger.verbose("acquireTokenRedirect called", t), | |
this.preflightBrowserEnvironmentCheck(Ie.Redirect), | |
(r = this.getAllAccounts().length > 0) ? this.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_START, Ie.Redirect, e) : this.eventHandler.emitEvent(Tt.LOGIN_START, Ie.Redirect, e), | |
this.nativeExtensionProvider && this.canUseNative(e) ? (o = new Bt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,Se.acquireTokenRedirect,this.performanceClient,this.nativeExtensionProvider,this.getNativeAccountId(e),this.nativeInternalStorage,e.correlationId), | |
n = o.acquireTokenRedirect(e).catch((function(t) { | |
if (t instanceof Dt && t.isFatal()) | |
return a.nativeExtensionProvider = void 0, | |
a.createRedirectClient(e.correlationId).acquireToken(e); | |
if (t instanceof lt) | |
return a.logger.verbose("acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow"), | |
a.createRedirectClient(e.correlationId).acquireToken(e); | |
throw a.browserStorage.setInteractionInProgress(!1), | |
t | |
} | |
))) : (i = this.createRedirectClient(e.correlationId), | |
n = i.acquireToken(e)), | |
[2, n.catch((function(e) { | |
throw r ? a.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_FAILURE, Ie.Redirect, null, e) : a.eventHandler.emitEvent(Tt.LOGIN_FAILURE, Ie.Redirect, null, e), | |
e | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.acquireTokenPopup = function(e) { | |
var t = this | |
, r = this.getRequestCorrelationId(e) | |
, n = this.performanceClient.startMeasurement(ht.AcquireTokenPopup, r); | |
try { | |
this.logger.verbose("acquireTokenPopup called", r), | |
this.preflightBrowserEnvironmentCheck(Ie.Popup) | |
} catch (e) { | |
return Promise.reject(e) | |
} | |
var o = this.getAllAccounts(); | |
return o.length > 0 ? this.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_START, Ie.Popup, e) : this.eventHandler.emitEvent(Tt.LOGIN_START, Ie.Popup, e), | |
(this.canUseNative(e) ? this.acquireTokenNative(e, Se.acquireTokenPopup).then((function(e) { | |
return t.browserStorage.setInteractionInProgress(!1), | |
n.endMeasurement({ | |
success: !0, | |
isNativeBroker: !0, | |
accessTokenSize: e.accessToken.length, | |
idTokenSize: e.idToken.length | |
}), | |
n.flushMeasurement(), | |
e | |
} | |
)).catch((function(r) { | |
if (r instanceof Dt && r.isFatal()) | |
return t.nativeExtensionProvider = void 0, | |
t.createPopupClient(e.correlationId).acquireToken(e); | |
if (r instanceof lt) | |
return t.logger.verbose("acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow"), | |
t.createPopupClient(e.correlationId).acquireToken(e); | |
throw t.browserStorage.setInteractionInProgress(!1), | |
r | |
} | |
)) : this.createPopupClient(e.correlationId).acquireToken(e)).then((function(e) { | |
return o.length < t.getAllAccounts().length ? t.eventHandler.emitEvent(Tt.LOGIN_SUCCESS, Ie.Popup, e) : t.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_SUCCESS, Ie.Popup, e), | |
n.endMeasurement({ | |
success: !0, | |
accessTokenSize: e.accessToken.length, | |
idTokenSize: e.idToken.length | |
}), | |
n.flushMeasurement(), | |
e | |
} | |
)).catch((function(e) { | |
return o.length > 0 ? t.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_FAILURE, Ie.Popup, null, e) : t.eventHandler.emitEvent(Tt.LOGIN_FAILURE, Ie.Popup, null, e), | |
n.endMeasurement({ | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
success: !1 | |
}), | |
n.flushMeasurement(), | |
Promise.reject(e) | |
} | |
)) | |
} | |
, | |
e.prototype.ssoSilent = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, s = this; | |
return c(this, (function(c) { | |
return t = this.getRequestCorrelationId(e), | |
r = a(a({}, e), { | |
prompt: A.NONE, | |
correlationId: t | |
}), | |
this.preflightBrowserEnvironmentCheck(Ie.Silent), | |
n = this.performanceClient.startMeasurement(ht.SsoSilent, t), | |
this.logger.verbose("ssoSilent called", t), | |
this.eventHandler.emitEvent(Tt.SSO_SILENT_START, Ie.Silent, r), | |
this.canUseNative(r) ? o = this.acquireTokenNative(r, Se.ssoSilent).catch((function(e) { | |
if (e instanceof Dt && e.isFatal()) | |
return s.nativeExtensionProvider = void 0, | |
s.createSilentIframeClient(r.correlationId).acquireToken(r); | |
throw e | |
} | |
)) : (i = this.createSilentIframeClient(r.correlationId), | |
o = i.acquireToken(r)), | |
[2, o.then((function(e) { | |
return s.eventHandler.emitEvent(Tt.SSO_SILENT_SUCCESS, Ie.Silent, e), | |
n.endMeasurement({ | |
success: !0, | |
isNativeBroker: e.fromNativeBroker, | |
accessTokenSize: e.accessToken.length, | |
idTokenSize: e.idToken.length | |
}), | |
n.flushMeasurement(), | |
e | |
} | |
)).catch((function(e) { | |
throw s.eventHandler.emitEvent(Tt.SSO_SILENT_FAILURE, Ie.Silent, null, e), | |
n.endMeasurement({ | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
success: !1 | |
}), | |
n.flushMeasurement(), | |
e | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.acquireTokenByCode = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i = this; | |
return c(this, (function(s) { | |
t = this.getRequestCorrelationId(e), | |
this.preflightBrowserEnvironmentCheck(Ie.Silent), | |
this.logger.trace("acquireTokenByCode called", t), | |
this.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_BY_CODE_START, Ie.Silent, e), | |
r = this.performanceClient.startMeasurement(ht.AcquireTokenByCode, e.correlationId); | |
try { | |
if (e.code) | |
return n = e.code, | |
(o = this.hybridAuthCodeResponses.get(n)) ? (this.logger.verbose("Existing acquireTokenByCode request found", e.correlationId), | |
r.endMeasurement({ | |
success: !0 | |
}), | |
r.discardMeasurement()) : (this.logger.verbose("Initiating new acquireTokenByCode request", t), | |
o = this.acquireTokenByCodeAsync(a(a({}, e), { | |
correlationId: t | |
})).then((function(e) { | |
return i.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_BY_CODE_SUCCESS, Ie.Silent, e), | |
i.hybridAuthCodeResponses.delete(n), | |
r.endMeasurement({ | |
success: !0, | |
accessTokenSize: e.accessToken.length, | |
idTokenSize: e.idToken.length, | |
isNativeBroker: e.fromNativeBroker | |
}), | |
r.flushMeasurement(), | |
e | |
} | |
)).catch((function(e) { | |
throw i.hybridAuthCodeResponses.delete(n), | |
i.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_BY_CODE_FAILURE, Ie.Silent, null, e), | |
r.endMeasurement({ | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
success: !1 | |
}), | |
r.flushMeasurement(), | |
e | |
} | |
)), | |
this.hybridAuthCodeResponses.set(n, o)), | |
[2, o]; | |
if (e.nativeAccountId) { | |
if (this.canUseNative(e, e.nativeAccountId)) | |
return [2, this.acquireTokenNative(e, Se.acquireTokenByCode, e.nativeAccountId).catch((function(e) { | |
throw e instanceof Dt && e.isFatal() && (i.nativeExtensionProvider = void 0), | |
e | |
} | |
))]; | |
throw ke.createUnableToAcquireTokenFromNativePlatformError() | |
} | |
throw ke.createAuthCodeOrNativeAccountIdRequiredError() | |
} catch (e) { | |
throw this.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_BY_CODE_FAILURE, Ie.Silent, null, e), | |
r.endMeasurement({ | |
errorCode: e instanceof J && e.errorCode || void 0, | |
subErrorCode: e instanceof J && e.subError || void 0, | |
success: !1 | |
}), | |
e | |
} | |
return [2] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.acquireTokenByCodeAsync = function(e) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
return this.logger.trace("acquireTokenByCodeAsync called", e.correlationId), | |
[4, this.createSilentAuthCodeClient(e.correlationId).acquireToken(e)]; | |
case 1: | |
return [2, t.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.acquireTokenByRefreshToken = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r = this; | |
return c(this, (function(n) { | |
return Ot.blockReloadInHiddenIframes(), | |
t = this.performanceClient.startMeasurement(ht.AcquireTokenByRefreshToken, e.correlationId), | |
this.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_NETWORK_START, Ie.Silent, e), | |
[2, this.createSilentRefreshClient(e.correlationId).acquireToken(e).then((function(e) { | |
return t.endMeasurement({ | |
success: !0, | |
fromCache: e.fromCache, | |
accessTokenSize: e.accessToken.length, | |
idTokenSize: e.idToken.length | |
}), | |
e | |
} | |
)).catch((function(n) { | |
var o = n instanceof tt | |
, i = n instanceof lt | |
, a = n.errorCode === Ne.INVALID_GRANT_ERROR; | |
if (o && a && !i) | |
return r.logger.verbose("Refresh token expired or invalid, attempting acquire token by iframe", e.correlationId), | |
r.createSilentIframeClient(e.correlationId).acquireToken(e).then((function(e) { | |
return t.endMeasurement({ | |
success: !0, | |
fromCache: e.fromCache, | |
accessTokenSize: e.accessToken.length, | |
idTokenSize: e.idToken.length | |
}), | |
e | |
} | |
)).catch((function(e) { | |
throw t.endMeasurement({ | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
success: !1 | |
}), | |
e | |
} | |
)); | |
throw t.endMeasurement({ | |
success: !1 | |
}), | |
n | |
} | |
))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.logout = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t; | |
return c(this, (function(r) { | |
return t = this.getRequestCorrelationId(e), | |
this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.", t), | |
[2, this.logoutRedirect(a({ | |
correlationId: t | |
}, e))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.logoutRedirect = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t; | |
return c(this, (function(r) { | |
return t = this.getRequestCorrelationId(e), | |
this.preflightBrowserEnvironmentCheck(Ie.Redirect), | |
[2, this.createRedirectClient(t).logout(e)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.logoutPopup = function(e) { | |
try { | |
var t = this.getRequestCorrelationId(e); | |
return this.preflightBrowserEnvironmentCheck(Ie.Popup), | |
this.createPopupClient(t).logout(e) | |
} catch (e) { | |
return Promise.reject(e) | |
} | |
} | |
, | |
e.prototype.getAllAccounts = function() { | |
return this.logger.verbose("getAllAccounts called"), | |
this.isBrowserEnvironment ? this.browserStorage.getAllAccounts() : [] | |
} | |
, | |
e.prototype.getAccountByUsername = function(e) { | |
var t = this.getAllAccounts(); | |
return !$.isEmpty(e) && t && t.length ? (this.logger.verbose("Account matching username found, returning"), | |
this.logger.verbosePii("Returning signed-in accounts matching username: " + e), | |
t.filter((function(t) { | |
return t.username.toLowerCase() === e.toLowerCase() | |
} | |
))[0] || null) : (this.logger.verbose("getAccountByUsername: No matching account found, returning null"), | |
null) | |
} | |
, | |
e.prototype.getAccountByHomeId = function(e) { | |
var t = this.getAllAccounts(); | |
return !$.isEmpty(e) && t && t.length ? (this.logger.verbose("Account matching homeAccountId found, returning"), | |
this.logger.verbosePii("Returning signed-in accounts matching homeAccountId: " + e), | |
t.filter((function(t) { | |
return t.homeAccountId === e | |
} | |
))[0] || null) : (this.logger.verbose("getAccountByHomeId: No matching account found, returning null"), | |
null) | |
} | |
, | |
e.prototype.getAccountByLocalId = function(e) { | |
var t = this.getAllAccounts(); | |
return !$.isEmpty(e) && t && t.length ? (this.logger.verbose("Account matching localAccountId found, returning"), | |
this.logger.verbosePii("Returning signed-in accounts matching localAccountId: " + e), | |
t.filter((function(t) { | |
return t.localAccountId === e | |
} | |
))[0] || null) : (this.logger.verbose("getAccountByLocalId: No matching account found, returning null"), | |
null) | |
} | |
, | |
e.prototype.setActiveAccount = function(e) { | |
this.browserStorage.setActiveAccount(e) | |
} | |
, | |
e.prototype.getActiveAccount = function() { | |
return this.browserStorage.getActiveAccount() | |
} | |
, | |
e.prototype.preflightBrowserEnvironmentCheck = function(e, t) { | |
if (void 0 === t && (t = !0), | |
this.logger.verbose("preflightBrowserEnvironmentCheck started"), | |
Ot.blockNonBrowserEnvironment(this.isBrowserEnvironment), | |
Ot.blockRedirectInIframe(e, this.config.system.allowRedirectInIframe), | |
Ot.blockReloadInHiddenIframes(), | |
Ot.blockAcquireTokenInPopups(), | |
Ot.blockNativeBrokerCalledBeforeInitialized(this.config.system.allowNativeBroker, this.initialized), | |
e === Ie.Redirect && this.config.cache.cacheLocation === _e.MemoryStorage && !this.config.cache.storeAuthStateInCookie) | |
throw De.createInMemoryRedirectUnavailableError(); | |
e !== Ie.Redirect && e !== Ie.Popup || this.preflightInteractiveRequest(t) | |
} | |
, | |
e.prototype.preflightInteractiveRequest = function(e) { | |
this.logger.verbose("preflightInteractiveRequest called, validating app environment"), | |
Ot.blockReloadInHiddenIframes(), | |
e && this.browserStorage.setInteractionInProgress(!0) | |
} | |
, | |
e.prototype.acquireTokenNative = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(n) { | |
if (this.logger.trace("acquireTokenNative called"), | |
!this.nativeExtensionProvider) | |
throw ke.createNativeConnectionNotEstablishedError(); | |
return [2, new Bt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,t,this.performanceClient,this.nativeExtensionProvider,r || this.getNativeAccountId(e),this.nativeInternalStorage,e.correlationId).acquireToken(e)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.canUseNative = function(e, t) { | |
if (this.logger.trace("canUseNative called"), | |
!Gt.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider, e.authenticationScheme)) | |
return this.logger.trace("canUseNative: isNativeAvailable returned false, returning false"), | |
!1; | |
if (e.prompt) | |
switch (e.prompt) { | |
case A.NONE: | |
case A.CONSENT: | |
case A.LOGIN: | |
this.logger.trace("canUseNative: prompt is compatible with native flow"); | |
break; | |
default: | |
return this.logger.trace("canUseNative: prompt = " + e.prompt + " is not compatible with native flow, returning false"), | |
!1 | |
} | |
return !(!t && !this.getNativeAccountId(e) && (this.logger.trace("canUseNative: nativeAccountId is not available, returning false"), | |
1)) | |
} | |
, | |
e.prototype.getNativeAccountId = function(e) { | |
var t = e.account || this.browserStorage.getAccountInfoByHints(e.loginHint, e.sid) || this.getActiveAccount(); | |
return t && t.nativeAccountId || "" | |
} | |
, | |
e.prototype.createPopupClient = function(e) { | |
return new jt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e) | |
} | |
, | |
e.prototype.createRedirectClient = function(e) { | |
return new zt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e) | |
} | |
, | |
e.prototype.createSilentIframeClient = function(e) { | |
return new Qt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,Se.ssoSilent,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e) | |
} | |
, | |
e.prototype.createSilentCacheClient = function(e) { | |
return new Kt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e) | |
} | |
, | |
e.prototype.createSilentRefreshClient = function(e) { | |
return new Xt(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e) | |
} | |
, | |
e.prototype.createSilentAuthCodeClient = function(e) { | |
return new Er(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,Se.acquireTokenByCode,this.performanceClient,this.nativeExtensionProvider,e) | |
} | |
, | |
e.prototype.addEventCallback = function(e) { | |
return this.eventHandler.addEventCallback(e) | |
} | |
, | |
e.prototype.removeEventCallback = function(e) { | |
this.eventHandler.removeEventCallback(e) | |
} | |
, | |
e.prototype.addPerformanceCallback = function(e) { | |
return this.performanceClient.addPerformanceCallback(e) | |
} | |
, | |
e.prototype.removePerformanceCallback = function(e) { | |
return this.performanceClient.removePerformanceCallback(e) | |
} | |
, | |
e.prototype.enableAccountStorageEvents = function() { | |
this.eventHandler.enableAccountStorageEvents() | |
} | |
, | |
e.prototype.disableAccountStorageEvents = function() { | |
this.eventHandler.disableAccountStorageEvents() | |
} | |
, | |
e.prototype.getTokenCache = function() { | |
return this.tokenCache | |
} | |
, | |
e.prototype.getLogger = function() { | |
return this.logger | |
} | |
, | |
e.prototype.setLogger = function(e) { | |
this.logger = e | |
} | |
, | |
e.prototype.initializeWrapperLibrary = function(e, t) { | |
this.browserStorage.setWrapperMetadata(e, t) | |
} | |
, | |
e.prototype.setNavigationClient = function(e) { | |
this.navigationClient = e | |
} | |
, | |
e.prototype.getConfiguration = function() { | |
return this.config | |
} | |
, | |
e.prototype.getRequestCorrelationId = function(e) { | |
return (null == e ? void 0 : e.correlationId) ? e.correlationId : this.isBrowserEnvironment ? this.browserCrypto.createNewGuid() : T.EMPTY_STRING | |
} | |
, | |
e | |
}() | |
, wr = function(e) { | |
function t(t) { | |
var r = e.call(this, t) || this; | |
return r.activeSilentTokenRequests = new Map, | |
r | |
} | |
return i(t, e), | |
t.prototype.loginRedirect = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t; | |
return c(this, (function(r) { | |
return t = this.getRequestCorrelationId(e), | |
this.logger.verbose("loginRedirect called", t), | |
[2, this.acquireTokenRedirect(a({ | |
correlationId: t | |
}, e || Me))] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.loginPopup = function(e) { | |
var t = this.getRequestCorrelationId(e); | |
return this.logger.verbose("loginPopup called", t), | |
this.acquireTokenPopup(a({ | |
correlationId: t | |
}, e || Me)) | |
} | |
, | |
t.prototype.acquireTokenSilent = function(e) { | |
return s(this, void 0, void 0, (function() { | |
var t, r, n, o, i, s, u, l = this; | |
return c(this, (function(c) { | |
if (t = this.getRequestCorrelationId(e), | |
r = this.performanceClient.startMeasurement(ht.AcquireTokenSilent, t), | |
this.preflightBrowserEnvironmentCheck(Ie.Silent), | |
this.logger.verbose("acquireTokenSilent called", t), | |
!(n = e.account || this.getActiveAccount())) | |
throw ke.createNoAccountError(); | |
return o = { | |
clientId: this.config.auth.clientId, | |
authority: e.authority || T.EMPTY_STRING, | |
scopes: e.scopes, | |
homeAccountIdentifier: n.homeAccountId, | |
claims: e.claims, | |
authenticationScheme: e.authenticationScheme, | |
resourceRequestMethod: e.resourceRequestMethod, | |
resourceRequestUri: e.resourceRequestUri, | |
shrClaims: e.shrClaims, | |
sshKid: e.sshKid | |
}, | |
i = JSON.stringify(o), | |
void 0 === (s = this.activeSilentTokenRequests.get(i)) ? (this.logger.verbose("acquireTokenSilent called for the first time, storing active request", t), | |
u = this.acquireTokenSilentAsync(a(a({}, e), { | |
correlationId: t | |
}), n).then((function(e) { | |
return l.activeSilentTokenRequests.delete(i), | |
r.endMeasurement({ | |
success: !0, | |
fromCache: e.fromCache, | |
accessTokenSize: e.accessToken.length, | |
idTokenSize: e.idToken.length, | |
isNativeBroker: e.fromNativeBroker | |
}), | |
r.flushMeasurement(), | |
e | |
} | |
)).catch((function(e) { | |
throw l.activeSilentTokenRequests.delete(i), | |
r.endMeasurement({ | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
success: !1 | |
}), | |
r.flushMeasurement(), | |
e | |
} | |
)), | |
this.activeSilentTokenRequests.set(i, u), | |
[2, u]) : (this.logger.verbose("acquireTokenSilent has been called previously, returning the result from the first call", t), | |
r.endMeasurement({ | |
success: !0 | |
}), | |
r.discardMeasurement(), | |
[2, s]) | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t.prototype.acquireTokenSilentAsync = function(e, t) { | |
return s(this, void 0, void 0, (function() { | |
var r, n, o, i, u, l = this; | |
return c(this, (function(d) { | |
switch (d.label) { | |
case 0: | |
return this.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_START, Ie.Silent, e), | |
r = this.performanceClient.startMeasurement(ht.AcquireTokenSilentAsync, e.correlationId), | |
Gt.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider, e.authenticationScheme) && t.nativeAccountId ? (this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform"), | |
o = a(a({}, e), { | |
account: t | |
}), | |
n = this.acquireTokenNative(o, Se.acquireTokenSilent_silentFlow).catch((function(t) { | |
return s(l, void 0, void 0, (function() { | |
return c(this, (function(r) { | |
if (t instanceof Dt && t.isFatal()) | |
return this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow"), | |
this.nativeExtensionProvider = void 0, | |
[2, this.createSilentIframeClient(e.correlationId).acquireToken(e)]; | |
throw t | |
} | |
)) | |
} | |
)) | |
} | |
)), | |
[3, 3]) : [3, 1]; | |
case 1: | |
return this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow"), | |
[4, (i = this.createSilentCacheClient(e.correlationId)).initializeSilentRequest(e, t)]; | |
case 2: | |
u = d.sent(), | |
n = i.acquireToken(u).catch((function() { | |
return s(l, void 0, void 0, (function() { | |
return c(this, (function(e) { | |
return [2, this.acquireTokenByRefreshToken(u)] | |
} | |
)) | |
} | |
)) | |
} | |
)), | |
d.label = 3; | |
case 3: | |
return [2, n.then((function(e) { | |
return l.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_SUCCESS, Ie.Silent, e), | |
r.endMeasurement({ | |
success: !0, | |
fromCache: e.fromCache, | |
accessTokenSize: e.accessToken.length, | |
idTokenSize: e.idToken.length, | |
isNativeBroker: e.fromNativeBroker | |
}), | |
e | |
} | |
)).catch((function(e) { | |
throw l.eventHandler.emitEvent(Tt.ACQUIRE_TOKEN_FAILURE, Ie.Silent, null, e), | |
r.endMeasurement({ | |
errorCode: e.errorCode, | |
subErrorCode: e.subError, | |
success: !1 | |
}), | |
e | |
} | |
))] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
t | |
}(Tr) | |
, Sr = { | |
initialize: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
acquireTokenPopup: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
acquireTokenRedirect: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
acquireTokenSilent: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
acquireTokenByCode: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
getAllAccounts: function() { | |
return [] | |
}, | |
getAccountByHomeId: function() { | |
return null | |
}, | |
getAccountByUsername: function() { | |
return null | |
}, | |
getAccountByLocalId: function() { | |
return null | |
}, | |
handleRedirectPromise: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
loginPopup: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
loginRedirect: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
logout: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
logoutRedirect: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
logoutPopup: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
ssoSilent: function() { | |
return Promise.reject(De.createStubPcaInstanceCalledError()) | |
}, | |
addEventCallback: function() { | |
return null | |
}, | |
removeEventCallback: function() {}, | |
addPerformanceCallback: function() { | |
return "" | |
}, | |
removePerformanceCallback: function() { | |
return !1 | |
}, | |
enableAccountStorageEvents: function() {}, | |
disableAccountStorageEvents: function() {}, | |
getTokenCache: function() { | |
throw De.createStubPcaInstanceCalledError() | |
}, | |
getLogger: function() { | |
throw De.createStubPcaInstanceCalledError() | |
}, | |
setLogger: function() {}, | |
setActiveAccount: function() {}, | |
getActiveAccount: function() { | |
return null | |
}, | |
initializeWrapperLibrary: function() {}, | |
setNavigationClient: function() {}, | |
getConfiguration: function() { | |
throw De.createStubPcaInstanceCalledError() | |
} | |
} | |
, Ir = function() { | |
function e() {} | |
return e.getInteractionStatusFromEvent = function(e, t) { | |
switch (e.eventType) { | |
case Tt.LOGIN_START: | |
return Ae.Login; | |
case Tt.SSO_SILENT_START: | |
return Ae.SsoSilent; | |
case Tt.ACQUIRE_TOKEN_START: | |
if (e.interactionType === Ie.Redirect || e.interactionType === Ie.Popup) | |
return Ae.AcquireToken; | |
break; | |
case Tt.HANDLE_REDIRECT_START: | |
return Ae.HandleRedirect; | |
case Tt.LOGOUT_START: | |
return Ae.Logout; | |
case Tt.SSO_SILENT_SUCCESS: | |
case Tt.SSO_SILENT_FAILURE: | |
if (t && t !== Ae.SsoSilent) | |
break; | |
return Ae.None; | |
case Tt.LOGOUT_END: | |
if (t && t !== Ae.Logout) | |
break; | |
return Ae.None; | |
case Tt.HANDLE_REDIRECT_END: | |
if (t && t !== Ae.HandleRedirect) | |
break; | |
return Ae.None; | |
case Tt.LOGIN_SUCCESS: | |
case Tt.LOGIN_FAILURE: | |
case Tt.ACQUIRE_TOKEN_SUCCESS: | |
case Tt.ACQUIRE_TOKEN_FAILURE: | |
if (e.interactionType === Ie.Redirect || e.interactionType === Ie.Popup) { | |
if (t && t !== Ae.Login && t !== Ae.AcquireToken) | |
break; | |
return Ae.None | |
} | |
} | |
return null | |
} | |
, | |
e | |
}() | |
, Ar = function() { | |
function e(e, t) { | |
var r = t && t.loggerOptions || {}; | |
this.logger = new je(r,Rt,kt), | |
this.cryptoOps = new pr(this.logger), | |
this.popTokenGenerator = new gt(this.cryptoOps), | |
this.shrParameters = e | |
} | |
return e.prototype.generatePublicKeyThumbprint = function() { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(e) { | |
switch (e.label) { | |
case 0: | |
return [4, this.popTokenGenerator.generateKid(this.shrParameters)]; | |
case 1: | |
return [2, e.sent().kid] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.signRequest = function(e, t, r) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(n) { | |
return [2, this.popTokenGenerator.signPayload(e, t, this.shrParameters, r)] | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e.prototype.removeKeys = function(e) { | |
return s(this, void 0, void 0, (function() { | |
return c(this, (function(t) { | |
switch (t.label) { | |
case 0: | |
return [4, this.cryptoOps.removeTokenBindingKey(e)]; | |
case 1: | |
return [2, t.sent()] | |
} | |
} | |
)) | |
} | |
)) | |
} | |
, | |
e | |
}() | |
, br = function() { | |
function e(e) { | |
this.headers = e | |
} | |
return e.prototype.getShrNonce = function() { | |
var e = this.headers[v.AuthenticationInfo]; | |
if (e) { | |
var t = this.parseChallenges(e); | |
if (t.nextnonce) | |
return t.nextnonce; | |
throw ie.createInvalidAuthenticationHeaderError(v.AuthenticationInfo, "nextnonce challenge is missing.") | |
} | |
var r = this.headers[v.WWWAuthenticate]; | |
if (r) { | |
var n = this.parseChallenges(r); | |
if (n.nonce) | |
return n.nonce; | |
throw ie.createInvalidAuthenticationHeaderError(v.WWWAuthenticate, "nonce challenge is missing.") | |
} | |
throw ie.createMissingNonceAuthenticationHeadersError() | |
} | |
, | |
e.prototype.parseChallenges = function(e) { | |
var t = e.indexOf(" ") | |
, r = e.substr(t + 1).split(",") | |
, n = {}; | |
return r.forEach((function(e) { | |
var t = e.split("=") | |
, r = t[0] | |
, o = t[1]; | |
n[r] = unescape(o.replace(/['"]+/g, T.EMPTY_STRING)) | |
} | |
)), | |
n | |
} | |
, | |
e | |
}() | |
} | |
, | |
981: function(e, t, r) { | |
var n = this && this.__createBinding || (Object.create ? function(e, t, r, n) { | |
void 0 === n && (n = r); | |
var o = Object.getOwnPropertyDescriptor(t, r); | |
o && !("get"in o ? !t.__esModule : o.writable || o.configurable) || (o = { | |
enumerable: !0, | |
get: function() { | |
return t[r] | |
} | |
}), | |
Object.defineProperty(e, n, o) | |
} | |
: function(e, t, r, n) { | |
void 0 === n && (n = r), | |
e[n] = t[r] | |
} | |
) | |
, o = this && this.__setModuleDefault || (Object.create ? function(e, t) { | |
Object.defineProperty(e, "default", { | |
enumerable: !0, | |
value: t | |
}) | |
} | |
: function(e, t) { | |
e.default = t | |
} | |
) | |
, i = this && this.__importStar || function(e) { | |
if (e && e.__esModule) | |
return e; | |
var t = {}; | |
if (null != e) | |
for (var r in e) | |
"default" !== r && Object.prototype.hasOwnProperty.call(e, r) && n(t, e, r); | |
return o(t, e), | |
t | |
} | |
; | |
Object.defineProperty(t, "__esModule", { | |
value: !0 | |
}), | |
t.AuthenticationService = t.Logger = t.LogLevel = void 0; | |
const a = i(r(4)); | |
var s, c, u; | |
!function(e) { | |
e.Success = "success", | |
e.RequiresRedirect = "requiresRedirect" | |
}(s || (s = {})), | |
function(e) { | |
e.Redirect = "redirect", | |
e.Success = "success", | |
e.Failure = "failure", | |
e.OperationCompleted = "operationCompleted" | |
}(c || (c = {})), | |
function(e) { | |
e[e.Trace = 0] = "Trace", | |
e[e.Debug = 1] = "Debug" | |
}(u = t.LogLevel || (t.LogLevel = {})); | |
class l { | |
constructor(e) { | |
this.debug = e.debugEnabled, | |
this.trace = e.traceEnabled | |
} | |
log(e, t) { | |
if (e == u.Trace && this.trace || e == u.Debug && this.debug) { | |
const r = e == u.Trace ? "trce" : "dbug"; | |
console.debug(`${r}: Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationService[0]\n ${t}`) | |
} | |
} | |
} | |
t.Logger = l; | |
class d { | |
constructor(e, t) { | |
var r, n; | |
this._settings = e, | |
this._logger = t, | |
0 == (null === (n = null === (r = this._settings.auth) || void 0 === r ? void 0 : r.knownAuthorities) || void 0 === n ? void 0 : n.length) && (this._settings.auth.knownAuthorities = [new URL(this._settings.auth.authority).hostname]), | |
this._settings.system = this._settings.system || {}, | |
this._settings.system.navigationClient = { | |
navigateInternal: async(e,r)=>(t.log(u.Trace, `Navigating to ${e}`), | |
location.replace(e), | |
!1), | |
navigateExternal: async(e,r)=>(t.log(u.Trace, `Navigating to ${e}`), | |
location.replace(e), | |
!1) | |
}, | |
this._settings.system.loggerOptions = { | |
logLevel: t.trace ? a.LogLevel.Trace : t.debug ? a.LogLevel.Verbose : a.LogLevel.Warning, | |
loggerCallback: (e,r,n)=>{ | |
n || (e !== a.LogLevel.Trace ? t.log(u.Debug, r) : t.log(u.Trace, r)) | |
} | |
}, | |
this._msalApplication = new a.PublicClientApplication(this._settings) | |
} | |
getAccount() { | |
if (this._account) | |
return this._account; | |
const e = this._msalApplication.getAllAccounts(); | |
return e && e.length ? e[0] : null | |
} | |
async getUser() { | |
const e = this.getAccount(); | |
if (e) | |
return e.idTokenClaims | |
} | |
async getAccessToken(e) { | |
try { | |
this.trace("getAccessToken", e); | |
const t = await this.getTokenCore(null == e ? void 0 : e.scopes); | |
return { | |
status: s.Success, | |
token: t | |
} | |
} catch (e) { | |
return { | |
status: s.RequiresRedirect | |
} | |
} | |
} | |
async getTokenCore(e) { | |
var t; | |
const r = this.getAccount(); | |
if (!r) | |
throw new Error("Failed to retrieve token, no account found."); | |
const n = { | |
redirectUri: null === (t = this._settings.auth) || void 0 === t ? void 0 : t.redirectUri, | |
account: r, | |
scopes: e || this._settings.defaultAccessTokenScopes | |
}; | |
this.debug(`Provisioning a token silently for scopes '${n.scopes}'`), | |
this.trace("_msalApplication.acquireTokenSilent", n); | |
const o = await this._msalApplication.acquireTokenSilent(n); | |
if (this.trace("_msalApplication.acquireTokenSilent-response", o), | |
0 === o.scopes.length || "" === o.accessToken) | |
throw new Error("Scopes not granted."); | |
const i = { | |
value: o.accessToken, | |
grantedScopes: o.scopes, | |
expires: o.expiresOn | |
}; | |
return this.trace("getAccessToken-result", i), | |
i | |
} | |
async signIn(e) { | |
this.trace("signIn", e); | |
try { | |
this.purgeState(); | |
const {state: t, interactiveRequest: r} = e; | |
if (r && "GetToken" === r.interaction) { | |
this.debug("Acquiring additional token."); | |
const n = { | |
scopes: r.scopes || [], | |
state: this.saveState(e.state), | |
...r.additionalRequestParameters | |
}; | |
return this.trace("getInteractiveToken-Request", n), | |
await this._msalApplication.acquireTokenRedirect(n), | |
this.success(t) | |
} | |
{ | |
const n = { | |
redirectUri: this._settings.auth.redirectUri, | |
state: this.saveState(e.state), | |
...null == r ? void 0 : r.additionalRequestParameters | |
}; | |
n.scopes = n.scopes || this._settings.defaultAccessTokenScopes || []; | |
const o = await this.signInCore(n); | |
return this.trace("signIn-Response", o), | |
o ? this.isMsalError(o) ? this.error(o.errorMessage) : this.success(t) : this.redirect() | |
} | |
} catch (e) { | |
return this.error(e.message) | |
} | |
} | |
async signInCore(e) { | |
return this.trace("signIn-Request", e), | |
"redirect" === this._settings.loginMode.toLowerCase() ? this.signInWithRedirect(e) : this.signInWithPopup(e) | |
} | |
async signInWithRedirect(e) { | |
try { | |
return this.debug("Starting sign-in redirect."), | |
await this._msalApplication.loginRedirect(e) | |
} catch (e) { | |
return this.debug(`Sign-in redirect failed: '${e.message}'.`), | |
e | |
} | |
} | |
async signInWithPopup(e) { | |
try { | |
return this.debug("Starting sign-in pop-up"), | |
await this._msalApplication.loginPopup(e) | |
} catch (t) { | |
if (!this.isMsalError(t) || t.errorCode === a.BrowserAuthErrorMessage.userCancelledError.code) | |
return this.debug(`Sign-in pop-up failed: '${t.message}'.`), | |
t; | |
this.debug("User canceled sign-in pop-up"), | |
this.signInWithRedirect(e) | |
} | |
} | |
async completeSignIn() { | |
try { | |
this.debug("Completing sign-in redirect."); | |
var e | |
try { | |
e = await this._redirectCallback; | |
} catch(e) { | |
console.error(e); | |
} | |
return this.trace("completeSignIn-result", e), | |
e ? (this.trace("completeSignIn-success", e), | |
e) : (this.debug("No authentication result."), | |
this.operationCompleted()) | |
} catch (e) { | |
return this.debug(`completeSignIn-error:'${e.message}'`), | |
this.error(e.message) | |
} | |
} | |
async signOut(e) { | |
this.trace("signOut", e); | |
try { | |
this.purgeState(); | |
const {state: t, interactiveRequest: r} = e | |
, n = { | |
postLogoutRedirectUri: this._settings.auth.postLogoutRedirectUri, | |
state: this.saveState(t), | |
...null == r ? void 0 : r.additionalRequestParameters | |
}; | |
return this.trace("signOut-Request", n), | |
await this._msalApplication.logoutRedirect(n), | |
this.redirect() | |
} catch (e) { | |
return this.error(e.message) | |
} | |
} | |
async completeSignOut(e) { | |
this.trace("completeSignOut-request", e); | |
try { | |
this.debug("Completing sign-out redirect."); | |
var t = await this._redirectCallback; | |
return this.trace("completeSignOut-result", t), | |
t ? (this.trace("completeSignOut-success", t), | |
t) : (this.debug("No authentication result."), | |
this.operationCompleted()) | |
} catch (e) { | |
return this.debug(`completeSignOut-error:'${e.message}'`), | |
this.error(e.message) | |
} | |
} | |
saveState(e) { | |
const t = window.crypto.randomUUID(); | |
return sessionStorage.setItem(`${h._infrastructureKey}.AuthorizeService.${t}`, JSON.stringify(e)), | |
t | |
} | |
retrieveState(e, t=null, r=!1) { | |
let n; | |
if (e) { | |
const t = new URL(e); | |
n = t.searchParams && t.searchParams.getAll("state") | |
} | |
const o = t || n; | |
if (!o) | |
return; | |
const i = `${h._infrastructureKey}.AuthorizeService.${o}` | |
, a = sessionStorage.getItem(i); | |
return a ? (sessionStorage.removeItem(i), | |
JSON.parse(a)) : void 0 | |
} | |
purgeState() { | |
for (let e = 0; e < sessionStorage.length; e++) { | |
const t = sessionStorage.key(e); | |
(null == t ? void 0 : t.startsWith(h._infrastructureKey)) && sessionStorage.removeItem(t) | |
} | |
} | |
initializeMsalHandler() { | |
this._redirectCallback = this.completeAuthentication() | |
} | |
async completeAuthentication() { | |
try { | |
const e = await this._msalApplication.handleRedirectPromise(); | |
return this.handleResult(e) | |
} catch (e) { | |
return this.isMsalError(e) ? this.error(e.errorMessage) : this.error(e.message) | |
} | |
} | |
handleResult(e) { | |
const t = this.retrieveState(location.href, void 0); | |
return e ? (this._account = e.account, | |
this.success(this.retrieveState(null, e.state))) : t ? this.success(t) : this.operationCompleted() | |
} | |
isMsalError(e) { | |
return null == e ? void 0 : e.errorCode | |
} | |
error(e) { | |
return { | |
status: c.Failure, | |
errorMessage: e | |
} | |
} | |
success(e) { | |
return { | |
status: c.Success, | |
state: e | |
} | |
} | |
redirect() { | |
return { | |
status: c.Redirect | |
} | |
} | |
operationCompleted() { | |
return { | |
status: c.OperationCompleted | |
} | |
} | |
debug(e) { | |
var t; | |
null === (t = this._logger) || void 0 === t || t.log(u.Debug, e) | |
} | |
trace(e, t) { | |
var r; | |
null === (r = this._logger) || void 0 === r || r.log(u.Trace, `${e}: ${JSON.stringify(t)}`) | |
} | |
} | |
class h { | |
static async init(e, t) { | |
return h._initialized || (h.instance = new d(e,new l(t)), | |
h.instance.initializeMsalHandler(), | |
h._initialized = !0), | |
Promise.resolve() | |
} | |
static getUser() { | |
return h.instance.getUser() | |
} | |
static getAccessToken(e) { | |
return h.instance.getAccessToken(e) | |
} | |
static signIn(e) { | |
return h.instance.signIn(e) | |
} | |
static completeSignIn(e) { | |
return h.instance.completeSignIn() | |
} | |
static signOut(e) { | |
return h.instance.signOut(e) | |
} | |
static completeSignOut(e) { | |
return h.instance.completeSignOut(e) | |
} | |
} | |
t.AuthenticationService = h, | |
h._infrastructureKey = "Microsoft.Authentication.WebAssembly.Msal", | |
window.AuthenticationService = h | |
} | |
} | |
, t = {}; | |
function r(n) { | |
var o = t[n]; | |
if (void 0 !== o) | |
return o.exports; | |
var i = t[n] = { | |
exports: {} | |
}; | |
return e[n].call(i.exports, i, i.exports, r), | |
i.exports | |
} | |
r.d = (e,t)=>{ | |
for (var n in t) | |
r.o(t, n) && !r.o(e, n) && Object.defineProperty(e, n, { | |
enumerable: !0, | |
get: t[n] | |
}) | |
} | |
, | |
r.o = (e,t)=>Object.prototype.hasOwnProperty.call(e, t), | |
r.r = e=>{ | |
"undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(e, Symbol.toStringTag, { | |
value: "Module" | |
}), | |
Object.defineProperty(e, "__esModule", { | |
value: !0 | |
}) | |
} | |
, | |
r(981) | |
} | |
)(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment