surya/server_debian_macro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit iniziale

Browse Source
This commit is contained in:
Paolo A
2025-02-18 22:59:07 +00:00
commit 4bbf35cefb
6879 changed files with 623784 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
node_modules/@azure/msal-common/dist/response/AuthenticationResult.d.ts generated vendored Normal file
View File

@@ -0,0 +1,42 @@
import { AccountInfo } from "../account/AccountInfo.js";
/**
* Result returned from the authority's token endpoint.
* - uniqueId - `oid` or `sub` claim from ID token
* - tenantId - `tid` claim from ID token
* - scopes - Scopes that are validated for the respective token
* - account - An account object representation of the currently signed-in user
* - idToken - Id token received as part of the response
* - idTokenClaims - MSAL-relevant ID token claims
* - accessToken - Access token or SSH certificate received as part of the response
* - fromCache - Boolean denoting whether token came from cache
* - expiresOn - Javascript Date object representing relative expiration of access token
* - extExpiresOn - Javascript Date object representing extended relative expiration of access token in case of server outage
* - refreshOn - Javascript Date object representing relative time until an access token must be refreshed
* - state - Value passed in by user in request
* - familyId - Family ID identifier, usually only used for refresh tokens
* - requestId - Request ID returned as part of the response
*/
export type AuthenticationResult = {
authority: string;
uniqueId: string;
tenantId: string;
scopes: Array<string>;
account: AccountInfo | null;
idToken: string;
idTokenClaims: object;
accessToken: string;
fromCache: boolean;
expiresOn: Date | null;
extExpiresOn?: Date;
refreshOn?: Date;
tokenType: string;
correlationId: string;
requestId?: string;
state?: string;
familyId?: string;
cloudGraphHostName?: string;
msGraphHost?: string;
code?: string;
fromNativeBroker?: boolean;
};
//# sourceMappingURL=AuthenticationResult.d.ts.map

1
node_modules/@azure/msal-common/dist/response/AuthenticationResult.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"AuthenticationResult.d.ts","sourceRoot":"","sources":["../../src/response/AuthenticationResult.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAExD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,MAAM,oBAAoB,GAAG;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB,OAAO,EAAE,WAAW,GAAG,IAAI,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,YAAY,CAAC,EAAE,IAAI,CAAC;IACpB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC"}

14
node_modules/@azure/msal-common/dist/response/AuthorizationCodePayload.d.ts generated vendored Normal file
View File

@@ -0,0 +1,14 @@
/**
* Response returned after processing the code response query string or fragment.
*/
export type AuthorizationCodePayload = {
code: string;
cloud_instance_name?: string;
cloud_instance_host_name?: string;
cloud_graph_host_name?: string;
msgraph_host?: string;
state?: string;
nonce?: string;
client_info?: string;
};
//# sourceMappingURL=AuthorizationCodePayload.d.ts.map

1
node_modules/@azure/msal-common/dist/response/AuthorizationCodePayload.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"AuthorizationCodePayload.d.ts","sourceRoot":"","sources":["../../src/response/AuthorizationCodePayload.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,MAAM,wBAAwB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC"}

26
node_modules/@azure/msal-common/dist/response/DeviceCodeResponse.d.ts generated vendored Normal file
View File

@@ -0,0 +1,26 @@
/**
* DeviceCode returned by the security token service device code endpoint containing information necessary for device code flow.
* - userCode: code which user needs to provide when authenticating at the verification URI
* - deviceCode: code which should be included in the request for the access token
* - verificationUri: URI where user can authenticate
* - expiresIn: expiration time of the device code in seconds
* - interval: interval at which the STS should be polled at
* - message: message which should be displayed to the user
*/
export type DeviceCodeResponse = {
userCode: string;
deviceCode: string;
verificationUri: string;
expiresIn: number;
interval: number;
message: string;
};
export type ServerDeviceCodeResponse = {
user_code: string;
device_code: string;
verification_uri: string;
expires_in: number;
interval: number;
message: string;
};
//# sourceMappingURL=DeviceCodeResponse.d.ts.map

1
node_modules/@azure/msal-common/dist/response/DeviceCodeResponse.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"DeviceCodeResponse.d.ts","sourceRoot":"","sources":["../../src/response/DeviceCodeResponse.ts"],"names":[],"mappings":"AAKA;;;;;;;;GAQG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACnB,CAAC"}

16
node_modules/@azure/msal-common/dist/response/ExternalTokenResponse.d.ts generated vendored Normal file
View File

@@ -0,0 +1,16 @@
import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse.js";
/**
* Response object used for loading external tokens to cache.
* - token_type: Indicates the token type value. The only type that Azure AD supports is Bearer.
* - scope: The scopes that the access_token is valid for.
* - expires_in: How long the access token is valid (in seconds).
* - id_token: A JSON Web Token (JWT). The app can decode the segments of this token to request information about the user who signed in.
* - refresh_token: An OAuth 2.0 refresh token. The app can use this token acquire additional access tokens after the current access token expires.
* - access_token: The requested access token. The app can use this token to authenticate to the secured resource, such as a web API.
* - client_info: Client info object
*/
export type ExternalTokenResponse = Pick<ServerAuthorizationTokenResponse, "token_type" | "scope" | "expires_in" | "ext_expires_in" | "id_token" | "refresh_token" | "refresh_token_expires_in" | "foci"> & {
access_token?: string;
client_info?: string;
};
//# sourceMappingURL=ExternalTokenResponse.d.ts.map

1
node_modules/@azure/msal-common/dist/response/ExternalTokenResponse.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"ExternalTokenResponse.d.ts","sourceRoot":"","sources":["../../src/response/ExternalTokenResponse.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AAEzF;;;;;;;;;GASG;AACH,MAAM,MAAM,qBAAqB,GAAG,IAAI,CACpC,gCAAgC,EAC9B,YAAY,GACZ,OAAO,GACP,YAAY,GACZ,gBAAgB,GAChB,UAAU,GACV,eAAe,GACf,0BAA0B,GAC1B,MAAM,CACX,GAAG;IACA,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC"}

5
node_modules/@azure/msal-common/dist/response/IMDSBadResponse.d.ts generated vendored Normal file
View File

@@ -0,0 +1,5 @@
export type IMDSBadResponse = {
error: string;
"newest-versions": Array<string>;
};
//# sourceMappingURL=IMDSBadResponse.d.ts.map

1
node_modules/@azure/msal-common/dist/response/IMDSBadResponse.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"IMDSBadResponse.d.ts","sourceRoot":"","sources":["../../src/response/IMDSBadResponse.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,eAAe,GAAG;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACpC,CAAC"}

70
node_modules/@azure/msal-common/dist/response/ResponseHandler.d.ts generated vendored Normal file
View File

@@ -0,0 +1,70 @@
import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse.js";
import { ICrypto } from "../crypto/ICrypto.js";
import { ServerAuthorizationCodeResponse } from "./ServerAuthorizationCodeResponse.js";
import { Logger } from "../logger/Logger.js";
import { AuthenticationResult } from "./AuthenticationResult.js";
import { AccountEntity } from "../cache/entities/AccountEntity.js";
import { Authority } from "../authority/Authority.js";
import { CacheRecord } from "../cache/entities/CacheRecord.js";
import { CacheManager } from "../cache/CacheManager.js";
import { RequestStateObject } from "../utils/ProtocolUtils.js";
import { ICachePlugin } from "../cache/interface/ICachePlugin.js";
import { ISerializableTokenCache } from "../cache/interface/ISerializableTokenCache.js";
import { AuthorizationCodePayload } from "./AuthorizationCodePayload.js";
import { BaseAuthRequest } from "../request/BaseAuthRequest.js";
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
import { TokenClaims } from "../account/TokenClaims.js";
/**
* Class that handles response parsing.
* @internal
*/
export declare class ResponseHandler {
private clientId;
private cacheStorage;
private cryptoObj;
private logger;
private homeAccountIdentifier;
private serializableCache;
private persistencePlugin;
private performanceClient?;
constructor(clientId: string, cacheStorage: CacheManager, cryptoObj: ICrypto, logger: Logger, serializableCache: ISerializableTokenCache | null, persistencePlugin: ICachePlugin | null, performanceClient?: IPerformanceClient);
/**
* Function which validates server authorization code response.
* @param serverResponseHash
* @param requestState
* @param cryptoObj
*/
validateServerAuthorizationCodeResponse(serverResponse: ServerAuthorizationCodeResponse, requestState: string): void;
/**
* Function which validates server authorization token response.
* @param serverResponse
* @param refreshAccessToken
*/
validateTokenResponse(serverResponse: ServerAuthorizationTokenResponse, refreshAccessToken?: boolean): void;
/**
* Returns a constructed token response based on given string. Also manages the cache updates and cleanups.
* @param serverTokenResponse
* @param authority
*/
handleServerTokenResponse(serverTokenResponse: ServerAuthorizationTokenResponse, authority: Authority, reqTimestamp: number, request: BaseAuthRequest, authCodePayload?: AuthorizationCodePayload, userAssertionHash?: string, handlingRefreshTokenResponse?: boolean, forceCacheRefreshTokenResponse?: boolean, serverRequestId?: string): Promise<AuthenticationResult>;
/**
* Generates CacheRecord
* @param serverTokenResponse
* @param idTokenObj
* @param authority
*/
private generateCacheRecord;
/**
* Creates an @AuthenticationResult from @CacheRecord , @IdToken , and a boolean that states whether or not the result is from cache.
*
* Optionally takes a state string that is set as-is in the response.
*
* @param cacheRecord
* @param idTokenObj
* @param fromTokenCache
* @param stateString
*/
static generateAuthenticationResult(cryptoObj: ICrypto, authority: Authority, cacheRecord: CacheRecord, fromTokenCache: boolean, request: BaseAuthRequest, idTokenClaims?: TokenClaims, requestState?: RequestStateObject, serverTokenResponse?: ServerAuthorizationTokenResponse, requestId?: string): Promise<AuthenticationResult>;
}
export declare function buildAccountToCache(cacheStorage: CacheManager, authority: Authority, homeAccountId: string, base64Decode: (input: string) => string, idTokenClaims?: TokenClaims, clientInfo?: string, environment?: string, claimsTenantId?: string | null, authCodePayload?: AuthorizationCodePayload, nativeAccountId?: string, logger?: Logger): AccountEntity;
//# sourceMappingURL=ResponseHandler.d.ts.map

1
node_modules/@azure/msal-common/dist/response/ResponseHandler.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"ResponseHandler.d.ts","sourceRoot":"","sources":["../../src/response/ResponseHandler.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACzF,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAK/C,OAAO,EAAE,+BAA+B,EAAE,MAAM,sCAAsC,CAAC;AACvF,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAG7C,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAQtD,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAiB,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAS9E,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAElE,OAAO,EAAE,uBAAuB,EAAE,MAAM,+CAA+C,CAAC;AACxF,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AAGpF,OAAO,EACH,WAAW,EAEd,MAAM,2BAA2B,CAAC;AAqBnC;;;GAGG;AACH,qBAAa,eAAe;IACxB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,SAAS,CAAU;IAC3B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,qBAAqB,CAAS;IACtC,OAAO,CAAC,iBAAiB,CAAiC;IAC1D,OAAO,CAAC,iBAAiB,CAAsB;IAC/C,OAAO,CAAC,iBAAiB,CAAC,CAAqB;gBAG3C,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,YAAY,EAC1B,SAAS,EAAE,OAAO,EAClB,MAAM,EAAE,MAAM,EACd,iBAAiB,EAAE,uBAAuB,GAAG,IAAI,EACjD,iBAAiB,EAAE,YAAY,GAAG,IAAI,EACtC,iBAAiB,CAAC,EAAE,kBAAkB;IAW1C;;;;;OAKG;IACH,uCAAuC,CACnC,cAAc,EAAE,+BAA+B,EAC/C,YAAY,EAAE,MAAM,GACrB,IAAI;IA2EP;;;;OAIG;IACH,qBAAqB,CACjB,cAAc,EAAE,gCAAgC,EAChD,kBAAkB,CAAC,EAAE,OAAO,GAC7B,IAAI;IAgFP;;;;OAIG;IACG,yBAAyB,CAC3B,mBAAmB,EAAE,gCAAgC,EACrD,SAAS,EAAE,SAAS,EACpB,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,eAAe,EACxB,eAAe,CAAC,EAAE,wBAAwB,EAC1C,iBAAiB,CAAC,EAAE,MAAM,EAC1B,4BAA4B,CAAC,EAAE,OAAO,EACtC,8BAA8B,CAAC,EAAE,OAAO,EACxC,eAAe,CAAC,EAAE,MAAM,GACzB,OAAO,CAAC,oBAAoB,CAAC;IA4IhC;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IA8I3B;;;;;;;;;OASG;WACU,4BAA4B,CACrC,SAAS,EAAE,OAAO,EAClB,SAAS,EAAE,SAAS,EACpB,WAAW,EAAE,WAAW,EACxB,cAAc,EAAE,OAAO,EACvB,OAAO,EAAE,eAAe,EACxB,aAAa,CAAC,EAAE,WAAW,EAC3B,YAAY,CAAC,EAAE,kBAAkB,EACjC,mBAAmB,CAAC,EAAE,gCAAgC,EACtD,SAAS,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,oBAAoB,CAAC;CA0GnC;AAED,wBAAgB,mBAAmB,CAC/B,YAAY,EAAE,YAAY,EAC1B,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,EACvC,aAAa,CAAC,EAAE,WAAW,EAC3B,UAAU,CAAC,EAAE,MAAM,EACnB,WAAW,CAAC,EAAE,MAAM,EACpB,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,EAC9B,eAAe,CAAC,EAAE,wBAAwB,EAC1C,eAAe,CAAC,EAAE,MAAM,EACxB,MAAM,CAAC,EAAE,MAAM,GAChB,aAAa,CAiDf"}

395
node_modules/@azure/msal-common/dist/response/ResponseHandler.mjs generated vendored Normal file
View File

@@ -0,0 +1,395 @@
/*! @azure/msal-common v15.1.1 2025-02-05 */
'use strict';
import { createClientAuthError } from '../error/ClientAuthError.mjs';
import { ServerError } from '../error/ServerError.mjs';
import { ScopeSet } from '../request/ScopeSet.mjs';
import { AccountEntity } from '../cache/entities/AccountEntity.mjs';
import { isInteractionRequiredError, InteractionRequiredAuthError } from '../error/InteractionRequiredAuthError.mjs';
import { ProtocolUtils } from '../utils/ProtocolUtils.mjs';
import { HttpStatus, Constants, AuthenticationScheme, THE_FAMILY_ID } from '../utils/Constants.mjs';
import { PopTokenGenerator } from '../crypto/PopTokenGenerator.mjs';
import { TokenCacheContext } from '../cache/persistence/TokenCacheContext.mjs';
import { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';
import { extractTokenClaims, checkMaxAge } from '../account/AuthToken.mjs';
import { getTenantIdFromIdTokenClaims } from '../account/TokenClaims.mjs';
import { updateAccountTenantProfileData, buildTenantProfile } from '../account/AccountInfo.mjs';
import { createAccessTokenEntity, createRefreshTokenEntity, createIdTokenEntity } from '../cache/utils/CacheHelpers.mjs';
import { stateNotFound, invalidState, stateMismatch, nonceMismatch, authTimeNotFound, invalidCacheEnvironment, keyIdMissing } from '../error/ClientAuthErrorCodes.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
function parseServerErrorNo(serverResponse) {
const errorCodePrefix = "code=";
const errorCodePrefixIndex = serverResponse.error_uri?.lastIndexOf(errorCodePrefix);
return errorCodePrefixIndex && errorCodePrefixIndex >= 0
? serverResponse.error_uri?.substring(errorCodePrefixIndex + errorCodePrefix.length)
: undefined;
}
/**
* Class that handles response parsing.
* @internal
*/
class ResponseHandler {
constructor(clientId, cacheStorage, cryptoObj, logger, serializableCache, persistencePlugin, performanceClient) {
this.clientId = clientId;
this.cacheStorage = cacheStorage;
this.cryptoObj = cryptoObj;
this.logger = logger;
this.serializableCache = serializableCache;
this.persistencePlugin = persistencePlugin;
this.performanceClient = performanceClient;
}
/**
* Function which validates server authorization code response.
* @param serverResponseHash
* @param requestState
* @param cryptoObj
*/
validateServerAuthorizationCodeResponse(serverResponse, requestState) {
if (!serverResponse.state || !requestState) {
throw serverResponse.state
? createClientAuthError(stateNotFound, "Cached State")
: createClientAuthError(stateNotFound, "Server State");
}
let decodedServerResponseState;
let decodedRequestState;
try {
decodedServerResponseState = decodeURIComponent(serverResponse.state);
}
catch (e) {
throw createClientAuthError(invalidState, serverResponse.state);
}
try {
decodedRequestState = decodeURIComponent(requestState);
}
catch (e) {
throw createClientAuthError(invalidState, serverResponse.state);
}
if (decodedServerResponseState !== decodedRequestState) {
throw createClientAuthError(stateMismatch);
}
// Check for error
if (serverResponse.error ||
serverResponse.error_description ||
serverResponse.suberror) {
const serverErrorNo = parseServerErrorNo(serverResponse);
if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {
throw new InteractionRequiredAuthError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || "", serverResponse.trace_id || "", serverResponse.correlation_id || "", serverResponse.claims || "", serverErrorNo);
}
throw new ServerError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverErrorNo);
}
}
/**
* Function which validates server authorization token response.
* @param serverResponse
* @param refreshAccessToken
*/
validateTokenResponse(serverResponse, refreshAccessToken) {
// Check for error
if (serverResponse.error ||
serverResponse.error_description ||
serverResponse.suberror) {
const errString = `Error(s): ${serverResponse.error_codes || Constants.NOT_AVAILABLE} - Timestamp: ${serverResponse.timestamp || Constants.NOT_AVAILABLE} - Description: ${serverResponse.error_description || Constants.NOT_AVAILABLE} - Correlation ID: ${serverResponse.correlation_id || Constants.NOT_AVAILABLE} - Trace ID: ${serverResponse.trace_id || Constants.NOT_AVAILABLE}`;
const serverErrorNo = serverResponse.error_codes?.length
? serverResponse.error_codes[0]
: undefined;
const serverError = new ServerError(serverResponse.error, errString, serverResponse.suberror, serverErrorNo, serverResponse.status);
// check if 500 error
if (refreshAccessToken &&
serverResponse.status &&
serverResponse.status >= HttpStatus.SERVER_ERROR_RANGE_START &&
serverResponse.status <= HttpStatus.SERVER_ERROR_RANGE_END) {
this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.\n${serverError}`);
// don't throw an exception, but alert the user via a log that the token was unable to be refreshed
return;
// check if 400 error
}
else if (refreshAccessToken &&
serverResponse.status &&
serverResponse.status >= HttpStatus.CLIENT_ERROR_RANGE_START &&
serverResponse.status <= HttpStatus.CLIENT_ERROR_RANGE_END) {
this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.\n${serverError}`);
// don't throw an exception, but alert the user via a log that the token was unable to be refreshed
return;
}
if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {
throw new InteractionRequiredAuthError(serverResponse.error, serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || Constants.EMPTY_STRING, serverResponse.trace_id || Constants.EMPTY_STRING, serverResponse.correlation_id || Constants.EMPTY_STRING, serverResponse.claims || Constants.EMPTY_STRING, serverErrorNo);
}
throw serverError;
}
}
/**
* Returns a constructed token response based on given string. Also manages the cache updates and cleanups.
* @param serverTokenResponse
* @param authority
*/
async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
this.performanceClient?.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id);
// create an idToken object (not entity)
let idTokenClaims;
if (serverTokenResponse.id_token) {
idTokenClaims = extractTokenClaims(serverTokenResponse.id_token || Constants.EMPTY_STRING, this.cryptoObj.base64Decode);
// token nonce check (TODO: Add a warning if no nonce is given?)
if (authCodePayload && authCodePayload.nonce) {
if (idTokenClaims.nonce !== authCodePayload.nonce) {
throw createClientAuthError(nonceMismatch);
}
}
// token max_age check
if (request.maxAge || request.maxAge === 0) {
const authTime = idTokenClaims.auth_time;
if (!authTime) {
throw createClientAuthError(authTimeNotFound);
}
checkMaxAge(authTime, request.maxAge);
}
}
// generate homeAccountId
this.homeAccountIdentifier = AccountEntity.generateHomeAccountId(serverTokenResponse.client_info || Constants.EMPTY_STRING, authority.authorityType, this.logger, this.cryptoObj, idTokenClaims);
// save the response tokens
let requestStateObj;
if (!!authCodePayload && !!authCodePayload.state) {
requestStateObj = ProtocolUtils.parseRequestState(this.cryptoObj, authCodePayload.state);
}
// Add keyId from request to serverTokenResponse if defined
serverTokenResponse.key_id =
serverTokenResponse.key_id || request.sshKid || undefined;
const cacheRecord = this.generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenClaims, userAssertionHash, authCodePayload);
let cacheContext;
try {
if (this.persistencePlugin && this.serializableCache) {
this.logger.verbose("Persistence enabled, calling beforeCacheAccess");
cacheContext = new TokenCacheContext(this.serializableCache, true);
await this.persistencePlugin.beforeCacheAccess(cacheContext);
}
/*
* When saving a refreshed tokens to the cache, it is expected that the account that was used is present in the cache.
* If not present, we should return null, as it's the case that another application called removeAccount in between
* the calls to getAllAccounts and acquireTokenSilent. We should not overwrite that removal, unless explicitly flagged by
* the developer, as in the case of refresh token flow used in ADAL Node to MSAL Node migration.
*/
if (handlingRefreshTokenResponse &&
!forceCacheRefreshTokenResponse &&
cacheRecord.account) {
const key = cacheRecord.account.generateAccountKey();
const account = this.cacheStorage.getAccount(key);
if (!account) {
this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache");
return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
}
}
await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, request.storeInCache);
}
finally {
if (this.persistencePlugin &&
this.serializableCache &&
cacheContext) {
this.logger.verbose("Persistence enabled, calling afterCacheAccess");
await this.persistencePlugin.afterCacheAccess(cacheContext);
}
}
return ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, serverTokenResponse, serverRequestId);
}
/**
* Generates CacheRecord
* @param serverTokenResponse
* @param idTokenObj
* @param authority
*/
generateCacheRecord(serverTokenResponse, authority, reqTimestamp, request, idTokenClaims, userAssertionHash, authCodePayload) {
const env = authority.getPreferredCache();
if (!env) {
throw createClientAuthError(invalidCacheEnvironment);
}
const claimsTenantId = getTenantIdFromIdTokenClaims(idTokenClaims);
// IdToken: non AAD scenarios can have empty realm
let cachedIdToken;
let cachedAccount;
if (serverTokenResponse.id_token && !!idTokenClaims) {
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
this.logger);
}
// AccessToken
let cachedAccessToken = null;
if (serverTokenResponse.access_token) {
// If scopes not returned in server response, use request scopes
const responseScopes = serverTokenResponse.scope
? ScopeSet.fromString(serverTokenResponse.scope)
: new ScopeSet(request.scopes || []);
/*
* Use timestamp calculated before request
* Server may return timestamps as strings, parse to numbers if so.
*/
const expiresIn = (typeof serverTokenResponse.expires_in === "string"
? parseInt(serverTokenResponse.expires_in, 10)
: serverTokenResponse.expires_in) || 0;
const extExpiresIn = (typeof serverTokenResponse.ext_expires_in === "string"
? parseInt(serverTokenResponse.ext_expires_in, 10)
: serverTokenResponse.ext_expires_in) || 0;
const refreshIn = (typeof serverTokenResponse.refresh_in === "string"
? parseInt(serverTokenResponse.refresh_in, 10)
: serverTokenResponse.refresh_in) || undefined;
const tokenExpirationSeconds = reqTimestamp + expiresIn;
const extendedTokenExpirationSeconds = tokenExpirationSeconds + extExpiresIn;
const refreshOnSeconds = refreshIn && refreshIn > 0
? reqTimestamp + refreshIn
: undefined;
// non AAD scenarios can have empty realm
cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id, request.claims, request.requestedClaimsHash);
}
// refreshToken
let cachedRefreshToken = null;
if (serverTokenResponse.refresh_token) {
let rtExpiresOn;
if (serverTokenResponse.refresh_token_expires_in) {
const rtExpiresIn = typeof serverTokenResponse.refresh_token_expires_in ===
"string"
? parseInt(serverTokenResponse.refresh_token_expires_in, 10)
: serverTokenResponse.refresh_token_expires_in;
rtExpiresOn = reqTimestamp + rtExpiresIn;
}
cachedRefreshToken = createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token, this.clientId, serverTokenResponse.foci, userAssertionHash, rtExpiresOn);
}
// appMetadata
let cachedAppMetadata = null;
if (serverTokenResponse.foci) {
cachedAppMetadata = {
clientId: this.clientId,
environment: env,
familyId: serverTokenResponse.foci,
};
}
return {
account: cachedAccount,
idToken: cachedIdToken,
accessToken: cachedAccessToken,
refreshToken: cachedRefreshToken,
appMetadata: cachedAppMetadata,
};
}
/**
* Creates an @AuthenticationResult from @CacheRecord , @IdToken , and a boolean that states whether or not the result is from cache.
*
* Optionally takes a state string that is set as-is in the response.
*
* @param cacheRecord
* @param idTokenObj
* @param fromTokenCache
* @param stateString
*/
static async generateAuthenticationResult(cryptoObj, authority, cacheRecord, fromTokenCache, request, idTokenClaims, requestState, serverTokenResponse, requestId) {
let accessToken = Constants.EMPTY_STRING;
let responseScopes = [];
let expiresOn = null;
let extExpiresOn;
let refreshOn;
let familyId = Constants.EMPTY_STRING;
if (cacheRecord.accessToken) {
/*
* if the request object has `popKid` property, `signPopToken` will be set to false and
* the token will be returned unsigned
*/
if (cacheRecord.accessToken.tokenType ===
AuthenticationScheme.POP &&
!request.popKid) {
const popTokenGenerator = new PopTokenGenerator(cryptoObj);
const { secret, keyId } = cacheRecord.accessToken;
if (!keyId) {
throw createClientAuthError(keyIdMissing);
}
accessToken = await popTokenGenerator.signPopToken(secret, keyId, request);
}
else {
accessToken = cacheRecord.accessToken.secret;
}
responseScopes = ScopeSet.fromString(cacheRecord.accessToken.target).asArray();
expiresOn = new Date(Number(cacheRecord.accessToken.expiresOn) * 1000);
extExpiresOn = new Date(Number(cacheRecord.accessToken.extendedExpiresOn) * 1000);
if (cacheRecord.accessToken.refreshOn) {
refreshOn = new Date(Number(cacheRecord.accessToken.refreshOn) * 1000);
}
}
if (cacheRecord.appMetadata) {
familyId =
cacheRecord.appMetadata.familyId === THE_FAMILY_ID
? THE_FAMILY_ID
: "";
}
const uid = idTokenClaims?.oid || idTokenClaims?.sub || "";
const tid = idTokenClaims?.tid || "";
// for hybrid + native bridge enablement, send back the native account Id
if (serverTokenResponse?.spa_accountid && !!cacheRecord.account) {
cacheRecord.account.nativeAccountId =
serverTokenResponse?.spa_accountid;
}
const accountInfo = cacheRecord.account
? updateAccountTenantProfileData(cacheRecord.account.getAccountInfo(), undefined, // tenantProfile optional
idTokenClaims, cacheRecord.idToken?.secret)
: null;
return {
authority: authority.canonicalAuthority,
uniqueId: uid,
tenantId: tid,
scopes: responseScopes,
account: accountInfo,
idToken: cacheRecord?.idToken?.secret || "",
idTokenClaims: idTokenClaims || {},
accessToken: accessToken,
fromCache: fromTokenCache,
expiresOn: expiresOn,
extExpiresOn: extExpiresOn,
refreshOn: refreshOn,
correlationId: request.correlationId,
requestId: requestId || Constants.EMPTY_STRING,
familyId: familyId,
tokenType: cacheRecord.accessToken?.tokenType || Constants.EMPTY_STRING,
state: requestState
? requestState.userRequestState
: Constants.EMPTY_STRING,
cloudGraphHostName: cacheRecord.account?.cloudGraphHostName ||
Constants.EMPTY_STRING,
msGraphHost: cacheRecord.account?.msGraphHost || Constants.EMPTY_STRING,
code: serverTokenResponse?.spa_code,
fromNativeBroker: false,
};
}
}
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
logger?.verbose("setCachedAccount called");
// Check if base account is already cached
const accountKeys = cacheStorage.getAccountKeys();
const baseAccountKey = accountKeys.find((accountKey) => {
return accountKey.startsWith(homeAccountId);
});
let cachedAccount = null;
if (baseAccountKey) {
cachedAccount = cacheStorage.getAccount(baseAccountKey);
}
const baseAccount = cachedAccount ||
AccountEntity.createAccount({
homeAccountId,
idTokenClaims,
clientInfo,
environment,
cloudGraphHostName: authCodePayload?.cloud_graph_host_name,
msGraphHost: authCodePayload?.msgraph_host,
nativeAccountId: nativeAccountId,
}, authority, base64Decode);
const tenantProfiles = baseAccount.tenantProfiles || [];
const tenantId = claimsTenantId || baseAccount.realm;
if (tenantId &&
!tenantProfiles.find((tenantProfile) => {
return tenantProfile.tenantId === tenantId;
})) {
const newTenantProfile = buildTenantProfile(homeAccountId, baseAccount.localAccountId, tenantId, idTokenClaims);
tenantProfiles.push(newTenantProfile);
}
baseAccount.tenantProfiles = tenantProfiles;
return baseAccount;
}
export { ResponseHandler, buildAccountToCache };
//# sourceMappingURL=ResponseHandler.mjs.map

1
node_modules/@azure/msal-common/dist/response/ResponseHandler.mjs.map generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

27
node_modules/@azure/msal-common/dist/response/ServerAuthorizationCodeResponse.d.ts generated vendored Normal file
View File

@@ -0,0 +1,27 @@
/**
* Deserialized response object from server authorization code request.
* - code: authorization code from server
* - client_info: client info object
* - state: OAuth2 request state
* - error: error sent back in hash
* - error: description
*/
export type ServerAuthorizationCodeResponse = {
code?: string;
client_info?: string;
state?: string;
cloud_instance_name?: string;
cloud_instance_host_name?: string;
cloud_graph_host_name?: string;
msgraph_host?: string;
error?: string;
error_uri?: string;
error_description?: string;
suberror?: string;
timestamp?: string;
trace_id?: string;
correlation_id?: string;
claims?: string;
accountId?: string;
};
//# sourceMappingURL=ServerAuthorizationCodeResponse.d.ts.map

1
node_modules/@azure/msal-common/dist/response/ServerAuthorizationCodeResponse.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"ServerAuthorizationCodeResponse.d.ts","sourceRoot":"","sources":["../../src/response/ServerAuthorizationCodeResponse.ts"],"names":[],"mappings":"AAKA;;;;;;;GAOG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAE1C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC"}

48
node_modules/@azure/msal-common/dist/response/ServerAuthorizationTokenResponse.d.ts generated vendored Normal file
View File

@@ -0,0 +1,48 @@
import { AuthenticationScheme } from "../utils/Constants.js";
/**
* Deserialized response object from server authorization code request.
* - token_type: Indicates the token type value. Can be either Bearer or pop.
* - scope: The scopes that the access_token is valid for.
* - expires_in: How long the access token is valid (in seconds).
* - refresh_in: Duration afer which a token should be renewed, regardless of expiration.
* - ext_expires_in: How long the access token is valid (in seconds) if the server isn't responding.
* - access_token: The requested access token. The app can use this token to authenticate to the secured resource, such as a web API.
* - refresh_token: An OAuth 2.0 refresh token. The app can use this token acquire additional access tokens after the current access token expires.
* - id_token: A JSON Web Token (JWT). The app can decode the segments of this token to request information about the user who signed in.
* - key_id: A string that uniquely identifies a public key that the request is bound to.
*
* In case of error:
* - error: An error code string that can be used to classify types of errors that occur, and can be used to react to errors.
* - error_description: A specific error message that can help a developer identify the root cause of an authentication error.
* - error_codes: A list of STS-specific error codes that can help in diagnostics.
* - timestamp: The time at which the error occurred.
* - trace_id: A unique identifier for the request that can help in diagnostics.
* - correlation_id: A unique identifier for the request that can help in diagnostics across components.
* - status: the network request's response status
*/
export type ServerAuthorizationTokenResponse = {
status?: number;
token_type?: AuthenticationScheme;
scope?: string;
expires_in?: number;
refresh_in?: number;
ext_expires_in?: number;
access_token?: string;
refresh_token?: string;
refresh_token_expires_in?: number;
id_token?: string;
client_info?: string;
foci?: string;
spa_code?: string;
spa_accountid?: string;
key_id?: string;
error?: string;
error_description?: string;
error_codes?: Array<string>;
suberror?: string;
timestamp?: string;
trace_id?: string;
correlation_id?: string;
claims?: string;
};
//# sourceMappingURL=ServerAuthorizationTokenResponse.d.ts.map

1
node_modules/@azure/msal-common/dist/response/ServerAuthorizationTokenResponse.d.ts.map generated vendored Normal file
View File

@@ -0,0 +1 @@
{"version":3,"file":"ServerAuthorizationTokenResponse.d.ts","sourceRoot":"","sources":["../../src/response/ServerAuthorizationTokenResponse.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAE7D;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,MAAM,gCAAgC,GAAG;IAC3C,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,UAAU,CAAC,EAAE,oBAAoB,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC"}