push neon reactor

This commit is contained in:
2026-07-12 15:11:38 +02:00
parent 172e72dbcd
commit aeab5f7820
9597 changed files with 2407488 additions and 0 deletions
+21
View File
@@ -0,0 +1,21 @@
MIT License
Copyright (c) Microsoft Corporation.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE
+208
View File
@@ -0,0 +1,208 @@
# Microsoft Authentication Extensions for Node
![npm (scoped)](https://img.shields.io/npm/v/@azure/msal-node-extensions)
![npm](https://img.shields.io/npm/dw/@azure/msal-node-extensions)
| <a href="https://docs.microsoft.com/azure/active-directory/develop/tutorial-v2-react" target="blank">Getting Started</a> | <a href="https://aka.ms/aaddevv2" target="_blank">AAD Docs</a> | <a href="https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_react.html" target="_blank">Library Reference</a> | <a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples" target="blank">Samples</a>
|--- | --- | --- | --- |
1. [About](#about)
- [Cache Persistence](#cache-persistence)
- [Brokering](#brokering)
1. [FAQ](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/extensions/docs/faq.md)
1. [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/extensions/msal-node-extensions/CHANGELOG.md)
1. [Prerequisites](#prerequisites)
1. [Installation](#installation)
1. [Usage - Cache Persistence](#usage---cache-persistence)
1. [Usage - Brokering](#usage---brokering)
1. [Build and Test](#build-and-test)
- [Build package](#building-the-package-locally)
- [Test package](#running-tests)
1. [Samples](#samples)
1. [Security Reporting](#security-reporting)
1. [License](#license)
1. [Contributing](#contributing)
1. [Code of Conduct](#we-value-and-adhere-to-the-microsoft-open-source-code-of-conduct)
## About
The `msal-node-extensions` library offers optional features to enhance the capabilities of `msal-node`:
- Secure mechanisms for client applications to perform cross-platform token cache serialization and persistence
- An interface for acquiring tokens from the native token broker, enabling a higher level of security and SSO with other native applications
### Cache Persistence
[MSAL Node](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node) supports an in-memory cache by default and provides the ICachePlugin interface to perform cache serialization, but does not provide a default way of storing the token cache to disk. Microsoft authentication extensions for node is default implementation for persisting cache to disk across different platforms.
Supported platforms are Windows, Mac and Linux:
- Windows - DPAPI is used for encryption.
- MAC - The MAC KeyChain is used.
- Linux - LibSecret is used for storing to "Secret Service".
> Note: It is recommended to use this library for cache persistence support for Public client applications such as Desktop apps only. In web applications, this may lead to scale and performance issues. Web applications are recommended to persist the cache in session.
### Brokering
When using the native broker, refresh tokens are bound to the device on which they are acquired on and are not accessible by `msal-node` or the application. This provides a higher level of security that cannot be achieved by `msal-node` alone. More information about token brokering can be found [here](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node/docs/brokering.md)
## Prerequisites
The `msal-node-extensions` library ships with pre-compiled binaries.
> Note: If you are planning to do local development on msal-node-extensions itself you may need to install some additional tools. [node-gyp](https://github.com/nodejs/node-gyp) is used to compile [addons](https://nodejs.org/api/addons.html) for accessing system APIs. Installation requirements are listed on the [node-gyp README](https://github.com/nodejs/node-gyp#installation)
On linux, the library uses `libsecret` so you may need to install it. Depending on your distribution, you will need to run the following command:
- Debian/Ubuntu: `sudo apt-get install libsecret-1-dev`
- Red Hat-based: `sudo yum install libsecret-devel`
- Arch Linux: sudo `pacman -S libsecret`
## Installation
The `msal-node-extensions` package is available on NPM.
```bash
npm i @azure/msal-node-extensions --save
```
## Usage - Cache Persistence
### Getting started
Here is a code snippet on how to configure the token cache.
```js
const {
DataProtectionScope,
Environment,
PersistenceCreator,
PersistenceCachePlugin,
} = require("@azure/msal-node-extensions");
// You can use the helper functions provided through the Environment class to construct your cache path
// The helper functions provide consistent implementations across Windows, Mac and Linux.
const cachePath = path.join(Environment.getUserRootDirectory(), "./cache.json");
const persistenceConfiguration = {
cachePath,
dataProtectionScope: DataProtectionScope.CurrentUser,
serviceName: "<SERVICE-NAME>",
accountName: "<ACCOUNT-NAME>",
usePlaintextFileOnLinux: false,
}
// The PersistenceCreator obfuscates a lot of the complexity by doing the following actions for you :-
// 1. Detects the environment the application is running on and initializes the right persistence instance for the environment.
// 2. Performs persistence validation for you.
// 3. Performs any fallbacks if necessary.
PersistenceCreator
.createPersistence(persistenceConfiguration)
.then(async (persistence) => {
const publicClientConfig = {
auth: {
clientId: "<CLIENT-ID>",
authority: "<AUTHORITY>",
},
// This hooks up the cross-platform cache into MSAL
cache: {
cachePlugin: new PersistenceCachePlugin(persistence)
}
};
const pca = new msal.PublicClientApplication(publicClientConfig);
// Use the public client application as required...
});
```
All the arguments for the persistence configuration are explained below:
| Field Name | Description | Required For |
| ---------- | ----------- | ------------ |
| cachePath | This is the path to the lock file the library uses to synchronize the reads and the writes | Windows, Mac and Linux |
| dataProtectionScope | Specifies the scope of the data protection on Windows either the current user or the local machine. | Windows |
| serviceName | This specifies the service name to be used on Mac and/or Linux | Mac and Linux |
| accountName | This specifies the account name to be used on Mac and/or Linux | Mac and Linux |
| usePlaintextFileOnLinux | This is a flag to default to plain text on linux if libsecret fails. Defaults to `false` | Linux |
### Security boundary
On Windows and Linux, the token cache is scoped to the user session, i.e. all applications running on behalf of the user can access the cache. Mac offers a more restricted scope, ensuring that only the application that created the cache can access it, and prompting the user if others apps want access.
## Usage - Brokering
Enabling token brokering requires just one new configuration parameter:
```javascript
import { PublicClientApplication, Configuration } from "@azure/msal-node";
import { NativeBrokerPlugin } from "@azure/msal-node-extensions";
const msalConfig: Configuration = {
auth: {
clientId: "your-client-id"
},
broker: {
nativeBrokerPlugin: new NativeBrokerPlugin()
}
};
const pca = new PublicClientApplication(msalConfig);
```
More detailed information can be found in the [brokering documentation](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-node/docs/brokering.md)
## Build and Test
If you intend to contribute to the library visit the [`contributing section`](#contributing) for even more information on how.
### Building the package locally
To build both the `@azure/msal-node-extensions` library and `@azure/msal-common` libraries, run the following commands:
```bash
// Install dev dependencies from root of repo
npm install
// Change to the msal-node-extensions package directory
cd lib/msal-node-extensions/
// Build msal-common and msal-node-extensions
npm run build:all
```
### Running Tests
`@azure/msal-node-extensions` uses [jest](https://jestjs.io/) to run unit tests and coverage.
```bash
// To run tests
npm test
```
## Samples
- [Auth Code CLI sample with Cache Persistence](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/extensions/samples/msal-node-extensions). This can be run on Windows, Mac and Linux.
- [Electron sample with Cache Persistence](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/extensions/samples/electron-webpack)
- [Brokering sample](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples/auth-code-cli-brokered-app)
## Security Reporting
If you find a security issue with our libraries or services please report it to [secure@microsoft.com](mailto:secure@microsoft.com) with as much detail as possible. Your submission may be eligible for a bounty through the [Microsoft Bounty](http://aka.ms/bugbounty) program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting [this page](https://technet.microsoft.com/security/dd252948) and subscribing to Security Advisory Alerts.
## License
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT License.
## Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
## We Value and Adhere to the Microsoft Open Source Code of Conduct
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,6 @@
export interface DpapiBindings {
protectData(dataToEncrypt: Uint8Array, optionalEntropy: Uint8Array | null, scope: string): Uint8Array;
unprotectData(encryptData: Uint8Array, optionalEntropy: Uint8Array | null, scope: string): Uint8Array;
}
declare let Dpapi: DpapiBindings;
export { Dpapi };
@@ -0,0 +1,38 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { createRequire } from 'module';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class UnavailableDpapi {
constructor(errorMessage) {
this.errorMessage = errorMessage;
}
protectData() {
throw new Error(this.errorMessage);
}
unprotectData() {
throw new Error(this.errorMessage);
}
}
let Dpapi;
if (process.platform !== "win32") {
Dpapi = new UnavailableDpapi("Dpapi is not supported on this platform");
}
else {
// In .mjs files, require is not defined. We need to use createRequire to get a require function
const safeRequire = typeof require !== "undefined"
? require
: createRequire(import.meta.url);
try {
Dpapi = safeRequire(`../bin/${process.arch}/dpapi`);
}
catch (e) {
Dpapi = new UnavailableDpapi("Dpapi bindings unavailable");
}
}
export { Dpapi };
//# sourceMappingURL=Dpapi.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"Dpapi.mjs","sources":["../src/Dpapi.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAAA;;;AAGG;AAiBH,MAAM,gBAAgB,CAAA;AAClB,IAAA,WAAA,CAA6B,YAAoB,EAAA;QAApB,IAAY,CAAA,YAAA,GAAZ,YAAY,CAAQ;KAAI;IAErD,WAAW,GAAA;AACP,QAAA,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;KACtC;IACD,aAAa,GAAA;AACT,QAAA,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;KACtC;AACJ,CAAA;AAED,IAAI,MAAqB;AACzB,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;AAC9B,IAAA,KAAK,GAAG,IAAI,gBAAgB,CAAC,yCAAyC,CAAC,CAAC;AAC3E,CAAA;AAAM,KAAA;;AAEH,IAAA,MAAM,WAAW,GACb,OAAO,OAAO,KAAK,WAAW;AAC1B,UAAE,OAAO;UACP,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEzC,IAAI;QACA,KAAK,GAAG,WAAW,CAAC,CAAA,OAAA,EAAU,OAAO,CAAC,IAAI,CAAQ,MAAA,CAAA,CAAC,CAAC;AACvD,KAAA;AAAC,IAAA,OAAO,CAAC,EAAE;AACR,QAAA,KAAK,GAAG,IAAI,gBAAgB,CAAC,4BAA4B,CAAC,CAAC;AAC9D,KAAA;AACJ;;;;"}
@@ -0,0 +1,21 @@
/// <reference types="node" resolution-mode="require"/>
/// <reference types="node" resolution-mode="require"/>
import { AccountInfo, AuthenticationResult, INativeBrokerPlugin, LoggerOptions, NativeRequest, NativeSignOutRequest } from "@azure/msal-common/node";
export declare class NativeBrokerPlugin implements INativeBrokerPlugin {
private logger;
isBrokerAvailable: boolean;
constructor();
setLogger(loggerOptions: LoggerOptions): void;
getAccountById(accountId: string, correlationId: string): Promise<AccountInfo>;
getAllAccounts(clientId: string, correlationId: string): Promise<AccountInfo[]>;
acquireTokenSilent(request: NativeRequest): Promise<AuthenticationResult>;
acquireTokenInteractive(request: NativeRequest, providedWindowHandle?: Buffer): Promise<AuthenticationResult>;
signOut(request: NativeSignOutRequest): Promise<void>;
private getAccount;
private readAccountById;
private generateRequestParameters;
private getAuthenticationResult;
private generateAccountInfo;
private isMsalRuntimeError;
private wrapError;
}
@@ -0,0 +1,443 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { msalNodeRuntime, ErrorStatus, LogLevel } from '@azure/msal-node-runtime';
import { ErrorCodes } from '../utils/Constants.mjs';
import { NativeAuthError } from '../error/NativeAuthError.mjs';
import { name, version } from '../packageMetadata.mjs';
import { Logger } from '../lib/msal-common/dist/logger/Logger.mjs';
import { Constants, PromptValue, AuthenticationScheme } from '../lib/msal-common/dist/utils/Constants.mjs';
import { createClientAuthError } from '../lib/msal-common/dist/error/ClientAuthError.mjs';
import { ServerTelemetryManager } from '../lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs';
import { createClientConfigurationError } from '../lib/msal-common/dist/error/ClientConfigurationError.mjs';
import { ServerError } from '../lib/msal-common/dist/error/ServerError.mjs';
import { InteractionRequiredAuthError } from '../lib/msal-common/dist/error/InteractionRequiredAuthError.mjs';
import { X_CLIENT_EXTRA_SKU } from '../lib/msal-common/dist/constants/AADServerParamKeys.mjs';
import { toDateFromSeconds } from '../lib/msal-common/dist/utils/TimeUtils.mjs';
import { noAccountFound, userCanceled, noNetworkConnectivity } from '../lib/msal-common/dist/error/ClientAuthErrorCodes.mjs';
import { untrustedAuthority } from '../lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class NativeBrokerPlugin {
constructor() {
const defaultLoggerOptions = {
loggerCallback: () => {
// Empty logger callback
},
piiLoggingEnabled: false,
};
this.logger = new Logger(defaultLoggerOptions, name, version); // Default logger
this.isBrokerAvailable = msalNodeRuntime.StartupError ? false : true;
}
setLogger(loggerOptions) {
this.logger = new Logger(loggerOptions, name, version);
const logCallback = (message, logLevel, containsPii) => {
switch (logLevel) {
case LogLevel.Trace:
if (containsPii) {
this.logger.tracePii(message);
}
else {
this.logger.trace(message);
}
break;
case LogLevel.Debug:
if (containsPii) {
this.logger.tracePii(message);
}
else {
this.logger.trace(message);
}
break;
case LogLevel.Info:
if (containsPii) {
this.logger.infoPii(message);
}
else {
this.logger.info(message);
}
break;
case LogLevel.Warning:
if (containsPii) {
this.logger.warningPii(message);
}
else {
this.logger.warning(message);
}
break;
case LogLevel.Error:
if (containsPii) {
this.logger.errorPii(message);
}
else {
this.logger.error(message);
}
break;
case LogLevel.Fatal:
if (containsPii) {
this.logger.errorPii(message);
}
else {
this.logger.error(message);
}
break;
default:
if (containsPii) {
this.logger.infoPii(message);
}
else {
this.logger.info(message);
}
break;
}
};
try {
msalNodeRuntime.RegisterLogger(logCallback, loggerOptions.piiLoggingEnabled || false);
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
throw wrappedError;
}
}
}
async getAccountById(accountId, correlationId) {
this.logger.trace("NativeBrokerPlugin - getAccountById called", correlationId);
const readAccountResult = await this.readAccountById(accountId, correlationId);
return this.generateAccountInfo(readAccountResult.account);
}
async getAllAccounts(clientId, correlationId) {
this.logger.trace("NativeBrokerPlugin - getAllAccounts called", correlationId);
return new Promise((resolve, reject) => {
const resultCallback = (result) => {
try {
result.CheckError();
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
return;
}
}
const accountInfoResult = [];
result.accounts.forEach((account) => {
accountInfoResult.push(this.generateAccountInfo(account));
});
resolve(accountInfoResult);
};
try {
msalNodeRuntime.DiscoverAccountsAsync(clientId, correlationId, resultCallback);
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
}
}
});
}
async acquireTokenSilent(request) {
this.logger.trace("NativeBrokerPlugin - acquireTokenSilent called", request.correlationId);
const authParams = this.generateRequestParameters(request);
const account = await this.getAccount(request);
return new Promise((resolve, reject) => {
const resultCallback = (result) => {
try {
result.CheckError();
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
return;
}
}
const authenticationResult = this.getAuthenticationResult(request, result);
resolve(authenticationResult);
};
try {
if (account) {
msalNodeRuntime.AcquireTokenSilentlyAsync(authParams, request.correlationId, account, resultCallback);
}
else {
msalNodeRuntime.SignInSilentlyAsync(authParams, request.correlationId, resultCallback);
}
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
}
}
});
}
async acquireTokenInteractive(request, providedWindowHandle) {
this.logger.trace("NativeBrokerPlugin - acquireTokenInteractive called", request.correlationId);
const authParams = this.generateRequestParameters(request);
const account = await this.getAccount(request);
const windowHandle = providedWindowHandle || Buffer.from([0]);
return new Promise((resolve, reject) => {
const resultCallback = (result) => {
try {
result.CheckError();
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
return;
}
}
const authenticationResult = this.getAuthenticationResult(request, result);
resolve(authenticationResult);
};
try {
switch (request.prompt) {
case PromptValue.LOGIN:
case PromptValue.SELECT_ACCOUNT:
case PromptValue.CREATE:
this.logger.info("Calling native interop SignInInteractively API", request.correlationId);
const loginHint = request.loginHint || Constants.EMPTY_STRING;
msalNodeRuntime.SignInInteractivelyAsync(windowHandle, authParams, request.correlationId, loginHint, resultCallback);
break;
case PromptValue.NONE:
if (account) {
this.logger.info("Calling native interop AcquireTokenSilently API", request.correlationId);
msalNodeRuntime.AcquireTokenSilentlyAsync(authParams, request.correlationId, account, resultCallback);
}
else {
this.logger.info("Calling native interop SignInSilently API", request.correlationId);
msalNodeRuntime.SignInSilentlyAsync(authParams, request.correlationId, resultCallback);
}
break;
default:
if (account) {
this.logger.info("Calling native interop AcquireTokenInteractively API", request.correlationId);
msalNodeRuntime.AcquireTokenInteractivelyAsync(windowHandle, authParams, request.correlationId, account, resultCallback);
}
else {
this.logger.info("Calling native interop SignIn API", request.correlationId);
const loginHint = request.loginHint || Constants.EMPTY_STRING;
msalNodeRuntime.SignInAsync(windowHandle, authParams, request.correlationId, loginHint, resultCallback);
}
break;
}
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
}
}
});
}
async signOut(request) {
this.logger.trace("NativeBrokerPlugin - signOut called", request.correlationId);
const account = await this.getAccount(request);
if (!account) {
throw createClientAuthError(noAccountFound);
}
return new Promise((resolve, reject) => {
const resultCallback = (result) => {
try {
result.CheckError();
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
return;
}
}
resolve();
};
try {
msalNodeRuntime.SignOutSilentlyAsync(request.clientId, request.correlationId, account, resultCallback);
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
}
}
});
}
async getAccount(request) {
if (request.accountId) {
const readAccountResult = await this.readAccountById(request.accountId, request.correlationId);
return readAccountResult.account;
}
return null;
}
async readAccountById(accountId, correlationId) {
this.logger.trace("NativeBrokerPlugin - readAccountById called", correlationId);
return new Promise((resolve, reject) => {
const resultCallback = (result) => {
try {
result.CheckError();
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
return;
}
}
resolve(result);
};
try {
msalNodeRuntime.ReadAccountByIdAsync(accountId, correlationId, resultCallback);
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
reject(wrappedError);
}
}
});
}
generateRequestParameters(request) {
this.logger.trace("NativeBrokerPlugin - generateRequestParameters called", request.correlationId);
const authParams = new msalNodeRuntime.AuthParameters();
try {
authParams.CreateAuthParameters(request.clientId, request.authority);
authParams.SetRedirectUri(request.redirectUri);
authParams.SetRequestedScopes(request.scopes.join(" "));
if (request.claims) {
authParams.SetDecodedClaims(request.claims);
}
if (request.authenticationScheme === AuthenticationScheme.POP) {
if (!request.resourceRequestMethod ||
!request.resourceRequestUri) {
throw new Error("Authentication Scheme set to POP but one or more of the following parameters are missing: resourceRequestMethod, resourceRequestUri");
}
const resourceUrl = new URL(request.resourceRequestUri);
authParams.SetPopParams(request.resourceRequestMethod, resourceUrl.host, resourceUrl.pathname, request.shrNonce || "");
}
if (request.extraParameters) {
Object.entries(request.extraParameters).forEach(([key, value]) => {
authParams.SetAdditionalParameter(key, value);
});
}
const skus = request.extraParameters &&
request.extraParameters[X_CLIENT_EXTRA_SKU]
?.length
? request.extraParameters[X_CLIENT_EXTRA_SKU]
: "";
authParams.SetAdditionalParameter(X_CLIENT_EXTRA_SKU, ServerTelemetryManager.makeExtraSkuString({
skus,
extensionName: "msal.node.ext",
extensionVersion: version,
}));
}
catch (e) {
const wrappedError = this.wrapError(e);
if (wrappedError) {
throw wrappedError;
}
}
return authParams;
}
getAuthenticationResult(request, authResult) {
this.logger.trace("NativeBrokerPlugin - getAuthenticationResult called", request.correlationId);
let fromCache = false;
try {
const telemetryJSON = JSON.parse(authResult.telemetryData);
fromCache = !!telemetryJSON["is_cache"];
}
catch (e) {
this.logger.error("NativeBrokerPlugin: getAuthenticationResult - Error parsing telemetry data. Could not determine if response came from cache.", request.correlationId);
}
let idTokenClaims;
try {
idTokenClaims = JSON.parse(authResult.idToken);
}
catch (e) {
throw new Error("Unable to parse idToken claims");
}
const accountInfo = this.generateAccountInfo(authResult.account, idTokenClaims);
let accessToken;
let tokenType;
if (authResult.isPopAuthorization) {
// Header includes 'pop ' prefix
accessToken = authResult.authorizationHeader.split(" ")[1];
tokenType = AuthenticationScheme.POP;
}
else {
accessToken = authResult.accessToken;
tokenType = AuthenticationScheme.BEARER;
}
const result = {
authority: request.authority,
uniqueId: idTokenClaims.oid || idTokenClaims.sub || "",
tenantId: idTokenClaims.tid || "",
scopes: authResult.grantedScopes.split(" "),
account: accountInfo,
idToken: authResult.rawIdToken,
idTokenClaims: idTokenClaims,
accessToken: accessToken,
fromCache: fromCache,
// MsalRuntime expiresOn returned in seconds, converting to Date for AuthenticationResult
expiresOn: toDateFromSeconds(authResult.expiresOn),
tokenType: tokenType,
correlationId: request.correlationId,
fromNativeBroker: true,
};
return result;
}
generateAccountInfo(account, idTokenClaims) {
this.logger.trace("NativeBrokerPlugin - generateAccountInfo called");
const accountInfo = {
homeAccountId: account.homeAccountId,
environment: account.environment,
tenantId: account.realm,
username: account.username,
localAccountId: account.localAccountId,
name: account.displayName,
idTokenClaims: idTokenClaims,
nativeAccountId: account.accountId,
};
return accountInfo;
}
isMsalRuntimeError(result) {
return (result.hasOwnProperty("errorCode") ||
result.hasOwnProperty("errorStatus") ||
result.hasOwnProperty("errorContext") ||
result.hasOwnProperty("errorTag"));
}
wrapError(error) {
if (error &&
typeof error === "object" &&
this.isMsalRuntimeError(error)) {
const { errorCode, errorStatus, errorContext, errorTag } = error;
switch (errorStatus) {
case ErrorStatus.InteractionRequired:
case ErrorStatus.AccountUnusable:
return new InteractionRequiredAuthError(ErrorCodes.INTERATION_REQUIRED_ERROR_CODE, errorContext);
case ErrorStatus.NoNetwork:
case ErrorStatus.NetworkTemporarilyUnavailable:
return createClientAuthError(noNetworkConnectivity);
case ErrorStatus.ServerTemporarilyUnavailable:
return new ServerError(ErrorCodes.SERVER_UNAVAILABLE, errorContext);
case ErrorStatus.UserCanceled:
return createClientAuthError(userCanceled);
case ErrorStatus.AuthorityUntrusted:
return createClientConfigurationError(untrustedAuthority);
case ErrorStatus.UserSwitched:
// Not an error case, if there's customer demand we can surface this as a response property
return null;
case ErrorStatus.AccountNotFound:
return createClientAuthError(noAccountFound);
default:
return new NativeAuthError(ErrorStatus[errorStatus], errorContext, errorCode, errorTag);
}
}
throw error;
}
}
export { NativeBrokerPlugin };
//# sourceMappingURL=NativeBrokerPlugin.mjs.map
File diff suppressed because one or more lines are too long
@@ -0,0 +1,6 @@
import { AuthError } from "@azure/msal-common/node";
export declare class NativeAuthError extends AuthError {
statusCode: number;
tag: number;
constructor(errorStatus: string, errorContext: string, errorCode: number, errorTag: number);
}
@@ -0,0 +1,20 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { AuthError } from '../lib/msal-common/dist/error/AuthError.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class NativeAuthError extends AuthError {
constructor(errorStatus, errorContext, errorCode, errorTag) {
super(errorStatus, errorContext);
this.name = "NativeAuthError";
this.statusCode = errorCode;
this.tag = errorTag;
Object.setPrototypeOf(this, NativeAuthError.prototype);
}
}
export { NativeAuthError };
//# sourceMappingURL=NativeAuthError.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"NativeAuthError.mjs","sources":["../../src/error/NativeAuthError.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAAA;;;AAGG;AAIG,MAAO,eAAgB,SAAQ,SAAS,CAAA;AAI1C,IAAA,WAAA,CACI,WAAmB,EACnB,YAAoB,EACpB,SAAiB,EACjB,QAAgB,EAAA;AAEhB,QAAA,KAAK,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;AACjC,QAAA,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;AAC9B,QAAA,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;AAC5B,QAAA,IAAI,CAAC,GAAG,GAAG,QAAQ,CAAC;QACpB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;KAC1D;AACJ;;;;"}
@@ -0,0 +1,57 @@
/**
* Error thrown when trying to write MSAL cache to persistence.
*/
export declare class PersistenceError extends Error {
errorCode: string;
errorMessage: string;
constructor(errorCode: string, errorMessage: string);
/**
* Error thrown when trying to access the file system.
*/
static createFileSystemError(errorCode: string, errorMessage: string): PersistenceError;
/**
* Error thrown when trying to write, load, or delete data from secret service on linux.
* Libsecret is used to access secret service.
*/
static createLibSecretError(errorMessage: string): PersistenceError;
/**
* Error thrown when trying to write, load, or delete data from keychain on macOs.
*/
static createKeychainPersistenceError(errorMessage: string): PersistenceError;
/**
* Error thrown when trying to encrypt or decrypt data using DPAPI on Windows.
*/
static createFilePersistenceWithDPAPIError(errorMessage: string): PersistenceError;
/**
* Error thrown when using the cross platform lock.
*/
static createCrossPlatformLockError(errorMessage: string): PersistenceError;
/**
* Throw cache persistence error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createCachePersistenceError(errorMessage: string): PersistenceError;
/**
* Throw unsupported error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createNotSupportedError(errorMessage: string): PersistenceError;
/**
* Throw persistence not verified error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createPersistenceNotVerifiedError(errorMessage: string): PersistenceError;
/**
* Throw persistence creation validation error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createPersistenceNotValidatedError(errorMessage: string): PersistenceError;
}
@@ -0,0 +1,91 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Error thrown when trying to write MSAL cache to persistence.
*/
class PersistenceError extends Error {
constructor(errorCode, errorMessage) {
const errorString = errorMessage
? `${errorCode}: ${errorMessage}`
: errorCode;
super(errorString);
Object.setPrototypeOf(this, PersistenceError.prototype);
this.errorCode = errorCode;
this.errorMessage = errorMessage;
this.name = "PersistenceError";
}
/**
* Error thrown when trying to access the file system.
*/
static createFileSystemError(errorCode, errorMessage) {
return new PersistenceError(errorCode, errorMessage);
}
/**
* Error thrown when trying to write, load, or delete data from secret service on linux.
* Libsecret is used to access secret service.
*/
static createLibSecretError(errorMessage) {
return new PersistenceError("GnomeKeyringError", errorMessage);
}
/**
* Error thrown when trying to write, load, or delete data from keychain on macOs.
*/
static createKeychainPersistenceError(errorMessage) {
return new PersistenceError("KeychainError", errorMessage);
}
/**
* Error thrown when trying to encrypt or decrypt data using DPAPI on Windows.
*/
static createFilePersistenceWithDPAPIError(errorMessage) {
return new PersistenceError("DPAPIEncryptedFileError", errorMessage);
}
/**
* Error thrown when using the cross platform lock.
*/
static createCrossPlatformLockError(errorMessage) {
return new PersistenceError("CrossPlatformLockError", errorMessage);
}
/**
* Throw cache persistence error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createCachePersistenceError(errorMessage) {
return new PersistenceError("CachePersistenceError", errorMessage);
}
/**
* Throw unsupported error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createNotSupportedError(errorMessage) {
return new PersistenceError("NotSupportedError", errorMessage);
}
/**
* Throw persistence not verified error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createPersistenceNotVerifiedError(errorMessage) {
return new PersistenceError("PersistenceNotVerifiedError", errorMessage);
}
/**
* Throw persistence creation validation error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createPersistenceNotValidatedError(errorMessage) {
return new PersistenceError("PersistenceNotValidatedError", errorMessage);
}
}
export { PersistenceError };
//# sourceMappingURL=PersistenceError.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"PersistenceError.mjs","sources":["../../src/error/PersistenceError.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;AAGG;AAEH;;AAEG;AACG,MAAO,gBAAiB,SAAQ,KAAK,CAAA;IAMvC,WAAY,CAAA,SAAiB,EAAE,YAAoB,EAAA;QAC/C,MAAM,WAAW,GAAG,YAAY;AAC5B,cAAE,CAAA,EAAG,SAAS,CAAA,EAAA,EAAK,YAAY,CAAE,CAAA;cAC/B,SAAS,CAAC;QAChB,KAAK,CAAC,WAAW,CAAC,CAAC;QACnB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAAC,CAAC;AAExD,QAAA,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;AAC3B,QAAA,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;AACjC,QAAA,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;KAClC;AAED;;AAEG;AACH,IAAA,OAAO,qBAAqB,CACxB,SAAiB,EACjB,YAAoB,EAAA;AAEpB,QAAA,OAAO,IAAI,gBAAgB,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;KACxD;AAED;;;AAGG;IACH,OAAO,oBAAoB,CAAC,YAAoB,EAAA;AAC5C,QAAA,OAAO,IAAI,gBAAgB,CAAC,mBAAmB,EAAE,YAAY,CAAC,CAAC;KAClE;AAED;;AAEG;IACH,OAAO,8BAA8B,CACjC,YAAoB,EAAA;AAEpB,QAAA,OAAO,IAAI,gBAAgB,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;KAC9D;AAED;;AAEG;IACH,OAAO,mCAAmC,CACtC,YAAoB,EAAA;AAEpB,QAAA,OAAO,IAAI,gBAAgB,CAAC,yBAAyB,EAAE,YAAY,CAAC,CAAC;KACxE;AAED;;AAEG;IACH,OAAO,4BAA4B,CAC/B,YAAoB,EAAA;AAEpB,QAAA,OAAO,IAAI,gBAAgB,CAAC,wBAAwB,EAAE,YAAY,CAAC,CAAC;KACvE;AAED;;;;;AAKG;IACH,OAAO,2BAA2B,CAAC,YAAoB,EAAA;AACnD,QAAA,OAAO,IAAI,gBAAgB,CAAC,uBAAuB,EAAE,YAAY,CAAC,CAAC;KACtE;AAED;;;;;AAKG;IACH,OAAO,uBAAuB,CAAC,YAAoB,EAAA;AAC/C,QAAA,OAAO,IAAI,gBAAgB,CAAC,mBAAmB,EAAE,YAAY,CAAC,CAAC;KAClE;AAED;;;;;AAKG;IACH,OAAO,iCAAiC,CACpC,YAAoB,EAAA;AAEpB,QAAA,OAAO,IAAI,gBAAgB,CACvB,6BAA6B,EAC7B,YAAY,CACf,CAAC;KACL;AAED;;;;;AAKG;IACH,OAAO,kCAAkC,CACrC,YAAoB,EAAA;AAEpB,QAAA,OAAO,IAAI,gBAAgB,CACvB,8BAA8B,EAC9B,YAAY,CACf,CAAC;KACL;AACJ;;;;"}
@@ -0,0 +1,12 @@
export { PersistenceCachePlugin } from "./persistence/PersistenceCachePlugin.js";
export { FilePersistence } from "./persistence/FilePersistence.js";
export { FilePersistenceWithDataProtection } from "./persistence/FilePersistenceWithDataProtection.js";
export { DataProtectionScope } from "./persistence/DataProtectionScope.js";
export { KeychainPersistence } from "./persistence/KeychainPersistence.js";
export { LibSecretPersistence } from "./persistence/LibSecretPersistence.js";
export { IPersistence } from "./persistence/IPersistence.js";
export { CrossPlatformLockOptions } from "./lock/CrossPlatformLockOptions.js";
export { PersistenceCreator } from "./persistence/PersistenceCreator.js";
export { IPersistenceConfiguration } from "./persistence/IPersistenceConfiguration.js";
export { Environment } from "./utils/Environment.js";
export { NativeBrokerPlugin } from "./broker/NativeBrokerPlugin.js";
@@ -0,0 +1,12 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
export { PersistenceCachePlugin } from './persistence/PersistenceCachePlugin.mjs';
export { FilePersistence } from './persistence/FilePersistence.mjs';
export { FilePersistenceWithDataProtection } from './persistence/FilePersistenceWithDataProtection.mjs';
export { DataProtectionScope } from './persistence/DataProtectionScope.mjs';
export { KeychainPersistence } from './persistence/KeychainPersistence.mjs';
export { LibSecretPersistence } from './persistence/LibSecretPersistence.mjs';
export { PersistenceCreator } from './persistence/PersistenceCreator.mjs';
export { Environment } from './utils/Environment.mjs';
export { NativeBrokerPlugin } from './broker/NativeBrokerPlugin.mjs';
//# sourceMappingURL=index.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;"}
@@ -0,0 +1,7 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*! @azure/msal-common v15.8.1 2025-07-08 */
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
export { X_CLIENT_EXTRA_SKU };
//# sourceMappingURL=AADServerParamKeys.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"AADServerParamKeys.mjs","sources":["../../../../../../../lib/msal-common/dist/constants/AADServerParamKeys.mjs"],"sourcesContent":["/*! @azure/msal-common v15.8.1 2025-07-08 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst CLIENT_ID = \"client_id\";\r\nconst REDIRECT_URI = \"redirect_uri\";\r\nconst RESPONSE_TYPE = \"response_type\";\r\nconst RESPONSE_MODE = \"response_mode\";\r\nconst GRANT_TYPE = \"grant_type\";\r\nconst CLAIMS = \"claims\";\r\nconst SCOPE = \"scope\";\r\nconst ERROR = \"error\";\r\nconst ERROR_DESCRIPTION = \"error_description\";\r\nconst ACCESS_TOKEN = \"access_token\";\r\nconst ID_TOKEN = \"id_token\";\r\nconst REFRESH_TOKEN = \"refresh_token\";\r\nconst EXPIRES_IN = \"expires_in\";\r\nconst REFRESH_TOKEN_EXPIRES_IN = \"refresh_token_expires_in\";\r\nconst STATE = \"state\";\r\nconst NONCE = \"nonce\";\r\nconst PROMPT = \"prompt\";\r\nconst SESSION_STATE = \"session_state\";\r\nconst CLIENT_INFO = \"client_info\";\r\nconst CODE = \"code\";\r\nconst CODE_CHALLENGE = \"code_challenge\";\r\nconst CODE_CHALLENGE_METHOD = \"code_challenge_method\";\r\nconst CODE_VERIFIER = \"code_verifier\";\r\nconst CLIENT_REQUEST_ID = \"client-request-id\";\r\nconst X_CLIENT_SKU = \"x-client-SKU\";\r\nconst X_CLIENT_VER = \"x-client-VER\";\r\nconst X_CLIENT_OS = \"x-client-OS\";\r\nconst X_CLIENT_CPU = \"x-client-CPU\";\r\nconst X_CLIENT_CURR_TELEM = \"x-client-current-telemetry\";\r\nconst X_CLIENT_LAST_TELEM = \"x-client-last-telemetry\";\r\nconst X_MS_LIB_CAPABILITY = \"x-ms-lib-capability\";\r\nconst X_APP_NAME = \"x-app-name\";\r\nconst X_APP_VER = \"x-app-ver\";\r\nconst POST_LOGOUT_URI = \"post_logout_redirect_uri\";\r\nconst ID_TOKEN_HINT = \"id_token_hint\";\r\nconst DEVICE_CODE = \"device_code\";\r\nconst CLIENT_SECRET = \"client_secret\";\r\nconst CLIENT_ASSERTION = \"client_assertion\";\r\nconst CLIENT_ASSERTION_TYPE = \"client_assertion_type\";\r\nconst TOKEN_TYPE = \"token_type\";\r\nconst REQ_CNF = \"req_cnf\";\r\nconst OBO_ASSERTION = \"assertion\";\r\nconst REQUESTED_TOKEN_USE = \"requested_token_use\";\r\nconst ON_BEHALF_OF = \"on_behalf_of\";\r\nconst FOCI = \"foci\";\r\nconst CCS_HEADER = \"X-AnchorMailbox\";\r\nconst RETURN_SPA_CODE = \"return_spa_code\";\r\nconst NATIVE_BROKER = \"nativebroker\";\r\nconst LOGOUT_HINT = \"logout_hint\";\r\nconst SID = \"sid\";\r\nconst LOGIN_HINT = \"login_hint\";\r\nconst DOMAIN_HINT = \"domain_hint\";\r\nconst X_CLIENT_EXTRA_SKU = \"x-client-xtra-sku\";\r\nconst BROKER_CLIENT_ID = \"brk_client_id\";\r\nconst BROKER_REDIRECT_URI = \"brk_redirect_uri\";\r\nconst INSTANCE_AWARE = \"instance_aware\";\r\nconst EAR_JWK = \"ear_jwk\";\r\nconst EAR_JWE_CRYPTO = \"ear_jwe_crypto\";\n\nexport { ACCESS_TOKEN, BROKER_CLIENT_ID, BROKER_REDIRECT_URI, CCS_HEADER, CLAIMS, CLIENT_ASSERTION, CLIENT_ASSERTION_TYPE, CLIENT_ID, CLIENT_INFO, CLIENT_REQUEST_ID, CLIENT_SECRET, CODE, CODE_CHALLENGE, CODE_CHALLENGE_METHOD, CODE_VERIFIER, DEVICE_CODE, DOMAIN_HINT, EAR_JWE_CRYPTO, EAR_JWK, ERROR, ERROR_DESCRIPTION, EXPIRES_IN, FOCI, GRANT_TYPE, ID_TOKEN, ID_TOKEN_HINT, INSTANCE_AWARE, LOGIN_HINT, LOGOUT_HINT, NATIVE_BROKER, NONCE, OBO_ASSERTION, ON_BEHALF_OF, POST_LOGOUT_URI, PROMPT, REDIRECT_URI, REFRESH_TOKEN, REFRESH_TOKEN_EXPIRES_IN, REQUESTED_TOKEN_USE, REQ_CNF, RESPONSE_MODE, RESPONSE_TYPE, RETURN_SPA_CODE, SCOPE, SESSION_STATE, SID, STATE, TOKEN_TYPE, X_APP_NAME, X_APP_VER, X_CLIENT_CPU, X_CLIENT_CURR_TELEM, X_CLIENT_EXTRA_SKU, X_CLIENT_LAST_TELEM, X_CLIENT_OS, X_CLIENT_SKU, X_CLIENT_VER, X_MS_LIB_CAPABILITY };\n//# sourceMappingURL=AADServerParamKeys.mjs.map\n"],"names":[],"mappings":";;AAAA;AA0DK,MAAC,kBAAkB,GAAG;;;;"}
@@ -0,0 +1,27 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { Constants } from '../utils/Constants.mjs';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/**
* General error class thrown by the MSAL.js library.
*/
class AuthError extends Error {
constructor(errorCode, errorMessage, suberror) {
const errorString = errorMessage
? `${errorCode}: ${errorMessage}`
: errorCode;
super(errorString);
Object.setPrototypeOf(this, AuthError.prototype);
this.errorCode = errorCode || Constants.EMPTY_STRING;
this.errorMessage = errorMessage || Constants.EMPTY_STRING;
this.subError = suberror || Constants.EMPTY_STRING;
this.name = "AuthError";
}
setCorrelationId(correlationId) {
this.correlationId = correlationId;
}
}
export { AuthError };
//# sourceMappingURL=AuthError.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"AuthError.mjs","sources":["../../../../../../../lib/msal-common/dist/error/AuthError.mjs"],"sourcesContent":["/*! @azure/msal-common v15.8.1 2025-07-08 */\n'use strict';\nimport { Constants } from '../utils/Constants.mjs';\nimport { postRequestFailed, unexpectedError } from './AuthErrorCodes.mjs';\nimport * as AuthErrorCodes from './AuthErrorCodes.mjs';\nexport { AuthErrorCodes };\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst AuthErrorMessages = {\r\n [unexpectedError]: \"Unexpected error in authentication.\",\r\n [postRequestFailed]: \"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details.\",\r\n};\r\n/**\r\n * AuthErrorMessage class containing string constants used by error codes and messages.\r\n * @deprecated Use AuthErrorCodes instead\r\n */\r\nconst AuthErrorMessage = {\r\n unexpectedError: {\r\n code: unexpectedError,\r\n desc: AuthErrorMessages[unexpectedError],\r\n },\r\n postRequestFailed: {\r\n code: postRequestFailed,\r\n desc: AuthErrorMessages[postRequestFailed],\r\n },\r\n};\r\n/**\r\n * General error class thrown by the MSAL.js library.\r\n */\r\nclass AuthError extends Error {\r\n constructor(errorCode, errorMessage, suberror) {\r\n const errorString = errorMessage\r\n ? `${errorCode}: ${errorMessage}`\r\n : errorCode;\r\n super(errorString);\r\n Object.setPrototypeOf(this, AuthError.prototype);\r\n this.errorCode = errorCode || Constants.EMPTY_STRING;\r\n this.errorMessage = errorMessage || Constants.EMPTY_STRING;\r\n this.subError = suberror || Constants.EMPTY_STRING;\r\n this.name = \"AuthError\";\r\n }\r\n setCorrelationId(correlationId) {\r\n this.correlationId = correlationId;\r\n }\r\n}\r\nfunction createAuthError(code, additionalMessage) {\r\n return new AuthError(code, additionalMessage\r\n ? `${AuthErrorMessages[code]} ${additionalMessage}`\r\n : AuthErrorMessages[code]);\r\n}\n\nexport { AuthError, AuthErrorMessage, AuthErrorMessages, createAuthError };\n//# sourceMappingURL=AuthError.mjs.map\n"],"names":[],"mappings":";;;;AAAA;AA6BA;AACA;AACA;AACA,MAAM,SAAS,SAAS,KAAK,CAAC;AAC9B,IAAI,WAAW,CAAC,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE;AACnD,QAAQ,MAAM,WAAW,GAAG,YAAY;AACxC,cAAc,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;AAC7C,cAAc,SAAS,CAAC;AACxB,QAAQ,KAAK,CAAC,WAAW,CAAC,CAAC;AAC3B,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;AACzD,QAAQ,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,SAAS,CAAC,YAAY,CAAC;AAC7D,QAAQ,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,SAAS,CAAC,YAAY,CAAC;AACnE,QAAQ,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,SAAS,CAAC,YAAY,CAAC;AAC3D,QAAQ,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;AAChC,KAAK;AACL,IAAI,gBAAgB,CAAC,aAAa,EAAE;AACpC,QAAQ,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;AAC3C,KAAK;AACL;;;;"}
@@ -0,0 +1,81 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { AuthError } from './AuthError.mjs';
import { nestedAppAuthBridgeDisabled, methodNotImplemented, missingTenantIdError, userCanceled, noNetworkConnectivity, keyIdMissing, endSessionEndpointNotSupported, bindingKeyNotRemoved, authorizationCodeMissingFromServerResponse, tokenClaimsCnfRequiredForSignedJwt, userTimeoutReached, tokenRefreshRequired, invalidClientCredential, invalidAssertion, unexpectedCredentialType, noCryptoObject, noAccountFound, invalidCacheEnvironment, invalidCacheRecord, noAccountInSilentRequest, deviceCodeUnknownError, deviceCodeExpired, deviceCodePollingCancelled, emptyInputScopeSet, cannotAppendScopeSet, cannotRemoveEmptyScope, requestCannotBeMade, multipleMatchingAppMetadata, multipleMatchingAccounts, multipleMatchingTokens, maxAgeTranspired, authTimeNotFound, nonceMismatch, stateNotFound, stateMismatch, invalidState, hashNotDeserialized, openIdConfigError, networkError, endpointResolutionError, nullOrEmptyToken, tokenParsingError, clientInfoEmptyError, clientInfoDecodingError } from './ClientAuthErrorCodes.mjs';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* ClientAuthErrorMessage class containing string constants used by error codes and messages.
*/
const ClientAuthErrorMessages = {
[clientInfoDecodingError]: "The client info could not be parsed/decoded correctly",
[clientInfoEmptyError]: "The client info was empty",
[tokenParsingError]: "Token cannot be parsed",
[nullOrEmptyToken]: "The token is null or empty",
[endpointResolutionError]: "Endpoints cannot be resolved",
[networkError]: "Network request failed",
[openIdConfigError]: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",
[hashNotDeserialized]: "The hash parameters could not be deserialized",
[invalidState]: "State was not the expected format",
[stateMismatch]: "State mismatch error",
[stateNotFound]: "State not found",
[nonceMismatch]: "Nonce mismatch error",
[authTimeNotFound]: "Max Age was requested and the ID token is missing the auth_time variable." +
" auth_time is an optional claim and is not enabled by default - it must be enabled." +
" See https://aka.ms/msaljs/optional-claims for more information.",
[maxAgeTranspired]: "Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",
[multipleMatchingTokens]: "The cache contains multiple tokens satisfying the requirements. " +
"Call AcquireToken again providing more requirements such as authority or account.",
[multipleMatchingAccounts]: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",
[multipleMatchingAppMetadata]: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",
[requestCannotBeMade]: "Token request cannot be made without authorization code or refresh token.",
[cannotRemoveEmptyScope]: "Cannot remove null or empty scope from ScopeSet",
[cannotAppendScopeSet]: "Cannot append ScopeSet",
[emptyInputScopeSet]: "Empty input ScopeSet cannot be processed",
[deviceCodePollingCancelled]: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",
[deviceCodeExpired]: "Device code is expired.",
[deviceCodeUnknownError]: "Device code stopped polling for unknown reasons.",
[noAccountInSilentRequest]: "Please pass an account object, silent flow is not supported without account information",
[invalidCacheRecord]: "Cache record object was null or undefined.",
[invalidCacheEnvironment]: "Invalid environment when attempting to create cache entry",
[noAccountFound]: "No account found in cache for given key.",
[noCryptoObject]: "No crypto object detected.",
[unexpectedCredentialType]: "Unexpected credential type.",
[invalidAssertion]: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",
[invalidClientCredential]: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",
[tokenRefreshRequired]: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",
[userTimeoutReached]: "User defined timeout for device code polling reached",
[tokenClaimsCnfRequiredForSignedJwt]: "Cannot generate a POP jwt if the token_claims are not populated",
[authorizationCodeMissingFromServerResponse]: "Server response does not contain an authorization code to proceed",
[bindingKeyNotRemoved]: "Could not remove the credential's binding key from storage.",
[endSessionEndpointNotSupported]: "The provided authority does not support logout",
[keyIdMissing]: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",
[noNetworkConnectivity]: "No network connectivity. Check your internet connection.",
[userCanceled]: "User cancelled the flow.",
[missingTenantIdError]: "A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",
[methodNotImplemented]: "This method has not been implemented",
[nestedAppAuthBridgeDisabled]: "The nested app auth bridge is disabled",
};
/**
* Error thrown when there is an error in the client code running on the browser.
*/
class ClientAuthError extends AuthError {
constructor(errorCode, additionalMessage) {
super(errorCode, additionalMessage
? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}`
: ClientAuthErrorMessages[errorCode]);
this.name = "ClientAuthError";
Object.setPrototypeOf(this, ClientAuthError.prototype);
}
}
function createClientAuthError(errorCode, additionalMessage) {
return new ClientAuthError(errorCode, additionalMessage);
}
export { ClientAuthError, ClientAuthErrorMessages, createClientAuthError };
//# sourceMappingURL=ClientAuthError.mjs.map
File diff suppressed because one or more lines are too long
@@ -0,0 +1,54 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const clientInfoDecodingError = "client_info_decoding_error";
const clientInfoEmptyError = "client_info_empty_error";
const tokenParsingError = "token_parsing_error";
const nullOrEmptyToken = "null_or_empty_token";
const endpointResolutionError = "endpoints_resolution_error";
const networkError = "network_error";
const openIdConfigError = "openid_config_error";
const hashNotDeserialized = "hash_not_deserialized";
const invalidState = "invalid_state";
const stateMismatch = "state_mismatch";
const stateNotFound = "state_not_found";
const nonceMismatch = "nonce_mismatch";
const authTimeNotFound = "auth_time_not_found";
const maxAgeTranspired = "max_age_transpired";
const multipleMatchingTokens = "multiple_matching_tokens";
const multipleMatchingAccounts = "multiple_matching_accounts";
const multipleMatchingAppMetadata = "multiple_matching_appMetadata";
const requestCannotBeMade = "request_cannot_be_made";
const cannotRemoveEmptyScope = "cannot_remove_empty_scope";
const cannotAppendScopeSet = "cannot_append_scopeset";
const emptyInputScopeSet = "empty_input_scopeset";
const deviceCodePollingCancelled = "device_code_polling_cancelled";
const deviceCodeExpired = "device_code_expired";
const deviceCodeUnknownError = "device_code_unknown_error";
const noAccountInSilentRequest = "no_account_in_silent_request";
const invalidCacheRecord = "invalid_cache_record";
const invalidCacheEnvironment = "invalid_cache_environment";
const noAccountFound = "no_account_found";
const noCryptoObject = "no_crypto_object";
const unexpectedCredentialType = "unexpected_credential_type";
const invalidAssertion = "invalid_assertion";
const invalidClientCredential = "invalid_client_credential";
const tokenRefreshRequired = "token_refresh_required";
const userTimeoutReached = "user_timeout_reached";
const tokenClaimsCnfRequiredForSignedJwt = "token_claims_cnf_required_for_signedjwt";
const authorizationCodeMissingFromServerResponse = "authorization_code_missing_from_server_response";
const bindingKeyNotRemoved = "binding_key_not_removed";
const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
const keyIdMissing = "key_id_missing";
const noNetworkConnectivity = "no_network_connectivity";
const userCanceled = "user_canceled";
const missingTenantIdError = "missing_tenant_id_error";
const methodNotImplemented = "method_not_implemented";
const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
export { authTimeNotFound, authorizationCodeMissingFromServerResponse, bindingKeyNotRemoved, cannotAppendScopeSet, cannotRemoveEmptyScope, clientInfoDecodingError, clientInfoEmptyError, deviceCodeExpired, deviceCodePollingCancelled, deviceCodeUnknownError, emptyInputScopeSet, endSessionEndpointNotSupported, endpointResolutionError, hashNotDeserialized, invalidAssertion, invalidCacheEnvironment, invalidCacheRecord, invalidClientCredential, invalidState, keyIdMissing, maxAgeTranspired, methodNotImplemented, missingTenantIdError, multipleMatchingAccounts, multipleMatchingAppMetadata, multipleMatchingTokens, nestedAppAuthBridgeDisabled, networkError, noAccountFound, noAccountInSilentRequest, noCryptoObject, noNetworkConnectivity, nonceMismatch, nullOrEmptyToken, openIdConfigError, requestCannotBeMade, stateMismatch, stateNotFound, tokenClaimsCnfRequiredForSignedJwt, tokenParsingError, tokenRefreshRequired, unexpectedCredentialType, userCanceled, userTimeoutReached };
//# sourceMappingURL=ClientAuthErrorCodes.mjs.map
File diff suppressed because one or more lines are too long
@@ -0,0 +1,50 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { AuthError } from './AuthError.mjs';
import { authorityMismatch, cannotAllowPlatformBroker, cannotSetOIDCOptions, invalidAuthenticationHeader, missingNonceAuthenticationHeader, missingSshKid, missingSshJwk, untrustedAuthority, invalidAuthorityMetadata, invalidCloudDiscoveryMetadata, pkceParamsMissing, invalidCodeChallengeMethod, logoutRequestEmpty, tokenRequestEmpty, invalidClaims, emptyInputScopesError, urlEmptyError, urlParseError, authorityUriInsecure, claimsRequestParsingError, redirectUriEmpty } from './ClientConfigurationErrorCodes.mjs';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const ClientConfigurationErrorMessages = {
[redirectUriEmpty]: "A redirect URI is required for all calls, and none has been set.",
[claimsRequestParsingError]: "Could not parse the given claims request object.",
[authorityUriInsecure]: "Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",
[urlParseError]: "URL could not be parsed into appropriate segments.",
[urlEmptyError]: "URL was empty or null.",
[emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
[invalidClaims]: "Given claims parameter must be a stringified JSON object.",
[tokenRequestEmpty]: "Token request was empty and not found in cache.",
[logoutRequestEmpty]: "The logout request was null or undefined.",
[invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',
[pkceParamsMissing]: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",
[invalidCloudDiscoveryMetadata]: "Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",
[invalidAuthorityMetadata]: "Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",
[untrustedAuthority]: "The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",
[missingSshJwk]: "Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",
[missingSshKid]: "Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",
[missingNonceAuthenticationHeader]: "Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",
[invalidAuthenticationHeader]: "Invalid authentication header provided",
[cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
[cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
[authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
};
/**
* Error thrown when there is an error in configuration of the MSAL.js library.
*/
class ClientConfigurationError extends AuthError {
constructor(errorCode) {
super(errorCode, ClientConfigurationErrorMessages[errorCode]);
this.name = "ClientConfigurationError";
Object.setPrototypeOf(this, ClientConfigurationError.prototype);
}
}
function createClientConfigurationError(errorCode) {
return new ClientConfigurationError(errorCode);
}
export { ClientConfigurationError, ClientConfigurationErrorMessages, createClientConfigurationError };
//# sourceMappingURL=ClientConfigurationError.mjs.map
File diff suppressed because one or more lines are too long
@@ -0,0 +1,31 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const redirectUriEmpty = "redirect_uri_empty";
const claimsRequestParsingError = "claims_request_parsing_error";
const authorityUriInsecure = "authority_uri_insecure";
const urlParseError = "url_parse_error";
const urlEmptyError = "empty_url_error";
const emptyInputScopesError = "empty_input_scopes_error";
const invalidClaims = "invalid_claims";
const tokenRequestEmpty = "token_request_empty";
const logoutRequestEmpty = "logout_request_empty";
const invalidCodeChallengeMethod = "invalid_code_challenge_method";
const pkceParamsMissing = "pkce_params_missing";
const invalidCloudDiscoveryMetadata = "invalid_cloud_discovery_metadata";
const invalidAuthorityMetadata = "invalid_authority_metadata";
const untrustedAuthority = "untrusted_authority";
const missingSshJwk = "missing_ssh_jwk";
const missingSshKid = "missing_ssh_kid";
const missingNonceAuthenticationHeader = "missing_nonce_authentication_header";
const invalidAuthenticationHeader = "invalid_authentication_header";
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
const authorityMismatch = "authority_mismatch";
export { authorityMismatch, authorityUriInsecure, cannotAllowPlatformBroker, cannotSetOIDCOptions, claimsRequestParsingError, emptyInputScopesError, invalidAuthenticationHeader, invalidAuthorityMetadata, invalidClaims, invalidCloudDiscoveryMetadata, invalidCodeChallengeMethod, logoutRequestEmpty, missingNonceAuthenticationHeader, missingSshJwk, missingSshKid, pkceParamsMissing, redirectUriEmpty, tokenRequestEmpty, untrustedAuthority, urlEmptyError, urlParseError };
//# sourceMappingURL=ClientConfigurationErrorCodes.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"ClientConfigurationErrorCodes.mjs","sources":["../../../../../../../lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs"],"sourcesContent":["/*! @azure/msal-common v15.8.1 2025-07-08 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst redirectUriEmpty = \"redirect_uri_empty\";\r\nconst claimsRequestParsingError = \"claims_request_parsing_error\";\r\nconst authorityUriInsecure = \"authority_uri_insecure\";\r\nconst urlParseError = \"url_parse_error\";\r\nconst urlEmptyError = \"empty_url_error\";\r\nconst emptyInputScopesError = \"empty_input_scopes_error\";\r\nconst invalidClaims = \"invalid_claims\";\r\nconst tokenRequestEmpty = \"token_request_empty\";\r\nconst logoutRequestEmpty = \"logout_request_empty\";\r\nconst invalidCodeChallengeMethod = \"invalid_code_challenge_method\";\r\nconst pkceParamsMissing = \"pkce_params_missing\";\r\nconst invalidCloudDiscoveryMetadata = \"invalid_cloud_discovery_metadata\";\r\nconst invalidAuthorityMetadata = \"invalid_authority_metadata\";\r\nconst untrustedAuthority = \"untrusted_authority\";\r\nconst missingSshJwk = \"missing_ssh_jwk\";\r\nconst missingSshKid = \"missing_ssh_kid\";\r\nconst missingNonceAuthenticationHeader = \"missing_nonce_authentication_header\";\r\nconst invalidAuthenticationHeader = \"invalid_authentication_header\";\r\nconst cannotSetOIDCOptions = \"cannot_set_OIDCOptions\";\r\nconst cannotAllowPlatformBroker = \"cannot_allow_platform_broker\";\r\nconst authorityMismatch = \"authority_mismatch\";\n\nexport { authorityMismatch, authorityUriInsecure, cannotAllowPlatformBroker, cannotSetOIDCOptions, claimsRequestParsingError, emptyInputScopesError, invalidAuthenticationHeader, invalidAuthorityMetadata, invalidClaims, invalidCloudDiscoveryMetadata, invalidCodeChallengeMethod, logoutRequestEmpty, missingNonceAuthenticationHeader, missingSshJwk, missingSshKid, pkceParamsMissing, redirectUriEmpty, tokenRequestEmpty, untrustedAuthority, urlEmptyError, urlParseError };\n//# sourceMappingURL=ClientConfigurationErrorCodes.mjs.map\n"],"names":[],"mappings":";;AAAA;AAEA;AACA;AACA;AACA;AACK,MAAC,gBAAgB,GAAG,qBAAqB;AACzC,MAAC,yBAAyB,GAAG,+BAA+B;AAC5D,MAAC,oBAAoB,GAAG,yBAAyB;AACjD,MAAC,aAAa,GAAG,kBAAkB;AACnC,MAAC,aAAa,GAAG,kBAAkB;AACnC,MAAC,qBAAqB,GAAG,2BAA2B;AACpD,MAAC,aAAa,GAAG,iBAAiB;AAClC,MAAC,iBAAiB,GAAG,sBAAsB;AAC3C,MAAC,kBAAkB,GAAG,uBAAuB;AAC7C,MAAC,0BAA0B,GAAG,gCAAgC;AAC9D,MAAC,iBAAiB,GAAG,sBAAsB;AAC3C,MAAC,6BAA6B,GAAG,mCAAmC;AACpE,MAAC,wBAAwB,GAAG,6BAA6B;AACzD,MAAC,kBAAkB,GAAG,sBAAsB;AAC5C,MAAC,aAAa,GAAG,kBAAkB;AACnC,MAAC,aAAa,GAAG,kBAAkB;AACnC,MAAC,gCAAgC,GAAG,sCAAsC;AAC1E,MAAC,2BAA2B,GAAG,gCAAgC;AAC/D,MAAC,oBAAoB,GAAG,yBAAyB;AACjD,MAAC,yBAAyB,GAAG,+BAA+B;AAC5D,MAAC,iBAAiB,GAAG;;;;"}
@@ -0,0 +1,24 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { Constants } from '../utils/Constants.mjs';
import { AuthError } from './AuthError.mjs';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/**
* Error thrown when user interaction is required.
*/
class InteractionRequiredAuthError extends AuthError {
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
super(errorCode, errorMessage, subError);
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
this.timestamp = timestamp || Constants.EMPTY_STRING;
this.traceId = traceId || Constants.EMPTY_STRING;
this.correlationId = correlationId || Constants.EMPTY_STRING;
this.claims = claims || Constants.EMPTY_STRING;
this.name = "InteractionRequiredAuthError";
this.errorNo = errorNo;
}
}
export { InteractionRequiredAuthError };
//# sourceMappingURL=InteractionRequiredAuthError.mjs.map
File diff suppressed because one or more lines are too long
@@ -0,0 +1,25 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { AuthError } from './AuthError.mjs';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Error thrown when there is an error with the server code, for example, unavailability.
*/
class ServerError extends AuthError {
constructor(errorCode, errorMessage, subError, errorNo, status) {
super(errorCode, errorMessage, subError);
this.name = "ServerError";
this.errorNo = errorNo;
this.status = status;
Object.setPrototypeOf(this, ServerError.prototype);
}
}
export { ServerError };
//# sourceMappingURL=ServerError.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"ServerError.mjs","sources":["../../../../../../../lib/msal-common/dist/error/ServerError.mjs"],"sourcesContent":["/*! @azure/msal-common v15.8.1 2025-07-08 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Error thrown when there is an error with the server code, for example, unavailability.\r\n */\r\nclass ServerError extends AuthError {\r\n constructor(errorCode, errorMessage, subError, errorNo, status) {\r\n super(errorCode, errorMessage, subError);\r\n this.name = \"ServerError\";\r\n this.errorNo = errorNo;\r\n this.status = status;\r\n Object.setPrototypeOf(this, ServerError.prototype);\r\n }\r\n}\n\nexport { ServerError };\n//# sourceMappingURL=ServerError.mjs.map\n"],"names":[],"mappings":";;;;AAAA;;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,WAAW,SAAS,SAAS,CAAC;AACpC,IAAI,WAAW,CAAC,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE;AACpE,QAAQ,KAAK,CAAC,SAAS,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;AACjD,QAAQ,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;AAClC,QAAQ,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;AAC/B,QAAQ,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;AAC7B,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,WAAW,CAAC,SAAS,CAAC,CAAC;AAC3D,KAAK;AACL;;;;"}
@@ -0,0 +1,197 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { Constants } from '../utils/Constants.mjs';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Log message level.
*/
var LogLevel;
(function (LogLevel) {
LogLevel[LogLevel["Error"] = 0] = "Error";
LogLevel[LogLevel["Warning"] = 1] = "Warning";
LogLevel[LogLevel["Info"] = 2] = "Info";
LogLevel[LogLevel["Verbose"] = 3] = "Verbose";
LogLevel[LogLevel["Trace"] = 4] = "Trace";
})(LogLevel || (LogLevel = {}));
/**
* Class which facilitates logging of messages to a specific place.
*/
class Logger {
constructor(loggerOptions, packageName, packageVersion) {
// Current log level, defaults to info.
this.level = LogLevel.Info;
const defaultLoggerCallback = () => {
return;
};
const setLoggerOptions = loggerOptions || Logger.createDefaultLoggerOptions();
this.localCallback =
setLoggerOptions.loggerCallback || defaultLoggerCallback;
this.piiLoggingEnabled = setLoggerOptions.piiLoggingEnabled || false;
this.level =
typeof setLoggerOptions.logLevel === "number"
? setLoggerOptions.logLevel
: LogLevel.Info;
this.correlationId =
setLoggerOptions.correlationId || Constants.EMPTY_STRING;
this.packageName = packageName || Constants.EMPTY_STRING;
this.packageVersion = packageVersion || Constants.EMPTY_STRING;
}
static createDefaultLoggerOptions() {
return {
loggerCallback: () => {
// allow users to not set loggerCallback
},
piiLoggingEnabled: false,
logLevel: LogLevel.Info,
};
}
/**
* Create new Logger with existing configurations.
*/
clone(packageName, packageVersion, correlationId) {
return new Logger({
loggerCallback: this.localCallback,
piiLoggingEnabled: this.piiLoggingEnabled,
logLevel: this.level,
correlationId: correlationId || this.correlationId,
}, packageName, packageVersion);
}
/**
* Log message with required options.
*/
logMessage(logMessage, options) {
if (options.logLevel > this.level ||
(!this.piiLoggingEnabled && options.containsPii)) {
return;
}
const timestamp = new Date().toUTCString();
// Add correlationId to logs if set, correlationId provided on log messages take precedence
const logHeader = `[${timestamp}] : [${options.correlationId || this.correlationId || ""}]`;
const log = `${logHeader} : ${this.packageName}@${this.packageVersion} : ${LogLevel[options.logLevel]} - ${logMessage}`;
// debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.EMPTY_STRING}${options.context ? `:${options.context}` : Constants.EMPTY_STRING}`)(logMessage);
this.executeCallback(options.logLevel, log, options.containsPii || false);
}
/**
* Execute callback with message.
*/
executeCallback(level, message, containsPii) {
if (this.localCallback) {
this.localCallback(level, message, containsPii);
}
}
/**
* Logs error messages.
*/
error(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Error,
containsPii: false,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs error messages with PII.
*/
errorPii(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Error,
containsPii: true,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs warning messages.
*/
warning(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Warning,
containsPii: false,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs warning messages with PII.
*/
warningPii(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Warning,
containsPii: true,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs info messages.
*/
info(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Info,
containsPii: false,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs info messages with PII.
*/
infoPii(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Info,
containsPii: true,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs verbose messages.
*/
verbose(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Verbose,
containsPii: false,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs verbose messages with PII.
*/
verbosePii(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Verbose,
containsPii: true,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs trace messages.
*/
trace(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Trace,
containsPii: false,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Logs trace messages with PII.
*/
tracePii(message, correlationId) {
this.logMessage(message, {
logLevel: LogLevel.Trace,
containsPii: true,
correlationId: correlationId || Constants.EMPTY_STRING,
});
}
/**
* Returns whether PII Logging is enabled or not.
*/
isPiiLoggingEnabled() {
return this.piiLoggingEnabled || false;
}
}
export { LogLevel, Logger };
//# sourceMappingURL=Logger.mjs.map
File diff suppressed because one or more lines are too long
@@ -0,0 +1,270 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { CacheOutcome, Constants, SERVER_TELEM_CONSTANTS, Separators } from '../../utils/Constants.mjs';
import { AuthError } from '../../error/AuthError.mjs';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const skuGroupSeparator = ",";
const skuValueSeparator = "|";
function makeExtraSkuString(params) {
const { skus, libraryName, libraryVersion, extensionName, extensionVersion, } = params;
const skuMap = new Map([
[0, [libraryName, libraryVersion]],
[2, [extensionName, extensionVersion]],
]);
let skuArr = [];
if (skus?.length) {
skuArr = skus.split(skuGroupSeparator);
// Ignore invalid input sku param
if (skuArr.length < 4) {
return skus;
}
}
else {
skuArr = Array.from({ length: 4 }, () => skuValueSeparator);
}
skuMap.forEach((value, key) => {
if (value.length === 2 && value[0]?.length && value[1]?.length) {
setSku({
skuArr,
index: key,
skuName: value[0],
skuVersion: value[1],
});
}
});
return skuArr.join(skuGroupSeparator);
}
function setSku(params) {
const { skuArr, index, skuName, skuVersion } = params;
if (index >= skuArr.length) {
return;
}
skuArr[index] = [skuName, skuVersion].join(skuValueSeparator);
}
/** @internal */
class ServerTelemetryManager {
constructor(telemetryRequest, cacheManager) {
this.cacheOutcome = CacheOutcome.NOT_APPLICABLE;
this.cacheManager = cacheManager;
this.apiId = telemetryRequest.apiId;
this.correlationId = telemetryRequest.correlationId;
this.wrapperSKU = telemetryRequest.wrapperSKU || Constants.EMPTY_STRING;
this.wrapperVer = telemetryRequest.wrapperVer || Constants.EMPTY_STRING;
this.telemetryCacheKey =
SERVER_TELEM_CONSTANTS.CACHE_KEY +
Separators.CACHE_KEY_SEPARATOR +
telemetryRequest.clientId;
}
/**
* API to add MSER Telemetry to request
*/
generateCurrentRequestHeaderValue() {
const request = `${this.apiId}${SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR}${this.cacheOutcome}`;
const platformFieldsArr = [this.wrapperSKU, this.wrapperVer];
const nativeBrokerErrorCode = this.getNativeBrokerErrorCode();
if (nativeBrokerErrorCode?.length) {
platformFieldsArr.push(`broker_error=${nativeBrokerErrorCode}`);
}
const platformFields = platformFieldsArr.join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
const regionDiscoveryFields = this.getRegionDiscoveryFields();
const requestWithRegionDiscoveryFields = [
request,
regionDiscoveryFields,
].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
return [
SERVER_TELEM_CONSTANTS.SCHEMA_VERSION,
requestWithRegionDiscoveryFields,
platformFields,
].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR);
}
/**
* API to add MSER Telemetry for the last failed request
*/
generateLastRequestHeaderValue() {
const lastRequests = this.getLastRequests();
const maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests);
const failedRequests = lastRequests.failedRequests
.slice(0, 2 * maxErrors)
.join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
const errors = lastRequests.errors
.slice(0, maxErrors)
.join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
const errorCount = lastRequests.errors.length;
// Indicate whether this header contains all data or partial data
const overflow = maxErrors < errorCount
? SERVER_TELEM_CONSTANTS.OVERFLOW_TRUE
: SERVER_TELEM_CONSTANTS.OVERFLOW_FALSE;
const platformFields = [errorCount, overflow].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
return [
SERVER_TELEM_CONSTANTS.SCHEMA_VERSION,
lastRequests.cacheHits,
failedRequests,
errors,
platformFields,
].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR);
}
/**
* API to cache token failures for MSER data capture
* @param error
*/
cacheFailedRequest(error) {
const lastRequests = this.getLastRequests();
if (lastRequests.errors.length >=
SERVER_TELEM_CONSTANTS.MAX_CACHED_ERRORS) {
// Remove a cached error to make room, first in first out
lastRequests.failedRequests.shift(); // apiId
lastRequests.failedRequests.shift(); // correlationId
lastRequests.errors.shift();
}
lastRequests.failedRequests.push(this.apiId, this.correlationId);
if (error instanceof Error && !!error && error.toString()) {
if (error instanceof AuthError) {
if (error.subError) {
lastRequests.errors.push(error.subError);
}
else if (error.errorCode) {
lastRequests.errors.push(error.errorCode);
}
else {
lastRequests.errors.push(error.toString());
}
}
else {
lastRequests.errors.push(error.toString());
}
}
else {
lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR);
}
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
return;
}
/**
* Update server telemetry cache entry by incrementing cache hit counter
*/
incrementCacheHits() {
const lastRequests = this.getLastRequests();
lastRequests.cacheHits += 1;
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
return lastRequests.cacheHits;
}
/**
* Get the server telemetry entity from cache or initialize a new one
*/
getLastRequests() {
const initialValue = {
failedRequests: [],
errors: [],
cacheHits: 0,
};
const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey);
return lastRequests || initialValue;
}
/**
* Remove server telemetry cache entry
*/
clearTelemetryCache() {
const lastRequests = this.getLastRequests();
const numErrorsFlushed = ServerTelemetryManager.maxErrorsToSend(lastRequests);
const errorCount = lastRequests.errors.length;
if (numErrorsFlushed === errorCount) {
// All errors were sent on last request, clear Telemetry cache
this.cacheManager.removeItem(this.telemetryCacheKey, this.correlationId);
}
else {
// Partial data was flushed to server, construct a new telemetry cache item with errors that were not flushed
const serverTelemEntity = {
failedRequests: lastRequests.failedRequests.slice(numErrorsFlushed * 2),
errors: lastRequests.errors.slice(numErrorsFlushed),
cacheHits: 0,
};
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity, this.correlationId);
}
}
/**
* Returns the maximum number of errors that can be flushed to the server in the next network request
* @param serverTelemetryEntity
*/
static maxErrorsToSend(serverTelemetryEntity) {
let i;
let maxErrors = 0;
let dataSize = 0;
const errorCount = serverTelemetryEntity.errors.length;
for (i = 0; i < errorCount; i++) {
// failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs
const apiId = serverTelemetryEntity.failedRequests[2 * i] ||
Constants.EMPTY_STRING;
const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] ||
Constants.EMPTY_STRING;
const errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING;
// Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators
dataSize +=
apiId.toString().length +
correlationId.toString().length +
errorCode.length +
3;
if (dataSize < SERVER_TELEM_CONSTANTS.MAX_LAST_HEADER_BYTES) {
// Adding this entry to the header would still keep header size below the limit
maxErrors += 1;
}
else {
break;
}
}
return maxErrors;
}
/**
* Get the region discovery fields
*
* @returns string
*/
getRegionDiscoveryFields() {
const regionDiscoveryFields = [];
regionDiscoveryFields.push(this.regionUsed || Constants.EMPTY_STRING);
regionDiscoveryFields.push(this.regionSource || Constants.EMPTY_STRING);
regionDiscoveryFields.push(this.regionOutcome || Constants.EMPTY_STRING);
return regionDiscoveryFields.join(",");
}
/**
* Update the region discovery metadata
*
* @param regionDiscoveryMetadata
* @returns void
*/
updateRegionDiscoveryMetadata(regionDiscoveryMetadata) {
this.regionUsed = regionDiscoveryMetadata.region_used;
this.regionSource = regionDiscoveryMetadata.region_source;
this.regionOutcome = regionDiscoveryMetadata.region_outcome;
}
/**
* Set cache outcome
*/
setCacheOutcome(cacheOutcome) {
this.cacheOutcome = cacheOutcome;
}
setNativeBrokerErrorCode(errorCode) {
const lastRequests = this.getLastRequests();
lastRequests.nativeBrokerErrorCode = errorCode;
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
}
getNativeBrokerErrorCode() {
return this.getLastRequests().nativeBrokerErrorCode;
}
clearNativeBrokerErrorCode() {
const lastRequests = this.getLastRequests();
delete lastRequests.nativeBrokerErrorCode;
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
}
static makeExtraSkuString(params) {
return makeExtraSkuString(params);
}
}
export { ServerTelemetryManager };
//# sourceMappingURL=ServerTelemetryManager.mjs.map
File diff suppressed because one or more lines are too long
@@ -0,0 +1,107 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const Constants = {
LIBRARY_NAME: "MSAL.JS",
SKU: "msal.js.common",
// Prefix for all library cache entries
CACHE_PREFIX: "msal",
// default authority
DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/",
DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com",
DEFAULT_COMMON_TENANT: "common",
// ADFS String
ADFS: "adfs",
DSTS: "dstsv2",
// Default AAD Instance Discovery Endpoint
AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",
// CIAM URL
CIAM_AUTH_URL: ".ciamlogin.com",
AAD_TENANT_DOMAIN_SUFFIX: ".onmicrosoft.com",
// Resource delimiter - used for certain cache entries
RESOURCE_DELIM: "|",
// Placeholder for non-existent account ids/objects
NO_ACCOUNT: "NO_ACCOUNT",
// Claims
CLAIMS: "claims",
// Consumer UTID
CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad",
// Default scopes
OPENID_SCOPE: "openid",
PROFILE_SCOPE: "profile",
OFFLINE_ACCESS_SCOPE: "offline_access",
EMAIL_SCOPE: "email",
CODE_GRANT_TYPE: "authorization_code",
RT_GRANT_TYPE: "refresh_token",
S256_CODE_CHALLENGE_METHOD: "S256",
URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8",
AUTHORIZATION_PENDING: "authorization_pending",
NOT_DEFINED: "not_defined",
EMPTY_STRING: "",
NOT_APPLICABLE: "N/A",
NOT_AVAILABLE: "Not Available",
FORWARD_SLASH: "/",
IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location",
IMDS_VERSION: "2020-06-01",
IMDS_TIMEOUT: 2000,
AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect",
REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com",
KNOWN_PUBLIC_CLOUDS: [
"login.microsoftonline.com",
"login.windows.net",
"login.microsoft.com",
"sts.windows.net",
],
SHR_NONCE_VALIDITY: 240,
INVALID_INSTANCE: "invalid_instance",
};
/**
* we considered making this "enum" in the request instead of string, however it looks like the allowed list of
* prompt values kept changing over past couple of years. There are some undocumented prompt values for some
* internal partners too, hence the choice of generic "string" type instead of the "enum"
*/
const PromptValue = {
LOGIN: "login",
SELECT_ACCOUNT: "select_account",
CONSENT: "consent",
NONE: "none",
CREATE: "create",
NO_SESSION: "no_session",
};
/**
* Separators used in cache
*/
const Separators = {
CACHE_KEY_SEPARATOR: "-"};
const SERVER_TELEM_CONSTANTS = {
SCHEMA_VERSION: 5,
MAX_LAST_HEADER_BYTES: 330,
MAX_CACHED_ERRORS: 50,
CACHE_KEY: "server-telemetry",
CATEGORY_SEPARATOR: "|",
VALUE_SEPARATOR: ",",
OVERFLOW_TRUE: "1",
OVERFLOW_FALSE: "0",
UNKNOWN_ERROR: "unknown_error",
};
/**
* Type of the authentication request
*/
const AuthenticationScheme = {
BEARER: "Bearer",
POP: "pop",
SSH: "ssh-cert",
};
/**
* Specifies the reason for fetching the access token from the identity provider
*/
const CacheOutcome = {
// When a token is found in the cache or the cache is not supposed to be hit when making the request
NOT_APPLICABLE: "0"};
export { AuthenticationScheme, CacheOutcome, Constants, PromptValue, SERVER_TELEM_CONSTANTS, Separators };
//# sourceMappingURL=Constants.mjs.map
File diff suppressed because one or more lines are too long
@@ -0,0 +1,16 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*! @azure/msal-common v15.8.1 2025-07-08 */
/**
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
* @param seconds
*/
function toDateFromSeconds(seconds) {
if (seconds) {
return new Date(Number(seconds) * 1000);
}
return new Date();
}
export { toDateFromSeconds };
//# sourceMappingURL=TimeUtils.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"TimeUtils.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/TimeUtils.mjs"],"sourcesContent":["/*! @azure/msal-common v15.8.1 2025-07-08 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Utility functions for managing date and time operations.\r\n */\r\n/**\r\n * return the current time in Unix time (seconds).\r\n */\r\nfunction nowSeconds() {\r\n // Date.getTime() returns in milliseconds.\r\n return Math.round(new Date().getTime() / 1000.0);\r\n}\r\n/**\r\n * Converts JS Date object to seconds\r\n * @param date Date\r\n */\r\nfunction toSecondsFromDate(date) {\r\n // Convert date to seconds\r\n return date.getTime() / 1000;\r\n}\r\n/**\r\n * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).\r\n * @param seconds\r\n */\r\nfunction toDateFromSeconds(seconds) {\r\n if (seconds) {\r\n return new Date(Number(seconds) * 1000);\r\n }\r\n return new Date();\r\n}\r\n/**\r\n * check if a token is expired based on given UTC time in seconds.\r\n * @param expiresOn\r\n */\r\nfunction isTokenExpired(expiresOn, offset) {\r\n // check for access token expiry\r\n const expirationSec = Number(expiresOn) || 0;\r\n const offsetCurrentTimeSec = nowSeconds() + offset;\r\n // If current time + offset is greater than token expiration time, then token is expired.\r\n return offsetCurrentTimeSec > expirationSec;\r\n}\r\n/**\r\n * If the current time is earlier than the time that a token was cached at, we must discard the token\r\n * i.e. The system clock was turned back after acquiring the cached token\r\n * @param cachedAt\r\n * @param offset\r\n */\r\nfunction wasClockTurnedBack(cachedAt) {\r\n const cachedAtSec = Number(cachedAt);\r\n return cachedAtSec > nowSeconds();\r\n}\r\n/**\r\n * Waits for t number of milliseconds\r\n * @param t number\r\n * @param value T\r\n */\r\nfunction delay(t, value) {\r\n return new Promise((resolve) => setTimeout(() => resolve(value), t));\r\n}\n\nexport { delay, isTokenExpired, nowSeconds, toDateFromSeconds, toSecondsFromDate, wasClockTurnedBack };\n//# sourceMappingURL=TimeUtils.mjs.map\n"],"names":[],"mappings":";;AAAA;AAwBA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,OAAO,EAAE;AACpC,IAAI,IAAI,OAAO,EAAE;AACjB,QAAQ,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;AAChD,KAAK;AACL,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;AACtB;;;;"}
@@ -0,0 +1,24 @@
import { CrossPlatformLockOptions } from "./CrossPlatformLockOptions.js";
import { Logger } from "@azure/msal-common/node";
/**
* Cross-process lock that works on all platforms.
*/
export declare class CrossPlatformLock {
private readonly lockFilePath;
private lockFileHandle;
private readonly retryNumber;
private readonly retryDelay;
private logger;
constructor(lockFilePath: string, logger: Logger, lockOptions?: CrossPlatformLockOptions);
/**
* Locks cache from read or writes by creating file with same path and name as
* cache file but with .lockfile extension. If another process has already created
* the lockfile, will back off and retry based on configuration settings set by CrossPlatformLockOptions
*/
lock(): Promise<void>;
/**
* unlocks cache file by deleting .lockfile.
*/
unlock(): Promise<void>;
private sleep;
}
@@ -0,0 +1,95 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { promises } from 'fs';
import { pid } from 'process';
import { Constants } from '../utils/Constants.mjs';
import { PersistenceError } from '../error/PersistenceError.mjs';
import { isNodeError } from '../utils/TypeGuards.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Cross-process lock that works on all platforms.
*/
class CrossPlatformLock {
constructor(lockFilePath, logger, lockOptions) {
this.lockFilePath = lockFilePath;
this.retryNumber = lockOptions ? lockOptions.retryNumber : 500;
this.retryDelay = lockOptions ? lockOptions.retryDelay : 100;
this.logger = logger;
}
/**
* Locks cache from read or writes by creating file with same path and name as
* cache file but with .lockfile extension. If another process has already created
* the lockfile, will back off and retry based on configuration settings set by CrossPlatformLockOptions
*/
async lock() {
for (let tryCount = 0; tryCount < this.retryNumber; tryCount++) {
try {
this.logger.info(`Pid ${pid} trying to acquire lock`);
this.lockFileHandle = await promises.open(this.lockFilePath, "wx+");
this.logger.info(`Pid ${pid} acquired lock`);
await this.lockFileHandle.write(pid.toString());
return;
}
catch (err) {
if (isNodeError(err)) {
if (err.code === Constants.EEXIST_ERROR ||
err.code === Constants.EPERM_ERROR) {
this.logger.info(err.message);
await this.sleep(this.retryDelay);
}
else {
this.logger.error(`${pid} was not able to acquire lock. Ran into error: ${err.message}`);
throw PersistenceError.createCrossPlatformLockError(err.message);
}
}
else {
throw err;
}
}
}
this.logger.error(`${pid} was not able to acquire lock. Exceeded amount of retries set in the options`);
throw PersistenceError.createCrossPlatformLockError("Not able to acquire lock. Exceeded amount of retries set in options");
}
/**
* unlocks cache file by deleting .lockfile.
*/
async unlock() {
try {
if (this.lockFileHandle) {
// if we have a file handle to the .lockfile, delete lock file
await promises.unlink(this.lockFilePath);
await this.lockFileHandle.close();
this.logger.info("lockfile deleted");
}
else {
this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted");
}
}
catch (err) {
if (isNodeError(err)) {
if (err.code === Constants.ENOENT_ERROR) {
this.logger.info("Tried to unlock but lockfile does not exist");
}
else {
this.logger.error(`${pid} was not able to release lock. Ran into error: ${err.message}`);
throw PersistenceError.createCrossPlatformLockError(err.message);
}
}
else {
throw err;
}
}
}
sleep(ms) {
return new Promise((resolve) => {
setTimeout(resolve, ms);
});
}
}
export { CrossPlatformLock };
//# sourceMappingURL=CrossPlatformLock.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"CrossPlatformLock.mjs","sources":["../../src/lock/CrossPlatformLock.ts"],"sourcesContent":[null],"names":["fs"],"mappings":";;;;;;;;AAAA;;;AAGG;AAUH;;AAEG;MACU,iBAAiB,CAAA;AAQ1B,IAAA,WAAA,CACI,YAAoB,EACpB,MAAc,EACd,WAAsC,EAAA;AAEtC,QAAA,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;AACjC,QAAA,IAAI,CAAC,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC,WAAW,GAAG,GAAG,CAAC;AAC/D,QAAA,IAAI,CAAC,UAAU,GAAG,WAAW,GAAG,WAAW,CAAC,UAAU,GAAG,GAAG,CAAC;AAC7D,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;KACxB;AAED;;;;AAIG;AACI,IAAA,MAAM,IAAI,GAAA;AACb,QAAA,KAAK,IAAI,QAAQ,GAAG,CAAC,EAAE,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,EAAE;YAC5D,IAAI;gBACA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,IAAA,EAAA,GAAG,CAAyB,uBAAA,CAAA,CAAC,CAAC;AACtD,gBAAA,IAAI,CAAC,cAAc,GAAG,MAAMA,QAAE,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBAE9D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,IAAA,EAAA,GAAG,CAAgB,cAAA,CAAA,CAAC,CAAC;gBAC7C,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAChD,OAAO;AACV,aAAA;AAAC,YAAA,OAAO,GAAG,EAAE;AACV,gBAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,oBAAA,IACI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY;AACnC,wBAAA,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,WAAW,EACpC;wBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBAC9B,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AACrC,qBAAA;AAAM,yBAAA;AACH,wBAAA,IAAI,CAAC,MAAM,CAAC,KAAK,CACb,CAAA,EAAG,GAAG,CAAA,+CAAA,EAAkD,GAAG,CAAC,OAAO,CAAA,CAAE,CACxE,CAAC;wBACF,MAAM,gBAAgB,CAAC,4BAA4B,CAC/C,GAAG,CAAC,OAAO,CACd,CAAC;AACL,qBAAA;AACJ,iBAAA;AAAM,qBAAA;AACH,oBAAA,MAAM,GAAG,CAAC;AACb,iBAAA;AACJ,aAAA;AACJ,SAAA;QACD,IAAI,CAAC,MAAM,CAAC,KAAK,CACb,CAAG,EAAA,GAAG,CAA8E,4EAAA,CAAA,CACvF,CAAC;AACF,QAAA,MAAM,gBAAgB,CAAC,4BAA4B,CAC/C,qEAAqE,CACxE,CAAC;KACL;AAED;;AAEG;AACI,IAAA,MAAM,MAAM,GAAA;QACf,IAAI;YACA,IAAI,IAAI,CAAC,cAAc,EAAE;;gBAErB,MAAMA,QAAE,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AACnC,gBAAA,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;AAClC,gBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AACxC,aAAA;AAAM,iBAAA;AACH,gBAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CACf,kEAAkE,CACrE,CAAC;AACL,aAAA;AACJ,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;AACrC,oBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,6CAA6C,CAChD,CAAC;AACL,iBAAA;AAAM,qBAAA;AACH,oBAAA,IAAI,CAAC,MAAM,CAAC,KAAK,CACb,CAAA,EAAG,GAAG,CAAA,+CAAA,EAAkD,GAAG,CAAC,OAAO,CAAA,CAAE,CACxE,CAAC;oBACF,MAAM,gBAAgB,CAAC,4BAA4B,CAC/C,GAAG,CAAC,OAAO,CACd,CAAC;AACL,iBAAA;AACJ,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEO,IAAA,KAAK,CAAC,EAAU,EAAA;AACpB,QAAA,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,KAAI;AAC3B,YAAA,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC5B,SAAC,CAAC,CAAC;KACN;AACJ;;;;"}
@@ -0,0 +1,10 @@
/**
* Options for CrossPlatform lock.
*
* retryNumber: Numbers of times we should try to acquire a lock. Defaults to 500.
* retryDelay: Time to wait before trying to retry a lock acquisition. Defaults to 100 ms.
*/
export type CrossPlatformLockOptions = {
retryNumber: number;
retryDelay: number;
};
@@ -0,0 +1,2 @@
export declare const name = "@azure/msal-node-extensions";
export declare const version = "1.5.17";
@@ -0,0 +1,8 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/* eslint-disable header/header */
const name = "@azure/msal-node-extensions";
const version = "1.5.17";
export { name, version };
//# sourceMappingURL=packageMetadata.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"packageMetadata.mjs","sources":["../src/packageMetadata.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;AACO,MAAM,IAAI,GAAG,8BAA8B;AAC3C,MAAM,OAAO,GAAG;;;;"}
@@ -0,0 +1,5 @@
import { IPersistence } from "./IPersistence.js";
export declare abstract class BasePersistence {
abstract createForPersistenceValidation(): Promise<IPersistence>;
verifyPersistence(): Promise<boolean>;
}
@@ -0,0 +1,36 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { PersistenceError } from '../error/PersistenceError.mjs';
import { Constants } from '../utils/Constants.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class BasePersistence {
async verifyPersistence() {
// We are using a different location for the test to avoid overriding the functional cache
const persistenceValidator = await this.createForPersistenceValidation();
try {
await persistenceValidator.save(Constants.PERSISTENCE_TEST_DATA);
const retrievedDummyData = await persistenceValidator.load();
if (!retrievedDummyData) {
throw PersistenceError.createCachePersistenceError("Persistence check failed. Data was written but it could not be read. " +
"Possible cause: on Linux, LibSecret is installed but D-Bus isn't running \
because it cannot be started over SSH.");
}
if (retrievedDummyData !== Constants.PERSISTENCE_TEST_DATA) {
throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants.PERSISTENCE_TEST_DATA} is different \
from data read ${retrievedDummyData}`);
}
await persistenceValidator.delete();
return true;
}
catch (e) {
throw PersistenceError.createCachePersistenceError(`Verifing persistence failed with the error: ${e}`);
}
}
}
export { BasePersistence };
//# sourceMappingURL=BasePersistence.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"BasePersistence.mjs","sources":["../../src/persistence/BasePersistence.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AAAA;;;AAGG;MAMmB,eAAe,CAAA;AAG1B,IAAA,MAAM,iBAAiB,GAAA;;AAE1B,QAAA,MAAM,oBAAoB,GACtB,MAAM,IAAI,CAAC,8BAA8B,EAAE,CAAC;QAEhD,IAAI;YACA,MAAM,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;AAEjE,YAAA,MAAM,kBAAkB,GAAG,MAAM,oBAAoB,CAAC,IAAI,EAAE,CAAC;YAE7D,IAAI,CAAC,kBAAkB,EAAE;AACrB,gBAAA,MAAM,gBAAgB,CAAC,2BAA2B,CAC9C,uEAAuE;AACnE,oBAAA;AACmC,2DAAA,CAC1C,CAAC;AACL,aAAA;AAED,YAAA,IAAI,kBAAkB,KAAK,SAAS,CAAC,qBAAqB,EAAE;AACxD,gBAAA,MAAM,gBAAgB,CAAC,2BAA2B,CAC9C,CAA0C,uCAAA,EAAA,SAAS,CAAC,qBAAqB,CAAA;qCACxD,kBAAkB,CAAA,CAAE,CACxC,CAAC;AACL,aAAA;AACD,YAAA,MAAM,oBAAoB,CAAC,MAAM,EAAE,CAAC;AACpC,YAAA,OAAO,IAAI,CAAC;AACf,SAAA;AAAC,QAAA,OAAO,CAAC,EAAE;YACR,MAAM,gBAAgB,CAAC,2BAA2B,CAC9C,+CAA+C,CAAC,CAAA,CAAE,CACrD,CAAC;AACL,SAAA;KACJ;AACJ;;;;"}
@@ -0,0 +1,16 @@
/**
* Specifies the scope of the data protection - either the current user or the local
* machine.
*
* You do not need a key to protect or unprotect the data.
* If you set the Scope to CurrentUser, only applications running on your credentials can
* unprotect the data; however, that means that any application running on your credentials
* can access the protected data. If you set the Scope to LocalMachine, any full-trust
* application on the computer can unprotect, access, and modify the data.
*
*/
export declare const DataProtectionScope: {
readonly CurrentUser: "CurrentUser";
readonly LocalMachine: "LocalMachine";
};
export type DataProtectionScope = (typeof DataProtectionScope)[keyof typeof DataProtectionScope];
@@ -0,0 +1,24 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Specifies the scope of the data protection - either the current user or the local
* machine.
*
* You do not need a key to protect or unprotect the data.
* If you set the Scope to CurrentUser, only applications running on your credentials can
* unprotect the data; however, that means that any application running on your credentials
* can access the protected data. If you set the Scope to LocalMachine, any full-trust
* application on the computer can unprotect, access, and modify the data.
*
*/
const DataProtectionScope = {
CurrentUser: "CurrentUser",
LocalMachine: "LocalMachine",
};
export { DataProtectionScope };
//# sourceMappingURL=DataProtectionScope.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"DataProtectionScope.mjs","sources":["../../src/persistence/DataProtectionScope.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;AAGG;AAEH;;;;;;;;;;AAUG;AACU,MAAA,mBAAmB,GAAG;AAC/B,IAAA,WAAW,EAAE,aAAa;AAC1B,IAAA,YAAY,EAAE,cAAc;;;;;"}
@@ -0,0 +1,29 @@
import { IPersistence } from "./IPersistence.js";
import { Logger, LoggerOptions } from "@azure/msal-common/node";
import { BasePersistence } from "./BasePersistence.js";
/**
* Reads and writes data to file specified by file location. File contents are not
* encrypted.
*
* If file or directory has not been created, it FilePersistence.create() will create
* file and any directories in the path recursively.
*/
export declare class FilePersistence extends BasePersistence implements IPersistence {
private filePath;
private logger;
private constructor();
static create(fileLocation: string, loggerOptions?: LoggerOptions): Promise<FilePersistence>;
save(contents: string): Promise<void>;
saveBuffer(contents: Uint8Array): Promise<void>;
load(): Promise<string | null>;
loadBuffer(): Promise<Uint8Array>;
delete(): Promise<boolean>;
getFilePath(): string;
reloadNecessary(lastSync: number): Promise<boolean>;
getLogger(): Logger;
createForPersistenceValidation(): Promise<FilePersistence>;
private static createDefaultLoggerOptions;
private timeLastModified;
private createCacheFile;
private createFileDirectory;
}
@@ -0,0 +1,173 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { promises } from 'fs';
import { dirname } from 'path';
import { ErrorCodes, Constants } from '../utils/Constants.mjs';
import { PersistenceError } from '../error/PersistenceError.mjs';
import { BasePersistence } from './BasePersistence.mjs';
import { isNodeError } from '../utils/TypeGuards.mjs';
import { Logger, LogLevel } from '../lib/msal-common/dist/logger/Logger.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Reads and writes data to file specified by file location. File contents are not
* encrypted.
*
* If file or directory has not been created, it FilePersistence.create() will create
* file and any directories in the path recursively.
*/
class FilePersistence extends BasePersistence {
constructor(fileLocation, loggerOptions) {
super();
this.logger = new Logger(loggerOptions || FilePersistence.createDefaultLoggerOptions());
this.filePath = fileLocation;
}
static async create(fileLocation, loggerOptions) {
const filePersistence = new FilePersistence(fileLocation, loggerOptions);
await filePersistence.createCacheFile();
return filePersistence;
}
async save(contents) {
try {
await promises.writeFile(this.getFilePath(), contents, "utf-8");
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
}
else {
throw err;
}
}
}
async saveBuffer(contents) {
try {
await promises.writeFile(this.getFilePath(), contents);
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
}
else {
throw err;
}
}
}
async load() {
try {
return await promises.readFile(this.getFilePath(), "utf-8");
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
}
else {
throw err;
}
}
}
async loadBuffer() {
try {
return await promises.readFile(this.getFilePath());
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
}
else {
throw err;
}
}
}
async delete() {
try {
await promises.unlink(this.getFilePath());
return true;
}
catch (err) {
if (isNodeError(err)) {
if (err.code === Constants.ENOENT_ERROR) {
// file does not exist, so it was not deleted
this.logger.warning("Cache file does not exist, so it could not be deleted");
return false;
}
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
}
else {
throw err;
}
}
}
getFilePath() {
return this.filePath;
}
async reloadNecessary(lastSync) {
return lastSync < (await this.timeLastModified());
}
getLogger() {
return this.logger;
}
createForPersistenceValidation() {
const testCacheFileLocation = `${dirname(this.filePath)}/test.cache`;
return FilePersistence.create(testCacheFileLocation);
}
static createDefaultLoggerOptions() {
return {
loggerCallback: () => {
// allow users to not set loggerCallback
},
piiLoggingEnabled: false,
logLevel: LogLevel.Info,
};
}
async timeLastModified() {
try {
const stats = await promises.stat(this.filePath);
return stats.mtime.getTime();
}
catch (err) {
if (isNodeError(err)) {
if (err.code === Constants.ENOENT_ERROR) {
// file does not exist, so it's never been modified
this.logger.verbose("Cache file does not exist");
return 0;
}
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
}
else {
throw err;
}
}
}
async createCacheFile() {
await this.createFileDirectory();
// File is created only if it does not exist
const fileHandle = await promises.open(this.filePath, "a");
await fileHandle.close();
this.logger.info(`File created at ${this.filePath}`);
}
async createFileDirectory() {
try {
await promises.mkdir(dirname(this.filePath), { recursive: true });
}
catch (err) {
if (isNodeError(err)) {
if (err.code === Constants.EEXIST_ERROR) {
this.logger.info(`Directory ${dirname(this.filePath)} already exists`);
}
else {
throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
}
}
else {
throw err;
}
}
}
}
export { FilePersistence };
//# sourceMappingURL=FilePersistence.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"FilePersistence.mjs","sources":["../../src/persistence/FilePersistence.ts"],"sourcesContent":[null],"names":["fs"],"mappings":";;;;;;;;;;AAAA;;;AAGG;AAWH;;;;;;AAMG;AACG,MAAO,eAAgB,SAAQ,eAAe,CAAA;IAIhD,WAAoB,CAAA,YAAoB,EAAE,aAA6B,EAAA;AACnE,QAAA,KAAK,EAAE,CAAC;AACR,QAAA,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CACpB,aAAa,IAAI,eAAe,CAAC,0BAA0B,EAAE,CAChE,CAAC;AACF,QAAA,IAAI,CAAC,QAAQ,GAAG,YAAY,CAAC;KAChC;AAEM,IAAA,aAAa,MAAM,CACtB,YAAoB,EACpB,aAA6B,EAAA;QAE7B,MAAM,eAAe,GAAG,IAAI,eAAe,CACvC,YAAY,EACZ,aAAa,CAChB,CAAC;AACF,QAAA,MAAM,eAAe,CAAC,eAAe,EAAE,CAAC;AACxC,QAAA,OAAO,eAAe,CAAC;KAC1B;IAEM,MAAM,IAAI,CAAC,QAAgB,EAAA;QAC9B,IAAI;AACA,YAAA,MAAMA,QAAE,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC7D,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;IAEM,MAAM,UAAU,CAAC,QAAoB,EAAA;QACxC,IAAI;YACA,MAAMA,QAAE,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,QAAQ,CAAC,CAAC;AACpD,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,IAAI,GAAA;QACb,IAAI;AACA,YAAA,OAAO,MAAMA,QAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;AACzD,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,UAAU,GAAA;QACnB,IAAI;YACA,OAAO,MAAMA,QAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;AAChD,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,MAAM,GAAA;QACf,IAAI;YACA,MAAMA,QAAE,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;AACpC,YAAA,OAAO,IAAI,CAAC;AACf,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;;AAErC,oBAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CACf,uDAAuD,CAC1D,CAAC;AACF,oBAAA,OAAO,KAAK,CAAC;AAChB,iBAAA;AACD,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;IAEM,WAAW,GAAA;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC;KACxB;IAEM,MAAM,eAAe,CAAC,QAAgB,EAAA;QACzC,OAAO,QAAQ,IAAI,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;KACrD;IAEM,SAAS,GAAA;QACZ,OAAO,IAAI,CAAC,MAAM,CAAC;KACtB;IAEM,8BAA8B,GAAA;QACjC,MAAM,qBAAqB,GAAG,CAAA,EAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA,WAAA,CAAa,CAAC;AACrE,QAAA,OAAO,eAAe,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;KACxD;AAEO,IAAA,OAAO,0BAA0B,GAAA;QACrC,OAAO;YACH,cAAc,EAAE,MAAK;;aAEpB;AACD,YAAA,iBAAiB,EAAE,KAAK;YACxB,QAAQ,EAAE,QAAQ,CAAC,IAAI;SAC1B,CAAC;KACL;AAEO,IAAA,MAAM,gBAAgB,GAAA;QAC1B,IAAI;YACA,MAAM,KAAK,GAAG,MAAMA,QAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC3C,YAAA,OAAO,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;AAChC,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;;AAErC,oBAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;AACjD,oBAAA,OAAO,CAAC,CAAC;AACZ,iBAAA;AACD,gBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEO,IAAA,MAAM,eAAe,GAAA;AACzB,QAAA,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;;AAEjC,QAAA,MAAM,UAAU,GAAG,MAAMA,QAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;AACrD,QAAA,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAmB,gBAAA,EAAA,IAAI,CAAC,QAAQ,CAAE,CAAA,CAAC,CAAC;KACxD;AAEO,IAAA,MAAM,mBAAmB,GAAA;QAC7B,IAAI;AACA,YAAA,MAAMA,QAAE,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AAC/D,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;AAClB,gBAAA,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,YAAY,EAAE;AACrC,oBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,CAAa,UAAA,EAAA,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA,gBAAA,CAAkB,CACxD,CAAC;AACL,iBAAA;AAAM,qBAAA;AACH,oBAAA,MAAM,gBAAgB,CAAC,qBAAqB,CACxC,GAAG,CAAC,IAAI,IAAI,UAAU,CAAC,OAAO,EAC9B,GAAG,CAAC,OAAO,CACd,CAAC;AACL,iBAAA;AACJ,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AACJ;;;;"}
@@ -0,0 +1,24 @@
import { IPersistence } from "./IPersistence.js";
import { DataProtectionScope } from "./DataProtectionScope.js";
import { Logger, LoggerOptions } from "@azure/msal-common/node";
import { BasePersistence } from "./BasePersistence.js";
/**
* Uses CryptProtectData and CryptUnprotectData on Windows to encrypt and decrypt file contents.
*
* scope: Scope of the data protection. Either local user or the current machine
* optionalEntropy: Password or other additional entropy used to encrypt the data
*/
export declare class FilePersistenceWithDataProtection extends BasePersistence implements IPersistence {
private filePersistence;
private scope;
private optionalEntropy;
private constructor();
static create(fileLocation: string, scope: DataProtectionScope, optionalEntropy?: string, loggerOptions?: LoggerOptions): Promise<FilePersistenceWithDataProtection>;
save(contents: string): Promise<void>;
load(): Promise<string | null>;
delete(): Promise<boolean>;
reloadNecessary(lastSync: number): Promise<boolean>;
getFilePath(): string;
getLogger(): Logger;
createForPersistenceValidation(): Promise<FilePersistenceWithDataProtection>;
}
@@ -0,0 +1,90 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { FilePersistence } from './FilePersistence.mjs';
import { PersistenceError } from '../error/PersistenceError.mjs';
import { Dpapi } from '../Dpapi.mjs';
import { DataProtectionScope } from './DataProtectionScope.mjs';
import { dirname } from 'path';
import { BasePersistence } from './BasePersistence.mjs';
import { isNodeError } from '../utils/TypeGuards.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Uses CryptProtectData and CryptUnprotectData on Windows to encrypt and decrypt file contents.
*
* scope: Scope of the data protection. Either local user or the current machine
* optionalEntropy: Password or other additional entropy used to encrypt the data
*/
class FilePersistenceWithDataProtection extends BasePersistence {
constructor(filePersistence, scope, optionalEntropy) {
super();
this.scope = scope;
this.optionalEntropy = optionalEntropy
? Buffer.from(optionalEntropy, "utf-8")
: null;
this.filePersistence = filePersistence;
}
static async create(fileLocation, scope, optionalEntropy, loggerOptions) {
const filePersistence = await FilePersistence.create(fileLocation, loggerOptions);
const persistence = new FilePersistenceWithDataProtection(filePersistence, scope, optionalEntropy);
return persistence;
}
async save(contents) {
try {
const encryptedContents = Dpapi.protectData(Buffer.from(contents, "utf-8"), this.optionalEntropy, this.scope.toString());
await this.filePersistence.saveBuffer(encryptedContents);
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createFilePersistenceWithDPAPIError(err.message);
}
else {
throw err;
}
}
}
async load() {
try {
const encryptedContents = await this.filePersistence.loadBuffer();
if (typeof encryptedContents === "undefined" ||
!encryptedContents ||
0 === encryptedContents.length) {
this.filePersistence
.getLogger()
.info("Encrypted contents loaded from file were null or empty");
return null;
}
return Dpapi.unprotectData(encryptedContents, this.optionalEntropy, this.scope.toString()).toString();
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createFilePersistenceWithDPAPIError(err.message);
}
else {
throw err;
}
}
}
async delete() {
return this.filePersistence.delete();
}
async reloadNecessary(lastSync) {
return this.filePersistence.reloadNecessary(lastSync);
}
getFilePath() {
return this.filePersistence.getFilePath();
}
getLogger() {
return this.filePersistence.getLogger();
}
createForPersistenceValidation() {
const testCacheFileLocation = `${dirname(this.filePersistence.getFilePath())}/test.cache`;
return FilePersistenceWithDataProtection.create(testCacheFileLocation, DataProtectionScope.CurrentUser);
}
}
export { FilePersistenceWithDataProtection };
//# sourceMappingURL=FilePersistenceWithDataProtection.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"FilePersistenceWithDataProtection.mjs","sources":["../../src/persistence/FilePersistenceWithDataProtection.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;AAAA;;;AAGG;AAYH;;;;;AAKG;AACG,MAAO,iCACT,SAAQ,eAAe,CAAA;AAOvB,IAAA,WAAA,CACI,eAAgC,EAChC,KAA0B,EAC1B,eAAwB,EAAA;AAExB,QAAA,KAAK,EAAE,CAAC;AACR,QAAA,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,eAAe,GAAG,eAAe;cAChC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,CAAC;cACrC,IAAI,CAAC;AACX,QAAA,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;KAC1C;IAEM,aAAa,MAAM,CACtB,YAAoB,EACpB,KAA0B,EAC1B,eAAwB,EACxB,aAA6B,EAAA;QAE7B,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,MAAM,CAChD,YAAY,EACZ,aAAa,CAChB,CAAC;QACF,MAAM,WAAW,GAAG,IAAI,iCAAiC,CACrD,eAAe,EACf,KAAK,EACL,eAAe,CAClB,CAAC;AACF,QAAA,OAAO,WAAW,CAAC;KACtB;IAEM,MAAM,IAAI,CAAC,QAAgB,EAAA;QAC9B,IAAI;YACA,MAAM,iBAAiB,GAAG,KAAK,CAAC,WAAW,CACvC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,EAC9B,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CACxB,CAAC;YACF,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;AAC5D,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;gBAClB,MAAM,gBAAgB,CAAC,mCAAmC,CACtD,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,IAAI,GAAA;QACb,IAAI;YACA,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,CAAC;YAClE,IACI,OAAO,iBAAiB,KAAK,WAAW;AACxC,gBAAA,CAAC,iBAAiB;AAClB,gBAAA,CAAC,KAAK,iBAAiB,CAAC,MAAM,EAChC;AACE,gBAAA,IAAI,CAAC,eAAe;AACf,qBAAA,SAAS,EAAE;qBACX,IAAI,CACD,wDAAwD,CAC3D,CAAC;AACN,gBAAA,OAAO,IAAI,CAAC;AACf,aAAA;YACD,OAAO,KAAK,CAAC,aAAa,CACtB,iBAAiB,EACjB,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CACxB,CAAC,QAAQ,EAAE,CAAC;AAChB,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;gBAClB,MAAM,gBAAgB,CAAC,mCAAmC,CACtD,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,MAAM,GAAA;AACf,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;KACxC;IAEM,MAAM,eAAe,CAAC,QAAgB,EAAA;QACzC,OAAO,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;KACzD;IAEM,WAAW,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC;KAC7C;IAEM,SAAS,GAAA;AACZ,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;KAC3C;IAEM,8BAA8B,GAAA;AACjC,QAAA,MAAM,qBAAqB,GAAG,CAAG,EAAA,OAAO,CACpC,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,CACrC,aAAa,CAAC;QACf,OAAO,iCAAiC,CAAC,MAAM,CAC3C,qBAAqB,EACrB,mBAAmB,CAAC,WAAW,CAClC,CAAC;KACL;AACJ;;;;"}
@@ -0,0 +1,11 @@
import { Logger } from "@azure/msal-common/node";
export interface IPersistence {
save(contents: string): Promise<void>;
load(): Promise<string | null>;
delete(): Promise<boolean>;
reloadNecessary(lastSync: number): Promise<boolean>;
getFilePath(): string;
getLogger(): Logger;
verifyPersistence(): Promise<boolean>;
createForPersistenceValidation(): Promise<IPersistence>;
}
@@ -0,0 +1,10 @@
import type { LoggerOptions } from "@azure/msal-common/node";
import { DataProtectionScope } from "./DataProtectionScope.js";
export interface IPersistenceConfiguration {
cachePath?: string;
dataProtectionScope?: DataProtectionScope;
serviceName?: string;
accountName?: string;
usePlaintextFileOnLinux?: boolean;
loggerOptions?: LoggerOptions;
}
@@ -0,0 +1,23 @@
import { IPersistence } from "./IPersistence.js";
import { Logger, LoggerOptions } from "@azure/msal-common/node";
import { BasePersistence } from "./BasePersistence.js";
/**
* Uses reads and writes passwords to macOS keychain
*
* serviceName: Identifier used as key for whatever value is stored
* accountName: Account under which password should be stored
*/
export declare class KeychainPersistence extends BasePersistence implements IPersistence {
protected readonly serviceName: string;
protected readonly accountName: string;
private filePersistence;
private constructor();
static create(fileLocation: string, serviceName: string, accountName: string, loggerOptions?: LoggerOptions): Promise<KeychainPersistence>;
save(contents: string): Promise<void>;
load(): Promise<string | null>;
delete(): Promise<boolean>;
reloadNecessary(lastSync: number): Promise<boolean>;
getFilePath(): string;
getLogger(): Logger;
createForPersistenceValidation(): Promise<KeychainPersistence>;
}
@@ -0,0 +1,90 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import keytar from 'keytar';
import { FilePersistence } from './FilePersistence.mjs';
import { PersistenceError } from '../error/PersistenceError.mjs';
import { dirname } from 'path';
import { BasePersistence } from './BasePersistence.mjs';
import { isNodeError } from '../utils/TypeGuards.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Uses reads and writes passwords to macOS keychain
*
* serviceName: Identifier used as key for whatever value is stored
* accountName: Account under which password should be stored
*/
class KeychainPersistence extends BasePersistence {
constructor(filePersistence, serviceName, accountName) {
super();
this.filePersistence = filePersistence;
this.serviceName = serviceName;
this.accountName = accountName;
}
static async create(fileLocation, serviceName, accountName, loggerOptions) {
const filePersistence = await FilePersistence.create(fileLocation, loggerOptions);
const persistence = new KeychainPersistence(filePersistence, serviceName, accountName);
return persistence;
}
async save(contents) {
try {
await keytar.setPassword(this.serviceName, this.accountName, contents);
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createKeychainPersistenceError(err.message);
}
else {
throw err;
}
}
// Write dummy data to update file mtime
await this.filePersistence.save("{}");
}
async load() {
try {
return await keytar.getPassword(this.serviceName, this.accountName);
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createKeychainPersistenceError(err.message);
}
else {
throw err;
}
}
}
async delete() {
try {
await this.filePersistence.delete();
return await keytar.deletePassword(this.serviceName, this.accountName);
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createKeychainPersistenceError(err.message);
}
else {
throw err;
}
}
}
async reloadNecessary(lastSync) {
return this.filePersistence.reloadNecessary(lastSync);
}
getFilePath() {
return this.filePersistence.getFilePath();
}
getLogger() {
return this.filePersistence.getLogger();
}
createForPersistenceValidation() {
const testCacheFileLocation = `${dirname(this.filePersistence.getFilePath())}/test.cache`;
return KeychainPersistence.create(testCacheFileLocation, "persistenceValidationServiceName", "persistencValidationAccountName");
}
}
export { KeychainPersistence };
//# sourceMappingURL=KeychainPersistence.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"KeychainPersistence.mjs","sources":["../../src/persistence/KeychainPersistence.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;AAAA;;;AAGG;AAWH;;;;;AAKG;AACG,MAAO,mBACT,SAAQ,eAAe,CAAA;AAOvB,IAAA,WAAA,CACI,eAAgC,EAChC,WAAmB,EACnB,WAAmB,EAAA;AAEnB,QAAA,KAAK,EAAE,CAAC;AACR,QAAA,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;AACvC,QAAA,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;AAC/B,QAAA,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;KAClC;IAEM,aAAa,MAAM,CACtB,YAAoB,EACpB,WAAmB,EACnB,WAAmB,EACnB,aAA6B,EAAA;QAE7B,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,MAAM,CAChD,YAAY,EACZ,aAAa,CAChB,CAAC;QACF,MAAM,WAAW,GAAG,IAAI,mBAAmB,CACvC,eAAe,EACf,WAAW,EACX,WAAW,CACd,CAAC;AACF,QAAA,OAAO,WAAW,CAAC;KACtB;IAEM,MAAM,IAAI,CAAC,QAAgB,EAAA;QAC9B,IAAI;AACA,YAAA,MAAM,MAAM,CAAC,WAAW,CACpB,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,WAAW,EAChB,QAAQ,CACX,CAAC;AACL,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;gBAClB,MAAM,gBAAgB,CAAC,8BAA8B,CACjD,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACzC;AAEM,IAAA,MAAM,IAAI,GAAA;QACb,IAAI;AACA,YAAA,OAAO,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;AACvE,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;gBAClB,MAAM,gBAAgB,CAAC,8BAA8B,CACjD,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,MAAM,GAAA;QACf,IAAI;AACA,YAAA,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;AACpC,YAAA,OAAO,MAAM,MAAM,CAAC,cAAc,CAC9B,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,WAAW,CACnB,CAAC;AACL,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;gBAClB,MAAM,gBAAgB,CAAC,8BAA8B,CACjD,GAAG,CAAC,OAAO,CACd,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;IAEM,MAAM,eAAe,CAAC,QAAgB,EAAA;QACzC,OAAO,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;KACzD;IAEM,WAAW,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC;KAC7C;IAEM,SAAS,GAAA;AACZ,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;KAC3C;IAEM,8BAA8B,GAAA;AACjC,QAAA,MAAM,qBAAqB,GAAG,CAAG,EAAA,OAAO,CACpC,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,CACrC,aAAa,CAAC;QACf,OAAO,mBAAmB,CAAC,MAAM,CAC7B,qBAAqB,EACrB,kCAAkC,EAClC,iCAAiC,CACpC,CAAC;KACL;AACJ;;;;"}
@@ -0,0 +1,24 @@
import { IPersistence } from "./IPersistence.js";
import { Logger, LoggerOptions } from "@azure/msal-common/node";
import { BasePersistence } from "./BasePersistence.js";
/**
* Uses reads and writes passwords to Secret Service API/libsecret. Requires libsecret
* to be installed.
*
* serviceName: Identifier used as key for whatever value is stored
* accountName: Account under which password should be stored
*/
export declare class LibSecretPersistence extends BasePersistence implements IPersistence {
protected readonly serviceName: string;
protected readonly accountName: string;
private filePersistence;
private constructor();
static create(fileLocation: string, serviceName: string, accountName: string, loggerOptions?: LoggerOptions): Promise<LibSecretPersistence>;
save(contents: string): Promise<void>;
load(): Promise<string | null>;
delete(): Promise<boolean>;
reloadNecessary(lastSync: number): Promise<boolean>;
getFilePath(): string;
getLogger(): Logger;
createForPersistenceValidation(): Promise<LibSecretPersistence>;
}
@@ -0,0 +1,91 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import keytar from 'keytar';
import { FilePersistence } from './FilePersistence.mjs';
import { PersistenceError } from '../error/PersistenceError.mjs';
import { dirname } from 'path';
import { BasePersistence } from './BasePersistence.mjs';
import { isNodeError } from '../utils/TypeGuards.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Uses reads and writes passwords to Secret Service API/libsecret. Requires libsecret
* to be installed.
*
* serviceName: Identifier used as key for whatever value is stored
* accountName: Account under which password should be stored
*/
class LibSecretPersistence extends BasePersistence {
constructor(filePersistence, serviceName, accountName) {
super();
this.filePersistence = filePersistence;
this.serviceName = serviceName;
this.accountName = accountName;
}
static async create(fileLocation, serviceName, accountName, loggerOptions) {
const filePersistence = await FilePersistence.create(fileLocation, loggerOptions);
const persistence = new LibSecretPersistence(filePersistence, serviceName, accountName);
return persistence;
}
async save(contents) {
try {
await keytar.setPassword(this.serviceName, this.accountName, contents);
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createLibSecretError(err.message);
}
else {
throw err;
}
}
// Write dummy data to update file mtime
await this.filePersistence.save("{}");
}
async load() {
try {
return await keytar.getPassword(this.serviceName, this.accountName);
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createLibSecretError(err.message);
}
else {
throw err;
}
}
}
async delete() {
try {
await this.filePersistence.delete();
return await keytar.deletePassword(this.serviceName, this.accountName);
}
catch (err) {
if (isNodeError(err)) {
throw PersistenceError.createLibSecretError(err.message);
}
else {
throw err;
}
}
}
async reloadNecessary(lastSync) {
return this.filePersistence.reloadNecessary(lastSync);
}
getFilePath() {
return this.filePersistence.getFilePath();
}
getLogger() {
return this.filePersistence.getLogger();
}
createForPersistenceValidation() {
const testCacheFileLocation = `${dirname(this.filePersistence.getFilePath())}/test.cache`;
return LibSecretPersistence.create(testCacheFileLocation, "persistenceValidationServiceName", "persistencValidationAccountName");
}
}
export { LibSecretPersistence };
//# sourceMappingURL=LibSecretPersistence.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"LibSecretPersistence.mjs","sources":["../../src/persistence/LibSecretPersistence.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;AAAA;;;AAGG;AAWH;;;;;;AAMG;AACG,MAAO,oBACT,SAAQ,eAAe,CAAA;AAOvB,IAAA,WAAA,CACI,eAAgC,EAChC,WAAmB,EACnB,WAAmB,EAAA;AAEnB,QAAA,KAAK,EAAE,CAAC;AACR,QAAA,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;AACvC,QAAA,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;AAC/B,QAAA,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;KAClC;IAEM,aAAa,MAAM,CACtB,YAAoB,EACpB,WAAmB,EACnB,WAAmB,EACnB,aAA6B,EAAA;QAE7B,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,MAAM,CAChD,YAAY,EACZ,aAAa,CAChB,CAAC;QACF,MAAM,WAAW,GAAG,IAAI,oBAAoB,CACxC,eAAe,EACf,WAAW,EACX,WAAW,CACd,CAAC;AACF,QAAA,OAAO,WAAW,CAAC;KACtB;IAEM,MAAM,IAAI,CAAC,QAAgB,EAAA;QAC9B,IAAI;AACA,YAAA,MAAM,MAAM,CAAC,WAAW,CACpB,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,WAAW,EAChB,QAAQ,CACX,CAAC;AACL,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;gBAClB,MAAM,gBAAgB,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC5D,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACzC;AAEM,IAAA,MAAM,IAAI,GAAA;QACb,IAAI;AACA,YAAA,OAAO,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;AACvE,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;gBAClB,MAAM,gBAAgB,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC5D,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;AAEM,IAAA,MAAM,MAAM,GAAA;QACf,IAAI;AACA,YAAA,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;AACpC,YAAA,OAAO,MAAM,MAAM,CAAC,cAAc,CAC9B,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,WAAW,CACnB,CAAC;AACL,SAAA;AAAC,QAAA,OAAO,GAAG,EAAE;AACV,YAAA,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;gBAClB,MAAM,gBAAgB,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC5D,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,GAAG,CAAC;AACb,aAAA;AACJ,SAAA;KACJ;IAEM,MAAM,eAAe,CAAC,QAAgB,EAAA;QACzC,OAAO,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;KACzD;IAEM,WAAW,GAAA;AACd,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC;KAC7C;IAEM,SAAS,GAAA;AACZ,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;KAC3C;IAEM,8BAA8B,GAAA;AACjC,QAAA,MAAM,qBAAqB,GAAG,CAAG,EAAA,OAAO,CACpC,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,CACrC,aAAa,CAAC;QACf,OAAO,oBAAoB,CAAC,MAAM,CAC9B,qBAAqB,EACrB,kCAAkC,EAClC,iCAAiC,CACpC,CAAC;KACL;AACJ;;;;"}
@@ -0,0 +1,38 @@
import { IPersistence } from "./IPersistence.js";
import { CrossPlatformLockOptions } from "../lock/CrossPlatformLockOptions.js";
import { TokenCacheContext, ICachePlugin } from "@azure/msal-common/node";
/**
* MSAL cache plugin which enables callers to write the MSAL cache to disk on Windows,
* macOs, and Linux.
*
* - Persistence can be one of:
* - FilePersistence: Writes and reads from an unencrypted file. Can be used on Windows,
* macOs, or Linux.
* - FilePersistenceWithDataProtection: Used on Windows, writes and reads from file encrypted
* with windows dpapi-addon.
* - KeychainPersistence: Used on macOs, writes and reads from keychain.
* - LibSecretPersistence: Used on linux, writes and reads from secret service API. Requires
* libsecret be installed.
*/
export declare class PersistenceCachePlugin implements ICachePlugin {
persistence: IPersistence;
lastSync: number;
currentCache: string | null;
lockFilePath: string;
private crossPlatformLock;
private logger;
constructor(persistence: IPersistence, lockOptions?: CrossPlatformLockOptions);
/**
* Reads from storage and saves an in-memory copy. If persistence has not been updated
* since last time data was read, in memory copy is used.
*
* If cacheContext.cacheHasChanged === true, then file lock is created and not deleted until
* afterCacheAccess() is called, to prevent the cache file from changing in between
* beforeCacheAccess() and afterCacheAccess().
*/
beforeCacheAccess(cacheContext: TokenCacheContext): Promise<void>;
/**
* Writes to storage if MSAL in memory copy of cache has been changed.
*/
afterCacheAccess(cacheContext: TokenCacheContext): Promise<void>;
}
@@ -0,0 +1,99 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { CrossPlatformLock } from '../lock/CrossPlatformLock.mjs';
import { pid } from 'process';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* MSAL cache plugin which enables callers to write the MSAL cache to disk on Windows,
* macOs, and Linux.
*
* - Persistence can be one of:
* - FilePersistence: Writes and reads from an unencrypted file. Can be used on Windows,
* macOs, or Linux.
* - FilePersistenceWithDataProtection: Used on Windows, writes and reads from file encrypted
* with windows dpapi-addon.
* - KeychainPersistence: Used on macOs, writes and reads from keychain.
* - LibSecretPersistence: Used on linux, writes and reads from secret service API. Requires
* libsecret be installed.
*/
class PersistenceCachePlugin {
constructor(persistence, lockOptions) {
this.persistence = persistence;
// initialize logger
this.logger = persistence.getLogger();
// create file lock
this.lockFilePath = `${this.persistence.getFilePath()}.lockfile`;
this.crossPlatformLock = new CrossPlatformLock(this.lockFilePath, this.logger, lockOptions);
// initialize default values
this.lastSync = 0;
this.currentCache = null;
}
/**
* Reads from storage and saves an in-memory copy. If persistence has not been updated
* since last time data was read, in memory copy is used.
*
* If cacheContext.cacheHasChanged === true, then file lock is created and not deleted until
* afterCacheAccess() is called, to prevent the cache file from changing in between
* beforeCacheAccess() and afterCacheAccess().
*/
async beforeCacheAccess(cacheContext) {
this.logger.info("Executing before cache access");
const reloadNecessary = await this.persistence.reloadNecessary(this.lastSync);
if (!reloadNecessary && this.currentCache !== null) {
if (cacheContext.cacheHasChanged) {
this.logger.verbose("Cache context has changed");
await this.crossPlatformLock.lock();
}
return;
}
try {
this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}`);
await this.crossPlatformLock.lock();
this.currentCache = await this.persistence.load();
this.lastSync = new Date().getTime();
if (this.currentCache) {
cacheContext.tokenCache.deserialize(this.currentCache);
}
else {
this.logger.info("Cache empty.");
}
this.logger.info(`Last sync time updated to: ${this.lastSync}`);
}
finally {
if (!cacheContext.cacheHasChanged) {
await this.crossPlatformLock.unlock();
this.logger.info(`Pid ${pid} released lock`);
}
else {
this.logger.info(`Pid ${pid} beforeCacheAccess did not release lock`);
}
}
}
/**
* Writes to storage if MSAL in memory copy of cache has been changed.
*/
async afterCacheAccess(cacheContext) {
this.logger.info("Executing after cache access");
try {
if (cacheContext.cacheHasChanged) {
this.logger.info("Msal in-memory cache has changed. Writing changes to persistence");
this.currentCache = cacheContext.tokenCache.serialize();
await this.persistence.save(this.currentCache);
}
else {
this.logger.info("Msal in-memory cache has not changed. Did not write to persistence");
}
}
finally {
await this.crossPlatformLock.unlock();
this.logger.info(`Pid ${pid} afterCacheAccess released lock`);
}
}
}
export { PersistenceCachePlugin };
//# sourceMappingURL=PersistenceCachePlugin.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"PersistenceCachePlugin.mjs","sources":["../../src/persistence/PersistenceCachePlugin.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AAAA;;;AAGG;AAYH;;;;;;;;;;;;AAYG;MACU,sBAAsB,CAAA;IAU/B,WACI,CAAA,WAAyB,EACzB,WAAsC,EAAA;AAEtC,QAAA,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;;AAG/B,QAAA,IAAI,CAAC,MAAM,GAAG,WAAW,CAAC,SAAS,EAAE,CAAC;;QAGtC,IAAI,CAAC,YAAY,GAAG,CAAG,EAAA,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAA,SAAA,CAAW,CAAC;AACjE,QAAA,IAAI,CAAC,iBAAiB,GAAG,IAAI,iBAAiB,CAC1C,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,MAAM,EACX,WAAW,CACd,CAAC;;AAGF,QAAA,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;AAClB,QAAA,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;KAC5B;AAED;;;;;;;AAOG;IACI,MAAM,iBAAiB,CAC1B,YAA+B,EAAA;AAE/B,QAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;AAClD,QAAA,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAC1D,IAAI,CAAC,QAAQ,CAChB,CAAC;QACF,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,EAAE;YAChD,IAAI,YAAY,CAAC,eAAe,EAAE;AAC9B,gBAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;AACjD,gBAAA,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;AACvC,aAAA;YACD,OAAO;AACV,SAAA;QACD,IAAI;YACA,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,CAAqC,kCAAA,EAAA,IAAI,CAAC,QAAQ,CAAE,CAAA,CACvD,CAAC;AACF,YAAA,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;YAEpC,IAAI,CAAC,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YAClD,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,IAAI,CAAC,YAAY,EAAE;gBACnB,YAAY,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAC1D,aAAA;AAAM,iBAAA;AACH,gBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AACpC,aAAA;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAA8B,2BAAA,EAAA,IAAI,CAAC,QAAQ,CAAE,CAAA,CAAC,CAAC;AACnE,SAAA;AAAS,gBAAA;AACN,YAAA,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE;AAC/B,gBAAA,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC;gBACtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,IAAA,EAAA,GAAG,CAAgB,cAAA,CAAA,CAAC,CAAC;AAChD,aAAA;AAAM,iBAAA;gBACH,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,CAAO,IAAA,EAAA,GAAG,CAAyC,uCAAA,CAAA,CACtD,CAAC;AACL,aAAA;AACJ,SAAA;KACJ;AAED;;AAEG;IACI,MAAM,gBAAgB,CACzB,YAA+B,EAAA;AAE/B,QAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QACjD,IAAI;YACA,IAAI,YAAY,CAAC,eAAe,EAAE;AAC9B,gBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,kEAAkE,CACrE,CAAC;gBACF,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;gBACxD,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAClD,aAAA;AAAM,iBAAA;AACH,gBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CACZ,oEAAoE,CACvE,CAAC;AACL,aAAA;AACJ,SAAA;AAAS,gBAAA;AACN,YAAA,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAO,IAAA,EAAA,GAAG,CAAiC,+BAAA,CAAA,CAAC,CAAC;AACjE,SAAA;KACJ;AACJ;;;;"}
@@ -0,0 +1,5 @@
import { IPersistence } from "./IPersistence.js";
import { IPersistenceConfiguration } from "./IPersistenceConfiguration.js";
export declare class PersistenceCreator {
static createPersistence(config: IPersistenceConfiguration): Promise<IPersistence>;
}
@@ -0,0 +1,68 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import { FilePersistenceWithDataProtection } from './FilePersistenceWithDataProtection.mjs';
import { LibSecretPersistence } from './LibSecretPersistence.mjs';
import { KeychainPersistence } from './KeychainPersistence.mjs';
import { DataProtectionScope } from './DataProtectionScope.mjs';
import { Environment } from '../utils/Environment.mjs';
import { FilePersistence } from './FilePersistence.mjs';
import { PersistenceError } from '../error/PersistenceError.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class PersistenceCreator {
static async createPersistence(config) {
let peristence;
// On Windows, uses a DPAPI encrypted file
if (Environment.isWindowsPlatform()) {
if (!config.cachePath || !config.dataProtectionScope) {
throw PersistenceError.createPersistenceNotValidatedError("Cache path and/or data protection scope not provided for the FilePersistenceWithDataProtection cache plugin");
}
peristence = await FilePersistenceWithDataProtection.create(config.cachePath, DataProtectionScope.CurrentUser, undefined, config.loggerOptions);
}
// On Mac, uses keychain.
else if (Environment.isMacPlatform()) {
if (!config.cachePath ||
!config.serviceName ||
!config.accountName) {
throw PersistenceError.createPersistenceNotValidatedError("Cache path, service name and/or account name not provided for the KeychainPersistence cache plugin");
}
peristence = await KeychainPersistence.create(config.cachePath, config.serviceName, config.accountName, config.loggerOptions);
}
// On Linux, uses libsecret to store to secret service. Libsecret has to be installed.
else if (Environment.isLinuxPlatform()) {
if (!config.cachePath ||
!config.serviceName ||
!config.accountName) {
throw PersistenceError.createPersistenceNotValidatedError("Cache path, service name and/or account name not provided for the LibSecretPersistence cache plugin");
}
peristence = await LibSecretPersistence.create(config.cachePath, config.serviceName, config.accountName, config.loggerOptions);
}
else {
throw PersistenceError.createNotSupportedError("The current environment is not supported by msal-node-extensions yet.");
}
await peristence.verifyPersistence().catch(async (e) => {
if (Environment.isLinuxPlatform() &&
config.usePlaintextFileOnLinux) {
if (!config.cachePath) {
throw PersistenceError.createPersistenceNotValidatedError("Cache path not provided for the FilePersistence cache plugin");
}
peristence = await FilePersistence.create(config.cachePath, config.loggerOptions);
const isFilePersistenceVerified = await peristence.verifyPersistence();
if (isFilePersistenceVerified) {
return peristence;
}
throw PersistenceError.createPersistenceNotVerifiedError("Persistence could not be verified");
}
else {
throw e;
}
});
return peristence;
}
}
export { PersistenceCreator };
//# sourceMappingURL=PersistenceCreator.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"PersistenceCreator.mjs","sources":["../../src/persistence/PersistenceCreator.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;AAAA;;;AAGG;MAYU,kBAAkB,CAAA;AAC3B,IAAA,aAAa,iBAAiB,CAC1B,MAAiC,EAAA;AAEjC,QAAA,IAAI,UAAwB,CAAC;;AAG7B,QAAA,IAAI,WAAW,CAAC,iBAAiB,EAAE,EAAE;YACjC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE;AAClD,gBAAA,MAAM,gBAAgB,CAAC,kCAAkC,CACrD,6GAA6G,CAChH,CAAC;AACL,aAAA;YAED,UAAU,GAAG,MAAM,iCAAiC,CAAC,MAAM,CACvD,MAAM,CAAC,SAAS,EAChB,mBAAmB,CAAC,WAAW,EAC/B,SAAS,EACT,MAAM,CAAC,aAAa,CACvB,CAAC;AACL,SAAA;;AAGI,aAAA,IAAI,WAAW,CAAC,aAAa,EAAE,EAAE;YAClC,IACI,CAAC,MAAM,CAAC,SAAS;gBACjB,CAAC,MAAM,CAAC,WAAW;gBACnB,CAAC,MAAM,CAAC,WAAW,EACrB;AACE,gBAAA,MAAM,gBAAgB,CAAC,kCAAkC,CACrD,oGAAoG,CACvG,CAAC;AACL,aAAA;YAED,UAAU,GAAG,MAAM,mBAAmB,CAAC,MAAM,CACzC,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,aAAa,CACvB,CAAC;AACL,SAAA;;AAGI,aAAA,IAAI,WAAW,CAAC,eAAe,EAAE,EAAE;YACpC,IACI,CAAC,MAAM,CAAC,SAAS;gBACjB,CAAC,MAAM,CAAC,WAAW;gBACnB,CAAC,MAAM,CAAC,WAAW,EACrB;AACE,gBAAA,MAAM,gBAAgB,CAAC,kCAAkC,CACrD,qGAAqG,CACxG,CAAC;AACL,aAAA;YAED,UAAU,GAAG,MAAM,oBAAoB,CAAC,MAAM,CAC1C,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,aAAa,CACvB,CAAC;AACL,SAAA;AAAM,aAAA;AACH,YAAA,MAAM,gBAAgB,CAAC,uBAAuB,CAC1C,uEAAuE,CAC1E,CAAC;AACL,SAAA;QAED,MAAM,UAAU,CAAC,iBAAiB,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAI;YACnD,IACI,WAAW,CAAC,eAAe,EAAE;gBAC7B,MAAM,CAAC,uBAAuB,EAChC;AACE,gBAAA,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;AACnB,oBAAA,MAAM,gBAAgB,CAAC,kCAAkC,CACrD,8DAA8D,CACjE,CAAC;AACL,iBAAA;AAED,gBAAA,UAAU,GAAG,MAAM,eAAe,CAAC,MAAM,CACrC,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,aAAa,CACvB,CAAC;AAEF,gBAAA,MAAM,yBAAyB,GAC3B,MAAM,UAAU,CAAC,iBAAiB,EAAE,CAAC;AACzC,gBAAA,IAAI,yBAAyB,EAAE;AAC3B,oBAAA,OAAO,UAAU,CAAC;AACrB,iBAAA;AAED,gBAAA,MAAM,gBAAgB,CAAC,iCAAiC,CACpD,mCAAmC,CACtC,CAAC;AACL,aAAA;AAAM,iBAAA;AACH,gBAAA,MAAM,CAAC,CAAC;AACX,aAAA;AACL,SAAC,CAAC,CAAC;AAEH,QAAA,OAAO,UAAU,CAAC;KACrB;AACJ;;;;"}
@@ -0,0 +1,54 @@
export declare const Constants: {
/**
* An existing file was the target of an operation that required that the target not exist
*/
EEXIST_ERROR: string;
/**
* No such file or directory: Commonly raised by fs operations to indicate that a component
* of the specified pathname does not exist. No entity (file or directory) could be found
* by the given path
*/
ENOENT_ERROR: string;
/**
* Operation not permitted. An attempt was made to perform an operation that requires
* elevated privileges.
*/
EPERM_ERROR: string;
/**
* Default service name for using MSAL Keytar
*/
DEFAULT_SERVICE_NAME: string;
/**
* Test data used to verify underlying persistence mechanism
*/
PERSISTENCE_TEST_DATA: string;
/**
* This is the value of a the guid if the process is being ran by the root user
*/
LINUX_ROOT_USER_GUID: number;
/**
* List of environment variables
*/
ENVIRONMENT: {
HOME: string;
LOGNAME: string;
USER: string;
LNAME: string;
USERNAME: string;
PLATFORM: string;
LOCAL_APPLICATION_DATA: string;
};
DEFAULT_CACHE_FILE_NAME: string;
};
export declare const Platform: {
readonly WINDOWS: "win32";
readonly LINUX: "linux";
readonly MACOS: "darwin";
};
export type Platform = (typeof Platform)[keyof typeof Platform];
export declare const ErrorCodes: {
readonly INTERATION_REQUIRED_ERROR_CODE: "interaction_required";
readonly SERVER_UNAVAILABLE: "server_unavailable";
readonly UNKNOWN: "unknown_error";
};
export type ErrorCodes = (typeof ErrorCodes)[keyof typeof ErrorCodes];
@@ -0,0 +1,62 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const Constants = {
/**
* An existing file was the target of an operation that required that the target not exist
*/
EEXIST_ERROR: "EEXIST",
/**
* No such file or directory: Commonly raised by fs operations to indicate that a component
* of the specified pathname does not exist. No entity (file or directory) could be found
* by the given path
*/
ENOENT_ERROR: "ENOENT",
/**
* Operation not permitted. An attempt was made to perform an operation that requires
* elevated privileges.
*/
EPERM_ERROR: "EPERM",
/**
* Default service name for using MSAL Keytar
*/
DEFAULT_SERVICE_NAME: "msal-node-extensions",
/**
* Test data used to verify underlying persistence mechanism
*/
PERSISTENCE_TEST_DATA: "Dummy data to verify underlying persistence mechanism",
/**
* This is the value of a the guid if the process is being ran by the root user
*/
LINUX_ROOT_USER_GUID: 0,
/**
* List of environment variables
*/
ENVIRONMENT: {
HOME: "HOME",
LOGNAME: "LOGNAME",
USER: "USER",
LNAME: "LNAME",
USERNAME: "USERNAME",
PLATFORM: "platform",
LOCAL_APPLICATION_DATA: "LOCALAPPDATA",
},
// Name of the default cache file
DEFAULT_CACHE_FILE_NAME: "cache.json",
};
const Platform = {
WINDOWS: "win32",
LINUX: "linux",
MACOS: "darwin",
};
const ErrorCodes = {
INTERATION_REQUIRED_ERROR_CODE: "interaction_required",
SERVER_UNAVAILABLE: "server_unavailable",
UNKNOWN: "unknown_error",
};
export { Constants, ErrorCodes, Platform };
//# sourceMappingURL=Constants.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"Constants.mjs","sources":["../../src/utils/Constants.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;AAGG;AAEU,MAAA,SAAS,GAAG;AACrB;;AAEG;AACH,IAAA,YAAY,EAAE,QAAQ;AAEtB;;;;AAIG;AACH,IAAA,YAAY,EAAE,QAAQ;AAEtB;;;AAGG;AACH,IAAA,WAAW,EAAE,OAAO;AAEpB;;AAEG;AACH,IAAA,oBAAoB,EAAE,sBAAsB;AAE5C;;AAEG;AACH,IAAA,qBAAqB,EACjB,uDAAuD;AAE3D;;AAEG;AACH,IAAA,oBAAoB,EAAE,CAAC;AAEvB;;AAEG;AACH,IAAA,WAAW,EAAE;AACT,QAAA,IAAI,EAAE,MAAM;AACZ,QAAA,OAAO,EAAE,SAAS;AAClB,QAAA,IAAI,EAAE,MAAM;AACZ,QAAA,KAAK,EAAE,OAAO;AACd,QAAA,QAAQ,EAAE,UAAU;AACpB,QAAA,QAAQ,EAAE,UAAU;AACpB,QAAA,sBAAsB,EAAE,cAAc;AACzC,KAAA;;AAGD,IAAA,uBAAuB,EAAE,YAAY;EACvC;AAEW,MAAA,QAAQ,GAAG;AACpB,IAAA,OAAO,EAAE,OAAO;AAChB,IAAA,KAAK,EAAE,OAAO;AACd,IAAA,KAAK,EAAE,QAAQ;EACR;AAGE,MAAA,UAAU,GAAG;AACtB,IAAA,8BAA8B,EAAE,sBAAsB;AACtD,IAAA,kBAAkB,EAAE,oBAAoB;AACxC,IAAA,OAAO,EAAE,eAAe;;;;;"}
@@ -0,0 +1,16 @@
export declare class Environment {
static get homeEnvVar(): string;
static get lognameEnvVar(): string;
static get userEnvVar(): string;
static get lnameEnvVar(): string;
static get usernameEnvVar(): string;
static getEnvironmentVariable(name: string): string;
static getEnvironmentPlatform(): string;
static isWindowsPlatform(): boolean;
static isLinuxPlatform(): boolean;
static isMacPlatform(): boolean;
static isLinuxRootUser(): boolean;
static getUserRootDirectory(): string | null;
static getUserHomeDirOnWindows(): string;
static getUserHomeDirOnUnix(): string | null;
}
@@ -0,0 +1,94 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
import path from 'path';
import { Constants, Platform } from './Constants.mjs';
import { PersistenceError } from '../error/PersistenceError.mjs';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class Environment {
static get homeEnvVar() {
return this.getEnvironmentVariable(Constants.ENVIRONMENT.HOME);
}
static get lognameEnvVar() {
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOGNAME);
}
static get userEnvVar() {
return this.getEnvironmentVariable(Constants.ENVIRONMENT.USER);
}
static get lnameEnvVar() {
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LNAME);
}
static get usernameEnvVar() {
return this.getEnvironmentVariable(Constants.ENVIRONMENT.USERNAME);
}
static getEnvironmentVariable(name) {
return process.env[name] || "";
}
static getEnvironmentPlatform() {
return process.platform;
}
static isWindowsPlatform() {
return this.getEnvironmentPlatform() === Platform.WINDOWS;
}
static isLinuxPlatform() {
return this.getEnvironmentPlatform() === Platform.LINUX;
}
static isMacPlatform() {
return this.getEnvironmentPlatform() === Platform.MACOS;
}
static isLinuxRootUser() {
if (typeof process.getuid !== "function") {
return false;
}
return process.getuid() === Constants.LINUX_ROOT_USER_GUID;
}
static getUserRootDirectory() {
return !this.isWindowsPlatform()
? this.getUserHomeDirOnUnix()
: this.getUserHomeDirOnWindows();
}
static getUserHomeDirOnWindows() {
return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOCAL_APPLICATION_DATA);
}
static getUserHomeDirOnUnix() {
if (this.isWindowsPlatform()) {
throw PersistenceError.createNotSupportedError("Getting the user home directory for unix is not supported in windows");
}
if (this.homeEnvVar) {
return this.homeEnvVar;
}
let username = null;
if (this.lognameEnvVar) {
username = this.lognameEnvVar;
}
else if (this.userEnvVar) {
username = this.userEnvVar;
}
else if (this.lnameEnvVar) {
username = this.lnameEnvVar;
}
else if (this.usernameEnvVar) {
username = this.usernameEnvVar;
}
if (this.isMacPlatform()) {
return username ? path.join("/Users", username) : null;
}
else if (this.isLinuxPlatform()) {
if (this.isLinuxRootUser()) {
return "/root";
}
else {
return username ? path.join("/home", username) : null;
}
}
else {
throw PersistenceError.createNotSupportedError("Getting the user home directory for unix is not supported in windows");
}
}
}
export { Environment };
//# sourceMappingURL=Environment.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"Environment.mjs","sources":["../../src/utils/Environment.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;AAAA;;;AAGG;MAMU,WAAW,CAAA;AACpB,IAAA,WAAW,UAAU,GAAA;QACjB,OAAO,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;KAClE;AAED,IAAA,WAAW,aAAa,GAAA;QACpB,OAAO,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;KACrE;AAED,IAAA,WAAW,UAAU,GAAA;QACjB,OAAO,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;KAClE;AAED,IAAA,WAAW,WAAW,GAAA;QAClB,OAAO,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;KACnE;AAED,IAAA,WAAW,cAAc,GAAA;QACrB,OAAO,IAAI,CAAC,sBAAsB,CAAC,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;KACtE;IAED,OAAO,sBAAsB,CAAC,IAAY,EAAA;QACtC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;KAClC;AAED,IAAA,OAAO,sBAAsB,GAAA;QACzB,OAAO,OAAO,CAAC,QAAQ,CAAC;KAC3B;AAED,IAAA,OAAO,iBAAiB,GAAA;QACpB,OAAO,IAAI,CAAC,sBAAsB,EAAE,KAAK,QAAQ,CAAC,OAAO,CAAC;KAC7D;AAED,IAAA,OAAO,eAAe,GAAA;QAClB,OAAO,IAAI,CAAC,sBAAsB,EAAE,KAAK,QAAQ,CAAC,KAAK,CAAC;KAC3D;AAED,IAAA,OAAO,aAAa,GAAA;QAChB,OAAO,IAAI,CAAC,sBAAsB,EAAE,KAAK,QAAQ,CAAC,KAAK,CAAC;KAC3D;AAED,IAAA,OAAO,eAAe,GAAA;AAClB,QAAA,IAAI,OAAO,OAAO,CAAC,MAAM,KAAK,UAAU,EAAE;AACtC,YAAA,OAAO,KAAK,CAAC;AAChB,SAAA;QAED,OAAO,OAAO,CAAC,MAAM,EAAE,KAAK,SAAS,CAAC,oBAAoB,CAAC;KAC9D;AAED,IAAA,OAAO,oBAAoB,GAAA;AACvB,QAAA,OAAO,CAAC,IAAI,CAAC,iBAAiB,EAAE;AAC5B,cAAE,IAAI,CAAC,oBAAoB,EAAE;AAC7B,cAAE,IAAI,CAAC,uBAAuB,EAAE,CAAC;KACxC;AAED,IAAA,OAAO,uBAAuB,GAAA;QAC1B,OAAO,IAAI,CAAC,sBAAsB,CAC9B,SAAS,CAAC,WAAW,CAAC,sBAAsB,CAC/C,CAAC;KACL;AAED,IAAA,OAAO,oBAAoB,GAAA;AACvB,QAAA,IAAI,IAAI,CAAC,iBAAiB,EAAE,EAAE;AAC1B,YAAA,MAAM,gBAAgB,CAAC,uBAAuB,CAC1C,sEAAsE,CACzE,CAAC;AACL,SAAA;QAED,IAAI,IAAI,CAAC,UAAU,EAAE;YACjB,OAAO,IAAI,CAAC,UAAU,CAAC;AAC1B,SAAA;QAED,IAAI,QAAQ,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,aAAa,EAAE;AACpB,YAAA,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC;AACjC,SAAA;aAAM,IAAI,IAAI,CAAC,UAAU,EAAE;AACxB,YAAA,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC;AAC9B,SAAA;aAAM,IAAI,IAAI,CAAC,WAAW,EAAE;AACzB,YAAA,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC;AAC/B,SAAA;aAAM,IAAI,IAAI,CAAC,cAAc,EAAE;AAC5B,YAAA,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC;AAClC,SAAA;AAED,QAAA,IAAI,IAAI,CAAC,aAAa,EAAE,EAAE;AACtB,YAAA,OAAO,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,IAAI,CAAC;AAC1D,SAAA;AAAM,aAAA,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE;AAC/B,YAAA,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE;AACxB,gBAAA,OAAO,OAAO,CAAC;AAClB,aAAA;AAAM,iBAAA;AACH,gBAAA,OAAO,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,IAAI,CAAC;AACzD,aAAA;AACJ,SAAA;AAAM,aAAA;AACH,YAAA,MAAM,gBAAgB,CAAC,uBAAuB,CAC1C,sEAAsE,CACzE,CAAC;AACL,SAAA;KACJ;AACJ;;;;"}
@@ -0,0 +1,5 @@
/// <reference types="node" resolution-mode="require"/>
/**
* Returns whether or not the given object is a Node.js error
*/
export declare const isNodeError: (error: unknown) => error is NodeJS.ErrnoException;
@@ -0,0 +1,15 @@
/*! @azure/msal-node-extensions v1.5.17 2025-07-08 */
'use strict';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Returns whether or not the given object is a Node.js error
*/
const isNodeError = (error) => {
return !!error && typeof error === "object" && error.hasOwnProperty("code");
};
export { isNodeError };
//# sourceMappingURL=TypeGuards.mjs.map
@@ -0,0 +1 @@
{"version":3,"file":"TypeGuards.mjs","sources":["../../src/utils/TypeGuards.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;AAGG;AAEH;;AAEG;AACU,MAAA,WAAW,GAAG,CAAC,KAAc,KAAoC;AAC1E,IAAA,OAAO,CAAC,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;AAChF;;;;"}
File diff suppressed because it is too large Load Diff
File diff suppressed because one or more lines are too long
@@ -0,0 +1 @@
{"type":"commonjs"}
@@ -0,0 +1,6 @@
export interface DpapiBindings {
protectData(dataToEncrypt: Uint8Array, optionalEntropy: Uint8Array | null, scope: string): Uint8Array;
unprotectData(encryptData: Uint8Array, optionalEntropy: Uint8Array | null, scope: string): Uint8Array;
}
declare let Dpapi: DpapiBindings;
export { Dpapi };
@@ -0,0 +1,21 @@
/// <reference types="node" resolution-mode="require"/>
/// <reference types="node" resolution-mode="require"/>
import { AccountInfo, AuthenticationResult, INativeBrokerPlugin, LoggerOptions, NativeRequest, NativeSignOutRequest } from "@azure/msal-common/node";
export declare class NativeBrokerPlugin implements INativeBrokerPlugin {
private logger;
isBrokerAvailable: boolean;
constructor();
setLogger(loggerOptions: LoggerOptions): void;
getAccountById(accountId: string, correlationId: string): Promise<AccountInfo>;
getAllAccounts(clientId: string, correlationId: string): Promise<AccountInfo[]>;
acquireTokenSilent(request: NativeRequest): Promise<AuthenticationResult>;
acquireTokenInteractive(request: NativeRequest, providedWindowHandle?: Buffer): Promise<AuthenticationResult>;
signOut(request: NativeSignOutRequest): Promise<void>;
private getAccount;
private readAccountById;
private generateRequestParameters;
private getAuthenticationResult;
private generateAccountInfo;
private isMsalRuntimeError;
private wrapError;
}
@@ -0,0 +1,6 @@
import { AuthError } from "@azure/msal-common/node";
export declare class NativeAuthError extends AuthError {
statusCode: number;
tag: number;
constructor(errorStatus: string, errorContext: string, errorCode: number, errorTag: number);
}
@@ -0,0 +1,57 @@
/**
* Error thrown when trying to write MSAL cache to persistence.
*/
export declare class PersistenceError extends Error {
errorCode: string;
errorMessage: string;
constructor(errorCode: string, errorMessage: string);
/**
* Error thrown when trying to access the file system.
*/
static createFileSystemError(errorCode: string, errorMessage: string): PersistenceError;
/**
* Error thrown when trying to write, load, or delete data from secret service on linux.
* Libsecret is used to access secret service.
*/
static createLibSecretError(errorMessage: string): PersistenceError;
/**
* Error thrown when trying to write, load, or delete data from keychain on macOs.
*/
static createKeychainPersistenceError(errorMessage: string): PersistenceError;
/**
* Error thrown when trying to encrypt or decrypt data using DPAPI on Windows.
*/
static createFilePersistenceWithDPAPIError(errorMessage: string): PersistenceError;
/**
* Error thrown when using the cross platform lock.
*/
static createCrossPlatformLockError(errorMessage: string): PersistenceError;
/**
* Throw cache persistence error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createCachePersistenceError(errorMessage: string): PersistenceError;
/**
* Throw unsupported error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createNotSupportedError(errorMessage: string): PersistenceError;
/**
* Throw persistence not verified error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createPersistenceNotVerifiedError(errorMessage: string): PersistenceError;
/**
* Throw persistence creation validation error
*
* @param errorMessage string
* @returns PersistenceError
*/
static createPersistenceNotValidatedError(errorMessage: string): PersistenceError;
}
@@ -0,0 +1,12 @@
export { PersistenceCachePlugin } from "./persistence/PersistenceCachePlugin.js";
export { FilePersistence } from "./persistence/FilePersistence.js";
export { FilePersistenceWithDataProtection } from "./persistence/FilePersistenceWithDataProtection.js";
export { DataProtectionScope } from "./persistence/DataProtectionScope.js";
export { KeychainPersistence } from "./persistence/KeychainPersistence.js";
export { LibSecretPersistence } from "./persistence/LibSecretPersistence.js";
export { IPersistence } from "./persistence/IPersistence.js";
export { CrossPlatformLockOptions } from "./lock/CrossPlatformLockOptions.js";
export { PersistenceCreator } from "./persistence/PersistenceCreator.js";
export { IPersistenceConfiguration } from "./persistence/IPersistenceConfiguration.js";
export { Environment } from "./utils/Environment.js";
export { NativeBrokerPlugin } from "./broker/NativeBrokerPlugin.js";
@@ -0,0 +1,24 @@
import { CrossPlatformLockOptions } from "./CrossPlatformLockOptions.js";
import { Logger } from "@azure/msal-common/node";
/**
* Cross-process lock that works on all platforms.
*/
export declare class CrossPlatformLock {
private readonly lockFilePath;
private lockFileHandle;
private readonly retryNumber;
private readonly retryDelay;
private logger;
constructor(lockFilePath: string, logger: Logger, lockOptions?: CrossPlatformLockOptions);
/**
* Locks cache from read or writes by creating file with same path and name as
* cache file but with .lockfile extension. If another process has already created
* the lockfile, will back off and retry based on configuration settings set by CrossPlatformLockOptions
*/
lock(): Promise<void>;
/**
* unlocks cache file by deleting .lockfile.
*/
unlock(): Promise<void>;
private sleep;
}
@@ -0,0 +1,10 @@
/**
* Options for CrossPlatform lock.
*
* retryNumber: Numbers of times we should try to acquire a lock. Defaults to 500.
* retryDelay: Time to wait before trying to retry a lock acquisition. Defaults to 100 ms.
*/
export type CrossPlatformLockOptions = {
retryNumber: number;
retryDelay: number;
};
@@ -0,0 +1,2 @@
export declare const name = "@azure/msal-node-extensions";
export declare const version = "1.5.17";
@@ -0,0 +1,5 @@
import { IPersistence } from "./IPersistence.js";
export declare abstract class BasePersistence {
abstract createForPersistenceValidation(): Promise<IPersistence>;
verifyPersistence(): Promise<boolean>;
}
@@ -0,0 +1,16 @@
/**
* Specifies the scope of the data protection - either the current user or the local
* machine.
*
* You do not need a key to protect or unprotect the data.
* If you set the Scope to CurrentUser, only applications running on your credentials can
* unprotect the data; however, that means that any application running on your credentials
* can access the protected data. If you set the Scope to LocalMachine, any full-trust
* application on the computer can unprotect, access, and modify the data.
*
*/
export declare const DataProtectionScope: {
readonly CurrentUser: "CurrentUser";
readonly LocalMachine: "LocalMachine";
};
export type DataProtectionScope = (typeof DataProtectionScope)[keyof typeof DataProtectionScope];
@@ -0,0 +1,29 @@
import { IPersistence } from "./IPersistence.js";
import { Logger, LoggerOptions } from "@azure/msal-common/node";
import { BasePersistence } from "./BasePersistence.js";
/**
* Reads and writes data to file specified by file location. File contents are not
* encrypted.
*
* If file or directory has not been created, it FilePersistence.create() will create
* file and any directories in the path recursively.
*/
export declare class FilePersistence extends BasePersistence implements IPersistence {
private filePath;
private logger;
private constructor();
static create(fileLocation: string, loggerOptions?: LoggerOptions): Promise<FilePersistence>;
save(contents: string): Promise<void>;
saveBuffer(contents: Uint8Array): Promise<void>;
load(): Promise<string | null>;
loadBuffer(): Promise<Uint8Array>;
delete(): Promise<boolean>;
getFilePath(): string;
reloadNecessary(lastSync: number): Promise<boolean>;
getLogger(): Logger;
createForPersistenceValidation(): Promise<FilePersistence>;
private static createDefaultLoggerOptions;
private timeLastModified;
private createCacheFile;
private createFileDirectory;
}

Some files were not shown because too many files have changed in this diff Show More