UNPKG

22.9 kBTypeScriptView Raw
1import { Authority } from "./authority/Authority";
2import { Logger } from "./Logger";
3import { AuthCache } from "./cache/AuthCache";
4import { Account } from "./Account";
5import { Configuration } from "./Configuration";
6import { AuthenticationParameters } from "./AuthenticationParameters";
7import { AuthError } from "./error/AuthError";
8import { AuthResponse } from "./AuthResponse";
9/**
10 * Interface to handle iFrame generation, Popup Window creation and redirect handling
11 */
12declare global {
13 interface Window {
14 msal: Object;
15 CustomEvent: CustomEvent;
16 Event: Event;
17 activeRenewals: {};
18 renewStates: Array<string>;
19 callbackMappedToRenewStates: {};
20 promiseMappedToRenewStates: {};
21 openedWindows: Array<Window>;
22 requestType: string;
23 }
24}
25/**
26 * @hidden
27 * @ignore
28 */
29export interface CacheResult {
30 errorDesc: string;
31 token: string;
32 error: string;
33}
34/**
35 * @hidden
36 * @ignore
37 * Data type to hold information about state returned from the server
38 */
39export declare type ResponseStateInfo = {
40 state: string;
41 timestamp: number;
42 method: string;
43 stateMatch: boolean;
44 requestType: string;
45};
46/**
47 * A type alias for an authResponseCallback function.
48 * {@link (authResponseCallback:type)}
49 * @param authErr error created for failure cases
50 * @param response response containing token strings in success cases, or just state value in error cases
51 */
52export declare type authResponseCallback = (authErr: AuthError, response?: AuthResponse) => void;
53/**
54 * A type alias for a tokenReceivedCallback function.
55 * {@link (tokenReceivedCallback:type)}
56 * @returns response of type {@link (AuthResponse:type)}
57 * The function that will get the call back once this API is completed (either successfully or with a failure).
58 */
59export declare type tokenReceivedCallback = (response: AuthResponse) => void;
60/**
61 * A type alias for a errorReceivedCallback function.
62 * {@link (errorReceivedCallback:type)}
63 * @returns response of type {@link (AuthError:class)}
64 * @returns {string} account state
65 */
66export declare type errorReceivedCallback = (authErr: AuthError, accountState: string) => void;
67/**
68 * UserAgentApplication class
69 *
70 * Object Instance that the developer can use to make loginXX OR acquireTokenXX functions
71 */
72export declare class UserAgentApplication {
73 private config;
74 private authResponseCallback;
75 private tokenReceivedCallback;
76 private errorReceivedCallback;
77 private logger;
78 private clientId;
79 private inCookie;
80 private telemetryManager;
81 protected cacheStorage: AuthCache;
82 private account;
83 private silentAuthenticationState;
84 private silentLogin;
85 private redirectResponse;
86 private redirectError;
87 protected authorityInstance: Authority;
88 /**
89 * setter for the authority URL
90 * @param {string} authority
91 */
92 set authority(val: string);
93 /**
94 * Method to manage the authority URL.
95 *
96 * @returns {string} authority
97 */
98 get authority(): string;
99 /**
100 * Get the current authority instance from the MSAL configuration object
101 *
102 * @returns {@link Authority} authority instance
103 */
104 getAuthorityInstance(): Authority;
105 /**
106 * @constructor
107 * Constructor for the UserAgentApplication used to instantiate the UserAgentApplication object
108 *
109 * Important attributes in the Configuration object for auth are:
110 * - clientID: the application ID of your application.
111 * You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview
112 * - authority: the authority URL for your application.
113 *
114 * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens.
115 * It is of the form https://login.microsoftonline.com/&lt;Enter_the_Tenant_Info_Here&gt;.
116 * If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).
117 * If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations.
118 * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common.
119 * To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers.
120 *
121 *
122 * In Azure B2C, authority is of the form https://&lt;instance&gt;/tfp/&lt;tenant&gt;/&lt;policyName&gt;/
123 *
124 * @param {@link (Configuration:type)} configuration object for the MSAL UserAgentApplication instance
125 */
126 constructor(configuration: Configuration);
127 /**
128 * @hidden
129 * @ignore
130 * Set the callback functions for the redirect flow to send back the success or error object.
131 * @param {@link (tokenReceivedCallback:type)} successCallback - Callback which contains the AuthResponse object, containing data from the server.
132 * @param {@link (errorReceivedCallback:type)} errorCallback - Callback which contains a AuthError object, containing error data from either the server
133 * or the library, depending on the origin of the error.
134 */
135 handleRedirectCallback(tokenReceivedCallback: tokenReceivedCallback, errorReceivedCallback: errorReceivedCallback): void;
136 handleRedirectCallback(authCallback: authResponseCallback): void;
137 /**
138 * Public API to verify if the URL contains the hash with known properties
139 * @param hash
140 */
141 urlContainsHash(hash: string): boolean;
142 private authResponseHandler;
143 private authErrorHandler;
144 /**
145 * Use when initiating the login process by redirecting the user's browser to the authorization endpoint.
146 * @param {@link (AuthenticationParameters:type)}
147 */
148 loginRedirect(userRequest?: AuthenticationParameters): void;
149 /**
150 * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint.
151 * @param {@link (AuthenticationParameters:type)}
152 *
153 * To renew idToken, please pass clientId as the only scope in the Authentication Parameters
154 */
155 acquireTokenRedirect(userRequest: AuthenticationParameters): void;
156 /**
157 * Use when initiating the login process via opening a popup window in the user's browser
158 *
159 * @param {@link (AuthenticationParameters:type)}
160 *
161 * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object
162 */
163 loginPopup(userRequest?: AuthenticationParameters): Promise<AuthResponse>;
164 /**
165 * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser
166 * @param {@link AuthenticationParameters}
167 *
168 * To renew idToken, please pass clientId as the only scope in the Authentication Parameters
169 * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object
170 */
171 acquireTokenPopup(userRequest: AuthenticationParameters): Promise<AuthResponse>;
172 /**
173 * Use when initiating the login process or when you want to obtain an access_token for your API,
174 * either by redirecting the user's browser window to the authorization endpoint or via opening a popup window in the user's browser.
175 * @param {@link (AuthenticationParameters:type)}
176 *
177 * To renew idToken, please pass clientId as the only scope in the Authentication Parameters
178 */
179 private acquireTokenInteractive;
180 /**
181 * @hidden
182 * @ignore
183 * Helper function to acquireToken
184 *
185 */
186 private acquireTokenHelper;
187 /**
188 * API interfacing idToken request when applications already have a session/hint acquired by authorization client applications
189 * @param request
190 */
191 ssoSilent(request: AuthenticationParameters): Promise<AuthResponse>;
192 /**
193 * Use this function to obtain a token before every call to the API / resource provider
194 *
195 * MSAL return's a cached token when available
196 * Or it send's a request to the STS to obtain a new token using a hidden iframe.
197 *
198 * @param {@link AuthenticationParameters}
199 *
200 * To renew idToken, please pass clientId as the only scope in the Authentication Parameters
201 * @returns {Promise.<AuthResponse>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object
202 *
203 */
204 acquireTokenSilent(userRequest: AuthenticationParameters): Promise<AuthResponse>;
205 /**
206 * @hidden
207 *
208 * Configures popup window for login.
209 *
210 * @param urlNavigate
211 * @param title
212 * @param popUpWidth
213 * @param popUpHeight
214 * @ignore
215 * @hidden
216 */
217 private openPopup;
218 /**
219 * @hidden
220 * Calling _loadFrame but with a timeout to signal failure in loadframeStatus. Callbacks are left.
221 * registered when network errors occur and subsequent token requests for same resource are registered to the pending request.
222 * @ignore
223 */
224 private loadIframeTimeout;
225 /**
226 * @hidden
227 * Used to redirect the browser to the STS authorization endpoint
228 * @param {string} urlNavigate - URL of the authorization endpoint
229 */
230 private navigateWindow;
231 /**
232 * @hidden
233 * Used to add the developer requested callback to the array of callbacks for the specified scopes. The updated array is stored on the window object
234 * @param {string} expectedState - Unique state identifier (guid).
235 * @param {string} scope - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.
236 * @param {Function} resolve - The resolve function of the promise object.
237 * @param {Function} reject - The reject function of the promise object.
238 * @ignore
239 */
240 private registerCallback;
241 /**
242 * Use to log out the current user, and redirect the user to the postLogoutRedirectUri.
243 * Default behaviour is to redirect the user to `window.location.href`.
244 */
245 logout(correlationId?: string): void;
246 /**
247 * Async version of logout(). Use to log out the current user.
248 * @param correlationId Request correlationId
249 */
250 private logoutAsync;
251 /**
252 * @hidden
253 * Clear all access tokens and ID tokens in the cache.
254 * @ignore
255 */
256 protected clearCache(): void;
257 /**
258 * @hidden
259 * Clear a given access token from the cache.
260 *
261 * @param accessToken
262 */
263 protected clearCacheForScope(accessToken: string): void;
264 /**
265 * @hidden
266 * @ignore
267 * Checks if the redirect response is received from the STS. In case of redirect, the url fragment has either id_token, access_token or error.
268 * @param {string} hash - Hash passed from redirect page.
269 * @returns {Boolean} - true if response contains id_token, access_token or error, false otherwise.
270 */
271 isCallback(hash: string): boolean;
272 /**
273 * @hidden
274 * Used to call the constructor callback with the token/error
275 * @param {string} [hash=window.location.hash] - Hash fragment of Url.
276 */
277 private processCallBack;
278 /**
279 * @hidden
280 * This method must be called for processing the response received from the STS if using popups or iframes. It extracts the hash, processes the token or error
281 * information and saves it in the cache. It then resolves the promises with the result.
282 * @param {string} [hash=window.location.hash] - Hash fragment of Url.
283 */
284 private handleAuthenticationResponse;
285 /**
286 * @hidden
287 * This method must be called for processing the response received from the STS when using redirect flows. It extracts the hash, processes the token or error
288 * information and saves it in the cache. The result can then be accessed by user registered callbacks.
289 * @param {string} [hash=window.location.hash] - Hash fragment of Url.
290 */
291 private handleRedirectAuthenticationResponse;
292 /**
293 * @hidden
294 * Creates a stateInfo object from the URL fragment and returns it.
295 * @param {string} hash - Hash passed from redirect page
296 * @returns {TokenResponse} an object created from the redirect response from AAD comprising of the keys - parameters, requestType, stateMatch, stateResponse and valid.
297 * @ignore
298 */
299 protected getResponseState(hash: string): ResponseStateInfo;
300 /**
301 * @hidden
302 * Used to get token for the specified set of scopes from the cache
303 * @param {@link ServerRequestParameters} - Request sent to the STS to obtain an id_token/access_token
304 * @param {Account} account - Account for which the scopes were requested
305 */
306 private getCachedToken;
307 /**
308 * @hidden
309 *
310 * Uses passed in authority to further filter an array of tokenCacheItems until only the token being searched for remains, then returns that tokenCacheItem.
311 * This method will throw if authority filtering still yields multiple matching tokens and will return null if not tokens match the authority passed in.
312 *
313 * @param authority
314 * @param tokenCacheItems
315 * @param request
316 * @param requestScopes
317 * @param tokenType
318 */
319 private getTokenCacheItemByAuthority;
320 /**
321 *
322 * @hidden
323 *
324 * Searches the token cache for an ID Token that matches the request parameter and returns it as an IdToken object.
325 *
326 * @param serverAuthenticationRequest
327 * @param account
328 */
329 private getCachedIdToken;
330 /**
331 *
332 * @hidden
333 *
334 * Searches the token cache for an access token that matches the request parameters and returns it as an AuthResponse.
335 *
336 * @param serverAuthenticationRequest
337 * @param account
338 * @param scopes
339 */
340 private getCachedAccessToken;
341 /**
342 * Returns true if the token passed in is within the acceptable expiration time offset, false if it is expired.
343 * @param tokenCacheItem
344 * @param serverAuthenticationRequest
345 */
346 private evaluateTokenExpiration;
347 /**
348 * @hidden
349 * Check if ADAL id_token exists and return if exists.
350 *
351 */
352 private extractADALIdToken;
353 /**
354 * @hidden
355 * Acquires access token using a hidden iframe.
356 * @ignore
357 */
358 private renewToken;
359 /**
360 * @hidden
361 * Renews idtoken for app's own backend when clientId is passed as a single scope in the scopes array.
362 * @ignore
363 */
364 private renewIdToken;
365 /**
366 * @hidden
367 *
368 * This method builds an Access Token Cache item and saves it to the cache, returning the original
369 * AuthResponse augmented with a parsed expiresOn attribute.
370 *
371 * @param response The AuthResponse object that contains the token to be saved
372 * @param authority The authority under which the ID token will be cached
373 * @param scopes The scopes to be added to the cache item key (undefined for ID token cache items)
374 * @param clientInfo Client Info object that is used to generate the homeAccountIdentifier
375 * @param expiration Token expiration timestamp
376 */
377 private saveToken;
378 /**
379 * @hidden
380 *
381 * This method sets up the elements of an ID Token cache item and calls saveToken to save it in
382 * Access Token Cache item format for the client application to use.
383 *
384 * @param response The AuthResponse object that will be used to build the cache item
385 * @param authority The authority under which the ID token will be cached
386 * @param parameters The response's Hash Params, which contain the ID token returned from the server
387 * @param clientInfo Client Info object that is used to generate the homeAccountIdentifier
388 * @param idTokenObj ID Token object from which the ID token's expiration is extracted
389 */
390 private saveIdToken;
391 /**
392 * @hidden
393 *
394 * This method sets up the elements of an Access Token cache item and calls saveToken to save it to the cache
395 *
396 * @param response The AuthResponse object that will be used to build the cache item
397 * @param authority The authority under which the access token will be cached
398 * @param parameters The response's Hash Params, which contain the access token returned from the server
399 * @param clientInfo Client Info object that is used to generate the homeAccountIdentifier
400 */
401 private saveAccessToken;
402 /**
403 * @hidden
404 * Saves token or error received in the response from AAD in the cache. In case of id_token, it also creates the account object.
405 * @ignore
406 */
407 protected saveTokenFromHash(hash: string, stateInfo: ResponseStateInfo): AuthResponse;
408 /**
409 * Set Authority when saving Token from the hash
410 * @param state
411 * @param inCookie
412 * @param cacheStorage
413 * @param idTokenObj
414 * @param response
415 */
416 private populateAuthority;
417 /**
418 * Returns the signed in account
419 * (the account object is created at the time of successful login)
420 * or null when no state is found
421 * @returns {@link Account} - the account object stored in MSAL
422 */
423 getAccount(): Account;
424 /**
425 * @hidden
426 *
427 * Extracts state value from the accountState sent with the authentication request.
428 * @returns {string} scope.
429 * @ignore
430 */
431 getAccountState(state: string): string;
432 /**
433 * Use to get a list of unique accounts in MSAL cache based on homeAccountIdentifier.
434 *
435 * @param {@link Array<Account>} Account - all unique accounts in MSAL cache.
436 */
437 getAllAccounts(): Array<Account>;
438 /**
439 * @hidden
440 *
441 * Used to filter accounts based on homeAccountIdentifier
442 * @param {Array<Account>} Accounts - accounts saved in the cache
443 * @ignore
444 */
445 private getUniqueAccounts;
446 /**
447 * @hidden
448 *
449 * Broadcast messages - Used only for Angular? *
450 * @param eventName
451 * @param data
452 */
453 private broadcast;
454 /**
455 * @hidden
456 *
457 * Helper function to retrieve the cached token
458 *
459 * @param scopes
460 * @param {@link Account} account
461 * @param state
462 * @return {@link AuthResponse} AuthResponse
463 */
464 protected getCachedTokenInternal(scopes: Array<string>, account: Account, state: string, correlationId?: string): AuthResponse;
465 /**
466 * @hidden
467 *
468 * Get scopes for the Endpoint - Used in Angular to track protected and unprotected resources without interaction from the developer app
469 * Note: Please check if we need to set the "redirectUri" from the "request" which makes this call from Angular - for this.getRedirectUri()
470 *
471 * @param endpoint
472 */
473 protected getScopesForEndpoint(endpoint: string): Array<string>;
474 /**
475 * Return boolean flag to developer to help inform if login is in progress
476 * @returns {boolean} true/false
477 */
478 getLoginInProgress(): boolean;
479 /**
480 * @hidden
481 * @ignore
482 *
483 * @param loginInProgress
484 */
485 protected setInteractionInProgress(inProgress: boolean): void;
486 /**
487 * @hidden
488 * @ignore
489 *
490 * @param loginInProgress
491 */
492 protected setloginInProgress(loginInProgress: boolean): void;
493 /**
494 * @hidden
495 * @ignore
496 *
497 * returns the status of acquireTokenInProgress
498 */
499 protected getAcquireTokenInProgress(): boolean;
500 /**
501 * @hidden
502 * @ignore
503 *
504 * @param acquireTokenInProgress
505 */
506 protected setAcquireTokenInProgress(acquireTokenInProgress: boolean): void;
507 /**
508 * @hidden
509 * @ignore
510 *
511 * returns the logger handle
512 */
513 getLogger(): Logger;
514 /**
515 * Sets the logger callback.
516 * @param logger Logger callback
517 */
518 setLogger(logger: Logger): void;
519 /**
520 * Use to get the redirect uri configured in MSAL or null.
521 * Evaluates redirectUri if its a function, otherwise simply returns its value.
522 *
523 * @returns {string} redirect URL
524 */
525 getRedirectUri(reqRedirectUri?: string): string;
526 /**
527 * Use to get the post logout redirect uri configured in MSAL or null.
528 * Evaluates postLogoutredirectUri if its a function, otherwise simply returns its value.
529 *
530 * @returns {string} post logout redirect URL
531 */
532 getPostLogoutRedirectUri(): string;
533 /**
534 * Use to get the current {@link Configuration} object in MSAL
535 *
536 * @returns {@link Configuration}
537 */
538 getCurrentConfiguration(): Configuration;
539 /**
540 * @ignore
541 *
542 * Utils function to create the Authentication
543 * @param {@link account} account object
544 * @param scopes
545 *
546 * @returns {string} token type: token, id_token or id_token token
547 *
548 */
549 private getTokenType;
550 /**
551 * @hidden
552 * @ignore
553 *
554 * Sets the cachekeys for and stores the account information in cache
555 * @param account
556 * @param state
557 * @hidden
558 */
559 private setAccountCache;
560 /**
561 * @hidden
562 * @ignore
563 *
564 * Sets the cacheKey for and stores the authority information in cache
565 * @param state
566 * @param authority
567 * @hidden
568 */
569 private setAuthorityCache;
570 /**
571 * Updates account, authority, and nonce in cache
572 * @param serverAuthenticationRequest
573 * @param account
574 * @hidden
575 * @ignore
576 */
577 private updateCacheEntries;
578 /**
579 * Returns the unique identifier for the logged in account
580 * @param account
581 * @hidden
582 * @ignore
583 */
584 private getAccountId;
585 /**
586 * @ignore
587 * @param extraQueryParameters
588 *
589 * Construct 'tokenRequest' from the available data in adalIdToken
590 */
591 private buildIDTokenRequest;
592 /**
593 * @ignore
594 * @param config
595 * @param clientId
596 *
597 * Construct TelemetryManager from Configuration
598 */
599 private getTelemetryManagerFromConfig;
600}