-
Notifications
You must be signed in to change notification settings - Fork 2.7k
/
Copy pathConfiguration.ts
382 lines (362 loc) · 13.1 KB
/
Configuration.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
import {
SystemOptions,
LoggerOptions,
INetworkModule,
DEFAULT_SYSTEM_OPTIONS,
Constants,
ProtocolMode,
OIDCOptions,
ResponseMode,
LogLevel,
StubbedNetworkModule,
AzureCloudInstance,
AzureCloudOptions,
ApplicationTelemetry,
createClientConfigurationError,
ClientConfigurationErrorCodes,
IPerformanceClient,
StubPerformanceClient,
Logger,
} from "@azure/msal-common/browser";
import {
BrowserCacheLocation,
BrowserConstants,
} from "../utils/BrowserConstants.js";
import { INavigationClient } from "../navigation/INavigationClient.js";
import { NavigationClient } from "../navigation/NavigationClient.js";
import { FetchClient } from "../network/FetchClient.js";
import * as BrowserUtils from "../utils/BrowserUtils.js";
// Default timeout for popup windows and iframes in milliseconds
export const DEFAULT_POPUP_TIMEOUT_MS = 60000;
export const DEFAULT_IFRAME_TIMEOUT_MS = 10000;
export const DEFAULT_REDIRECT_TIMEOUT_MS = 30000;
export const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
/**
* Use this to configure the auth options in the Configuration object
*/
export type BrowserAuthOptions = {
/**
* Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform
*/
clientId: string;
/**
* You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common"
*/
authority?: string;
/**
* An array of URIs that are known to be valid. Used in B2C scenarios.
*/
knownAuthorities?: Array<string>;
/**
* A string containing the cloud discovery response. Used in AAD scenarios.
*/
cloudDiscoveryMetadata?: string;
/**
* A string containing the .well-known/openid-configuration endpoint response
*/
authorityMetadata?: string;
/**
* The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
*/
redirectUri?: string;
/**
* The redirect URI where the window navigates after a successful logout.
*/
postLogoutRedirectUri?: string | null;
/**
* Boolean indicating whether to navigate to the original request URL after the auth server navigates to the redirect URL.
*/
navigateToLoginRequestUrl?: boolean;
/**
* Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
*/
clientCapabilities?: Array<string>;
/**
* Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
*/
protocolMode?: ProtocolMode;
/**
* Enum that configures options for the OIDC protocol mode.
*/
OIDCOptions?: OIDCOptions;
/**
* Enum that represents the Azure Cloud to use.
*/
azureCloudOptions?: AzureCloudOptions;
/**
* Flag of whether to use the local metadata cache
*/
skipAuthorityMetadataCache?: boolean;
/**
* Callback that will be passed the url that MSAL will navigate to in redirect flows. Returning false in the callback will stop navigation.
*/
onRedirectNavigate?: (url: string) => boolean | void;
/**
* Flag of whether the STS will send back additional parameters to specify where the tokens should be retrieved from.
*/
instanceAware?: boolean;
/**
* Flag of whether to encode query parameters
* @deprecated This flag is deprecated and will be removed in the next major version where all extra query params will be encoded by default.
*/
encodeExtraQueryParams?: boolean;
};
/** @internal */
export type InternalAuthOptions = Omit<
Required<BrowserAuthOptions>,
"onRedirectNavigate"
> & {
OIDCOptions: Required<OIDCOptions>;
onRedirectNavigate?: (url: string) => boolean | void;
};
/**
* Use this to configure the below cache configuration options:
*/
export type CacheOptions = {
/**
* Used to specify the cacheLocation user wants to set. Valid values are "localStorage", "sessionStorage" and "memoryStorage".
*/
cacheLocation?: BrowserCacheLocation | string;
/**
* @deprecated
* temporaryCacheLocation is deprecated and will be removed in a future release.
* Used to specify the temporaryCacheLocation user wants to set. Valid values are "localStorage", "sessionStorage" and "memoryStorage".
*/
temporaryCacheLocation?: BrowserCacheLocation | string;
/**
* @deprecated
* claimsBasedCachingEnabled is deprecated and will be removed in a future release.
* Flag that determines whether access tokens are stored based on requested claims
*/
claimsBasedCachingEnabled?: boolean;
};
export type BrowserSystemOptions = SystemOptions & {
/**
* Used to initialize the Logger object (See ClientConfiguration.ts)
*/
loggerOptions?: LoggerOptions;
/**
* Network interface implementation
*/
networkClient?: INetworkModule;
/**
* Override the methods used to navigate to other webpages. Particularly useful if you are using a client-side router
*/
navigationClient?: INavigationClient;
/**
* Sets the timeout for waiting for a response hash in a popup. Will take precedence over loadFrameTimeout if both are set.
*/
windowHashTimeout?: number;
/**
* Sets the timeout for waiting for a response hash in an iframe. Will take precedence over loadFrameTimeout if both are set.
*/
iframeHashTimeout?: number;
/**
* Sets the timeout for waiting for a response hash in an iframe or popup
*/
loadFrameTimeout?: number;
/**
* Time to wait for redirection to occur before resolving promise
*/
redirectNavigationTimeout?: number;
/**
* Sets whether popups are opened asynchronously. By default, this flag is set to false. When set to false, blank popups are opened before anything else happens. When set to true, popups are opened when making the network request.
*/
asyncPopups?: boolean;
/**
* Flag to enable redirect opertaions when the app is rendered in an iframe (to support scenarios such as embedded B2C login).
*/
allowRedirectInIframe?: boolean;
/**
* Flag to enable native broker support (e.g. acquiring tokens from WAM on Windows, MacBroker on Mac)
*/
allowPlatformBroker?: boolean;
/**
* Sets the timeout for waiting for the native broker handshake to resolve
*/
nativeBrokerHandshakeTimeout?: number;
/**
* Sets the interval length in milliseconds for polling the location attribute in popup windows (default is 30ms)
*/
pollIntervalMilliseconds?: number;
};
/**
* Telemetry Options
*/
export type BrowserTelemetryOptions = {
/**
* Telemetry information sent on request
* - appName: Unique string name of an application
* - appVersion: Version of the application using MSAL
*/
application?: ApplicationTelemetry;
client?: IPerformanceClient;
};
/**
* This object allows you to configure important elements of MSAL functionality and is passed into the constructor of PublicClientApplication
*/
export type Configuration = {
/**
* This is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform
*/
auth: BrowserAuthOptions;
/**
* This is where you configure cache location and whether to store cache in cookies
*/
cache?: CacheOptions;
/**
* This is where you can configure the network client, logger, token renewal offset
*/
system?: BrowserSystemOptions;
/**
* This is where you can configure telemetry data and options
*/
telemetry?: BrowserTelemetryOptions;
};
/** @internal */
export type BrowserConfiguration = {
auth: InternalAuthOptions;
cache: Required<CacheOptions>;
system: Required<BrowserSystemOptions>;
telemetry: Required<BrowserTelemetryOptions>;
};
/**
* MSAL function that sets the default options when not explicitly configured from app developer
*
* @param auth
* @param cache
* @param system
*
* @returns Configuration object
*/
export function buildConfiguration(
{
auth: userInputAuth,
cache: userInputCache,
system: userInputSystem,
telemetry: userInputTelemetry,
}: Configuration,
isBrowserEnvironment: boolean
): BrowserConfiguration {
// Default auth options for browser
const DEFAULT_AUTH_OPTIONS: InternalAuthOptions = {
clientId: Constants.EMPTY_STRING,
authority: `${Constants.DEFAULT_AUTHORITY}`,
knownAuthorities: [],
cloudDiscoveryMetadata: Constants.EMPTY_STRING,
authorityMetadata: Constants.EMPTY_STRING,
redirectUri:
typeof window !== "undefined" ? BrowserUtils.getCurrentUri() : "",
postLogoutRedirectUri: Constants.EMPTY_STRING,
navigateToLoginRequestUrl: true,
clientCapabilities: [],
protocolMode: ProtocolMode.AAD,
OIDCOptions: {
responseMode: ResponseMode.FRAGMENT,
defaultScopes: [
Constants.OPENID_SCOPE,
Constants.PROFILE_SCOPE,
Constants.OFFLINE_ACCESS_SCOPE,
],
},
azureCloudOptions: {
azureCloudInstance: AzureCloudInstance.None,
tenant: Constants.EMPTY_STRING,
},
skipAuthorityMetadataCache: false,
instanceAware: false,
encodeExtraQueryParams: false,
};
// Default cache options for browser
const DEFAULT_CACHE_OPTIONS: Required<CacheOptions> = {
cacheLocation: BrowserCacheLocation.SessionStorage,
temporaryCacheLocation: BrowserCacheLocation.SessionStorage,
claimsBasedCachingEnabled: false,
};
// Default logger options for browser
const DEFAULT_LOGGER_OPTIONS: LoggerOptions = {
// eslint-disable-next-line @typescript-eslint/no-empty-function
loggerCallback: (): void => {
// allow users to not set logger call back
},
logLevel: LogLevel.Info,
piiLoggingEnabled: false,
};
// Default system options for browser
const DEFAULT_BROWSER_SYSTEM_OPTIONS: Required<BrowserSystemOptions> = {
...DEFAULT_SYSTEM_OPTIONS,
loggerOptions: DEFAULT_LOGGER_OPTIONS,
networkClient: isBrowserEnvironment
? new FetchClient()
: StubbedNetworkModule,
navigationClient: new NavigationClient(),
loadFrameTimeout: 0,
// If loadFrameTimeout is provided, use that as default.
windowHashTimeout:
userInputSystem?.loadFrameTimeout || DEFAULT_POPUP_TIMEOUT_MS,
iframeHashTimeout:
userInputSystem?.loadFrameTimeout || DEFAULT_IFRAME_TIMEOUT_MS,
redirectNavigationTimeout: DEFAULT_REDIRECT_TIMEOUT_MS,
asyncPopups: false,
allowRedirectInIframe: false,
allowPlatformBroker: false,
nativeBrokerHandshakeTimeout:
userInputSystem?.nativeBrokerHandshakeTimeout ||
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
pollIntervalMilliseconds: BrowserConstants.DEFAULT_POLL_INTERVAL_MS,
};
const providedSystemOptions: Required<BrowserSystemOptions> = {
...DEFAULT_BROWSER_SYSTEM_OPTIONS,
...userInputSystem,
loggerOptions: userInputSystem?.loggerOptions || DEFAULT_LOGGER_OPTIONS,
};
const DEFAULT_TELEMETRY_OPTIONS: Required<BrowserTelemetryOptions> = {
application: {
appName: Constants.EMPTY_STRING,
appVersion: Constants.EMPTY_STRING,
},
client: new StubPerformanceClient(),
};
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
if (
userInputAuth?.protocolMode !== ProtocolMode.OIDC &&
userInputAuth?.OIDCOptions
) {
const logger = new Logger(providedSystemOptions.loggerOptions);
logger.warning(
JSON.stringify(
createClientConfigurationError(
ClientConfigurationErrorCodes.cannotSetOIDCOptions
)
)
);
}
// Throw an error if user has set allowPlatformBroker to true with OIDC protocol mode
if (
userInputAuth?.protocolMode &&
userInputAuth.protocolMode === ProtocolMode.OIDC &&
providedSystemOptions?.allowPlatformBroker
) {
throw createClientConfigurationError(
ClientConfigurationErrorCodes.cannotAllowPlatformBroker
);
}
const overlayedConfig: BrowserConfiguration = {
auth: {
...DEFAULT_AUTH_OPTIONS,
...userInputAuth,
OIDCOptions: {
...DEFAULT_AUTH_OPTIONS.OIDCOptions,
...userInputAuth?.OIDCOptions,
},
},
cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
system: providedSystemOptions,
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
};
return overlayedConfig;
}