Merge branch 'dev' into cloud-discovery

lib/msal-angular/docs/0.x-1.x-upgrade-guide.md

@@ -43,7 +43,7 @@ The new `msal` configuration object takes a function for `system.logger` and `fr
 
 ## Angular 6+ and rxjs@6
 
-MSAL Angular now expects that your application is built with `@angular/core@>=6`, `@angular/core@>=6`, `rxjs@6`, and `rxjs-compat` is no longer required.
+MSAL Angular now expects that your application is built with `@angular/core@>=6`, `@angular/common@>=6`, `rxjs@6`. And `rxjs-compat` is no longer required.
 
 Steps:
 1. Install newer versions of Angular and rxjs: `npm install @angular/core @angular/common rxjs`

lib/msal-browser/src/app/PublicClientApplication.ts

@@ -16,7 +16,8 @@ import {
     ServerError,
     Authority,
     AuthorityFactory,
-    InteractionRequiredAuthError
+    InteractionRequiredAuthError,
+    B2cAuthority
 } from "@azure/msal-common";
 import { Configuration, buildConfiguration } from "../config/Configuration";
 import { BrowserStorage } from "../cache/BrowserStorage";
@@ -91,6 +92,9 @@ export class PublicClientApplication {
         // Initialize the browser storage class.
         this.browserStorage = new BrowserStorage(this.config.auth.clientId, this.config.cache);
 
+        // Initialize default authority instance
+        B2cAuthority.setKnownAuthorities(this.config.auth.knownAuthorities);
+
         this.defaultAuthorityInstance = AuthorityFactory.createInstance(
             this.config.auth.authority || "https://login.microsoftonline.com/common",
             this.config.system.networkClient

lib/msal-common/src/authority/AuthorityFactory.ts

@@ -25,7 +25,7 @@ export class AuthorityFactory {
 
         if (pathSegments.length && pathSegments[0].toLowerCase() === Constants.ADFS)
             return AuthorityType.Adfs;
-        else if (Object.keys(B2cAuthority.B2CTrustedHostList).length)
+        else if (B2cAuthority.B2CTrustedHostList.length)
             return AuthorityType.B2C;
 
         // defaults to Aad

lib/msal-common/src/client/SPAClient.ts

@@ -26,7 +26,6 @@ import { StringUtils } from "../utils/StringUtils";
 import { UrlString } from "../url/UrlString";
 import { Account } from "../account/Account";
 import { buildClientInfo } from "../account/ClientInfo";
-import { B2cAuthority } from "../authority/B2cAuthority";
 
 /**
  * SPAClient class
@@ -39,9 +38,6 @@ export class SPAClient extends BaseClient {
     constructor(configuration: ClientConfiguration) {
         // Implement base module
         super(configuration);
-
-        // Initialize default authority instance
-        B2cAuthority.setKnownAuthorities(this.config.authOptions.knownAuthorities);
     }
 
     /**

lib/msal-common/src/index.ts

@@ -3,13 +3,16 @@ export { SPAClient } from "./client/SPAClient";
 export { AuthorizationCodeClient } from "./client/AuthorizationCodeClient";
 export { DeviceCodeClient } from "./client/DeviceCodeClient";
 export { RefreshTokenClient } from "./client/RefreshTokenClient";
-export { AuthOptions, SystemOptions, LoggerOptions, TelemetryOptions, DEFAULT_SYSTEM_OPTIONS } from "./config/ClientConfiguration";
+export {
+    AuthOptions, SystemOptions, LoggerOptions, TelemetryOptions, DEFAULT_SYSTEM_OPTIONS
+} from "./config/ClientConfiguration";
 export { ClientConfiguration } from "./config/ClientConfiguration";
 // Account
 export { Account } from "./account/Account";
 export { IdTokenClaims } from "./account/IdTokenClaims";
 // Authority
 export { Authority } from "./authority/Authority";
+export { B2cAuthority } from "./authority/B2cAuthority";
 export { AuthorityFactory } from "./authority/AuthorityFactory";
 // Cache
 export { ICacheStorage } from "./cache/ICacheStorage";
@@ -41,5 +44,7 @@ export { ServerError } from "./error/ServerError";
 export { ClientAuthError, ClientAuthErrorMessage } from "./error/ClientAuthError";
 export { ClientConfigurationError, ClientConfigurationErrorMessage } from "./error/ClientConfigurationError";
 // Constants and Utils
-export { Constants, PromptValue, TemporaryCacheKeys, PersistentCacheKeys } from "./utils/Constants";
+export {
+    Constants, PromptValue, TemporaryCacheKeys, PersistentCacheKeys, Prompt, ResponseMode
+} from "./utils/Constants";
 export { StringUtils } from "./utils/StringUtils";

lib/msal-common/src/request/AuthorizationCodeUrlRequest.ts

@@ -3,8 +3,11 @@
  * Licensed under the MIT License.
  */
 
+import { Prompt, ResponseMode } from "../utils/Constants";
+
 /**
- * @type AuthorizationCodeUrlRequest: Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow)
+ * @type AuthorizationCodeUrlRequest: Request object passed by user to retrieve a Code from the
+ * server (first leg of authorization code grant flow)
  */
 export type AuthorizationCodeUrlRequest = {
 
@@ -20,15 +23,17 @@ export type AuthorizationCodeUrlRequest = {
     scopes: Array<string>;
 
     /**
-     * Url of the authority which the application acquires tokens from
+     * Url of the authority which the application acquires tokens from. Defaults to
+     * https://login.microsoftonline.com/common. If using the same authority for all request, authority should set
+     * on client application object and not request, to avoid resolving authority endpoints multiple times.
      */
     authority?: string;
 
     /**
      * Specifies the method that should be used to send the authentication result to your app.
      * Can be query, form_post, or fragment. If no value is passed in, it defaults to query.
      */
-    responseMode?: string;
+    responseMode?: ResponseMode;
 
     /**
      * Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE).
@@ -37,8 +42,8 @@ export type AuthorizationCodeUrlRequest = {
     codeChallenge?: string;
 
     /**
-     * The method used to encode the code verifier for the code challenge parameter. Can be one
-     * of plain or S256. If excluded, code challenge is assumed to be plaintext. For more
+     * The method used to encode the code verifier for the code challenge parameter. Can be
+     * "plain" or "S256". If excluded, code challenge is assumed to be plaintext. For more
      * information, see the PKCE RCF: https://tools.ietf.org/html/rfc7636
      */
     codeChallengeMethod?: string;
@@ -53,8 +58,17 @@ export type AuthorizationCodeUrlRequest = {
 
     /**
      * Indicates the type of user interaction that is required.
+     *
+     * login: will force the user to enter their credentials on that request, negating single-sign on
+     *
+     * none:  will ensure that the user isn't presented with any interactive prompt. if request can't be completed via
+     *        single-sign on, the endpoint will return an interaction_required error
+     * consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions
+     *          to the app
+     * select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in
+     *                 session or any remembered accounts or an option to choose to use a different account
      */
-    prompt?: string;
+    prompt?: Prompt;
 
     /**
      * Can be used to pre-fill the username/email address field of the sign-in page for the user,
@@ -77,8 +91,8 @@ export type AuthorizationCodeUrlRequest = {
     claims?: string;
 
     /**
-     *  A value included in the request that is also returned in the token response. A randomly
-     *  generated unique value is typically used for preventing cross site request forgery attacks.
+     *  A value included in the request that is returned in the id token. A randomly
+     *  generated unique value is typically used to mitigate replay attacks.
      */
     nonce?: string;
 

lib/msal-common/src/request/DeviceCodeRequest.ts

@@ -30,8 +30,9 @@ export type DeviceCodeRequest = {
     cancel?: boolean;
 
     /**
-     * URI of the authority from which MSAL will acquire the tokens from. If this value is not set, MSAL defaults
-     * to the authority used when configuring the PublicClientApplication.
+     * Url of the authority which the application acquires tokens from. Defaults to
+     * https://login.microsoftonline.com/common. If using the same authority for all request, authority should set
+     * on client application object and not request, to avoid resolving authority endpoints multiple times.
      */
     authority?: string;
 };

lib/msal-common/src/server/RequestParameterBuilder.ts

@@ -3,8 +3,7 @@
 * Licensed under the MIT License.
 */
 
-import { AADServerParamKeys, SSOTypes } from "../utils/Constants";
-import { Constants } from "../utils/Constants";
+import { AADServerParamKeys, Constants, Prompt, ResponseMode, SSOTypes } from "../utils/Constants";
 import { ScopeSet } from "../request/ScopeSet";
 import { ClientConfigurationError } from "../error/ClientConfigurationError";
 
@@ -29,10 +28,10 @@ export class RequestParameterBuilder {
      * add response_mode. defaults to query.
      * @param responseMode
      */
-    addResponseMode(responseMode?: string): void {
+    addResponseMode(responseMode?: ResponseMode): void {
         this.parameters.set(
             AADServerParamKeys.RESPONSE_MODE,
-            encodeURIComponent((responseMode) ? responseMode : Constants.QUERY_RESPONSE_MODE)
+            encodeURIComponent((responseMode) ? responseMode : ResponseMode.QUERY)
         );
     }
 
@@ -100,7 +99,7 @@ export class RequestParameterBuilder {
      * add prompt
      * @param prompt
      */
-    addPrompt(prompt: string): void {
+    addPrompt(prompt: Prompt): void {
         this.parameters.set(`${AADServerParamKeys.PROMPT}`, encodeURIComponent(prompt));
     }
 

lib/msal-common/src/utils/Constants.ts

@@ -34,7 +34,6 @@ export const Constants = {
     CODE_GRANT_TYPE: "authorization_code",
     RT_GRANT_TYPE: "refresh_token",
     FRAGMENT_RESPONSE_MODE: "fragment",
-    QUERY_RESPONSE_MODE: "query",
     S256_CODE_CHALLENGE_METHOD: "S256",
     URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8",
     AUTHORIZATION_PENDING: "authorization_pending"
@@ -45,7 +44,7 @@ export const Constants = {
  */
 export enum HeaderNames {
     CONTENT_TYPE = "Content-Type"
-};
+}
 
 /**
  * Temporary cache keys for MSAL, deleted after any request.
@@ -61,7 +60,7 @@ export enum TemporaryCacheKeys {
     URL_HASH = "urlHash",
     REQUEST_PARAMS = "request.params",
     SCOPES = "scopes"
-};
+}
 
 /**
  * Persistent cache keys MSAL which stay while user is logged in.
@@ -72,7 +71,7 @@ export enum PersistentCacheKeys {
     ADAL_ID_TOKEN = "adal.idtoken",
     ERROR = "error",
     ERROR_DESC = "error.description"
-};
+}
 
 /**
  * List of pre-established trusted host URLs.
@@ -93,7 +92,7 @@ export enum AADAuthorityConstants {
     COMMON = "common",
     ORGANIZATIONS = "organizations",
     CONSUMERS = "consumers"
-};
+}
 
 /**
  * Keys in the hashParams sent by AAD Server
@@ -129,7 +128,7 @@ export enum AADServerParamKeys {
     X_CLIENT_CPU = "x-client-CPU",
     POST_LOGOUT_URI = "post_logout_redirect_uri",
     DEVICE_CODE = "device_code"
-};
+}
 
 /**
  * IdToken claim string constants
@@ -168,13 +167,13 @@ export enum SSOTypes {
     ACCOUNT = "account",
     SID = "sid",
     LOGIN_HINT = "login_hint",
-    ID_TOKEN ="id_token",
+    ID_TOKEN = "id_token",
     DOMAIN_HINT = "domain_hint",
     ORGANIZATIONS = "organizations",
     CONSUMERS = "consumers",
     ACCOUNT_ID = "accountIdentifier",
     HOMEACCOUNT_ID = "homeAccountIdentifier"
-};
+}
 
 /**
  * Disallowed extra query parameters.
@@ -193,7 +192,9 @@ export const CodeChallengeMethodValues = {
 };
 
 /**
- *
+ * The method used to encode the code verifier for the code challenge parameter. can be one
+ * of plain or s256. if excluded, code challenge is assumed to be plaintext. for more
+ * information, see the pkce rcf: https://tools.ietf.org/html/rfc7636
  */
 export const CodeChallengeMethodValuesArray: string[] = [
     CodeChallengeMethodValues.PLAIN,
@@ -209,6 +210,16 @@ export enum ResponseMode {
     FORM_POST = "form_post"
 }
 
+/**
+ * Allowed values for prompt
+ */
+export enum Prompt {
+    LOGIN = "login",
+    NONE = "none",
+    CONSENT = "consent",
+    SELECT_ACCOUNT = "select_account"
+}
+
 /**
  * allowed grant_type
  */
@@ -219,5 +230,5 @@ export enum GrantType {
     RESOURCE_OWNER_PASSWORD_GRANT = "password",
     REFRESH_TOKEN_GRANT = "refresh_token",
     DEVICE_CODE_GRANT = "device_code"
-};
+}
 

lib/msal-common/test/client/AuthorizationCodeClient.spec.ts

@@ -58,7 +58,7 @@ describe("AuthorizationCodeClient unit tests", () => {
             expect(loginUrl).to.contain(`${AADServerParamKeys.RESPONSE_TYPE}=${Constants.CODE_RESPONSE_TYPE}`);
             expect(loginUrl).to.contain(`${AADServerParamKeys.CLIENT_ID}=${TEST_CONFIG.MSAL_CLIENT_ID}`);
             expect(loginUrl).to.contain(`${AADServerParamKeys.REDIRECT_URI}=${encodeURIComponent(TEST_URIS.TEST_REDIRECT_URI_LOCALHOST)}`);
-            expect(loginUrl).to.contain(`${AADServerParamKeys.RESPONSE_MODE}=${encodeURIComponent(Constants.QUERY_RESPONSE_MODE)}`);
+            expect(loginUrl).to.contain(`${AADServerParamKeys.RESPONSE_MODE}=${encodeURIComponent(ResponseMode.QUERY)}`);
         });
 
         it("Creates an authorization url passing in a default scope", async () => {
@@ -78,7 +78,7 @@ describe("AuthorizationCodeClient unit tests", () => {
             expect(loginUrl).to.contain(`${AADServerParamKeys.RESPONSE_TYPE}=${Constants.CODE_RESPONSE_TYPE}`);
             expect(loginUrl).to.contain(`${AADServerParamKeys.CLIENT_ID}=${TEST_CONFIG.MSAL_CLIENT_ID}`);
             expect(loginUrl).to.contain(`${AADServerParamKeys.REDIRECT_URI}=${encodeURIComponent(TEST_URIS.TEST_REDIRECT_URI_LOCALHOST)}`);
-            expect(loginUrl).to.contain(`${AADServerParamKeys.RESPONSE_MODE}=${encodeURIComponent(Constants.QUERY_RESPONSE_MODE)}`)
+            expect(loginUrl).to.contain(`${AADServerParamKeys.RESPONSE_MODE}=${encodeURIComponent(ResponseMode.QUERY)}`);
         });
 
         it("Creates an authorization url passing in optional parameters", async () => {