{"version":3,"file":"AccessTokenEntity.js","sources":["../../../src/cache/entities/AccessTokenEntity.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { CredentialEntity } from \"./CredentialEntity\";\nimport { CredentialType, AuthenticationScheme } from \"../../utils/Constants\";\nimport { TimeUtils } from \"../../utils/TimeUtils\";\nimport { StringUtils } from \"../../utils/StringUtils\";\nimport { ICrypto } from \"../../crypto/ICrypto\";\nimport { TokenClaims } from \"../../account/TokenClaims\";\nimport { AuthToken } from \"../../account/AuthToken\";\nimport { ClientAuthError } from \"../../error/ClientAuthError\";\n\n/**\n * ACCESS_TOKEN Credential Type\n *\n * Key:Value Schema:\n *\n * Key Example: uid.utid-login.microsoftonline.com-accesstoken-clientId-contoso.com-user.read\n *\n * Value Schema:\n * {\n * homeAccountId: home account identifier for the auth scheme,\n * environment: entity that issued the token, represented as a full host\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\n * clientId: client ID of the application\n * secret: Actual credential as a string\n * familyId: Family ID identifier, usually only used for refresh tokens\n * realm: Full tenant or organizational identifier that the account belongs to\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\n * cachedAt: Absolute device time when entry was created in the cache.\n * expiresOn: Token expiry time, calculated based on current UTC time in seconds. Represented as a string.\n * extendedExpiresOn: Additional extended expiry time until when token is valid in case of server-side outage. Represented as string in UTC seconds.\n * keyId: used for POP and SSH tokenTypes\n * tokenType: Type of the token issued. Usually \"Bearer\"\n * }\n */\nexport class AccessTokenEntity extends CredentialEntity {\n realm: string;\n target: string;\n cachedAt: string;\n expiresOn: string;\n extendedExpiresOn?: string;\n refreshOn?: string;\n keyId?: string; // for POP and SSH tokenTypes\n tokenType?: AuthenticationScheme;\n requestedClaims?: string;\n requestedClaimsHash?: string;\n\n /**\n * Create AccessTokenEntity\n * @param homeAccountId\n * @param environment\n * @param accessToken\n * @param clientId\n * @param tenantId\n * @param scopes\n * @param expiresOn\n * @param extExpiresOn\n */\n static createAccessTokenEntity(\n homeAccountId: string,\n environment: string,\n accessToken: string,\n clientId: string,\n tenantId: string,\n scopes: string,\n expiresOn: number,\n extExpiresOn: number,\n cryptoUtils: ICrypto,\n refreshOn?: number,\n tokenType?: AuthenticationScheme,\n userAssertionHash?:string,\n keyId?: string,\n requestedClaims?: string,\n requestedClaimsHash?: string\n ): AccessTokenEntity {\n const atEntity: AccessTokenEntity = new AccessTokenEntity();\n\n atEntity.homeAccountId = homeAccountId;\n atEntity.credentialType = CredentialType.ACCESS_TOKEN;\n atEntity.secret = accessToken;\n\n const currentTime = TimeUtils.nowSeconds();\n atEntity.cachedAt = currentTime.toString();\n\n /*\n * Token expiry time.\n * This value should be  calculated based on the current UTC time measured locally and the value  expires_in Represented as a string in JSON.\n */\n atEntity.expiresOn = expiresOn.toString();\n atEntity.extendedExpiresOn = extExpiresOn.toString();\n if (refreshOn) {\n atEntity.refreshOn = refreshOn.toString();\n }\n\n atEntity.environment = environment;\n atEntity.clientId = clientId;\n atEntity.realm = tenantId;\n atEntity.target = scopes;\n atEntity.userAssertionHash = userAssertionHash;\n\n atEntity.tokenType = StringUtils.isEmpty(tokenType) ? AuthenticationScheme.BEARER : tokenType;\n\n if (requestedClaims) {\n atEntity.requestedClaims = requestedClaims;\n atEntity.requestedClaimsHash = requestedClaimsHash;\n }\n\n /*\n * Create Access Token With Auth Scheme instead of regular access token\n * Cast to lower to handle \"bearer\" from ADFS\n */\n if (atEntity.tokenType?.toLowerCase() !== AuthenticationScheme.BEARER.toLowerCase()) {\n atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;\n switch (atEntity.tokenType) {\n case AuthenticationScheme.POP:\n // Make sure keyId is present and add it to credential\n const tokenClaims: TokenClaims | null = AuthToken.extractTokenClaims(accessToken, cryptoUtils);\n if (!tokenClaims?.cnf?.kid) {\n throw ClientAuthError.createTokenClaimsRequiredError();\n }\n atEntity.keyId = tokenClaims.cnf.kid;\n break;\n case AuthenticationScheme.SSH:\n atEntity.keyId = keyId;\n }\n }\n\n return atEntity;\n }\n\n /**\n * Validates an entity: checks for all expected params\n * @param entity\n */\n static isAccessTokenEntity(entity: object): boolean {\n\n if (!entity) {\n return false;\n }\n\n return (\n entity.hasOwnProperty(\"homeAccountId\") &&\n entity.hasOwnProperty(\"environment\") &&\n entity.hasOwnProperty(\"credentialType\") &&\n entity.hasOwnProperty(\"realm\") &&\n entity.hasOwnProperty(\"clientId\") &&\n entity.hasOwnProperty(\"secret\") &&\n entity.hasOwnProperty(\"target\") &&\n (entity[\"credentialType\"] === CredentialType.ACCESS_TOKEN || entity[\"credentialType\"] === CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME)\n );\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;AAAA;;;AAGG;AAWH;;;;;;;;;;;;;;;;;;;;;;;AAuBG;AACH,IAAA,iBAAA,kBAAA,UAAA,MAAA,EAAA;IAAuC,SAAgB,CAAA,iBAAA,EAAA,MAAA,CAAA,CAAA;AAAvD,IAAA,SAAA,iBAAA,GAAA;;KAoHC;AAxGG;;;;;;;;;;AAUG;AACI,IAAA,iBAAA,CAAA,uBAAuB,GAA9B,UACI,aAAqB,EACrB,WAAmB,EACnB,WAAmB,EACnB,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,SAAiB,EACjB,YAAoB,EACpB,WAAoB,EACpB,SAAkB,EAClB,SAAgC,EAChC,iBAAyB,EACzB,KAAc,EACd,eAAwB,EACxB,mBAA4B,EAAA;;AAE5B,QAAA,IAAM,QAAQ,GAAsB,IAAI,iBAAiB,EAAE,CAAC;AAE5D,QAAA,QAAQ,CAAC,aAAa,GAAG,aAAa,CAAC;AACvC,QAAA,QAAQ,CAAC,cAAc,GAAG,cAAc,CAAC,YAAY,CAAC;AACtD,QAAA,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC;AAE9B,QAAA,IAAM,WAAW,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;AAC3C,QAAA,QAAQ,CAAC,QAAQ,GAAG,WAAW,CAAC,QAAQ,EAAE,CAAC;AAE3C;;;AAGG;AACH,QAAA,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;AAC1C,QAAA,QAAQ,CAAC,iBAAiB,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;AACrD,QAAA,IAAI,SAAS,EAAE;AACX,YAAA,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;AAC7C,SAAA;AAED,QAAA,QAAQ,CAAC,WAAW,GAAG,WAAW,CAAC;AACnC,QAAA,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAC7B,QAAA,QAAQ,CAAC,KAAK,GAAG,QAAQ,CAAC;AAC1B,QAAA,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC;AACzB,QAAA,QAAQ,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;AAE/C,QAAA,QAAQ,CAAC,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,oBAAoB,CAAC,MAAM,GAAG,SAAS,CAAC;AAE9F,QAAA,IAAI,eAAe,EAAE;AACjB,YAAA,QAAQ,CAAC,eAAe,GAAG,eAAe,CAAC;AAC3C,YAAA,QAAQ,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;AACtD,SAAA;AAED;;;AAGG;AACH,QAAA,IAAI,CAAA,CAAA,EAAA,GAAA,QAAQ,CAAC,SAAS,MAAE,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAA,WAAW,EAAO,MAAA,oBAAoB,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE;AACjF,YAAA,QAAQ,CAAC,cAAc,GAAG,cAAc,CAAC,6BAA6B,CAAC;YACvE,QAAQ,QAAQ,CAAC,SAAS;gBACtB,KAAK,oBAAoB,CAAC,GAAG;;oBAEzB,IAAM,WAAW,GAAuB,SAAS,CAAC,kBAAkB,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;oBAC/F,IAAI,EAAA,CAAA,EAAA,GAAC,WAAW,KAAA,IAAA,IAAX,WAAW,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAX,WAAW,CAAE,GAAG,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,GAAG,CAAA,EAAE;AACxB,wBAAA,MAAM,eAAe,CAAC,8BAA8B,EAAE,CAAC;AAC1D,qBAAA;oBACD,QAAQ,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC;oBACrC,MAAM;gBACV,KAAK,oBAAoB,CAAC,GAAG;AACzB,oBAAA,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAC;AAC9B,aAAA;AACJ,SAAA;AAED,QAAA,OAAO,QAAQ,CAAC;KACnB,CAAA;AAED;;;AAGG;IACI,iBAAmB,CAAA,mBAAA,GAA1B,UAA2B,MAAc,EAAA;QAErC,IAAI,CAAC,MAAM,EAAE;AACT,YAAA,OAAO,KAAK,CAAC;AAChB,SAAA;AAED,QAAA,QACI,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC;AACtC,YAAA,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC;AACpC,YAAA,MAAM,CAAC,cAAc,CAAC,gBAAgB,CAAC;AACvC,YAAA,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC;AAC9B,YAAA,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC;AACjC,YAAA,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;AAC/B,YAAA,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;AAC/B,aAAC,MAAM,CAAC,gBAAgB,CAAC,KAAK,cAAc,CAAC,YAAY,IAAI,MAAM,CAAC,gBAAgB,CAAC,KAAK,cAAc,CAAC,6BAA6B,CAAC,EACzI;KACL,CAAA;IACL,OAAC,iBAAA,CAAA;AAAD,CApHA,CAAuC,gBAAgB,CAoHtD;;;;"}