{"version":3,"file":"CredentialEntity.js","sources":["../../../src/cache/entities/CredentialEntity.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Separators, CredentialType, CacheType, Constants, AuthenticationScheme } from \"../../utils/Constants\";\nimport { ClientAuthError } from \"../../error/ClientAuthError\";\n\n/**\n * Base type for credentials to be stored in the cache: eg: ACCESS_TOKEN, ID_TOKEN etc\n *\n * Key:Value Schema:\n *\n * Key: -------\n *\n * Value Schema:\n * {\n * homeAccountId: home account identifier for the auth scheme,\n * environment: entity that issued the token, represented as a full host\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\n * clientId: client ID of the application\n * secret: Actual credential as a string\n * familyId: Family ID identifier, usually only used for refresh tokens\n * realm: Full tenant or organizational identifier that the account belongs to\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\n * tokenType: Matches the authentication scheme for which the token was issued (i.e. Bearer or pop)\n * requestedClaimsHash: Matches the SHA 256 hash of the claims object included in the token request\n * userAssertionHash: Matches the SHA 256 hash of the obo_assertion for the OBO flow\n * }\n */\nexport class CredentialEntity {\n homeAccountId: string;\n environment: string;\n credentialType: CredentialType;\n clientId: string;\n secret: string;\n familyId?: string;\n realm?: string;\n target?: string;\n userAssertionHash?: string;\n tokenType?: AuthenticationScheme;\n keyId?: string;\n requestedClaimsHash?: string;\n\n /**\n * Generate Account Id key component as per the schema: -\n */\n generateAccountId(): string {\n return CredentialEntity.generateAccountIdForCacheKey(this.homeAccountId, this.environment);\n }\n\n /**\n * Generate Credential Id key component as per the schema: --\n */\n generateCredentialId(): string {\n return CredentialEntity.generateCredentialIdForCacheKey(\n this.credentialType,\n this.clientId,\n this.realm,\n this.familyId\n );\n }\n\n /**\n * Generate target key component as per schema: \n */\n generateTarget(): string {\n return CredentialEntity.generateTargetForCacheKey(this.target);\n }\n\n /**\n * generates credential key\n */\n generateCredentialKey(): string {\n return CredentialEntity.generateCredentialCacheKey(\n this.homeAccountId,\n this.environment,\n this.credentialType,\n this.clientId,\n this.realm,\n this.target,\n this.familyId,\n this.tokenType,\n this.requestedClaimsHash,\n );\n }\n\n /**\n * returns the type of the cache (in this case credential)\n */\n generateType(): number {\n switch (this.credentialType) {\n case CredentialType.ID_TOKEN:\n return CacheType.ID_TOKEN;\n case CredentialType.ACCESS_TOKEN:\n case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME:\n return CacheType.ACCESS_TOKEN;\n case CredentialType.REFRESH_TOKEN:\n return CacheType.REFRESH_TOKEN;\n default: {\n throw ClientAuthError.createUnexpectedCredentialTypeError();\n }\n }\n }\n\n /**\n * helper function to return `CredentialType`\n * @param key\n */\n static getCredentialType(key: string): string {\n // First keyword search will match all \"AccessToken\" and \"AccessToken_With_AuthScheme\" credentials\n if (key.indexOf(CredentialType.ACCESS_TOKEN.toLowerCase()) !== -1) {\n // Perform second search to differentiate between \"AccessToken\" and \"AccessToken_With_AuthScheme\" credential types\n if (key.indexOf(CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) !== -1) {\n return CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;\n }\n return CredentialType.ACCESS_TOKEN;\n } else if (key.indexOf(CredentialType.ID_TOKEN.toLowerCase()) !== -1) {\n return CredentialType.ID_TOKEN;\n } else if (key.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) !== -1) {\n return CredentialType.REFRESH_TOKEN;\n }\n\n return Constants.NOT_DEFINED;\n }\n\n /**\n * generates credential key\n * -\\-----\n */\n static generateCredentialCacheKey(\n homeAccountId: string,\n environment: string,\n credentialType: CredentialType,\n clientId: string,\n realm?: string,\n target?: string,\n familyId?: string,\n tokenType?: AuthenticationScheme,\n requestedClaimsHash?: string\n ): string {\n const credentialKey = [\n this.generateAccountIdForCacheKey(homeAccountId, environment),\n this.generateCredentialIdForCacheKey(credentialType, clientId, realm, familyId),\n this.generateTargetForCacheKey(target),\n this.generateClaimsHashForCacheKey(requestedClaimsHash),\n this.generateSchemeForCacheKey(tokenType)\n ];\n\n return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\n }\n\n /**\n * generates Account Id for keys\n * @param homeAccountId\n * @param environment\n */\n private static generateAccountIdForCacheKey(\n homeAccountId: string,\n environment: string\n ): string {\n const accountId: Array = [homeAccountId, environment];\n return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\n }\n\n /**\n * Generates Credential Id for keys\n * @param credentialType\n * @param realm\n * @param clientId\n * @param familyId\n */\n private static generateCredentialIdForCacheKey(\n credentialType: CredentialType,\n clientId: string,\n realm?: string,\n familyId?: string\n ): string {\n const clientOrFamilyId =\n credentialType === CredentialType.REFRESH_TOKEN\n ? familyId || clientId\n : clientId;\n const credentialId: Array = [\n credentialType,\n clientOrFamilyId,\n realm || Constants.EMPTY_STRING,\n ];\n\n return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\n }\n\n /**\n * Generate target key component as per schema: \n */\n private static generateTargetForCacheKey(scopes?: string): string {\n return (scopes || Constants.EMPTY_STRING).toLowerCase();\n }\n\n /**\n * Generate requested claims key component as per schema: \n */\n private static generateClaimsHashForCacheKey(requestedClaimsHash?: string): string {\n return(requestedClaimsHash || Constants.EMPTY_STRING).toLowerCase();\n }\n\n /**\n * Generate scheme key componenet as per schema: \n */\n private static generateSchemeForCacheKey(tokenType?: string): string {\n /*\n * PoP Tokens and SSH certs include scheme in cache key\n * Cast to lowercase to handle \"bearer\" from ADFS\n */\n return (tokenType && tokenType.toLowerCase() !== AuthenticationScheme.BEARER.toLowerCase()) ? tokenType.toLowerCase() : Constants.EMPTY_STRING;\n }\n}\n"],"names":[],"mappings":";;;;;AAAA;;;AAGG;AAKH;;;;;;;;;;;;;;;;;;;;;AAqBG;AACH,IAAA,gBAAA,kBAAA,YAAA;AAAA,IAAA,SAAA,gBAAA,GAAA;KAyLC;AA3KG;;AAEG;AACH,IAAA,gBAAA,CAAA,SAAA,CAAA,iBAAiB,GAAjB,YAAA;AACI,QAAA,OAAO,gBAAgB,CAAC,4BAA4B,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;KAC9F,CAAA;AAED;;AAEG;AACH,IAAA,gBAAA,CAAA,SAAA,CAAA,oBAAoB,GAApB,YAAA;QACI,OAAO,gBAAgB,CAAC,+BAA+B,CACnD,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,QAAQ,CAChB,CAAC;KACL,CAAA;AAED;;AAEG;AACH,IAAA,gBAAA,CAAA,SAAA,CAAA,cAAc,GAAd,YAAA;QACI,OAAO,gBAAgB,CAAC,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;KAClE,CAAA;AAED;;AAEG;AACH,IAAA,gBAAA,CAAA,SAAA,CAAA,qBAAqB,GAArB,YAAA;AACI,QAAA,OAAO,gBAAgB,CAAC,0BAA0B,CAC9C,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,mBAAmB,CAC3B,CAAC;KACL,CAAA;AAED;;AAEG;AACH,IAAA,gBAAA,CAAA,SAAA,CAAA,YAAY,GAAZ,YAAA;QACI,QAAQ,IAAI,CAAC,cAAc;YACvB,KAAK,cAAc,CAAC,QAAQ;gBACxB,OAAO,SAAS,CAAC,QAAQ,CAAC;YAC9B,KAAK,cAAc,CAAC,YAAY,CAAC;YACjC,KAAK,cAAc,CAAC,6BAA6B;gBAC7C,OAAO,SAAS,CAAC,YAAY,CAAC;YAClC,KAAK,cAAc,CAAC,aAAa;gBAC7B,OAAO,SAAS,CAAC,aAAa,CAAC;AACnC,YAAA,SAAS;AACL,gBAAA,MAAM,eAAe,CAAC,mCAAmC,EAAE,CAAC;AAC/D,aAAA;AACJ,SAAA;KACJ,CAAA;AAED;;;AAGG;IACI,gBAAiB,CAAA,iBAAA,GAAxB,UAAyB,GAAW,EAAA;;AAEhC,QAAA,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE;;AAE/D,YAAA,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,6BAA6B,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE;gBAChF,OAAO,cAAc,CAAC,6BAA6B,CAAC;AACvD,aAAA;YACD,OAAO,cAAc,CAAC,YAAY,CAAC;AACtC,SAAA;AAAM,aAAA,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE;YAClE,OAAO,cAAc,CAAC,QAAQ,CAAC;AAClC,SAAA;AAAM,aAAA,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE;YACvE,OAAO,cAAc,CAAC,aAAa,CAAC;AACvC,SAAA;QAED,OAAO,SAAS,CAAC,WAAW,CAAC;KAChC,CAAA;AAED;;;AAGG;AACI,IAAA,gBAAA,CAAA,0BAA0B,GAAjC,UACI,aAAqB,EACrB,WAAmB,EACnB,cAA8B,EAC9B,QAAgB,EAChB,KAAc,EACd,MAAe,EACf,QAAiB,EACjB,SAAgC,EAChC,mBAA4B,EAAA;AAE5B,QAAA,IAAM,aAAa,GAAG;AAClB,YAAA,IAAI,CAAC,4BAA4B,CAAC,aAAa,EAAE,WAAW,CAAC;YAC7D,IAAI,CAAC,+BAA+B,CAAC,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC;AAC/E,YAAA,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC;AACtC,YAAA,IAAI,CAAC,6BAA6B,CAAC,mBAAmB,CAAC;AACvD,YAAA,IAAI,CAAC,yBAAyB,CAAC,SAAS,CAAC;SAC5C,CAAC;QAEF,OAAO,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,WAAW,EAAE,CAAC;KAC3E,CAAA;AAED;;;;AAIG;AACY,IAAA,gBAAA,CAAA,4BAA4B,GAA3C,UACI,aAAqB,EACrB,WAAmB,EAAA;AAEnB,QAAA,IAAM,SAAS,GAAkB,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QAC9D,OAAO,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,WAAW,EAAE,CAAC;KACvE,CAAA;AAED;;;;;;AAMG;IACY,gBAA+B,CAAA,+BAAA,GAA9C,UACI,cAA8B,EAC9B,QAAgB,EAChB,KAAc,EACd,QAAiB,EAAA;AAEjB,QAAA,IAAM,gBAAgB,GAClB,cAAc,KAAK,cAAc,CAAC,aAAa;cACzC,QAAQ,IAAI,QAAQ;cACpB,QAAQ,CAAC;AACnB,QAAA,IAAM,YAAY,GAAkB;YAChC,cAAc;YACd,gBAAgB;YAChB,KAAK,IAAI,SAAS,CAAC,YAAY;SAClC,CAAC;QAEF,OAAO,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,WAAW,EAAE,CAAC;KAC1E,CAAA;AAED;;AAEG;IACY,gBAAyB,CAAA,yBAAA,GAAxC,UAAyC,MAAe,EAAA;QACpD,OAAO,CAAC,MAAM,IAAI,SAAS,CAAC,YAAY,EAAE,WAAW,EAAE,CAAC;KAC3D,CAAA;AAED;;AAEG;IACY,gBAA6B,CAAA,6BAAA,GAA5C,UAA6C,mBAA4B,EAAA;QACrE,OAAM,CAAC,mBAAmB,IAAI,SAAS,CAAC,YAAY,EAAE,WAAW,EAAE,CAAC;KACvE,CAAA;AAED;;AAEG;IACY,gBAAyB,CAAA,yBAAA,GAAxC,UAAyC,SAAkB,EAAA;AACvD;;;AAGG;AACH,QAAA,OAAO,CAAC,SAAS,IAAI,SAAS,CAAC,WAAW,EAAE,KAAK,oBAAoB,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,SAAS,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,YAAY,CAAC;KAClJ,CAAA;IACL,OAAC,gBAAA,CAAA;AAAD,CAAC,EAAA;;;;"}