{"version":3,"file":"ClientCredentialClient.js","sources":["../../src/client/ClientCredentialClient.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ClientConfiguration } from \"../config/ClientConfiguration\";\nimport { BaseClient } from \"./BaseClient\";\nimport { Authority } from \"../authority/Authority\";\nimport { RequestParameterBuilder } from \"../request/RequestParameterBuilder\";\nimport { ScopeSet } from \"../request/ScopeSet\";\nimport { GrantType , CredentialType, CacheOutcome, Constants, AuthenticationScheme } from \"../utils/Constants\";\nimport { ResponseHandler } from \"../response/ResponseHandler\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult\";\nimport { CommonClientCredentialRequest } from \"../request/CommonClientCredentialRequest\";\nimport { CredentialFilter, CredentialCache } from \"../cache/utils/CacheTypes\";\nimport { AccessTokenEntity } from \"../cache/entities/AccessTokenEntity\";\nimport { TimeUtils } from \"../utils/TimeUtils\";\nimport { StringUtils } from \"../utils/StringUtils\";\nimport { RequestThumbprint } from \"../network/RequestThumbprint\";\nimport { ClientAuthError } from \"../error/ClientAuthError\";\nimport { ServerAuthorizationTokenResponse } from \"../response/ServerAuthorizationTokenResponse\";\nimport { IAppTokenProvider } from \"../config/AppTokenProvider\";\n\n/**\n * OAuth2.0 client credential grant\n */\nexport class ClientCredentialClient extends BaseClient {\n\n    private scopeSet: ScopeSet;\n    private readonly appTokenProvider?: IAppTokenProvider;\n\n    constructor(configuration: ClientConfiguration, appTokenProvider?: IAppTokenProvider) {\n        super(configuration);\n        this.appTokenProvider = appTokenProvider;\n    }\n\n    /**\n     * Public API to acquire a token with ClientCredential Flow for Confidential clients\n     * @param request\n     */\n    public async acquireToken(request: CommonClientCredentialRequest): Promise<AuthenticationResult | null> {\n\n        this.scopeSet = new ScopeSet(request.scopes || []);\n\n        if (request.skipCache) {\n            return await this.executeTokenRequest(request, this.authority);\n        }\n\n        const cachedAuthenticationResult = await this.getCachedAuthenticationResult(request);\n        if (cachedAuthenticationResult) {\n            return cachedAuthenticationResult;\n        } else {\n            return await this.executeTokenRequest(request, this.authority);\n        }\n    }\n\n    /**\n     * looks up cache if the tokens are cached already\n     */\n    private async getCachedAuthenticationResult(request: CommonClientCredentialRequest): Promise<AuthenticationResult | null> {\n        \n        const cachedAccessToken = this.readAccessTokenFromCache();\n\n        if (!cachedAccessToken) {\n            this.serverTelemetryManager?.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN);\n            return null;\n        }\n\n        if (TimeUtils.isTokenExpired(cachedAccessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) {\n            this.serverTelemetryManager?.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED);\n            return null;\n        }\n\n        return await ResponseHandler.generateAuthenticationResult(\n            this.cryptoUtils,\n            this.authority,\n            {\n                account: null,\n                idToken: null,\n                accessToken: cachedAccessToken,\n                refreshToken: null,\n                appMetadata: null\n            },\n            true,\n            request\n        );\n    }\n\n    /**\n     * Reads access token from the cache\n     * TODO: Move this call to cacheManager instead\n     */\n    private readAccessTokenFromCache(): AccessTokenEntity | null {\n        const accessTokenFilter: CredentialFilter = {\n            homeAccountId: Constants.EMPTY_STRING,\n            environment: this.authority.canonicalAuthorityUrlComponents.HostNameAndPort,\n            credentialType: CredentialType.ACCESS_TOKEN,\n            clientId: this.config.authOptions.clientId,\n            realm: this.authority.tenant,\n            target: this.scopeSet.printScopesLowerCase()\n        };\n        const credentialCache: CredentialCache = this.cacheManager.getCredentialsFilteredBy(accessTokenFilter);\n        const accessTokens = Object.keys(credentialCache.accessTokens).map(key => credentialCache.accessTokens[key]);\n        if (accessTokens.length < 1) {\n            return null;\n        } else if (accessTokens.length > 1) {\n            throw ClientAuthError.createMultipleMatchingTokensInCacheError();\n        }\n        return accessTokens[0] as AccessTokenEntity;\n    }\n\n    /**\n     * Makes a network call to request the token from the service\n     * @param request\n     * @param authority\n     */\n    private async executeTokenRequest(request: CommonClientCredentialRequest, authority: Authority)\n        : Promise<AuthenticationResult | null> {\n        \n        let serverTokenResponse: ServerAuthorizationTokenResponse;\n        let reqTimestamp: number;\n\n        if (this.appTokenProvider) {\n            this.logger.info(\"Using appTokenProvider extensibility.\");\n\n            const appTokenPropviderParameters = {\n                correlationId: request.correlationId,\n                tenantId: this.config.authOptions.authority.tenant,\n                scopes: request.scopes,\n                claims: request.claims,\n            };\n\n            reqTimestamp = TimeUtils.nowSeconds();\n            const appTokenProviderResult = await this.appTokenProvider(appTokenPropviderParameters);\n\n            serverTokenResponse = {\n                access_token: appTokenProviderResult.accessToken, \n                expires_in: appTokenProviderResult.expiresInSeconds,\n                refresh_in: appTokenProviderResult.refreshInSeconds,\n                token_type : AuthenticationScheme.BEARER\n            };\n        } else {\n            const requestBody = this.createTokenRequestBody(request);\n            const headers: Record<string, string> = this.createTokenRequestHeaders();\n            const thumbprint: RequestThumbprint = {\n                clientId: this.config.authOptions.clientId,\n                authority: request.authority,\n                scopes: request.scopes,\n                claims: request.claims,\n                authenticationScheme: request.authenticationScheme,\n                resourceRequestMethod: request.resourceRequestMethod,\n                resourceRequestUri: request.resourceRequestUri,\n                shrClaims: request.shrClaims,\n                sshKid: request.sshKid\n            };\n    \n            reqTimestamp = TimeUtils.nowSeconds();\n            const response = await this.executePostToTokenEndpoint(authority.tokenEndpoint, requestBody, headers, thumbprint);\n            serverTokenResponse = response.body;\n        }\n\n        const responseHandler = new ResponseHandler(\n            this.config.authOptions.clientId,\n            this.cacheManager,\n            this.cryptoUtils,\n            this.logger,\n            this.config.serializableCache,\n            this.config.persistencePlugin\n        );\n\n        responseHandler.validateTokenResponse(serverTokenResponse);\n       \n        const tokenResponse = await responseHandler.handleServerTokenResponse(\n            serverTokenResponse,\n            this.authority,\n            reqTimestamp,\n            request\n        );\n\n        return tokenResponse;\n    }\n\n    /**\n     * generate the request to the server in the acceptable format\n     * @param request\n     */\n    private createTokenRequestBody(request: CommonClientCredentialRequest): string {\n        const parameterBuilder = new RequestParameterBuilder();\n\n        parameterBuilder.addClientId(this.config.authOptions.clientId);\n\n        parameterBuilder.addScopes(request.scopes, false);\n\n        parameterBuilder.addGrantType(GrantType.CLIENT_CREDENTIALS_GRANT);\n\n        parameterBuilder.addLibraryInfo(this.config.libraryInfo);\n        parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);\n\n        parameterBuilder.addThrottling();\n        \n        if (this.serverTelemetryManager) {\n            parameterBuilder.addServerTelemetry(this.serverTelemetryManager);\n        }\n\n        const correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid();\n        parameterBuilder.addCorrelationId(correlationId);\n\n        if (this.config.clientCredentials.clientSecret) {\n            parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);\n        }\n\n        // Use clientAssertion from request, fallback to client assertion in base configuration\n        const clientAssertion = request.clientAssertion || this.config.clientCredentials.clientAssertion;\n\n        if (clientAssertion) {\n            parameterBuilder.addClientAssertion(clientAssertion.assertion);\n            parameterBuilder.addClientAssertionType(clientAssertion.assertionType);\n        }\n\n        if (!StringUtils.isEmptyObj(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) {\n            parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\n        }\n\n        return parameterBuilder.createQueryString();\n    }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;;AAGG;AAoBH;;AAEG;AACH,IAAA,sBAAA,kBAAA,UAAA,MAAA,EAAA;IAA4C,SAAU,CAAA,sBAAA,EAAA,MAAA,CAAA,CAAA;IAKlD,SAAY,sBAAA,CAAA,aAAkC,EAAE,gBAAoC,EAAA;QAApF,IACI,KAAA,GAAA,MAAA,CAAA,IAAA,CAAA,IAAA,EAAM,aAAa,CAAC,IAEvB,IAAA,CAAA;AADG,QAAA,KAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;;KAC5C;AAED;;;AAGG;IACU,sBAAY,CAAA,SAAA,CAAA,YAAA,GAAzB,UAA0B,OAAsC,EAAA;;;;;;AAE5D,wBAAA,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;6BAE/C,OAAO,CAAC,SAAS,EAAjB,OAAiB,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;wBACV,OAAM,CAAA,CAAA,YAAA,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA,CAAA;AAA9D,oBAAA,KAAA,CAAA,EAAA,OAAA,CAAA,CAAA,aAAO,SAAuD,CAAC,CAAA;AAGhC,oBAAA,KAAA,CAAA,EAAA,OAAA,CAAA,CAAA,YAAM,IAAI,CAAC,6BAA6B,CAAC,OAAO,CAAC,CAAA,CAAA;;AAA9E,wBAAA,0BAA0B,GAAG,EAAiD,CAAA,IAAA,EAAA,CAAA;AAChF,wBAAA,IAAA,CAAA,0BAA0B,EAA1B,OAA0B,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;AAC1B,wBAAA,OAAA,CAAA,CAAA,aAAO,0BAA0B,CAAC,CAAA;4BAE3B,OAAM,CAAA,CAAA,YAAA,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA,CAAA;AAA9D,oBAAA,KAAA,CAAA,EAAA,OAAA,CAAA,CAAA,aAAO,SAAuD,CAAC,CAAA;;;;AAEtE,KAAA,CAAA;AAED;;AAEG;IACW,sBAA6B,CAAA,SAAA,CAAA,6BAAA,GAA3C,UAA4C,OAAsC,EAAA;;;;;;;AAExE,wBAAA,iBAAiB,GAAG,IAAI,CAAC,wBAAwB,EAAE,CAAC;wBAE1D,IAAI,CAAC,iBAAiB,EAAE;4BACpB,CAAA,EAAA,GAAA,IAAI,CAAC,sBAAsB,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,eAAe,CAAC,YAAY,CAAC,sBAAsB,CAAE,CAAA;AAClF,4BAAA,OAAA,CAAA,CAAA,aAAO,IAAI,CAAC,CAAA;AACf,yBAAA;AAED,wBAAA,IAAI,SAAS,CAAC,cAAc,CAAC,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,yBAAyB,CAAC,EAAE;4BAC5G,CAAA,EAAA,GAAA,IAAI,CAAC,sBAAsB,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAE,eAAe,CAAC,YAAY,CAAC,2BAA2B,CAAE,CAAA;AACvF,4BAAA,OAAA,CAAA,CAAA,aAAO,IAAI,CAAC,CAAA;AACf,yBAAA;wBAEM,OAAM,CAAA,CAAA,YAAA,eAAe,CAAC,4BAA4B,CACrD,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,SAAS,EACd;AACI,gCAAA,OAAO,EAAE,IAAI;AACb,gCAAA,OAAO,EAAE,IAAI;AACb,gCAAA,WAAW,EAAE,iBAAiB;AAC9B,gCAAA,YAAY,EAAE,IAAI;AAClB,gCAAA,WAAW,EAAE,IAAI;AACpB,6BAAA,EACD,IAAI,EACJ,OAAO,CACV,CAAA,CAAA;AAZD,oBAAA,KAAA,CAAA,EAAA,OAAA,CAAA,CAAA,aAAO,SAYN,CAAC,CAAA;;;;AACL,KAAA,CAAA;AAED;;;AAGG;AACK,IAAA,sBAAA,CAAA,SAAA,CAAA,wBAAwB,GAAhC,YAAA;AACI,QAAA,IAAM,iBAAiB,GAAqB;YACxC,aAAa,EAAE,SAAS,CAAC,YAAY;AACrC,YAAA,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA+B,CAAC,eAAe;YAC3E,cAAc,EAAE,cAAc,CAAC,YAAY;AAC3C,YAAA,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;AAC1C,YAAA,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;AAC5B,YAAA,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,oBAAoB,EAAE;SAC/C,CAAC;QACF,IAAM,eAAe,GAAoB,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;QACvG,IAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,UAAA,GAAG,EAAA,EAAI,OAAA,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,CAAA,EAAA,CAAC,CAAC;AAC7G,QAAA,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;AACzB,YAAA,OAAO,IAAI,CAAC;AACf,SAAA;AAAM,aAAA,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;AAChC,YAAA,MAAM,eAAe,CAAC,wCAAwC,EAAE,CAAC;AACpE,SAAA;AACD,QAAA,OAAO,YAAY,CAAC,CAAC,CAAsB,CAAC;KAC/C,CAAA;AAED;;;;AAIG;AACW,IAAA,sBAAA,CAAA,SAAA,CAAA,mBAAmB,GAAjC,UAAkC,OAAsC,EAAE,SAAoB,EAAA;;;;;;6BAMtF,IAAI,CAAC,gBAAgB,EAArB,OAAqB,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;AACrB,wBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;AAEpD,wBAAA,2BAA2B,GAAG;4BAChC,aAAa,EAAE,OAAO,CAAC,aAAa;4BACpC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM;4BAClD,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,MAAM,EAAE,OAAO,CAAC,MAAM;yBACzB,CAAC;AAEF,wBAAA,YAAY,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;AACP,wBAAA,OAAA,CAAA,CAAA,YAAM,IAAI,CAAC,gBAAgB,CAAC,2BAA2B,CAAC,CAAA,CAAA;;AAAjF,wBAAA,sBAAsB,GAAG,EAAwD,CAAA,IAAA,EAAA,CAAA;AAEvF,wBAAA,mBAAmB,GAAG;4BAClB,YAAY,EAAE,sBAAsB,CAAC,WAAW;4BAChD,UAAU,EAAE,sBAAsB,CAAC,gBAAgB;4BACnD,UAAU,EAAE,sBAAsB,CAAC,gBAAgB;4BACnD,UAAU,EAAG,oBAAoB,CAAC,MAAM;yBAC3C,CAAC;;;AAEI,wBAAA,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;AACnD,wBAAA,OAAO,GAA2B,IAAI,CAAC,yBAAyB,EAAE,CAAC;AACnE,wBAAA,UAAU,GAAsB;AAClC,4BAAA,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;4BAC1C,SAAS,EAAE,OAAO,CAAC,SAAS;4BAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;4BAClD,qBAAqB,EAAE,OAAO,CAAC,qBAAqB;4BACpD,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;4BAC9C,SAAS,EAAE,OAAO,CAAC,SAAS;4BAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;yBACzB,CAAC;AAEF,wBAAA,YAAY,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;AACrB,wBAAA,OAAA,CAAA,CAAA,YAAM,IAAI,CAAC,0BAA0B,CAAC,SAAS,CAAC,aAAa,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,CAAC,CAAA,CAAA;;AAA3G,wBAAA,QAAQ,GAAG,EAAgG,CAAA,IAAA,EAAA,CAAA;AACjH,wBAAA,mBAAmB,GAAG,QAAQ,CAAC,IAAI,CAAC;;;AAGlC,wBAAA,eAAe,GAAG,IAAI,eAAe,CACvC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAChC,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAC7B,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAChC,CAAC;AAEF,wBAAA,eAAe,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,CAAC;AAErC,wBAAA,OAAA,CAAA,CAAA,YAAM,eAAe,CAAC,yBAAyB,CACjE,mBAAmB,EACnB,IAAI,CAAC,SAAS,EACd,YAAY,EACZ,OAAO,CACV,CAAA,CAAA;;AALK,wBAAA,aAAa,GAAG,EAKrB,CAAA,IAAA,EAAA,CAAA;AAED,wBAAA,OAAA,CAAA,CAAA,aAAO,aAAa,CAAC,CAAA;;;;AACxB,KAAA,CAAA;AAED;;;AAGG;IACK,sBAAsB,CAAA,SAAA,CAAA,sBAAA,GAA9B,UAA+B,OAAsC,EAAA;AACjE,QAAA,IAAM,gBAAgB,GAAG,IAAI,uBAAuB,EAAE,CAAC;QAEvD,gBAAgB,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE/D,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAElD,QAAA,gBAAgB,CAAC,YAAY,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAElE,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACzD,gBAAgB,CAAC,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAE5E,gBAAgB,CAAC,aAAa,EAAE,CAAC;QAEjC,IAAI,IAAI,CAAC,sBAAsB,EAAE;AAC7B,YAAA,gBAAgB,CAAC,kBAAkB,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;AACpE,SAAA;AAED,QAAA,IAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,aAAa,EAAE,CAAC;AAC3F,QAAA,gBAAgB,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;AAEjD,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,YAAY,EAAE;YAC5C,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;AAChF,SAAA;;AAGD,QAAA,IAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,eAAe,CAAC;AAEjG,QAAA,IAAI,eAAe,EAAE;AACjB,YAAA,gBAAgB,CAAC,kBAAkB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;AAC/D,YAAA,gBAAgB,CAAC,sBAAsB,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;AAC1E,SAAA;AAED,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;AAChJ,YAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;AAC1F,SAAA;AAED,QAAA,OAAO,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;KAC/C,CAAA;IACL,OAAC,sBAAA,CAAA;AAAD,CAvMA,CAA4C,UAAU,CAuMrD;;;;"}