MeowLynxSea/Proksea
MeowLynxSea/Proksea
1
0
Fork 0
mirror of https://github.com/MeowLynxSea/Proksea.git synced 2025-07-10 19:34:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
48631dbbe7
Proksea/node_modules/@azure/msal-common/dist/account/AccountInfo.mjs
unknown ea71f3fc17 First commit :)
2024-07-05 00:09:37 +08:00

66 lines
2.9 KiB
JavaScript
Raw Blame History

/*! @azure/msal-common v14.12.0 2024-06-10 */
'use strict';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Returns true if tenantId matches the utid portion of homeAccountId
* @param tenantId
* @param homeAccountId
* @returns
*/
function tenantIdMatchesHomeTenant(tenantId, homeAccountId) {
return (!!tenantId &&
!!homeAccountId &&
tenantId === homeAccountId.split(".")[1]);
}
function buildTenantProfileFromIdTokenClaims(homeAccountId, idTokenClaims) {
const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
/**
* Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
* tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
* tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
* acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
*/
const tenantId = tid || tfp || acr || "";
return {
tenantId: tenantId,
localAccountId: oid || sub || "",
name: name,
isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
};
}
/**
* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
* @param baseAccountInfo
* @param idTokenClaims
* @returns
*/
function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) {
let updatedAccountInfo = baseAccountInfo;
// Tenant Profile overrides passed in account info
if (tenantProfile) {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
}
// ID token claims override passed in account info and tenant profile
if (idTokenClaims) {
// Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfileFromIdTokenClaims(baseAccountInfo.homeAccountId, idTokenClaims);
updatedAccountInfo = {
...updatedAccountInfo,
...claimsSourcedTenantProfile,
idTokenClaims: idTokenClaims,
idToken: idTokenSecret,
};
return updatedAccountInfo;
}
return updatedAccountInfo;
}
export { buildTenantProfileFromIdTokenClaims, tenantIdMatchesHomeTenant, updateAccountTenantProfileData };
//# sourceMappingURL=AccountInfo.mjs.map
Reference in New Issue View Git Blame Copy Permalink