AzureAD
diff --git a/‎lib/msal-common/.gitignore
+1 b/‎lib/msal-common/.gitignore
+1
diff --git a/‎lib/msal-common/README.md
+1-1 b/‎lib/msal-common/README.md
+1-1
diff --git a/‎lib/msal-common/package-lock.json
+374 b/‎lib/msal-common/package-lock.json
+374
diff --git a/‎lib/msal-common/package.json
+5 b/‎lib/msal-common/package.json
+5
diff --git a/‎lib/msal-common/src/account/AccountInfo.ts
+7 b/‎lib/msal-common/src/account/AccountInfo.ts
+7
diff --git a/‎lib/msal-common/src/config/ClientConfiguration.ts
+22-13 b/‎lib/msal-common/src/config/ClientConfiguration.ts
+22-13
diff --git a/‎lib/msal-common/src/request/AuthorizationCodeRequest.ts
+8-22 b/‎lib/msal-common/src/request/AuthorizationCodeRequest.ts
+8-22
diff --git a/‎lib/msal-common/src/request/AuthorizationUrlRequest.ts
+21-72 b/‎lib/msal-common/src/request/AuthorizationUrlRequest.ts
+21-72
diff --git a/‎lib/msal-common/src/request/BaseAuthRequest.ts
+6-13 b/‎lib/msal-common/src/request/BaseAuthRequest.ts
+6-13
diff --git a/‎lib/msal-common/src/request/DeviceCodeRequest.ts
+5-12 b/‎lib/msal-common/src/request/DeviceCodeRequest.ts
+5-12
@@ -262,3 +262,4 @@ node_modules/
 typings/
 lib/
 dist/
+ref/
@@ -1,7 +1,7 @@
 # (Preview) Microsoft Authentication Library for JavaScript (MSAL.js) Common Package
 [![npm version](https://img.shields.io/npm/v/@azure/msal-common.svg?style=flat)](https://www.npmjs.com/package/@azure/msal-common/)[![npm version](https://img.shields.io/npm/dm/@azure/msal-common.svg)](https://nodei.co/npm/@azure/msal-common/)[![Coverage Status](https://coveralls.io/repos/github/AzureAD/microsoft-authentication-library-for-js/badge.svg?branch=dev)](https://coveralls.io/github/AzureAD/microsoft-authentication-library-for-js?branch=dev)
 
-| <a href="https://docs.microsoft.com/azure/active-directory/develop/guidedsetups/active-directory-javascriptspa" target="_blank">Getting Started</a> | <a href="https://aka.ms/aaddevv2" target="_blank">AAD Docs</a> | <a href="https://azuread.github.io/microsoft-authentication-library-for-js/ref/msal-core/" target="_blank">Library Reference</a> |
+| <a href="https://docs.microsoft.com/azure/active-directory/develop/guidedsetups/active-directory-javascriptspa" target="_blank">Getting Started</a> | <a href="https://aka.ms/aaddevv2" target="_blank">AAD Docs</a> | <a href="https://azuread.github.io/microsoft-authentication-library-for-js/ref/msal-common/" target="_blank">Library Reference</a> |
 | --- | --- | --- |
 
 1. [About](#about)
 
@@ -42,6 +42,9 @@
     "scripts": {
         "clean": "shx rm -rf dist lib",
         "clean:coverage": "rimraf ../../.nyc_output/*",
+        "doc": "npm run doc:generate && npm run doc:deploy",
+        "doc:generate": "typedoc --mode modules --excludePrivate --excludeProtected --excludeNotExported --out ./ref ./src/ --gitRevision dev",
+        "doc:deploy": "gh-pages -d ref -a -e ref/msal-common",
         "lint": "eslint src --ext .ts",
         "test": "mocha",
         "test:coverage": "nyc --reporter=text mocha --exit",
@@ -73,6 +76,7 @@
         "chai": "^4.2.0",
         "chai-as-promised": "^7.1.1",
         "eslint": "^6.5.1",
+        "gh-pages": "^3.1.0",
         "husky": "^3.0.9",
         "mocha": "^6.2.2",
         "nyc": "^14.1.1",
@@ -84,6 +88,7 @@
         "sinon": "^7.5.0",
         "tslib": "^1.10.0",
         "tslint": "^5.20.0",
+        "typedoc": "^0.17.8",
         "typescript": "^3.7.5"
     },
     "dependencies": {
 
@@ -3,6 +3,13 @@
  * Licensed under the MIT License.
  */
 
+/**
+ * Account object with the following signature:
+ * - homeAccountId          - Home account identifier for this account object
+ * - environment            - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
+ * - tenantId               - Full tenant or organizational id that this account belongs to
+ * - username               - preferred_username claim of the id_token that represents this account
+ */
 export type AccountInfo = {
     homeAccountId: string;
     environment: string;
 
@@ -19,10 +19,13 @@ const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
  * Use the configuration object to configure MSAL Modules and initialize the base interfaces for MSAL.
  *
  * This object allows you to configure important elements of MSAL functionality:
- * - logger: logging for application
- * - storage: this is where you configure storage implementation.
- * - network: this is where you can configure network implementation.
- * - crypto: implementation of crypto functions
+ * - authOptions                - Authentication for application
+ * - cryptoInterface            - Implementation of crypto functions
+ * - libraryInfo                - Library metadata
+ * - loggerOptions              - Logging for application
+ * - networkInterface           - Network implementation
+ * - storageInterface           - Storage implementation
+ * - systemOptions              - Additional library options
  */
 export type ClientConfiguration = {
     authOptions: AuthOptions,
@@ -35,10 +38,12 @@ export type ClientConfiguration = {
 };
 
 /**
- * @type AuthOptions: Use this to configure the auth options in the Configuration object
+ * Use this to configure the auth options in the Configuration object
  *
- *  - clientId                    - Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform
- *  - authority                   - You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common"
+ * - clientId                    - Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform
+ * - authority                   - You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common"
+ * - knownAuthorities            - An array of URIs that are known to be valid. Used in B2C scenarios.
+ * - cloudDiscoveryMetadata      - A string containing the cloud discovery response. Used in AAD scenarios.
  */
 export type AuthOptions = {
     clientId: string;
@@ -48,10 +53,10 @@ export type AuthOptions = {
 };
 
 /**
- * Telemetry Config Options
+ * Use this to configure the telemetry options in the Configuration object
+ *
  * - applicationName              - Name of the consuming apps application
  * - applicationVersion           - Version of the consuming application
- * - telemetryEmitter             - Function where telemetry events are flushed to
  */
 export type TelemetryOptions = {
     applicationName: string;
@@ -60,9 +65,9 @@ export type TelemetryOptions = {
 };
 
 /**
- * Library Specific Options
+ * Use this to configure token renewal and telemetry info in the Configuration object
  *
- * - tokenRenewalOffsetSeconds    - sets the window of offset needed to renew the token before expiry
+ * - tokenRenewalOffsetSeconds    - Sets the window of offset needed to renew the token before expiry
  * - telemetry                    - Telemetry options for library network requests
  */
 export type SystemOptions = {
@@ -71,7 +76,11 @@ export type SystemOptions = {
 };
 
 /**
- * Logger options to configure the logging that MSAL does.
+ *  Use this to configure the logging that MSAL does, by configuring logger options in the Configuration object
+ * 
+ * - loggerCallback                - Callback for logger
+ * - piiLoggingEnabled             - Sets whether pii logging is enabled
+ * - logLevel                      - Sets the level at which logging happens
  */
 export type LoggerOptions = {
     loggerCallback?: ILoggerCallback,
@@ -80,7 +89,7 @@ export type LoggerOptions = {
 };
 
 /**
- * Telemetry info about library
+ * Library-specific options
  */
 export type LibraryInfo = {
     sku: string,
 
@@ -6,28 +6,14 @@
 import { BaseAuthRequest } from "./BaseAuthRequest";
 
 /**
- * @type AuthorizationCodeRequest: Request object passed by user to acquire a token from the server exchanging a valid authorization code
- *  (second leg of OAuth2.0 Authorization Code flow)
- *
- * scopes:                  A space-separated array of scopes for the same resource.
- *
- *
- * authority:               URL of the authority, the security token service (STS) from which MSAL will acquire tokens.
- *                          If authority is set on client application object, this will override that value. Overriding
- *                          the value will cause for authority validation to happen each time. If the same authority
- *                          will be used for all request, set on the application object instead of the requests.
- *
- * redirectUri:             The redirect URI of your app, where the authority will redirect to after the user inputs credentials
- *                          and consents. It must exactly match one of the redirect URIs you registered in the portal.
- *
- * code:                    The authorization_code that the user acquired in the first leg of the flow.
- *
- * codeVerifier:            The same code_verifier that was used to obtain the authorization_code.
- *                          Required if PKCE was used in the authorization code grant request.
- *                          For more information, see the PKCE RFC: https://tools.ietf.org/html/rfc7636
- *
- * correlationId:           Unique GUID set per request to trace a request end-to-end for telemetry purposes
- *
+ * Request object passed by user to acquire a token from the server exchanging a valid authorization code (second leg of OAuth2.0 Authorization Code flow)
+ *
+ * - scopes                  - Array of scopes the application is requesting access to.
+ * - authority:              - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests.
+ * - correlationId           - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
+ * - redirectUri             - The redirect URI of your app, where the authority will redirect to after the user inputs credentials and consents. It must exactly match one of the redirect URIs you registered in the portal.
+ * - code                    - The authorization_code that the user acquired in the first leg of the flow.
+ * - codeVerifier            - The same code_verifier that was used to obtain the authorization_code. Required if PKCE was used in the authorization code grant request.For more information, see the PKCE RFC: https://tools.ietf.org/html/rfc7636
  */
 export type AuthorizationCodeRequest = BaseAuthRequest & {
     redirectUri: string;
 
@@ -8,90 +8,39 @@ import { StringDict } from "../utils/MsalTypes";
 import { BaseAuthRequest } from "./BaseAuthRequest";
 
 /**
- * @type AuthorizationCodeUrlRequest: Request object passed by user to retrieve a Code from the
- * server (first leg of authorization code grant flow)
+ * Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow)
+ * 
+ * - scopes                     - Array of scopes the application is requesting access to.
+ * - authority                  - Url of the authority which the application acquires tokens from.
+ * - correlationId              - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
+ * - redirectUri                - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
+ * - extraScopesToConsent       - Scopes for a different resource when the user needs consent upfront.
+ * - responseMode               - Specifies the method that should be used to send the authentication result to your app. Can be query, form_post, or fragment. If no value is passed in, it defaults to query.
+ * - codeChallenge              - Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE). For more information, see the PKCE RCF:https://tools.ietf.org/html/rfc7636
+ * - codeChallengeMethod        - The method used to encode the code verifier for the code challenge parameter. Can be "plain" or "S256". If excluded, code challenge is assumed to be plaintext. For more information, see the PKCE RCF: https://tools.ietf.org/html/rfc7636
+ * - state                      - A value included in the request that is also returned in the token response. A randomly generated unique value is typically used for preventing cross site request forgery attacks. The state is also used to encode information about the user's state in the app before the authentication request occurred.
+ * - prompt                     - Indicates the type of user interaction that is required.
+ *          login: will force the user to enter their credentials on that request, negating single-sign on
+ *          none:  will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error
+ *          consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app
+ *          select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in session or any remembered accounts or an option to choose to use a different account
+ * - loginHint                  - Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know the username/email address ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim.
+ * - domainHint                 - Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain hint is a registered domain for the tenant.
+ * - extraQueryParameters       - String to string map of custom query parameters.
+ * - claims                     - In cases where Azure AD tenant admin has enabled conditional access policies, and the policy has not been met, exceptions will contain claims that need to be consented to.
+ * - nonce                      - A value included in the request that is returned in the id token. A randomly generated unique value is typically used to mitigate replay attacks.
  */
 export type AuthorizationUrlRequest = BaseAuthRequest & {
-    /**
-     * The redirect URI where authentication responses can be received by your application. It
-     * must exactly match one of the redirect URIs registered in the Azure portal.
-     */
     redirectUri?: string;
-
-    /**
-     * Scopes for a different resource when the user needs consent upfront
-     */
     extraScopesToConsent?: Array<string>;
-
-    /**
-     * Specifies the method that should be used to send the authentication result to your app.
-     * Can be query, form_post, or fragment. If no value is passed in, it defaults to query.
-     */
     responseMode?: ResponseMode;
-
-    /**
-     * Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE).
-     * For more information, see the PKCE RCF:https://tools.ietf.org/html/rfc7636
-     */
     codeChallenge?: string;
-
-    /**
-     * The method used to encode the code verifier for the code challenge parameter. Can be
-     * "plain" or "S256". If excluded, code challenge is assumed to be plaintext. For more
-     * information, see the PKCE RCF: https://tools.ietf.org/html/rfc7636
-     */
     codeChallengeMethod?: string;
-
-    /**
-     * A value included in the request that is also returned in the token response. A randomly
-     * generated unique value is typically used for preventing cross site request forgery attacks.
-     * The state is also used to encode information about the user's state in the app before the
-     * authentication request occurred.
-     */
     state?: string;
-
-    /**
-     * Indicates the type of user interaction that is required.
-     *
-     * login: will force the user to enter their credentials on that request, negating single-sign on
-     *
-     * none:  will ensure that the user isn't presented with any interactive prompt. if request can't be completed via
-     *        single-sign on, the endpoint will return an interaction_required error
-     * consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions
-     *          to the app
-     * select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in
-     *                 session or any remembered accounts or an option to choose to use a different account
-     */
     prompt?: string;
-
-    /**
-     * Can be used to pre-fill the username/email address field of the sign-in page for the user,
-     * if you know the username/email address ahead of time. Often apps use this parameter during
-     * re-authentication, having already extracted the username from a previous sign-in using the
-     * preferred_username claim.
-     */
     loginHint?: string;
-
-    /**
-     * Provides a hint about the tenant or domain that the user should use to sign in. The value
-     * of the domain hint is a registered domain for the tenant.
-     */
     domainHint?: string;
-
-    /**
-     * string to string map of custom query parameters
-     */
     extraQueryParameters?: StringDict;
-
-    /**
-     * In cases where Azure AD tenant admin has enabled conditional access policies, and the
-     * policy has not been met, exceptions will contain claims that need to be consented to.
-     */
     claims?: string;
-
-    /**
-     *  A value included in the request that is returned in the id token. A randomly
-     *  generated unique value is typically used to mitigate replay attacks.
-     */
     nonce?: string;
 };
@@ -3,21 +3,14 @@
  * Licensed under the MIT License.
  */
 
+/**
+ * BaseAuthRequest
+ * - scopes                  - Array of scopes the application is requesting access to.
+ * - authority               - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. Defaults to https://login.microsoftonline.com/common. If using the same authority for all request, authority should set on client application object and not request, to avoid resolving authority endpoints multiple times.
+ * - correlationId           - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
+ */
 export type BaseAuthRequest = {
-    /**
-     * Scopes the application is requesting access to.
-     */
     scopes: Array<string>;
-
-    /**
-     * Url of the authority which the application acquires tokens from. Defaults to
-     * https://login.microsoftonline.com/common. If using the same authority for all request, authority should set
-     * on client application object and not request, to avoid resolving authority endpoints multiple times.
-     */
     authority?: string;
-
-    /**
-     * Unique GUID set per request to trace a request end-to-end for telemetry purposes
-     */
     correlationId?: string;
 };
@@ -8,20 +8,13 @@ import { BaseAuthRequest } from "./BaseAuthRequest";
 
 /**
  * Parameters for Oauth2 device code flow.
+ * - scopes                     - Array of scopes the application is requesting access to.
+ * - authority:                 - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests.
+ * - correlationId              - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
+ * - deviceCodeCallback         - Callback containing device code response. Message should be shown to end user. End user can then navigate to the verification_uri, input the user_code, and input credentials.
+ * - cancel                     - Boolean to cancel polling of device code endpoint. While the user authenticates on a separate device, MSAL polls the the token endpoint of security token service for the interval specified in the device code response (usually 15 minutes). To stop polling and cancel the request, set cancel=true. 
  */
 export type DeviceCodeRequest = BaseAuthRequest &  {
-
-    /**
-     * Callback containing device code response. Message should be shown to end user. End user can then navigate to the verification_uri,
-     * input the user_code, and input credentials.
-     */
     deviceCodeCallback: (response: DeviceCodeResponse) => void;
-
-    /**
-     * Boolean to cancel polling of device code endpoint.
-     *
-     * While the user authenticates on a separate device, MSAL polls the the token endpoint of security token service for the interval
-     * specified in the device code response (usually 15 minutes). To stop polling and cancel the request, set cancel=true;
-     */
     cancel?: boolean;
 };
-Original file line number
+Diff line change
 typings/
 lib/
 dist/
 +ref/