Rohitnarula7176/token cache #1
Conversation
|
@rohitnarula7176, |
lib/msaljs.ts
Outdated
| } | ||
|
|
||
| export class Constants { | ||
| public static get ERROR_DESCRIPTION(): string { return "error_description"; } |
There was a problem hiding this comment.
Please check the naming conventions for constants in TS. I don't think we should use "_".
lib/msaljs.ts
Outdated
| export class Constants { | ||
| public static get ERROR_DESCRIPTION(): string { return "error_description"; } | ||
| public static get ID_TOKEN(): string { return "id_token"; } | ||
| public static get ACCESS_TOKEN(): string { return "access_token"; } |
There was a problem hiding this comment.
I think all of these should be private except loadframe timeout and popup width and height.
There was a problem hiding this comment.
Also, see if using readonly attribute makes more sense. That way, you can define these as properties instead of methods.
static readonly AccessToken: string = "access_token"
lib/msaljs.ts
Outdated
| export class ClientApplication { | ||
|
|
||
| private loginInProgress: boolean; | ||
| User: User; |
There was a problem hiding this comment.
I should have checked this earlier. Guideline is to use camelcase for method and property names. https://github.com/Microsoft/TypeScript/wiki/Coding-guidelines
lib/msaljs.ts
Outdated
| public static get UNKNOWN(): string { return "UNKNOWN"; } | ||
| } | ||
|
|
||
| export class ClientApplication { |
There was a problem hiding this comment.
rename this to UserAgentApplication.
lib/msaljs.ts
Outdated
| private loginInProgress: boolean; | ||
| User: User; | ||
| ClientId: string; | ||
| Authority: string; |
There was a problem hiding this comment.
This should be readonly
lib/msaljs.ts
Outdated
| Authority: string; | ||
| AuthenticationMode: AuthenticationModes; | ||
| RedirectUri: string; | ||
| ClockSkew: number; |
There was a problem hiding this comment.
This should be private, default to 5 minutes
lib/msaljs.ts
Outdated
| ActiveRenewals: Object; | ||
| SessionState: string; | ||
| CacheStorage: Storage; | ||
|
|
There was a problem hiding this comment.
Add ValidateAuthority boolean property to turn on/off authority validation. Default should be true but I think until build, default is false.
lib/msaljs.ts
Outdated
| User: User; | ||
| ClientId: string; | ||
| Authority: string; | ||
| AuthenticationMode: AuthenticationModes; |
There was a problem hiding this comment.
There was a suggestion to reword this to something else maybe InteractionMode.
lib/msaljs.ts
Outdated
| RedirectUri: string; | ||
| ClockSkew: number; | ||
| PostLogoutRedirectUri: string; | ||
| CorrelationId: string; |
There was a problem hiding this comment.
I am not sure where we landed on this one. Should it be here or at acquireToken level only. Check what other MSALs have landed upon.
lib/msaljs.ts
Outdated
| CorrelationId: string; | ||
| CacheLocation: CacheLocations; | ||
| CheckSessionIframe: HTMLIFrameElement; | ||
| RenewStates: Array<string>; |
lib/msaljs.ts
Outdated
| CacheLocation: CacheLocations; | ||
| CheckSessionIframe: HTMLIFrameElement; | ||
| RenewStates: Array<string>; | ||
| ActiveRenewals: Object; |
lib/msaljs.ts
Outdated
| CheckSessionIframe: HTMLIFrameElement; | ||
| RenewStates: Array<string>; | ||
| ActiveRenewals: Object; | ||
| SessionState: string; |
lib/msaljs.ts
Outdated
| PostLogoutRedirectUri: string; | ||
| CorrelationId: string; | ||
| CacheLocation: CacheLocations; | ||
| CheckSessionIframe: HTMLIFrameElement; |
There was a problem hiding this comment.
What is this used for? Should this be public or private?
lib/msaljs.ts
Outdated
| this.CacheStorage = new Storage(this.CacheLocation); | ||
| } | ||
|
|
||
| Login(scopes: Array<string>): void { |
There was a problem hiding this comment.
camelCasing for method names.
lib/msaljs.ts
Outdated
| constructor(clientId: string) { | ||
| this.ClientId = clientId; | ||
| this.Authority = "https://login.microsoftonline.com/common"; | ||
| this.RedirectUri = window.location.href; |
There was a problem hiding this comment.
We should process the redirect uri to remove query parameters and hashes, the way we do it in adal.js
lib/msaljs.ts
Outdated
| RenewStates: Array<string>; | ||
| ActiveRenewals: Object; | ||
| SessionState: string; | ||
| CacheStorage: Storage; |
There was a problem hiding this comment.
This should be private
lib/msaljs.ts
Outdated
| 3. redirect user to AAD | ||
| */ | ||
|
|
||
| let parameters: AuthenticationRequestParameters = new AuthenticationRequestParameters(this.Authority, this.ClientId, this.AuthenticationMode, null, ResponseTypes[ResponseTypes.id_token], this.RedirectUri); |
There was a problem hiding this comment.
can we please rename this to "request" or "authenticationRequest"? I named it parameters earlier, that does not look like an apt name now.
lib/msaljs.ts
Outdated
| console.log(urlNavigate); | ||
| this.loginInProgress = true; | ||
| if (this.AuthenticationMode == AuthenticationModes.PopUp) { | ||
| return; |
There was a problem hiding this comment.
does this need to be implemented?
There was a problem hiding this comment.
Yes it still needs to be implemented
lib/msaljs.ts
Outdated
| window.callBackMappedToRenewStates[expectedState] = function (message: string, token: string) { | ||
| self.ActiveRenewals[resource] = null; | ||
| for (var i = 0; i < window.callBacksMappedToRenewStates[expectedState].length; ++i) { | ||
| window.callBacksMappedToRenewStates[expectedState][i](message, token); |
There was a problem hiding this comment.
We should add a try catch around this call and reset the window properties even when the exception occurs.
There was a problem hiding this comment.
Since we are not relying on user provided callback methods and using promises instead, we don't need to worry about the case in which their code throws an error and we stop execution.
lib/msaljs.ts
Outdated
| } | ||
|
|
||
| private getCachedToken(scopes: Array<string>): string { | ||
| let accessTokenCacheItems = this.CacheStorage.getAllAccessTokens(this.ClientId, this.Authority); |
There was a problem hiding this comment.
We should pass user if also in the method since we are filtering the tokens based on that afterwards.
lib/msaljs.ts
Outdated
| private getCachedToken(scopes: Array<string>): string { | ||
| let accessTokenCacheItems = this.CacheStorage.getAllAccessTokens(this.ClientId, this.Authority); | ||
| let accessTokenItems: Array<AccessTokenCacheItem> = []; // Array to store multiple accessTokens for the ssame set of scopes | ||
| if (accessTokenCacheItems.length > 0) { |
There was a problem hiding this comment.
I don't think we need this check
There was a problem hiding this comment.
We need this check if acquireToken is called without logging in or app reload.
lib/msaljs.ts
Outdated
| } | ||
| } | ||
| } | ||
| if (accessTokenItems.length == 0) |
There was a problem hiding this comment.
Can we combine the two statements (== 0) and (> 1) in one if block?
lib/msaljs.ts
Outdated
|
|
||
| private getCachedToken(scopes: Array<string>): string { | ||
| let accessTokenCacheItems = this.CacheStorage.getAllAccessTokens(this.ClientId, this.Authority); | ||
| let accessTokenItems: Array<AccessTokenCacheItem> = []; // Array to store multiple accessTokens for the ssame set of scopes |
There was a problem hiding this comment.
Should this be an array? Since more than 1 matching tokens is not supported, I think this can be just a variable. Starting value can be null. In line 230, we can check if the variable is not null before assigning. If so, we return null there, otherwise continue. Line 235 check can be changed to check if variable is null.
It's just defining it as an array when we only expect one value does not seem right.
There was a problem hiding this comment.
We can get multiple access tokens for the same set of scopes so we need an array to store them. But in the case we get more than one access token we return null from this method.
There was a problem hiding this comment.
As we discussed, lets change that to single object.
lib/msaljs.ts
Outdated
|
|
||
| AcquireToken(scopes: Array<string>, callback: Function): void; | ||
|
|
||
| AcquireToken(scopes: Array<string>, callback: Function, loginHint: string): void; |
There was a problem hiding this comment.
Please add one more override that has the below signature
AcquireToken(scopes: Array, callback: Function, loginHint: string, extraQueryParameters: string)): void;
lib/msaljs.ts
Outdated
| this.registerCallback(this.ActiveRenewals[scope], scope, callback); | ||
| } | ||
| else { | ||
| let parameters: AuthenticationRequestParameters = new AuthenticationRequestParameters(this.Authority, this.ClientId, this.AuthenticationMode, null, ResponseTypes[ResponseTypes.token], this.RedirectUri); |
There was a problem hiding this comment.
please rename this to "request" or "authenticationRequest" or "tokenRequest"
lib/msaljs.ts
Outdated
| else { | ||
| let parameters: AuthenticationRequestParameters = new AuthenticationRequestParameters(this.Authority, this.ClientId, this.AuthenticationMode, null, ResponseTypes[ResponseTypes.token], this.RedirectUri); | ||
| let expectedState = parameters.State + '|' + scope; | ||
| this.CacheStorage.saveItem(Constants.NONCE_IDTOKEN, parameters.Nonce); |
There was a problem hiding this comment.
I don't think we need to save the nonce for accessToken request.
lib/msaljs.ts
Outdated
| if (popupWindow == null) { | ||
| return; | ||
| } | ||
| if (this.RedirectUri.indexOf('#') != -1) |
There was a problem hiding this comment.
This should be handled in the constructor.
lib/msaljs.ts
Outdated
| var frameHandle = self.addAdalFrame(frameCheck); | ||
| if (frameHandle.src === '' || frameHandle.src === 'about:blank') { | ||
| frameHandle.src = urlNavigate; | ||
| self.loadFrame(urlNavigate, frameCheck); |
There was a problem hiding this comment.
Should we change this recursive call behavior now?
There was a problem hiding this comment.
I am not sure about what benefit we get from this check. I would want to keep this there as it has not caused any problems in Adaljs.
There was a problem hiding this comment.
As we discussed, it might be useful to get rid of this now instead of taking it along in msal
brentschmaltz
force-pushed
the
rohitnarula7176/tokenCache
branch
from
9b99c03 to
76eb5b3
Compare
Add typings field in package.json to expose msal.d.ts
[msal-node][#1] SilentFlow support in msal-common
[msal-extensions] Extensions #1
Telemetry #1: Enable telemetry in common
AT Proof-Of-Possession #1: Adding req_cnf to the token request
Broker #1: Handshake between child and parent
msal-react #1: account changes
* Add KeyManager class * Add STK JWK to BaseAuthRequest * Add STK generation logic to common and browser * Update PublicClientApplication tests to mock out STK generation from Auth Code requests * Undo msal-node-samples changes * Move generateCnf from PopTokenGenerator to KeyManager * Refactor crypto key generation to use different key generation algorithm options for AT and RT PoP * Add missing API from Crypto Interface to msal-node * Fix linter issues * Fix merge conflicts * Refactor Cryptographic constants out of BrowserConstants and CryptoOps * Fix tests after merge * Add feature flag to make RT Binding opt-in * Add error handling to STK generation step * Refactor crypto enum names * Add error handling for crypto key generation * Put KeyManager instance in BaseClient instead of AuthCode and Refresh Clients * Fix import in BaseClient * Extend KeyManager tests * Increase test coverage * Update lib/msal-browser/src/utils/CryptoConstants.ts * Update lib/msal-common/test/client/RefreshTokenClient.spec.ts Co-authored-by: Thomas Norling <[email protected]> * Fix incorrect typing and checks for private key on getPublicKeyThumbprint * Refactor cryptographic constants to have more consistent casing * Fix CryptoOps tests around getPublicKeyThumbprint * Move refreshTokenBinding feature flag to system config * Update browser client config to move refreshTokenBinding flag to system config * Rename KeyManager to CryptoKeyManager for more specificity * Update BrowserAuthError to remove keyId from error message and avoid Pii * Update lib/msal-browser/src/config/Configuration.ts * Refactor CryptoKeyManager into PopTokenGenerator * Change files * Replace crypto key type switch in getPublicKeyThumbprint with a ternary assignment Co-authored-by: Jason Nutter <[email protected]> * Update changefiles * Extend CryptoOps logging * Update exception handling and logging in CryptoOps getPublicKeyThumbprint API * Fix failing test in CryptoOps spec Co-authored-by: Thomas Norling <[email protected]> Co-authored-by: Sameera Gajjarapu <[email protected]> Co-authored-by: Jason Nutter <[email protected]>
This PR updates the BrowserAuthOptions for MSAL Browser v5, including: - Removal of references, implementations, and tests for `skipAuthorityMetadataCache` - Moves `protocolMode` to SystemOptions - Removal of documentation references to `supportsNestedAppAuth`
No description provided.