@azure/msal-node package

Classes

AuthError	General error class thrown by the MSAL.js library.
ClientApplication	Base abstract class for all ClientApplications - public and confidential
ClientAssertion	Client assertion of type jwt-bearer used in confidential client flows
ClientAuthError	Error thrown when there is an error in the client code running on the browser.
ClientConfigurationError	Error thrown when there is an error in configuration of the MSAL.js library.
ClientCredentialClient	OAuth2.0 client credential grant
ConfidentialClientApplication	This class is to be used to acquire tokens for confidential client applications (webApp, webAPI). Confidential client applications will configure application secrets, client certificates/assertions as applicable
CryptoProvider	This class implements MSAL node's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).
DeviceCodeClient	OAuth2.0 Device code client
DistributedCachePlugin	Cache plugin that serializes data to the cache and deserializes data from the cache
InteractionRequiredAuthError	Error thrown when user interaction is required.
Logger	Class which facilitates logging of messages to a specific place.
ManagedIdentityApplication	Class to initialize a managed identity and identify the service
OnBehalfOfClient	On-Behalf-Of client
PublicClientApplication	This class is to be used to acquire tokens for public client applications (desktop, mobile). Public client applications are not trusted to safely store application secrets, and therefore can only request tokens in the name of an user.
ServerError	Error thrown when there is an error with the server code, for example, unavailability.
TokenCache	In-memory token cache manager
TokenCacheContext	This class instance helps track the memory changes facilitating decisions to read from and write to the persistent cache
UsernamePasswordClient	Oauth2.0 Password grant client Note: We are only supporting public clients for password grant and for purely testing purposes

Interfaces

IAppTokenProvider
ICacheClient	Interface for the cache that defines a getter and setter
ICachePlugin
IConfidentialClientApplication	Interface for the ConfidentialClientApplication class defining the public API signatures
ILoopbackClient	Interface for LoopbackClient allowing to replace the default loopback server with a custom implementation.
INativeBrokerPlugin
INetworkModule	Client network interface to send backend requests.
IPartitionManager	Interface that defines getter methods to get keys used to identity data in the cache
IPublicClientApplication	Interface for the PublicClientApplication class defining the public API signatures
ISerializableTokenCache
ITokenCache	Token cache interface for the client, giving access to cache APIs

Type Aliases

AccountInfo	Account object with the following signature: homeAccountId - Home account identifier for this account object environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com) tenantId - Full tenant or organizational id that this account belongs to username - preferred_username claim of the id_token that represents this account localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases name - Full name for the account, including given name and family name idToken - raw ID token idTokenClaims - Object contains claims from ID token nativeAccountId - The user's native account ID tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser dataBoundary - Data boundary extracted from clientInfo
AppTokenProviderParameters	Input object for the IAppTokenProvider extensiblity. MSAL will create this object, which can be used to help create an AppTokenProviderResult. correlationId - the correlation Id associated with the request tenantId - the tenant Id for which the token must be provided scopes - the scopes for which the token must be provided claims - any extra claims that the token must satisfy
AppTokenProviderResult	Output object for IAppTokenProvider extensiblity. accessToken - the actual access token, typically in JWT format, that satisfies the request data AppTokenProviderParameters expiresInSeconds - how long the tokens has before expiry, in seconds. Similar to the "expires_in" field in an AAD token response. refreshInSeconds - how long the token has before it should be proactively refreshed. Similar to the "refresh_in" field in an AAD token response.
AuthenticationResult	Result returned from the authority's token endpoint. uniqueId - `oid` or `sub` claim from ID token tenantId - `tid` claim from ID token scopes - Scopes that are validated for the respective token account - An account object representation of the currently signed-in user idToken - Id token received as part of the response idTokenClaims - MSAL-relevant ID token claims accessToken - Access token or SSH certificate received as part of the response fromCache - Boolean denoting whether token came from cache expiresOn - Javascript Date object representing relative expiration of access token extExpiresOn - Javascript Date object representing extended relative expiration of access token in case of server outage refreshOn - Javascript Date object representing relative time until an access token must be refreshed state - Value passed in by user in request familyId - Family ID identifier, usually only used for refresh tokens requestId - Request ID returned as part of the response
AuthorizationCodePayload	Response returned after processing the code response query string or fragment.
AuthorizationCodeRequest	Request object passed by user to acquire a token from the server exchanging a valid authorization code (second leg of OAuth2.0 Authorization Code flow) scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls authority: - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. redirectUri - The redirect URI of your app, where the authority will redirect to after the user inputs credentials and consents. It must exactly match one of the redirect URIs you registered in the portal. tokenQueryParameters - String to string map of custom query parameters added to the /token call code - The authorization_code that the user acquired in the first leg of the flow. codeVerifier - The same code_verifier that was used to obtain the authorization_code. Required if PKCE was used in the authorization code grant request.For more information, see the PKCE RFC: https://tools.ietf.org/html/rfc7636 state - Unique GUID generated by the user that is cached by the user and sent to the server during the first leg of the flow. This string is sent back by the server with the authorization code. The user cached state is then compared with the state received from the server to mitigate the risk of CSRF attacks. See https://datatracker.ietf.org/doc/html/rfc6819#section-3.6.
AuthorizationUrlRequest	Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow) scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls authority - Url of the authority which the application acquires tokens from. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. extraScopesToConsent - Scopes for a different resource when the user needs consent upfront. responseMode - Specifies the method that should be used to send the authentication result to your app. Can be query, form_post, or fragment. If no value is passed in, it defaults to query. codeChallenge - Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE). For more information, see the PKCE RCF:https://tools.ietf.org/html/rfc7636 codeChallengeMethod - The method used to encode the code verifier for the code challenge parameter. Can be "plain" or "S256". If excluded, code challenge is assumed to be plaintext. For more information, see the PKCE RCF: https://tools.ietf.org/html/rfc7636 state - A value included in the request that is also returned in the token response. A randomly generated unique value is typically used for preventing cross site request forgery attacks. The state is also used to encode information about the user's state in the app before the authentication request occurred. prompt - Indicates the type of user interaction that is required. login: will force the user to enter their credentials on that request, negating single-sign on none: will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in session or any remembered accounts or an option to choose to use a different account create: will direct the user to the account creation experience instead of the log in experience account - AccountInfo obtained from a getAccount API. Will be used in certain scenarios to generate login_hint if both loginHint and sid params are not provided. loginHint - Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know the username/email address ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim. sid - Session ID, unique identifier for the session. Available as an optional claim on ID tokens. domainHint - Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain hint is a registered domain for the tenant. extraQueryParameters - String to string map of custom query parameters added to the /authorize call tokenQueryParameters - String to string map of custom query parameters added to the /token call nonce - A value included in the request that is returned in the id token. A randomly generated unique value is typically used to mitigate replay attacks.
AuthorizeResponse	Response properties that may be returned by the /authorize endpoint
AzureCloudOptions	AzureCloudInstance specific options azureCloudInstance - string enum providing short notation for soverign and public cloud authorities tenant - provision to provide the tenant info
BrokerOptions	Use this to configure the below broker options: nativeBrokerPlugin - Native broker implementation (should be imported from msal-node-extensions) Note: These options are only available for PublicClientApplications using the Authorization Code Flow
CacheKVStore	Key value store for in-memory cache
CacheOptions	Use this to configure the below cache configuration options: cachePlugin - Plugin for reading and writing token cache to disk.
ClientAssertionCallback
ClientCredentialRequest	CommonClientCredentialRequest scopes - Array of scopes the application is requesting access to. Typically contains only the .default scope for a single resource. See: https://learn.microsoft.com/azure/active-directory/develop/scopes-oidc#the-default-scope authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. skipCache - Skip token cache lookup and force request to authority to get a a new token. Defaults to false. clientAssertion - An assertion string or a callback function that returns an assertion string (both are Base64Url-encoded signed JWTs) used in the Client Credential flow tokenQueryParameters - String to string map of custom query parameters added to the /token call
Configuration	Use the configuration object to configure MSAL and initialize the client application object auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform broker: this is where you configure broker options cache: this is where you configure cache location system: this is where you can configure the network client, logger telemetry: this is where you can configure telemetry options
DeviceCodeRequest	Parameters for Oauth2 device code flow. scopes - Array of scopes the application is requesting access to. authority: - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. deviceCodeCallback - Callback containing device code response. Message should be shown to end user. End user can then navigate to the verification_uri, input the user_code, and input credentials. cancel - Boolean to cancel polling of device code endpoint. While the user authenticates on a separate device, MSAL polls the the token endpoint of security token service for the interval specified in the device code response (usually 15 minutes). To stop polling and cancel the request, set cancel=true. extraQueryParameters - String to string map of custom query parameters added to the query string
IdTokenClaims	Type which describes Id Token claims known by MSAL.
InMemoryCache	Intermittent type to handle in-memory data objects with defined types
InteractiveRequest	Request object passed by user to configure acquireTokenInteractive API openBrowser - Function to open a browser instance on user's system. scopes - Array of scopes the application is requesting access to. successTemplate: - Template to be displayed on the opened browser instance upon successful token acquisition. errorTemplate - Template to be displayed on the opened browser instance upon token acquisition failure. windowHandle - Used in native broker flows to properly parent the native broker window loopbackClient - Custom implementation for a loopback server to listen for authorization code response.
JsonCache	Cache format read from the cache blob provided to the configuration during app instantiation
ManagedIdentityConfiguration
ManagedIdentityIdParams
ManagedIdentityRequestParams	ManagedIdentityRequest claims - a stringified claims request which will be used to determine whether or not the cache should be skipped forceRefresh - forces managed identity requests to skip the cache and make network calls if true resource - resource requested to access the protected API. It should be of the form "ResourceIdUri" or "ResourceIdUri/.default". For instance https://management.azure.net or, for Microsoft Graph, `https://graph.microsoft.com/.default`
NetworkRequestOptions	Options allowed by network request APIs.
NetworkResponse
NodeAuthOptions	clientId - Client id of the application. authority - Url of the authority. If no value is set, defaults to `https://login.microsoftonline.com/common`. knownAuthorities - Needed for Azure B2C and ADFS. All authorities that will be used in the client application. Only the host of the authority should be passed in. clientSecret - Secret string that the application uses when requesting a token. Only used in confidential client applications. Can be created in the Azure app registration portal. clientAssertion - A ClientAssertion object containing an assertion string or a callback function that returns an assertion string that the application uses when requesting a token, as well as the assertion's type (urn:ietf:params:oauth:client-assertion-type:jwt-bearer). Only used in confidential client applications. clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 or SHA-256 thumbprint of the certificate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- ) protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints. skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false. encodeExtraQueryParams - A flag to choose whether to encode extra query parameters in the request URL. Defaults to false.
NodeSystemOptions	Type for configuring logger and http client options logger - Used to initialize the Logger object; TODO: Expand on logger details or link to the documentation on logger networkClient - Http client used for all http get and post calls. Defaults to using MSAL's default http client.
NodeTelemetryOptions
OnBehalfOfRequest	scopes - Array of scopes the application is requesting access to. authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. oboAssertion - The access token that was sent to the middle-tier API. This token must have an audience of the app making this OBO request. skipCache - Skip token cache lookup and force request to authority to get a a new token. Defaults to false. tokenQueryParameters - String to string map of custom query parameters added to the /token call
RefreshTokenRequest	CommonRefreshTokenRequest scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. refreshToken - A refresh token returned from a previous request to the Identity provider. tokenQueryParameters - String to string map of custom query parameters added to the /token call forceCache - Force MSAL to cache a refresh token flow response when there is no account in the cache. Used for migration scenarios.
SerializedAccessTokenEntity	Access token credential type
SerializedAccountEntity	Account type
SerializedAppMetadataEntity	AppMetadata type
SerializedIdTokenEntity	Idtoken credential type
SerializedRefreshTokenEntity	Refresh token credential type
SignOutRequest
SilentFlowRequest	SilentFlow parameters passed by the user to retrieve credentials silently scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls. When included on a silent request, cache lookup will be skipped and token will be refreshed. authority - Url of the authority which the application acquires tokens from. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. tokenQueryParameters - String to string map of custom query parameters added to the /token call account - Account entity to lookup the credentials. forceRefresh - Forces silent requests to make network calls if true.
UsernamePasswordRequest	UsernamePassword parameters passed by the user to retrieve credentials Note: The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely. This flow is added for internal testing. scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls. When included on a silent request, cache lookup will be skipped and token will be refreshed. authority - Url of the authority which the application acquires tokens from. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. username - username of the client password - credentials tokenQueryParameters - String to string map of custom query parameters added to the /token call

Enums

LogLevel

Log message level.

Variables

AzureCloudInstance
ManagedIdentitySourceNames	Managed Identity Source Names
ProtocolMode	Protocol modes supported by MSAL.
ResponseMode	allowed values for response_mode
AuthErrorMessage	AuthErrorMessage class containing string constants used by error codes and messages.
ClientAuthErrorMessage	String constants used by error codes and messages.
ClientConfigurationErrorMessage	ClientConfigurationErrorMessage class containing string constants used by error codes and messages.
InteractionRequiredAuthErrorMessage	Interaction required errors defined by the SDK
PromptValue	we considered making this "enum" in the request instead of string, however it looks like the allowed list of prompt values kept changing over past couple of years. There are some undocumented prompt values for some internal partners too, hence the choice of generic "string" type instead of the "enum"
version

AzureCloudInstance

AzureCloudInstance: { AzureChina: "https://login.chinacloudapi.cn", AzureGermany: "https://login.microsoftonline.de", AzurePpe: "https://login.windows-ppe.net", AzurePublic: "https://login.microsoftonline.com", AzureUsGovernment: "https://login.microsoftonline.us", None: "none" }

Type

{ AzureChina: "https://login.chinacloudapi.cn", AzureGermany: "https://login.microsoftonline.de", AzurePpe: "https://login.windows-ppe.net", AzurePublic: "https://login.microsoftonline.com", AzureUsGovernment: "https://login.microsoftonline.us", None: "none" }

ManagedIdentitySourceNames

Managed Identity Source Names

ManagedIdentitySourceNames: { APP_SERVICE: "AppService", AZURE_ARC: "AzureArc", CLOUD_SHELL: "CloudShell", DEFAULT_TO_IMDS: "DefaultToImds", IMDS: "Imds", MACHINE_LEARNING: "MachineLearning", SERVICE_FABRIC: "ServiceFabric" }

Type

{ APP_SERVICE: "AppService", AZURE_ARC: "AzureArc", CLOUD_SHELL: "CloudShell", DEFAULT_TO_IMDS: "DefaultToImds", IMDS: "Imds", MACHINE_LEARNING: "MachineLearning", SERVICE_FABRIC: "ServiceFabric" }

ProtocolMode

Protocol modes supported by MSAL.

ProtocolMode: { AAD: "AAD", EAR: "EAR", OIDC: "OIDC" }

Type

{ AAD: "AAD", EAR: "EAR", OIDC: "OIDC" }

ResponseMode

allowed values for response_mode

ResponseMode: { FORM_POST: "form_post", FRAGMENT: "fragment", QUERY: "query" }

Type

{ FORM_POST: "form_post", FRAGMENT: "fragment", QUERY: "query" }

AuthErrorMessage

Warning

This API is now deprecated.

Use AuthErrorCodes instead

AuthErrorMessage class containing string constants used by error codes and messages.

AuthErrorMessage: { postRequestFailed: { code: string, desc: string }, unexpectedError: { code: string, desc: string } }

Type

{ postRequestFailed: { code: string, desc: string }, unexpectedError: { code: string, desc: string } }

ClientAuthErrorMessage

Warning

This API is now deprecated.

Use ClientAuthErrorCodes instead

String constants used by error codes and messages.

ClientAuthErrorMessage: { DeviceCodeExpired: { code: string, desc: string }, DeviceCodePollingCancelled: { code: string, desc: string }, DeviceCodeUnknownError: { code: string, desc: string }, NoAccountInSilentRequest: { code: string, desc: string }, appendScopeSetError: { code: string, desc: string }, authTimeNotFoundError: { code: string, desc: string }, bindingKeyNotRemovedError: { code: string, desc: string }, clientInfoDecodingError: { code: string, desc: string }, clientInfoEmptyError: { code: string, desc: string }, emptyInputScopeSetError: { code: string, desc: string }, endpointResolutionError: { code: string, desc: string }, hashNotDeserialized: { code: string, desc: string }, invalidAssertion: { code: string, desc: string }, invalidCacheEnvironment: { code: string, desc: string }, invalidCacheRecord: { code: string, desc: string }, invalidClientCredential: { code: string, desc: string }, invalidStateError: { code: string, desc: string }, keyIdMissing: { code: string, desc: string }, logoutNotSupported: { code: string, desc: string }, maxAgeTranspired: { code: string, desc: string }, missingTenantIdError: { code: string, desc: string }, multipleMatchingAccounts: { code: string, desc: string }, multipleMatchingAppMetadata: { code: string, desc: string }, multipleMatchingTokens: { code: string, desc: string }, nestedAppAuthBridgeDisabled: { code: string, desc: string }, networkError: { code: string, desc: string }, noAccountFound: { code: string, desc: string }, noAuthorizationCodeFromServer: { code: string, desc: string }, noCryptoObj: { code: string, desc: string }, noNetworkConnectivity: { code: string, desc: string }, nonceMismatchError: { code: string, desc: string }, nullOrEmptyToken: { code: string, desc: string }, platformBrokerError: { code: string, desc: string }, removeEmptyScopeError: { code: string, desc: string }, stateMismatchError: { code: string, desc: string }, stateNotFoundError: { code: string, desc: string }, tokenClaimsRequired: { code: string, desc: string }, tokenParsingError: { code: string, desc: string }, tokenRefreshRequired: { code: string, desc: string }, tokenRequestCannotBeMade: { code: string, desc: string }, unableToGetOpenidConfigError: { code: string, desc: string }, unexpectedCredentialType: { code: string, desc: string }, userCanceledError: { code: string, desc: string }, userTimeoutReached: { code: string, desc: string } }

Type

{ DeviceCodeExpired: { code: string, desc: string }, DeviceCodePollingCancelled: { code: string, desc: string }, DeviceCodeUnknownError: { code: string, desc: string }, NoAccountInSilentRequest: { code: string, desc: string }, appendScopeSetError: { code: string, desc: string }, authTimeNotFoundError: { code: string, desc: string }, bindingKeyNotRemovedError: { code: string, desc: string }, clientInfoDecodingError: { code: string, desc: string }, clientInfoEmptyError: { code: string, desc: string }, emptyInputScopeSetError: { code: string, desc: string }, endpointResolutionError: { code: string, desc: string }, hashNotDeserialized: { code: string, desc: string }, invalidAssertion: { code: string, desc: string }, invalidCacheEnvironment: { code: string, desc: string }, invalidCacheRecord: { code: string, desc: string }, invalidClientCredential: { code: string, desc: string }, invalidStateError: { code: string, desc: string }, keyIdMissing: { code: string, desc: string }, logoutNotSupported: { code: string, desc: string }, maxAgeTranspired: { code: string, desc: string }, missingTenantIdError: { code: string, desc: string }, multipleMatchingAccounts: { code: string, desc: string }, multipleMatchingAppMetadata: { code: string, desc: string }, multipleMatchingTokens: { code: string, desc: string }, nestedAppAuthBridgeDisabled: { code: string, desc: string }, networkError: { code: string, desc: string }, noAccountFound: { code: string, desc: string }, noAuthorizationCodeFromServer: { code: string, desc: string }, noCryptoObj: { code: string, desc: string }, noNetworkConnectivity: { code: string, desc: string }, nonceMismatchError: { code: string, desc: string }, nullOrEmptyToken: { code: string, desc: string }, platformBrokerError: { code: string, desc: string }, removeEmptyScopeError: { code: string, desc: string }, stateMismatchError: { code: string, desc: string }, stateNotFoundError: { code: string, desc: string }, tokenClaimsRequired: { code: string, desc: string }, tokenParsingError: { code: string, desc: string }, tokenRefreshRequired: { code: string, desc: string }, tokenRequestCannotBeMade: { code: string, desc: string }, unableToGetOpenidConfigError: { code: string, desc: string }, unexpectedCredentialType: { code: string, desc: string }, userCanceledError: { code: string, desc: string }, userTimeoutReached: { code: string, desc: string } }

ClientConfigurationErrorMessage

Warning

This API is now deprecated.

Use ClientConfigurationErrorCodes instead

ClientConfigurationErrorMessage class containing string constants used by error codes and messages.

ClientConfigurationErrorMessage: { authorityMismatch: { code: string, desc: string }, authorityUriInsecure: { code: string, desc: string }, cannotAllowPlatformBroker: { code: string, desc: string }, cannotSetOIDCOptions: { code: string, desc: string }, claimsRequestParsingError: { code: string, desc: string }, emptyScopesError: { code: string, desc: string }, invalidAuthenticationHeader: { code: string, desc: string }, invalidAuthorityMetadata: { code: string, desc: string }, invalidAuthorizePostBodyParameters: { code: string, desc: string }, invalidClaimsRequest: { code: string, desc: string }, invalidCloudDiscoveryMetadata: { code: string, desc: string }, invalidCodeChallengeMethod: { code: string, desc: string }, invalidCodeChallengeParams: { code: string, desc: string }, invalidPlatformBrokerConfiguration: { code: string, desc: string }, invalidRequestMethodForEAR: { code: string, desc: string }, logoutRequestEmptyError: { code: string, desc: string }, missingNonceAuthenticationHeader: { code: string, desc: string }, missingSshJwk: { code: string, desc: string }, missingSshKid: { code: string, desc: string }, redirectUriNotSet: { code: string, desc: string }, tokenRequestEmptyError: { code: string, desc: string }, untrustedAuthority: { code: string, desc: string }, urlEmptyError: { code: string, desc: string }, urlParseError: { code: string, desc: string } }

Type

{ authorityMismatch: { code: string, desc: string }, authorityUriInsecure: { code: string, desc: string }, cannotAllowPlatformBroker: { code: string, desc: string }, cannotSetOIDCOptions: { code: string, desc: string }, claimsRequestParsingError: { code: string, desc: string }, emptyScopesError: { code: string, desc: string }, invalidAuthenticationHeader: { code: string, desc: string }, invalidAuthorityMetadata: { code: string, desc: string }, invalidAuthorizePostBodyParameters: { code: string, desc: string }, invalidClaimsRequest: { code: string, desc: string }, invalidCloudDiscoveryMetadata: { code: string, desc: string }, invalidCodeChallengeMethod: { code: string, desc: string }, invalidCodeChallengeParams: { code: string, desc: string }, invalidPlatformBrokerConfiguration: { code: string, desc: string }, invalidRequestMethodForEAR: { code: string, desc: string }, logoutRequestEmptyError: { code: string, desc: string }, missingNonceAuthenticationHeader: { code: string, desc: string }, missingSshJwk: { code: string, desc: string }, missingSshKid: { code: string, desc: string }, redirectUriNotSet: { code: string, desc: string }, tokenRequestEmptyError: { code: string, desc: string }, untrustedAuthority: { code: string, desc: string }, urlEmptyError: { code: string, desc: string }, urlParseError: { code: string, desc: string } }

InteractionRequiredAuthErrorMessage

Warning

This API is now deprecated.

Use InteractionRequiredAuthErrorCodes instead

Interaction required errors defined by the SDK

InteractionRequiredAuthErrorMessage: { bad_token: { code: string, desc: string }, interrupted_user: { code: string, desc: string }, native_account_unavailable: { code: string, desc: string }, noTokensFoundError: { code: string, desc: string } }

Type

{ bad_token: { code: string, desc: string }, interrupted_user: { code: string, desc: string }, native_account_unavailable: { code: string, desc: string }, noTokensFoundError: { code: string, desc: string } }

PromptValue

we considered making this "enum" in the request instead of string, however it looks like the allowed list of prompt values kept changing over past couple of years. There are some undocumented prompt values for some internal partners too, hence the choice of generic "string" type instead of the "enum"

PromptValue: { CONSENT: string, CREATE: string, LOGIN: string, NONE: string, NO_SESSION: string, SELECT_ACCOUNT: string }

Type

{ CONSENT: string, CREATE: string, LOGIN: string, NONE: string, NO_SESSION: string, SELECT_ACCOUNT: string }

version

version: "3.8.10"

Type

"3.8.10"

Sdílet prostřednictvím

@azure/msal-node package

Classes

Interfaces

Type Aliases

Enums

Variables

Variable Details

AzureCloudInstance

Type

ManagedIdentitySourceNames

Type

ProtocolMode

Type

ResponseMode

Type

AuthErrorMessage

Type

ClientAuthErrorMessage

Type

ClientConfigurationErrorMessage

Type

InteractionRequiredAuthErrorMessage

Type

PromptValue

Type

version

Type