CryptoOps class

This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).

Constructors

CryptoOps(Logger, IPerformanceClient, CryptoOptions)

Methods

base64Decode(string)

Decodes input string from base64.

base64Encode(string)

Encodes input string to base64.

clearKeystore()

Removes all cryptographic keys from IndexedDB storage

createNewGuid()

Creates a new random GUID - used to populate state and nonce.

generatePkceCodes()

Generates PKCE codes used in Authorization Code Flow.

getPublicKeyThumbprint(SignedHttpRequestParameters)

Generates a keypair, stores it and returns a thumbprint

hashString(string)

Returns the SHA-256 hash of an input string

removeTokenBindingKey(string)

Removes cryptographic keypair from key store matching the keyId passed in

signJwt(SignedHttpRequest, string, string)

Signs the given object as a jwt payload with private key retrieved by given kid.

Constructor Details

CryptoOps(Logger, IPerformanceClient, CryptoOptions)

new CryptoOps(logger: Logger, performanceClient?: IPerformanceClient, cryptoConfig?: CryptoOptions)

Parameters

logger

Logger

performanceClient

IPerformanceClient

cryptoConfig
CryptoOptions

Method Details

base64Decode(string)

Decodes input string from base64.

function base64Decode(input: string): string

Parameters

input

string

Returns

string

base64Encode(string)

Encodes input string to base64.

function base64Encode(input: string): string

Parameters

input

string

Returns

string

clearKeystore()

Removes all cryptographic keys from IndexedDB storage

function clearKeystore(): Promise<boolean>

Returns

Promise<boolean>

createNewGuid()

Creates a new random GUID - used to populate state and nonce.

function createNewGuid(): string

Returns

string

string (GUID)

generatePkceCodes()

Generates PKCE codes used in Authorization Code Flow.

function generatePkceCodes(): Promise<PkceCodes>

Returns

Promise<PkceCodes>

getPublicKeyThumbprint(SignedHttpRequestParameters)

Generates a keypair, stores it and returns a thumbprint

function getPublicKeyThumbprint(request: SignedHttpRequestParameters): Promise<string>

Parameters

request

SignedHttpRequestParameters

Returns

Promise<string>

hashString(string)

Returns the SHA-256 hash of an input string

function hashString(plainText: string): Promise<string>

Parameters

plainText

string

Returns

Promise<string>

removeTokenBindingKey(string)

Removes cryptographic keypair from key store matching the keyId passed in

function removeTokenBindingKey(kid: string): Promise<boolean>

Parameters

kid

string

Returns

Promise<boolean>

signJwt(SignedHttpRequest, string, string)

Signs the given object as a jwt payload with private key retrieved by given kid.

function signJwt(payload: SignedHttpRequest, kid: string, correlationId?: string): Promise<string>

Parameters

kid

string

correlationId

string

Returns

Promise<string>