@azure/msal-common package

Classes

AuthError	General error class thrown by the MSAL.js library.
AuthenticationHeaderParser	This is a helper class that parses supported HTTP response authentication headers to extract and return header challenge values that can be used outside the basic authorization flows.
CacheError	Error thrown when there is an error with the cache
ClientAuthError	Error thrown when there is an error in the client code running on the browser.
ClientConfigurationError	Error thrown when there is an error in configuration of the MSAL.js library.
InteractionRequiredAuthError	Error thrown when user interaction is required.
Logger	Class which facilitates logging of messages to a specific place.
NetworkError	Represents network related errors
PerformanceClient
PlatformBrokerError	Error class for MSAL Runtime errors that preserves detailed broker information
ProtocolUtils	Class which provides helpers for OAuth 2.0 protocol specific values
ScopeSet	The ScopeSet class creates a set of scopes. Scopes are case-insensitive, unique values, so the Set object in JS makes the most sense to implement for this class. All scopes are trimmed and converted to lower case strings in intersection and union functions to ensure uniqueness of strings.
ServerError	Error thrown when there is an error with the server code, for example, unavailability.
StubPerformanceClient
UrlString	Url object class which can perform various transformations on url strings.
TokenCacheContext	This class instance helps track the memory changes facilitating decisions to read from and write to the persistent cache

Interfaces

ICrypto	Interface for crypto functions used by library
ILoggerCallback
INetworkModule	Client network interface to send backend requests.
IPerformanceClient
IPerformanceMeasurement
IUri	Interface which describes URI components.
PreQueueEvent
IAppTokenProvider
ICachePlugin
IGuidGenerator
INativeBrokerPlugin
ISerializableTokenCache

Type Aliases

AccessTokenEntity	Access token cache type
AccountFilter	Account: <home_account_id>-<environment>-<realm*>
AccountInfo	Account object with the following signature: homeAccountId - Home account identifier for this account object environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com) tenantId - Full tenant or organizational id that this account belongs to username - preferred_username claim of the id_token that represents this account localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases name - Full name for the account, including given name and family name idToken - raw ID token idTokenClaims - Object contains claims from ID token nativeAccountId - The user's native account ID tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser dataBoundary - Data boundary extracted from clientInfo
ActiveAccountFilters
AppMetadataEntity	App Metadata Cache Type
ApplicationTelemetry	Telemetry information sent on request appName: Unique string name of an application appVersion: Version of the application using MSAL
AuthenticationResult	Result returned from the authority's token endpoint. uniqueId - oid or sub claim from ID token tenantId - tid claim from ID token scopes - Scopes that are validated for the respective token account - An account object representation of the currently signed-in user idToken - Id token received as part of the response idTokenClaims - MSAL-relevant ID token claims accessToken - Access token or SSH certificate received as part of the response fromCache - Boolean denoting whether token came from cache expiresOn - Javascript Date object representing relative expiration of access token extExpiresOn - Javascript Date object representing extended relative expiration of access token in case of server outage refreshOn - Javascript Date object representing relative time until an access token must be refreshed state - Value passed in by user in request familyId - Family ID identifier, usually only used for refresh tokens requestId - Request ID returned as part of the response
AuthorityOptions
AuthorizationCodePayload	Response returned after processing the code response query string or fragment.
AuthorizeResponse	Response properties that may be returned by the /authorize endpoint
AzureCloudOptions	AzureCloudInstance specific options azureCloudInstance - string enum providing short notation for soverign and public cloud authorities tenant - provision to provide the tenant info
AzureRegion
AzureRegionConfiguration
BaseAuthRequest	BaseAuthRequest authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. Defaults to https://login.microsoftonline.com/common. If using the same authority for all request, authority should set on client application object and not request, to avoid resolving authority endpoints multiple times. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. scopes - Array of scopes the application is requesting access to. authenticationScheme - The type of token retrieved. Defaults to "Bearer". Can also be type "pop" or "SSH". claims - A stringified claims request which will be added to all /authorize and /token calls shrClaims - A stringified claims object which will be added to a Signed HTTP Request shrNonce - A server-generated timestamp that has been encrypted and base64URL encoded, which will be added to a Signed HTTP Request. shrOptions - An object containing options for the Signed HTTP Request resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows. resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows. sshJwk - A stringified JSON Web Key representing a public key that can be signed by an SSH certificate. sshKid - Key ID that uniquely identifies the SSH public key mentioned above. azureCloudOptions - Convenience string enums for users to provide public/sovereign cloud ids requestedClaimsHash - SHA 256 hash string of the requested claims string, used as part of an access token cache key so tokens can be filtered by requested claims tokenQueryParameters - String to string map of custom query parameters added to the /token call tokenBodyParameters - String to string map of custom parameters added to the body of the /token call storeInCache - Object containing boolean values indicating whether to store tokens in the cache or not (default is true) scenarioId - Scenario id to track custom user prompts popKid - Key ID to identify the public key for PoP token request embeddedClientId - Embedded client id. When specified, broker client id (brk_client_id) and redirect uri (brk_redirect_uri) params are set with values from the config, overriding the corresponding extra parameters, if present. httpMethod - HTTP method to use for the /authorize request. Defaults to GET, but can be set to POST if the request requires body parameters authorizePostBodyParameters - String to string map of custom parameters added to the body of the /authorize call when httpMethod is set to POST
CacheOptions	Use this to configure credential cache preferences in the ClientConfiguration object claimsBasedCachingEnabled - Sets whether tokens should be cached based on the claims hash. Default is false.
CcsCredential
ClientInfo	Client info object which consists of: uid: user id utid: tenant id xms_tdbr: optional, only for non-US tenants
CommonAuthorizationCodeRequest	Request object passed by user to acquire a token from the server exchanging a valid authorization code (second leg of OAuth2.0 Authorization Code flow) scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls authority: - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. redirectUri - The redirect URI of your app, where the authority will redirect to after the user inputs credentials and consents. It must exactly match one of the redirect URIs you registered in the portal code - The authorization_code that the user acquired in the first leg of the flow. codeVerifier - The same code_verifier that was used to obtain the authorization_code. Required if PKCE was used in the authorization code grant request.For more information, see the PKCE RFC: https://tools.ietf.org/html/rfc7636 resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows. resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows. enableSpaAuthCode - Enables the acqusition of a spa authorization code (confidential clients only) tokenQueryParameters - String to string map of custom query parameters added to the /token call
CommonAuthorizationUrlRequest	Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow) scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls authority - Url of the authority which the application acquires tokens from. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. extraScopesToConsent - Scopes for a different resource when the user needs consent upfront. responseMode - Specifies the method that should be used to send the authentication result to your app. Can be query, form_post, or fragment. If no value is passed in, it defaults to query. codeChallenge - Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE). For more information, see the PKCE RCF:https://tools.ietf.org/html/rfc7636 codeChallengeMethod - The method used to encode the code verifier for the code challenge parameter. Can be "plain" or "S256". If excluded, code challenge is assumed to be plaintext. For more information, see the PKCE RCF: https://tools.ietf.org/html/rfc7636 state - A value included in the request that is also returned in the token response. A randomly generated unique value is typically used for preventing cross site request forgery attacks. The state is also used to encode information about the user's state in the app before the authentication request occurred. prompt - Indicates the type of user interaction that is required. login: will force the user to enter their credentials on that request, negating single-sign on none: will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in session or any remembered accounts or an option to choose to use a different account create: will direct the user to the account creation experience instead of the log in experience no_session: will not read existing session token when authenticating the user. Upon user being successfully authenticated, EVO won’t create a new session for the user. FOR INTERNAL USE ONLY. account - AccountInfo obtained from a getAccount API. Will be used in certain scenarios to generate login_hint if both loginHint and sid params are not provided. loginHint - Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know the username/email address ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim. sid - Session ID, unique identifier for the session. Available as an optional claim on ID tokens. domainHint - Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain hint is a registered domain for the tenant. extraQueryParameters - String to string map of custom query parameters added to the /authorize call tokenQueryParameters - String to string map of custom query parameters added to the /token call nonce - A value included in the request that is returned in the id token. A randomly generated unique value is typically used to mitigate replay attacks. resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows. resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows.
CommonEndSessionRequest	CommonEndSessionRequest account - Account object that will be logged out of. All tokens tied to this account will be cleared. postLogoutRedirectUri - URI to navigate to after logout page. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. idTokenHint - ID Token used by B2C to validate logout if required by the policy state - A value included in the request to the logout endpoint which will be returned in the query string upon post logout redirection logoutHint - A string that specifies the account that is being logged out in order to skip the server account picker on logout extraQueryParameters - String to string map of custom query parameters added to the /authorize call
CommonRefreshTokenRequest	CommonRefreshTokenRequest scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. refreshToken - A refresh token returned from a previous request to the Identity provider. resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows. resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows. forceCache - Force MSAL to cache a refresh token flow response when there is no account in the cache. Used for migration scenarios. tokenQueryParameters - String to string map of custom query parameters added to the /token call
CommonSilentFlowRequest	SilentFlow parameters passed by the user to retrieve credentials silently scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls. When included on a silent request, cache lookup will be skipped and token will be refreshed. authority - Url of the authority which the application acquires tokens from. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. account - Account entity to lookup the credentials. forceRefresh - Forces silent requests to make network calls if true. resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows. resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows. tokenQueryParameters - String to string map of custom query parameters added to the /token call
CredentialEntity	Credential Cache Type
CredentialFilter	Credential: <home_account_id*>-<environment>-<credential_type>-<client_id>-<realm*>-<target*>-<scheme*>
ExternalTokenResponse	Response object used for loading external tokens to cache. token_type: Indicates the token type value. The only type that Azure AD supports is Bearer. scope: The scopes that the access_token is valid for. expires_in: How long the access token is valid (in seconds). id_token: A JSON Web Token (JWT). The app can decode the segments of this token to request information about the user who signed in. refresh_token: An OAuth 2.0 refresh token. The app can use this token acquire additional access tokens after the current access token expires. access_token: The requested access token. The app can use this token to authenticate to the secured resource, such as a web API. client_info: Client info object
IdTokenEntity	Id Token Cache Type
InProgressPerformanceEvent
LibraryStateObject	Type which defines the object that is stringified, encoded and sent in the state value. Contains the following: id - unique identifier for this request ts - timestamp for the time the request was made. Used to ensure that token expiration is not calculated incorrectly. platformState - string value sent from the platform.
LoggerOptions	Use this to configure the logging that MSAL does, by configuring logger options in the Configuration object loggerCallback - Callback for logger piiLoggingEnabled - Sets whether pii logging is enabled logLevel - Sets the level at which logging happens correlationId - Sets the correlationId printed by the logger
NetworkRequestOptions	Options allowed by network request APIs.
NetworkResponse
OIDCOptions	Options for the OIDC protocol mode.
PerformanceCallbackFunction
PerformanceEvent	Performance measurement taken by the library, including metadata about the request and application.
PkceCodes	The PkceCodes type describes the structure of objects that contain PKCE code challenge and verifier pairs
QueueMeasurement	Queue measurement type
RefreshTokenEntity	Refresh Token Cache Type
RequestStateObject	Type which defines the stringified and encoded object sent to the service in the authorize request.
RequestThumbprint	Type representing a unique request thumbprint.
ServerAuthorizationTokenResponse	Deserialized response object from server authorization code request. token_type: Indicates the token type value. Can be either Bearer or pop. scope: The scopes that the access_token is valid for. expires_in: How long the access token is valid (in seconds). refresh_in: Duration afer which a token should be renewed, regardless of expiration. ext_expires_in: How long the access token is valid (in seconds) if the server isn't responding. access_token: The requested access token. The app can use this token to authenticate to the secured resource, such as a web API. refresh_token: An OAuth 2.0 refresh token. The app can use this token acquire additional access tokens after the current access token expires. id_token: A JSON Web Token (JWT). The app can decode the segments of this token to request information about the user who signed in. key_id: A string that uniquely identifies a public key that the request is bound to. In case of error: error: An error code string that can be used to classify types of errors that occur, and can be used to react to errors. error_description: A specific error message that can help a developer identify the root cause of an authentication error. error_codes: A list of STS-specific error codes that can help in diagnostics. timestamp: The time at which the error occurred. trace_id: A unique identifier for the request that can help in diagnostics. correlation_id: A unique identifier for the request that can help in diagnostics across components. status: the network request's response status
ServerTelemetryEntity
ServerTelemetryRequest
ShrOptions
SignedHttpRequest
SignedHttpRequestParameters
StaticAuthorityOptions
StoreInCache	Controls whether tokens should be stored in the cache or not. If set to false, tokens may still be acquired and returned but will not be cached for later retrieval.
StringDict	Key-Value type to support queryParams, extraQueryParams and claims
SubMeasurement
SystemOptions	Use this to configure token renewal info in the Configuration object tokenRenewalOffsetSeconds - Sets the window of offset needed to renew the token before expiry
TenantProfile	Account details that vary across tenants for the same user
ThrottlingEntity
TokenClaims	Type which describes Id Token claims known by MSAL.
TokenKeys
AppTokenProviderParameters	Input object for the IAppTokenProvider extensiblity. MSAL will create this object, which can be used to help create an AppTokenProviderResult. correlationId - the correlation Id associated with the request tenantId - the tenant Id for which the token must be provided scopes - the scopes for which the token must be provided claims - any extra claims that the token must satisfy
AppTokenProviderResult	Output object for IAppTokenProvider extensiblity. accessToken - the actual access token, typically in JWT format, that satisfies the request data AppTokenProviderParameters expiresInSeconds - how long the tokens has before expiry, in seconds. Similar to the "expires_in" field in an AAD token response. refreshInSeconds - how long the token has before it should be proactively refreshed. Similar to the "refresh_in" field in an AAD token response.
ClientAssertion	Client Assertion credential for Confidential Clients
ClientAssertionCallback
ClientAssertionConfig
CommonClientCredentialRequest	CommonClientCredentialRequest scopes - Array of scopes the application is requesting access to. authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. skipCache - Skip token cache lookup and force request to authority to get a a new token. Defaults to false. preferredAzureRegionOptions - Options of the user's preferred azure region tokenQueryParameters - String to string map of custom query parameters added to the /token call
CommonDeviceCodeRequest	Parameters for Oauth2 device code flow. scopes - Array of scopes the application is requesting access to. authority: - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. deviceCodeCallback - Callback containing device code response. Message should be shown to end user. End user can then navigate to the verification_uri, input the user_code, and input credentials. cancel - Boolean to cancel polling of device code endpoint. While the user authenticates on a separate device, MSAL polls the the token endpoint of security token service for the interval specified in the device code response (usually 15 minutes). To stop polling and cancel the request, set cancel=true. resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows. resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows. timeout - Timeout period in seconds which the user explicitly configures for the polling of the device code endpoint. At the end of this period; assuming the device code has not expired yet; the device code polling is stopped and the request cancelled. The device code expiration window will always take precedence over this set period. extraQueryParameters - String to string map of custom query parameters added to the query string
CommonOnBehalfOfRequest	scopes - Array of scopes the application is requesting access to. authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. oboAssertion - The access token that was sent to the middle-tier API. This token must have an audience of the app making this OBO request. skipCache - Skip token cache lookup and force request to authority to get a a new token. Defaults to false. tokenQueryParameters - String to string map of custom query parameters added to the /token call
CommonUsernamePasswordRequest	CommonUsernamePassword parameters passed by the user to retrieve credentials Note: The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely. This flow is added for internal testing. scopes - Array of scopes the application is requesting access to. claims - A stringified claims request which will be added to all /authorize and /token calls. When included on a silent request, cache lookup will be skipped and token will be refreshed. authority - Url of the authority which the application acquires tokens from. correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes. username - username of the client password - credentials tokenQueryParameters - String to string map of custom query parameters added to the /token call
DeviceCodeResponse	DeviceCode returned by the security token service device code endpoint containing information necessary for device code flow. userCode: code which user needs to provide when authenticating at the verification URI deviceCode: code which should be included in the request for the access token verificationUri: URI where user can authenticate expiresIn: expiration time of the device code in seconds interval: interval at which the STS should be polled at message: message which should be displayed to the user
NativeRequest
NativeSignOutRequest
ServerDeviceCodeResponse

Enums

LogLevel	Log message level.
PerformanceEventStatus	State of the performance event.
PerformanceEvents	Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.

Functions

buildAccountToCache(CacheManager, Authority, string, (input: string) => string, string, TokenClaims, string, string, null | string, AuthorizationCodePayload, string, Logger)
buildClientInfo(string, (input: string) => string)	Function to build a client info object from server clientInfo string
buildClientInfoFromHomeAccountId(string)	Function to build a client info object from cached homeAccountId string
buildStaticAuthorityOptions(Partial<AuthorityOptions>)
buildTenantProfile(string, string, string, TokenClaims)	Build tenant profile
createAuthError(string, string)
createCacheError(unknown)	Helper function to wrap browser errors in a CacheError object
createClientAuthError(string, string)
createClientConfigurationError(string)
createInteractionRequiredAuthError(string)	Creates an InteractionRequiredAuthError
createNetworkError(AuthError, number, Record<string, string>, Error)	Creates NetworkError object for a failed network request
formatAuthorityUri(string)
getRequestThumbprint(string, BaseAuthRequest, string)
getTenantIdFromIdTokenClaims(TokenClaims)	Gets tenantId from available ID token claims to set as credential realm with the following precedence: tid - if the token is acquired from an Azure AD tenant tid will be present tfp - if the token is acquired from a modern B2C tenant tfp should be present acr - if the token is acquired from a legacy B2C tenant acr should be present Downcased to match the realm case-insensitive comparison requirements
tenantIdMatchesHomeTenant(string, string)	Returns true if tenantId matches the utid portion of homeAccountId
updateAccountTenantProfileData(AccountInfo, TenantProfile, TokenClaims, string)	Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info

Variables

AADAuthorityConstants	String constants related to AAD Authority
AuthenticationScheme	Type of the authentication request
AuthorityType	Authority types supported by MSAL.
AzureCloudInstance
CacheAccountType	Account types in Cache
CacheOutcome	Specifies the reason for fetching the access token from the identity provider
CacheType	Combine all cache types
CcsCredentialType
ClaimsRequestKeys	Claims request keys
CredentialType	Credential Type stored in the cache
EncodingTypes
GrantType	allowed grant_type
HeaderNames	Request header names
HttpMethod
HttpStatus
JsonWebTokenTypes
OAuthResponseType	Allowed values for response_type
PasswordGrantConstants	Password grant parameters
PersistentCacheKeys	Persistent cache keys MSAL which stay while user is logged in.
ProtocolMode	Protocol modes supported by MSAL.
ResponseMode	allowed values for response_mode
ServerResponseType	allowed values for server response type
AuthErrorMessage	AuthErrorMessage class containing string constants used by error codes and messages.
ClientAuthErrorMessage	String constants used by error codes and messages.
ClientConfigurationErrorMessage	ClientConfigurationErrorMessage class containing string constants used by error codes and messages.
CodeChallengeMethodValues	allowed values for codeVerifier
Constants
DEFAULT_CRYPTO_IMPLEMENTATION
DEFAULT_SYSTEM_OPTIONS
DEFAULT_TOKEN_RENEWAL_OFFSET_SEC
Errors
IntFields
InteractionRequiredAuthErrorMessage	Interaction required errors defined by the SDK
OIDC_DEFAULT_SCOPES
ONE_DAY_IN_MS
PromptValue	we considered making this "enum" in the request instead of string, however it looks like the allowed list of prompt values kept changing over past couple of years. There are some undocumented prompt values for some internal partners too, hence the choice of generic "string" type instead of the "enum"
StubbedNetworkModule
THE_FAMILY_ID
ThrottlingConstants	Constants related to throttling
version

Function Details

buildAccountToCache(CacheManager, Authority, string, (input: string) => string, string, TokenClaims, string, string, null | string, AuthorizationCodePayload, string, Logger)

function buildAccountToCache(cacheStorage: CacheManager, authority: Authority, homeAccountId: string, base64Decode: (input: string) => string, correlationId: string, idTokenClaims?: TokenClaims, clientInfo?: string, environment?: string, claimsTenantId?: null | string, authCodePayload?: AuthorizationCodePayload, nativeAccountId?: string, logger?: Logger): AccountEntity

Parameters

cacheStorage

CacheManager

authority

Authority

homeAccountId

string

base64Decode

(input: string) => string

correlationId

string

idTokenClaims

TokenClaims

clientInfo

string

environment

string

claimsTenantId

null | string

authCodePayload

AuthorizationCodePayload

nativeAccountId

string

logger

Logger

Returns

AccountEntity

buildClientInfo(string, (input: string) => string)

Function to build a client info object from server clientInfo string

function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo

Parameters

rawClientInfo

string

base64Decode

(input: string) => string

Returns

ClientInfo

buildClientInfoFromHomeAccountId(string)

Function to build a client info object from cached homeAccountId string

function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo

Parameters

homeAccountId

string

Returns

ClientInfo

buildStaticAuthorityOptions(Partial<AuthorityOptions>)

function buildStaticAuthorityOptions(authOptions: Partial<AuthorityOptions>): StaticAuthorityOptions

Parameters

authOptions

Partial<AuthorityOptions>

Returns

StaticAuthorityOptions

buildTenantProfile(string, string, string, TokenClaims)

Build tenant profile

function buildTenantProfile(homeAccountId: string, localAccountId: string, tenantId: string, idTokenClaims?: TokenClaims): TenantProfile

Parameters

homeAccountId

string

Home account identifier for this account object

localAccountId

string

Local account identifer for this account object

tenantId

string

Full tenant or organizational id that this account belongs to

idTokenClaims

TokenClaims

Claims from the ID token

Returns

TenantProfile

createAuthError(string, string)

function createAuthError(code: string, additionalMessage?: string): AuthError

Parameters

code

string

additionalMessage

string

Returns

AuthError

createCacheError(unknown)

Helper function to wrap browser errors in a CacheError object

function createCacheError(e: unknown): CacheError

Parameters

e

unknown

Returns

CacheError

createClientAuthError(string, string)

function createClientAuthError(errorCode: string, additionalMessage?: string): ClientAuthError

Parameters

errorCode

string

additionalMessage

string

Returns

ClientAuthError

createClientConfigurationError(string)

function createClientConfigurationError(errorCode: string): ClientConfigurationError

Parameters

errorCode

string

Returns

ClientConfigurationError

createInteractionRequiredAuthError(string)

Creates an InteractionRequiredAuthError

function createInteractionRequiredAuthError(errorCode: string): InteractionRequiredAuthError

Parameters

errorCode

string

Returns

InteractionRequiredAuthError

createNetworkError(AuthError, number, Record<string, string>, Error)

Creates NetworkError object for a failed network request

function createNetworkError(error: AuthError, httpStatus?: number, responseHeaders?: Record<string, string>, additionalError?: Error): NetworkError

Parameters

error

AuthError

Error to be thrown back to the caller

httpStatus

number

Status code of the network request

responseHeaders

Record<string, string>

Response headers of the network request, when available

additionalError

Error

Returns

NetworkError

NetworkError object

formatAuthorityUri(string)

function formatAuthorityUri(authorityUri: string): string

Parameters

authorityUri

string

Returns

string

getRequestThumbprint(string, BaseAuthRequest, string)

function getRequestThumbprint(clientId: string, request: BaseAuthRequest, homeAccountId?: string): RequestThumbprint

Parameters

clientId

string

request

BaseAuthRequest

homeAccountId

string

Returns

RequestThumbprint

getTenantIdFromIdTokenClaims(TokenClaims)

Gets tenantId from available ID token claims to set as credential realm with the following precedence:

1. tid - if the token is acquired from an Azure AD tenant tid will be present
2. tfp - if the token is acquired from a modern B2C tenant tfp should be present
3. acr - if the token is acquired from a legacy B2C tenant acr should be present Downcased to match the realm case-insensitive comparison requirements

function getTenantIdFromIdTokenClaims(idTokenClaims?: TokenClaims): string | null

Parameters

idTokenClaims

TokenClaims

Returns

string | null

tenantIdMatchesHomeTenant(string, string)

Returns true if tenantId matches the utid portion of homeAccountId

function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean

Parameters

tenantId

string

homeAccountId

string

Returns

boolean

updateAccountTenantProfileData(AccountInfo, TenantProfile, TokenClaims, string)

Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info

function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims, idTokenSecret?: string): AccountInfo

Parameters

baseAccountInfo

AccountInfo

tenantProfile

TenantProfile

idTokenClaims

TokenClaims

idTokenSecret

string

Returns

AccountInfo

Variable Details

AADAuthorityConstants

String constants related to AAD Authority

AADAuthorityConstants: { COMMON: "common", CONSUMERS: "consumers", ORGANIZATIONS: "organizations" }

Type

{ COMMON: "common", CONSUMERS: "consumers", ORGANIZATIONS: "organizations" }

AuthenticationScheme

Type of the authentication request

AuthenticationScheme: { BEARER: "Bearer", POP: "pop", SSH: "ssh-cert" }

Type

{ BEARER: "Bearer", POP: "pop", SSH: "ssh-cert" }

AuthorityType

Authority types supported by MSAL.

AuthorityType: { Adfs: 1, Ciam: 3, Default: 0, Dsts: 2 }

Type

{ Adfs: 1, Ciam: 3, Default: 0, Dsts: 2 }

AzureCloudInstance

AzureCloudInstance: { AzureChina: "https://login.chinacloudapi.cn", AzureGermany: "https://login.microsoftonline.de", AzurePpe: "https://login.windows-ppe.net", AzurePublic: "https://login.microsoftonline.com", AzureUsGovernment: "https://login.microsoftonline.us", None: "none" }

Type

{ AzureChina: "https://login.chinacloudapi.cn", AzureGermany: "https://login.microsoftonline.de", AzurePpe: "https://login.windows-ppe.net", AzurePublic: "https://login.microsoftonline.com", AzureUsGovernment: "https://login.microsoftonline.us", None: "none" }

CacheAccountType

Account types in Cache

CacheAccountType: { ADFS_ACCOUNT_TYPE: "ADFS", GENERIC_ACCOUNT_TYPE: "Generic", MSAV1_ACCOUNT_TYPE: "MSA", MSSTS_ACCOUNT_TYPE: "MSSTS" }

Type

{ ADFS_ACCOUNT_TYPE: "ADFS", GENERIC_ACCOUNT_TYPE: "Generic", MSAV1_ACCOUNT_TYPE: "MSA", MSSTS_ACCOUNT_TYPE: "MSSTS" }

CacheOutcome

Specifies the reason for fetching the access token from the identity provider

CacheOutcome: { CACHED_ACCESS_TOKEN_EXPIRED: "3", FORCE_REFRESH_OR_CLAIMS: "1", NOT_APPLICABLE: "0", NO_CACHED_ACCESS_TOKEN: "2", PROACTIVELY_REFRESHED: "4" }

Type

{ CACHED_ACCESS_TOKEN_EXPIRED: "3", FORCE_REFRESH_OR_CLAIMS: "1", NOT_APPLICABLE: "0", NO_CACHED_ACCESS_TOKEN: "2", PROACTIVELY_REFRESHED: "4" }

CacheType

Combine all cache types

CacheType: { ACCESS_TOKEN: 2001, ADFS: 1001, APP_METADATA: 3001, GENERIC: 1004, ID_TOKEN: 2003, MSA: 1002, MSSTS: 1003, REFRESH_TOKEN: 2002, UNDEFINED: 9999 }

Type

{ ACCESS_TOKEN: 2001, ADFS: 1001, APP_METADATA: 3001, GENERIC: 1004, ID_TOKEN: 2003, MSA: 1002, MSSTS: 1003, REFRESH_TOKEN: 2002, UNDEFINED: 9999 }

CcsCredentialType

CcsCredentialType: { HOME_ACCOUNT_ID: "home_account_id", UPN: "UPN" }

Type

{ HOME_ACCOUNT_ID: "home_account_id", UPN: "UPN" }

ClaimsRequestKeys

Claims request keys

ClaimsRequestKeys: { ACCESS_TOKEN: "access_token", XMS_CC: "xms_cc" }

Type

{ ACCESS_TOKEN: "access_token", XMS_CC: "xms_cc" }

CredentialType

Credential Type stored in the cache

CredentialType: { ACCESS_TOKEN: "AccessToken", ACCESS_TOKEN_WITH_AUTH_SCHEME: "AccessToken_With_AuthScheme", ID_TOKEN: "IdToken", REFRESH_TOKEN: "RefreshToken" }

Type

{ ACCESS_TOKEN: "AccessToken", ACCESS_TOKEN_WITH_AUTH_SCHEME: "AccessToken_With_AuthScheme", ID_TOKEN: "IdToken", REFRESH_TOKEN: "RefreshToken" }

EncodingTypes

EncodingTypes: { BASE64: "base64", HEX: "hex", UTF8: "utf-8" }

Type

{ BASE64: "base64", HEX: "hex", UTF8: "utf-8" }

GrantType

allowed grant_type

GrantType: { AUTHORIZATION_CODE_GRANT: "authorization_code", CLIENT_CREDENTIALS_GRANT: "client_credentials", DEVICE_CODE_GRANT: "device_code", IMPLICIT_GRANT: "implicit", JWT_BEARER: "urn:ietf:params:oauth:grant-type:jwt-bearer", REFRESH_TOKEN_GRANT: "refresh_token", RESOURCE_OWNER_PASSWORD_GRANT: "password" }

Type

{ AUTHORIZATION_CODE_GRANT: "authorization_code", CLIENT_CREDENTIALS_GRANT: "client_credentials", DEVICE_CODE_GRANT: "device_code", IMPLICIT_GRANT: "implicit", JWT_BEARER: "urn:ietf:params:oauth:grant-type:jwt-bearer", REFRESH_TOKEN_GRANT: "refresh_token", RESOURCE_OWNER_PASSWORD_GRANT: "password" }

HeaderNames

Request header names

HeaderNames: { AuthenticationInfo: "Authentication-Info", CCS_HEADER: "X-AnchorMailbox", CONTENT_LENGTH: "Content-Length", CONTENT_TYPE: "Content-Type", RETRY_AFTER: "Retry-After", WWWAuthenticate: "WWW-Authenticate", X_MS_HTTP_VERSION: "x-ms-httpver", X_MS_REQUEST_ID: "x-ms-request-id" }

Type

{ AuthenticationInfo: "Authentication-Info", CCS_HEADER: "X-AnchorMailbox", CONTENT_LENGTH: "Content-Length", CONTENT_TYPE: "Content-Type", RETRY_AFTER: "Retry-After", WWWAuthenticate: "WWW-Authenticate", X_MS_HTTP_VERSION: "x-ms-httpver", X_MS_REQUEST_ID: "x-ms-request-id" }

HttpMethod

HttpMethod: { GET: "GET", POST: "POST" }

Type

{ GET: "GET", POST: "POST" }

HttpStatus

HttpStatus: { BAD_REQUEST: 400, CLIENT_ERROR: 400, CLIENT_ERROR_RANGE_END: 499, CLIENT_ERROR_RANGE_START: 400, GATEWAY_TIMEOUT: 504, GONE: 410, MULTI_SIDED_ERROR: 600, NOT_FOUND: 404, REDIRECT: 302, REQUEST_TIMEOUT: 408, SERVER_ERROR: 500, SERVER_ERROR_RANGE_END: 599, SERVER_ERROR_RANGE_START: 500, SERVICE_UNAVAILABLE: 503, SUCCESS: 200, SUCCESS_RANGE_END: 299, SUCCESS_RANGE_START: 200, TOO_MANY_REQUESTS: 429, UNAUTHORIZED: 401 }

Type

{ BAD_REQUEST: 400, CLIENT_ERROR: 400, CLIENT_ERROR_RANGE_END: 499, CLIENT_ERROR_RANGE_START: 400, GATEWAY_TIMEOUT: 504, GONE: 410, MULTI_SIDED_ERROR: 600, NOT_FOUND: 404, REDIRECT: 302, REQUEST_TIMEOUT: 408, SERVER_ERROR: 500, SERVER_ERROR_RANGE_END: 599, SERVER_ERROR_RANGE_START: 500, SERVICE_UNAVAILABLE: 503, SUCCESS: 200, SUCCESS_RANGE_END: 299, SUCCESS_RANGE_START: 200, TOO_MANY_REQUESTS: 429, UNAUTHORIZED: 401 }

JsonWebTokenTypes

JsonWebTokenTypes: { Jwk: "JWK", Jwt: "JWT", Pop: "pop" }

Type

{ Jwk: "JWK", Jwt: "JWT", Pop: "pop" }

OAuthResponseType

Allowed values for response_type

OAuthResponseType: { CODE: "code", IDTOKEN_TOKEN: "id_token token", IDTOKEN_TOKEN_REFRESHTOKEN: "id_token token refresh_token" }

Type

{ CODE: "code", IDTOKEN_TOKEN: "id_token token", IDTOKEN_TOKEN_REFRESHTOKEN: "id_token token refresh_token" }

PasswordGrantConstants

Password grant parameters

PasswordGrantConstants: { password: "password", username: "username" }

Type

{ password: "password", username: "username" }

PersistentCacheKeys

Persistent cache keys MSAL which stay while user is logged in.

PersistentCacheKeys: { ACTIVE_ACCOUNT_FILTERS: "active-account-filters" }

Type

{ ACTIVE_ACCOUNT_FILTERS: "active-account-filters" }

ProtocolMode

Protocol modes supported by MSAL.

ProtocolMode: { AAD: "AAD", EAR: "EAR", OIDC: "OIDC" }

Type

{ AAD: "AAD", EAR: "EAR", OIDC: "OIDC" }

ResponseMode

allowed values for response_mode

ResponseMode: { FORM_POST: "form_post", FRAGMENT: "fragment", QUERY: "query" }

Type

{ FORM_POST: "form_post", FRAGMENT: "fragment", QUERY: "query" }

ServerResponseType

Warning

This API is now deprecated.

Use ResponseMode instead

allowed values for server response type

ServerResponseType: { FRAGMENT: "fragment", QUERY: "query" }

Type

{ FRAGMENT: "fragment", QUERY: "query" }

AuthErrorMessage

Warning

This API is now deprecated.

Use AuthErrorCodes instead

AuthErrorMessage class containing string constants used by error codes and messages.

AuthErrorMessage: { postRequestFailed: { code: string, desc: string }, unexpectedError: { code: string, desc: string } }

Type

{ postRequestFailed: { code: string, desc: string }, unexpectedError: { code: string, desc: string } }

ClientAuthErrorMessage

Warning

This API is now deprecated.

Use ClientAuthErrorCodes instead

String constants used by error codes and messages.

ClientAuthErrorMessage: { DeviceCodeExpired: { code: string, desc: string }, DeviceCodePollingCancelled: { code: string, desc: string }, DeviceCodeUnknownError: { code: string, desc: string }, NoAccountInSilentRequest: { code: string, desc: string }, appendScopeSetError: { code: string, desc: string }, authTimeNotFoundError: { code: string, desc: string }, bindingKeyNotRemovedError: { code: string, desc: string }, clientInfoDecodingError: { code: string, desc: string }, clientInfoEmptyError: { code: string, desc: string }, emptyInputScopeSetError: { code: string, desc: string }, endpointResolutionError: { code: string, desc: string }, hashNotDeserialized: { code: string, desc: string }, invalidAssertion: { code: string, desc: string }, invalidCacheEnvironment: { code: string, desc: string }, invalidCacheRecord: { code: string, desc: string }, invalidClientCredential: { code: string, desc: string }, invalidStateError: { code: string, desc: string }, keyIdMissing: { code: string, desc: string }, logoutNotSupported: { code: string, desc: string }, maxAgeTranspired: { code: string, desc: string }, missingTenantIdError: { code: string, desc: string }, multipleMatchingAccounts: { code: string, desc: string }, multipleMatchingAppMetadata: { code: string, desc: string }, multipleMatchingTokens: { code: string, desc: string }, nestedAppAuthBridgeDisabled: { code: string, desc: string }, networkError: { code: string, desc: string }, noAccountFound: { code: string, desc: string }, noAuthorizationCodeFromServer: { code: string, desc: string }, noCryptoObj: { code: string, desc: string }, noNetworkConnectivity: { code: string, desc: string }, nonceMismatchError: { code: string, desc: string }, nullOrEmptyToken: { code: string, desc: string }, platformBrokerError: { code: string, desc: string }, removeEmptyScopeError: { code: string, desc: string }, stateMismatchError: { code: string, desc: string }, stateNotFoundError: { code: string, desc: string }, tokenClaimsRequired: { code: string, desc: string }, tokenParsingError: { code: string, desc: string }, tokenRefreshRequired: { code: string, desc: string }, tokenRequestCannotBeMade: { code: string, desc: string }, unableToGetOpenidConfigError: { code: string, desc: string }, unexpectedCredentialType: { code: string, desc: string }, userCanceledError: { code: string, desc: string }, userTimeoutReached: { code: string, desc: string } }

Type

{ DeviceCodeExpired: { code: string, desc: string }, DeviceCodePollingCancelled: { code: string, desc: string }, DeviceCodeUnknownError: { code: string, desc: string }, NoAccountInSilentRequest: { code: string, desc: string }, appendScopeSetError: { code: string, desc: string }, authTimeNotFoundError: { code: string, desc: string }, bindingKeyNotRemovedError: { code: string, desc: string }, clientInfoDecodingError: { code: string, desc: string }, clientInfoEmptyError: { code: string, desc: string }, emptyInputScopeSetError: { code: string, desc: string }, endpointResolutionError: { code: string, desc: string }, hashNotDeserialized: { code: string, desc: string }, invalidAssertion: { code: string, desc: string }, invalidCacheEnvironment: { code: string, desc: string }, invalidCacheRecord: { code: string, desc: string }, invalidClientCredential: { code: string, desc: string }, invalidStateError: { code: string, desc: string }, keyIdMissing: { code: string, desc: string }, logoutNotSupported: { code: string, desc: string }, maxAgeTranspired: { code: string, desc: string }, missingTenantIdError: { code: string, desc: string }, multipleMatchingAccounts: { code: string, desc: string }, multipleMatchingAppMetadata: { code: string, desc: string }, multipleMatchingTokens: { code: string, desc: string }, nestedAppAuthBridgeDisabled: { code: string, desc: string }, networkError: { code: string, desc: string }, noAccountFound: { code: string, desc: string }, noAuthorizationCodeFromServer: { code: string, desc: string }, noCryptoObj: { code: string, desc: string }, noNetworkConnectivity: { code: string, desc: string }, nonceMismatchError: { code: string, desc: string }, nullOrEmptyToken: { code: string, desc: string }, platformBrokerError: { code: string, desc: string }, removeEmptyScopeError: { code: string, desc: string }, stateMismatchError: { code: string, desc: string }, stateNotFoundError: { code: string, desc: string }, tokenClaimsRequired: { code: string, desc: string }, tokenParsingError: { code: string, desc: string }, tokenRefreshRequired: { code: string, desc: string }, tokenRequestCannotBeMade: { code: string, desc: string }, unableToGetOpenidConfigError: { code: string, desc: string }, unexpectedCredentialType: { code: string, desc: string }, userCanceledError: { code: string, desc: string }, userTimeoutReached: { code: string, desc: string } }

ClientConfigurationErrorMessage

Warning

This API is now deprecated.

Use ClientConfigurationErrorCodes instead

ClientConfigurationErrorMessage class containing string constants used by error codes and messages.

ClientConfigurationErrorMessage: { authorityMismatch: { code: string, desc: string }, authorityUriInsecure: { code: string, desc: string }, cannotAllowPlatformBroker: { code: string, desc: string }, cannotSetOIDCOptions: { code: string, desc: string }, claimsRequestParsingError: { code: string, desc: string }, emptyScopesError: { code: string, desc: string }, invalidAuthenticationHeader: { code: string, desc: string }, invalidAuthorityMetadata: { code: string, desc: string }, invalidAuthorizePostBodyParameters: { code: string, desc: string }, invalidClaimsRequest: { code: string, desc: string }, invalidCloudDiscoveryMetadata: { code: string, desc: string }, invalidCodeChallengeMethod: { code: string, desc: string }, invalidCodeChallengeParams: { code: string, desc: string }, invalidPlatformBrokerConfiguration: { code: string, desc: string }, invalidRequestMethodForEAR: { code: string, desc: string }, logoutRequestEmptyError: { code: string, desc: string }, missingNonceAuthenticationHeader: { code: string, desc: string }, missingSshJwk: { code: string, desc: string }, missingSshKid: { code: string, desc: string }, redirectUriNotSet: { code: string, desc: string }, tokenRequestEmptyError: { code: string, desc: string }, untrustedAuthority: { code: string, desc: string }, urlEmptyError: { code: string, desc: string }, urlParseError: { code: string, desc: string } }

Type

{ authorityMismatch: { code: string, desc: string }, authorityUriInsecure: { code: string, desc: string }, cannotAllowPlatformBroker: { code: string, desc: string }, cannotSetOIDCOptions: { code: string, desc: string }, claimsRequestParsingError: { code: string, desc: string }, emptyScopesError: { code: string, desc: string }, invalidAuthenticationHeader: { code: string, desc: string }, invalidAuthorityMetadata: { code: string, desc: string }, invalidAuthorizePostBodyParameters: { code: string, desc: string }, invalidClaimsRequest: { code: string, desc: string }, invalidCloudDiscoveryMetadata: { code: string, desc: string }, invalidCodeChallengeMethod: { code: string, desc: string }, invalidCodeChallengeParams: { code: string, desc: string }, invalidPlatformBrokerConfiguration: { code: string, desc: string }, invalidRequestMethodForEAR: { code: string, desc: string }, logoutRequestEmptyError: { code: string, desc: string }, missingNonceAuthenticationHeader: { code: string, desc: string }, missingSshJwk: { code: string, desc: string }, missingSshKid: { code: string, desc: string }, redirectUriNotSet: { code: string, desc: string }, tokenRequestEmptyError: { code: string, desc: string }, untrustedAuthority: { code: string, desc: string }, urlEmptyError: { code: string, desc: string }, urlParseError: { code: string, desc: string } }

CodeChallengeMethodValues

allowed values for codeVerifier

CodeChallengeMethodValues: { PLAIN: string, S256: string }

Type

{ PLAIN: string, S256: string }

Constants

Constants: { AAD_INSTANCE_DISCOVERY_ENDPT: string, AAD_TENANT_DOMAIN_SUFFIX: string, ADFS: string, AUTHORIZATION_PENDING: string, AZURE_REGION_AUTO_DISCOVER_FLAG: string, CIAM_AUTH_URL: string, CLAIMS: string, CODE_GRANT_TYPE: string, CONSUMER_UTID: string, DEFAULT_AUTHORITY: string, DEFAULT_AUTHORITY_HOST: string, DEFAULT_COMMON_TENANT: string, DSTS: string, EMAIL_SCOPE: string, EMPTY_STRING: string, FORWARD_SLASH: string, IMDS_ENDPOINT: string, IMDS_TIMEOUT: number, IMDS_VERSION: string, INVALID_INSTANCE: string, KNOWN_PUBLIC_CLOUDS: string[], LIBRARY_NAME: string, NOT_APPLICABLE: string, NOT_AVAILABLE: string, NOT_DEFINED: string, NO_ACCOUNT: string, OFFLINE_ACCESS_SCOPE: string, OPENID_SCOPE: string, PROFILE_SCOPE: string, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: string, RESOURCE_DELIM: string, RT_GRANT_TYPE: string, S256_CODE_CHALLENGE_METHOD: string, SHR_NONCE_VALIDITY: number, SKU: string, URL_FORM_CONTENT_TYPE: string }

Type

{ AAD_INSTANCE_DISCOVERY_ENDPT: string, AAD_TENANT_DOMAIN_SUFFIX: string, ADFS: string, AUTHORIZATION_PENDING: string, AZURE_REGION_AUTO_DISCOVER_FLAG: string, CIAM_AUTH_URL: string, CLAIMS: string, CODE_GRANT_TYPE: string, CONSUMER_UTID: string, DEFAULT_AUTHORITY: string, DEFAULT_AUTHORITY_HOST: string, DEFAULT_COMMON_TENANT: string, DSTS: string, EMAIL_SCOPE: string, EMPTY_STRING: string, FORWARD_SLASH: string, IMDS_ENDPOINT: string, IMDS_TIMEOUT: number, IMDS_VERSION: string, INVALID_INSTANCE: string, KNOWN_PUBLIC_CLOUDS: string[], LIBRARY_NAME: string, NOT_APPLICABLE: string, NOT_AVAILABLE: string, NOT_DEFINED: string, NO_ACCOUNT: string, OFFLINE_ACCESS_SCOPE: string, OPENID_SCOPE: string, PROFILE_SCOPE: string, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: string, RESOURCE_DELIM: string, RT_GRANT_TYPE: string, S256_CODE_CHALLENGE_METHOD: string, SHR_NONCE_VALIDITY: number, SKU: string, URL_FORM_CONTENT_TYPE: string }

DEFAULT_CRYPTO_IMPLEMENTATION

DEFAULT_CRYPTO_IMPLEMENTATION: ICrypto

Type

ICrypto

DEFAULT_SYSTEM_OPTIONS

DEFAULT_SYSTEM_OPTIONS: Required<SystemOptions>

Type

Required<SystemOptions>

DEFAULT_TOKEN_RENEWAL_OFFSET_SEC

DEFAULT_TOKEN_RENEWAL_OFFSET_SEC: 300

Type

300

Errors

Errors: { CLIENT_MISMATCH_ERROR: string, INVALID_GRANT_ERROR: string }

Type

{ CLIENT_MISMATCH_ERROR: string, INVALID_GRANT_ERROR: string }

IntFields

IntFields: ReadonlySet<string>

Type

ReadonlySet<string>

InteractionRequiredAuthErrorMessage

Warning

This API is now deprecated.

Use InteractionRequiredAuthErrorCodes instead

Interaction required errors defined by the SDK

InteractionRequiredAuthErrorMessage: { bad_token: { code: string, desc: string }, interrupted_user: { code: string, desc: string }, native_account_unavailable: { code: string, desc: string }, noTokensFoundError: { code: string, desc: string } }

Type

{ bad_token: { code: string, desc: string }, interrupted_user: { code: string, desc: string }, native_account_unavailable: { code: string, desc: string }, noTokensFoundError: { code: string, desc: string } }

OIDC_DEFAULT_SCOPES

OIDC_DEFAULT_SCOPES: string[]

Type

string[]

ONE_DAY_IN_MS

ONE_DAY_IN_MS: 86400000

Type

86400000

PromptValue

we considered making this "enum" in the request instead of string, however it looks like the allowed list of prompt values kept changing over past couple of years. There are some undocumented prompt values for some internal partners too, hence the choice of generic "string" type instead of the "enum"

PromptValue: { CONSENT: string, CREATE: string, LOGIN: string, NONE: string, NO_SESSION: string, SELECT_ACCOUNT: string }

Type

{ CONSENT: string, CREATE: string, LOGIN: string, NONE: string, NO_SESSION: string, SELECT_ACCOUNT: string }

StubbedNetworkModule

StubbedNetworkModule: INetworkModule

Type

INetworkModule

THE_FAMILY_ID

THE_FAMILY_ID: "1"

Type

"1"

ThrottlingConstants

Constants related to throttling

ThrottlingConstants: { DEFAULT_MAX_THROTTLE_TIME_SECONDS: number, DEFAULT_THROTTLE_TIME_SECONDS: number, THROTTLING_PREFIX: string, X_MS_LIB_CAPABILITY_VALUE: string }

Type

{ DEFAULT_MAX_THROTTLE_TIME_SECONDS: number, DEFAULT_THROTTLE_TIME_SECONDS: number, THROTTLING_PREFIX: string, X_MS_LIB_CAPABILITY_VALUE: string }

version

version: "15.16.0"

Type

"15.16.0"