/
ClientAuthError.ts
333 lines (326 loc) · 14.2 KB
/
ClientAuthError.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
import { AuthError } from "./AuthError";
import * as ClientAuthErrorCodes from "./ClientAuthErrorCodes";
export { ClientAuthErrorCodes }; // Allow importing as "ClientAuthErrorCodes";
/**
* ClientAuthErrorMessage class containing string constants used by error codes and messages.
*/
export const ClientAuthErrorMessages = {
[ClientAuthErrorCodes.clientInfoDecodingError]:
"The client info could not be parsed/decoded correctly",
[ClientAuthErrorCodes.clientInfoEmptyError]: "The client info was empty",
[ClientAuthErrorCodes.tokenParsingError]: "Token cannot be parsed",
[ClientAuthErrorCodes.nullOrEmptyToken]: "The token is null or empty",
[ClientAuthErrorCodes.endpointResolutionError]:
"Endpoints cannot be resolved",
[ClientAuthErrorCodes.networkError]: "Network request failed",
[ClientAuthErrorCodes.openIdConfigError]:
"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",
[ClientAuthErrorCodes.hashNotDeserialized]:
"The hash parameters could not be deserialized",
[ClientAuthErrorCodes.invalidState]: "State was not the expected format",
[ClientAuthErrorCodes.stateMismatch]: "State mismatch error",
[ClientAuthErrorCodes.stateNotFound]: "State not found",
[ClientAuthErrorCodes.nonceMismatch]: "Nonce mismatch error",
[ClientAuthErrorCodes.authTimeNotFound]:
"Max Age was requested and the ID token is missing the auth_time variable." +
" auth_time is an optional claim and is not enabled by default - it must be enabled." +
" See https://aka.ms/msaljs/optional-claims for more information.",
[ClientAuthErrorCodes.maxAgeTranspired]:
"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",
[ClientAuthErrorCodes.multipleMatchingTokens]:
"The cache contains multiple tokens satisfying the requirements. " +
"Call AcquireToken again providing more requirements such as authority or account.",
[ClientAuthErrorCodes.multipleMatchingAccounts]:
"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",
[ClientAuthErrorCodes.multipleMatchingAppMetadata]:
"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",
[ClientAuthErrorCodes.requestCannotBeMade]:
"Token request cannot be made without authorization code or refresh token.",
[ClientAuthErrorCodes.cannotRemoveEmptyScope]:
"Cannot remove null or empty scope from ScopeSet",
[ClientAuthErrorCodes.cannotAppendScopeSet]: "Cannot append ScopeSet",
[ClientAuthErrorCodes.emptyInputScopeSet]:
"Empty input ScopeSet cannot be processed",
[ClientAuthErrorCodes.deviceCodePollingCancelled]:
"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",
[ClientAuthErrorCodes.deviceCodeExpired]: "Device code is expired.",
[ClientAuthErrorCodes.deviceCodeUnknownError]:
"Device code stopped polling for unknown reasons.",
[ClientAuthErrorCodes.noAccountInSilentRequest]:
"Please pass an account object, silent flow is not supported without account information",
[ClientAuthErrorCodes.invalidCacheRecord]:
"Cache record object was null or undefined.",
[ClientAuthErrorCodes.invalidCacheEnvironment]:
"Invalid environment when attempting to create cache entry",
[ClientAuthErrorCodes.noAccountFound]:
"No account found in cache for given key.",
[ClientAuthErrorCodes.noCryptoObject]: "No crypto object detected.",
[ClientAuthErrorCodes.unexpectedCredentialType]:
"Unexpected credential type.",
[ClientAuthErrorCodes.invalidAssertion]:
"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",
[ClientAuthErrorCodes.invalidClientCredential]:
"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",
[ClientAuthErrorCodes.tokenRefreshRequired]:
"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",
[ClientAuthErrorCodes.userTimeoutReached]:
"User defined timeout for device code polling reached",
[ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt]:
"Cannot generate a POP jwt if the token_claims are not populated",
[ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse]:
"Server response does not contain an authorization code to proceed",
[ClientAuthErrorCodes.bindingKeyNotRemoved]:
"Could not remove the credential's binding key from storage.",
[ClientAuthErrorCodes.endSessionEndpointNotSupported]:
"The provided authority does not support logout",
[ClientAuthErrorCodes.keyIdMissing]:
"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",
[ClientAuthErrorCodes.noNetworkConnectivity]:
"No network connectivity. Check your internet connection.",
[ClientAuthErrorCodes.userCanceled]: "User cancelled the flow.",
[ClientAuthErrorCodes.missingTenantIdError]:
"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",
[ClientAuthErrorCodes.methodNotImplemented]:
"This method has not been implemented",
};
/**
* String constants used by error codes and messages.
* @deprecated Use ClientAuthErrorCodes instead
*/
export const ClientAuthErrorMessage = {
clientInfoDecodingError: {
code: ClientAuthErrorCodes.clientInfoDecodingError,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.clientInfoDecodingError
],
},
clientInfoEmptyError: {
code: ClientAuthErrorCodes.clientInfoEmptyError,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.clientInfoEmptyError
],
},
tokenParsingError: {
code: ClientAuthErrorCodes.tokenParsingError,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.tokenParsingError],
},
nullOrEmptyToken: {
code: ClientAuthErrorCodes.nullOrEmptyToken,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.nullOrEmptyToken],
},
endpointResolutionError: {
code: ClientAuthErrorCodes.endpointResolutionError,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.endpointResolutionError
],
},
networkError: {
code: ClientAuthErrorCodes.networkError,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.networkError],
},
unableToGetOpenidConfigError: {
code: ClientAuthErrorCodes.openIdConfigError,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.openIdConfigError],
},
hashNotDeserialized: {
code: ClientAuthErrorCodes.hashNotDeserialized,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.hashNotDeserialized],
},
invalidStateError: {
code: ClientAuthErrorCodes.invalidState,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.invalidState],
},
stateMismatchError: {
code: ClientAuthErrorCodes.stateMismatch,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.stateMismatch],
},
stateNotFoundError: {
code: ClientAuthErrorCodes.stateNotFound,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.stateNotFound],
},
nonceMismatchError: {
code: ClientAuthErrorCodes.nonceMismatch,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.nonceMismatch],
},
authTimeNotFoundError: {
code: ClientAuthErrorCodes.authTimeNotFound,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.authTimeNotFound],
},
maxAgeTranspired: {
code: ClientAuthErrorCodes.maxAgeTranspired,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.maxAgeTranspired],
},
multipleMatchingTokens: {
code: ClientAuthErrorCodes.multipleMatchingTokens,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.multipleMatchingTokens
],
},
multipleMatchingAccounts: {
code: ClientAuthErrorCodes.multipleMatchingAccounts,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.multipleMatchingAccounts
],
},
multipleMatchingAppMetadata: {
code: ClientAuthErrorCodes.multipleMatchingAppMetadata,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.multipleMatchingAppMetadata
],
},
tokenRequestCannotBeMade: {
code: ClientAuthErrorCodes.requestCannotBeMade,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.requestCannotBeMade],
},
removeEmptyScopeError: {
code: ClientAuthErrorCodes.cannotRemoveEmptyScope,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.cannotRemoveEmptyScope
],
},
appendScopeSetError: {
code: ClientAuthErrorCodes.cannotAppendScopeSet,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.cannotAppendScopeSet
],
},
emptyInputScopeSetError: {
code: ClientAuthErrorCodes.emptyInputScopeSet,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.emptyInputScopeSet],
},
DeviceCodePollingCancelled: {
code: ClientAuthErrorCodes.deviceCodePollingCancelled,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.deviceCodePollingCancelled
],
},
DeviceCodeExpired: {
code: ClientAuthErrorCodes.deviceCodeExpired,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.deviceCodeExpired],
},
DeviceCodeUnknownError: {
code: ClientAuthErrorCodes.deviceCodeUnknownError,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.deviceCodeUnknownError
],
},
NoAccountInSilentRequest: {
code: ClientAuthErrorCodes.noAccountInSilentRequest,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.noAccountInSilentRequest
],
},
invalidCacheRecord: {
code: ClientAuthErrorCodes.invalidCacheRecord,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.invalidCacheRecord],
},
invalidCacheEnvironment: {
code: ClientAuthErrorCodes.invalidCacheEnvironment,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.invalidCacheEnvironment
],
},
noAccountFound: {
code: ClientAuthErrorCodes.noAccountFound,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.noAccountFound],
},
noCryptoObj: {
code: ClientAuthErrorCodes.noCryptoObject,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.noCryptoObject],
},
unexpectedCredentialType: {
code: ClientAuthErrorCodes.unexpectedCredentialType,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.unexpectedCredentialType
],
},
invalidAssertion: {
code: ClientAuthErrorCodes.invalidAssertion,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.invalidAssertion],
},
invalidClientCredential: {
code: ClientAuthErrorCodes.invalidClientCredential,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.invalidClientCredential
],
},
tokenRefreshRequired: {
code: ClientAuthErrorCodes.tokenRefreshRequired,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.tokenRefreshRequired
],
},
userTimeoutReached: {
code: ClientAuthErrorCodes.userTimeoutReached,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.userTimeoutReached],
},
tokenClaimsRequired: {
code: ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt
],
},
noAuthorizationCodeFromServer: {
code: ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse
],
},
bindingKeyNotRemovedError: {
code: ClientAuthErrorCodes.bindingKeyNotRemoved,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.bindingKeyNotRemoved
],
},
logoutNotSupported: {
code: ClientAuthErrorCodes.endSessionEndpointNotSupported,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.endSessionEndpointNotSupported
],
},
keyIdMissing: {
code: ClientAuthErrorCodes.keyIdMissing,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.keyIdMissing],
},
noNetworkConnectivity: {
code: ClientAuthErrorCodes.noNetworkConnectivity,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.noNetworkConnectivity
],
},
userCanceledError: {
code: ClientAuthErrorCodes.userCanceled,
desc: ClientAuthErrorMessages[ClientAuthErrorCodes.userCanceled],
},
missingTenantIdError: {
code: ClientAuthErrorCodes.missingTenantIdError,
desc: ClientAuthErrorMessages[
ClientAuthErrorCodes.missingTenantIdError
],
},
};
/**
* Error thrown when there is an error in the client code running on the browser.
*/
export class ClientAuthError extends AuthError {
constructor(errorCode: string, additionalMessage?: string) {
super(
errorCode,
additionalMessage
? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}`
: ClientAuthErrorMessages[errorCode]
);
this.name = "ClientAuthError";
Object.setPrototypeOf(this, ClientAuthError.prototype);
}
}
export function createClientAuthError(
errorCode: string,
additionalMessage?: string
): ClientAuthError {
return new ClientAuthError(errorCode, additionalMessage);
}