Merge a5cde15 into 7cc1566

lib/msal-core/src/ScopeSet.ts

@@ -3,6 +3,9 @@
  * Licensed under the MIT License.
  */
 
+import { ClientConfigurationError } from "./error/ClientConfigurationError";
+import { AuthenticationParameters } from "./AuthenticationParameters";
+
 export class ScopeSet {
 
     /**
@@ -68,4 +71,72 @@ export class ScopeSet {
 
         return scopeList;
     }
+
+    /**
+     * @hidden
+     *
+     * Used to validate the scopes input parameter requested  by the developer.
+     * @param {Array<string>} scopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.
+     * @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not
+     * @ignore
+     */
+    static validateInputScope(scopes: Array<string>, scopesRequired: boolean, clientId: string): void {
+        if (!scopes) {
+            if (scopesRequired) {
+                throw ClientConfigurationError.createScopesRequiredError(scopes);
+            } else {
+                return;
+            }
+        }
+
+        // Check that scopes is an array object (also throws error if scopes == null)
+        if (!Array.isArray(scopes)) {
+            throw ClientConfigurationError.createScopesNonArrayError(scopes);
+        }
+
+        // Check that scopes is not an empty array
+        if (scopes.length < 1) {
+            throw ClientConfigurationError.createEmptyScopesArrayError(scopes.toString());
+        }
+
+        // Check that clientId is passed as single scope
+        if (scopes.indexOf(clientId) > -1) {
+            if (scopes.length > 1) {
+                throw ClientConfigurationError.createClientIdSingleScopeError(scopes.toString());
+            }
+        }
+    }
+
+    /**
+     * @hidden
+     *
+     * Extracts scope value from the state sent with the authentication request.
+     * @param {string} state
+     * @returns {string} scope.
+     * @ignore
+     */
+    static getScopeFromState(state: string): string {
+        if (state) {
+            const splitIndex = state.indexOf("|");
+            if (splitIndex > -1 && splitIndex + 1 < state.length) {
+                return state.substring(splitIndex + 1);
+            }
+        }
+        return "";
+    }
+
+    /**
+     * @ignore
+     * Appends extraScopesToConsent if passed
+     * @param {@link AuthenticationParameters}
+     */
+    static appendScopes(reqScopes: Array<string>, reqExtraScopesToConsent: Array<string>): Array<string> {
+        if(reqScopes) {
+            return reqExtraScopesToConsent ? [...reqScopes, ...reqExtraScopesToConsent]: reqScopes;
+        }
+        return null;
+    }
+
+    // #endregion
+
 }

lib/msal-core/src/ServerRequestParameters.ts

@@ -8,9 +8,9 @@ import { CryptoUtils } from "./utils/CryptoUtils";
 import { AuthenticationParameters, validateClaimsRequest } from "./AuthenticationParameters";
 import { StringDict } from "./MsalTypes";
 import { Account } from "./Account";
-import { SSOTypes, Constants, PromptState, BlacklistedEQParams, libraryVersion } from "./utils/Constants";
-import { ClientConfigurationError } from "./error/ClientConfigurationError";
+import { SSOTypes, Constants, PromptState, libraryVersion } from "./utils/Constants";
 import { StringUtils } from "./utils/StringUtils";
+import { RequestUtils } from "./utils/RequestUtils";
 
 /**
  * Nonce: OIDC Nonce definition: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
@@ -58,8 +58,14 @@ export class ServerRequestParameters {
         this.clientId = clientId;
         this.nonce = CryptoUtils.createNewGuid();
 
-        // validate and populate state and correlationId
-        this.setRequestServerParams(scopes, state, correlationId, this.clientId);
+        // set scope to clientId if null
+        this.scopes = scopes? [ ...scopes] : [clientId];
+
+        // set state (already set at top level)
+        this.state = state;
+
+        // set correlationId
+        this.correlationId = correlationId;
 
         // telemetry information
         this.xClientSku = "MSAL.JS";
@@ -83,7 +89,6 @@ export class ServerRequestParameters {
         if (request) {
             // add the prompt parameter to serverRequestParameters if passed
             if (request.prompt) {
-                this.validatePromptParameter(request.prompt);
                 this.promptValue = request.prompt;
             }
 
@@ -110,10 +115,7 @@ export class ServerRequestParameters {
         queryParameters = this.addHintParameters(account, queryParameters);
 
         // sanity check for developer passed extraQueryParameters
-        let eQParams: StringDict;
-        if (request) {
-            eQParams = this.sanitizeEQParams(request);
-        }
+        const eQParams: StringDict = request.extraQueryParameters;
 
         // Populate the extraQueryParameters to be sent to the server
         this.queryParameters = ServerRequestParameters.generateQueryParametersString(queryParameters);
@@ -122,19 +124,6 @@ export class ServerRequestParameters {
 
     // #region QueryParam helpers
 
-    /**
-     * @hidden
-     * @ignore
-     *
-     * Utility to test if valid prompt value is passed in the request
-     * @param request
-     */
-    private validatePromptParameter (prompt: string) {
-        if ([PromptState.LOGIN, PromptState.SELECT_ACCOUNT, PromptState.CONSENT, PromptState.NONE].indexOf(prompt) < 0) {
-            throw ClientConfigurationError.createInvalidPromptError(prompt);
-        }
-    }
-
     /**
      * Constructs extraQueryParameters to be sent to the server for the AuthenticationParameters set by the developer
      * in any login() or acquireToken() calls
@@ -303,30 +292,6 @@ export class ServerRequestParameters {
         return ssoParam;
     }
 
-    /**
-     * @hidden
-     * @ignore
-     * Removes unnecessary or duplicate query parameters from extraQueryParameters
-     * @param request
-     */
-    private sanitizeEQParams(request: AuthenticationParameters) : StringDict {
-        const eQParams : StringDict = request.extraQueryParameters;
-        if (!eQParams) {
-            return null;
-        }
-        if (request.claimsRequest) {
-            // this.logger.warning("Removed duplicate claims from extraQueryParameters. Please use either the claimsRequest field OR pass as extraQueryParameter - not both.");
-            delete eQParams[Constants.claims];
-        }
-        BlacklistedEQParams.forEach(param => {
-            if (eQParams[param]) {
-                // this.logger.warning("Removed duplicate " + param + " from extraQueryParameters. Please use the " + param + " field in request object.");
-                delete eQParams[param];
-            }
-        });
-        return eQParams;
-    }
-
     /**
      * Utility to generate a QueryParameterString from a Key-Value mapping of extraQueryParameters passed
      * @param extraQueryParameters
@@ -347,27 +312,6 @@ export class ServerRequestParameters {
 
         return paramsString;
     }
-
-    /**
-     * @hidden
-     *
-     * Validate  scopes/state/correlationId set in the request by the user
-     * @param request
-     */
-    private setRequestServerParams(scopes: Array<string>, state: string, correlationId: string, clientId: string) {
-        // set scope to clientId if null
-        this.scopes = scopes? [ ...scopes] : [clientId];
-
-        // append GUID to user set state  or set one for the user if null
-        this.state = state && !StringUtils.isEmpty(state) ? CryptoUtils.createNewGuid() + "|" + state : CryptoUtils.createNewGuid();
-
-        // validate user set correlationId or set one for the user if null
-        if(correlationId && !CryptoUtils.isGuid(correlationId)) {
-            throw ClientConfigurationError.createInvalidCorrelationIdError();
-        }
-        this.correlationId = correlationId && CryptoUtils.isGuid(correlationId)? correlationId : CryptoUtils.createNewGuid();
-    }
-
     // #endregion
 
     /**