Add extracted source directory and README navigation

extracted-source/node_modules/@azure/msal-common/dist/cache/entities/AccountEntity.mjs

@@ -0,0 +1,232 @@
+/*! @azure/msal-common v15.13.1 2025-10-29 */
+'use strict';
+import { CacheAccountType } from '../../utils/Constants.mjs';
+import { buildClientInfo } from '../../account/ClientInfo.mjs';
+import { buildTenantProfile } from '../../account/AccountInfo.mjs';
+import { createClientAuthError } from '../../error/ClientAuthError.mjs';
+import { AuthorityType } from '../../authority/AuthorityType.mjs';
+import { getTenantIdFromIdTokenClaims } from '../../account/TokenClaims.mjs';
+import { ProtocolMode } from '../../authority/ProtocolMode.mjs';
+import { invalidCacheEnvironment } from '../../error/ClientAuthErrorCodes.mjs';
+
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+/**
+ * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
+ *
+ * Key : Value Schema
+ *
+ * Key: <home_account_id>-<environment>-<realm*>
+ *
+ * Value Schema:
+ * {
+ *      homeAccountId: home account identifier for the auth scheme,
+ *      environment: entity that issued the token, represented as a full host
+ *      realm: Full tenant or organizational identifier that the account belongs to
+ *      localAccountId: Original tenant-specific accountID, usually used for legacy cases
+ *      username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
+ *      authorityType: Accounts authority type as a string
+ *      name: Full name for the account, including given name and family name,
+ *      lastModificationTime: last time this entity was modified in the cache
+ *      lastModificationApp:
+ *      nativeAccountId: Account identifier on the native device
+ *      tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
+ * }
+ * @internal
+ */
+class AccountEntity {
+    /**
+     * Returns the AccountInfo interface for this account.
+     */
+    static getAccountInfo(accountEntity) {
+        return {
+            homeAccountId: accountEntity.homeAccountId,
+            environment: accountEntity.environment,
+            tenantId: accountEntity.realm,
+            username: accountEntity.username,
+            localAccountId: accountEntity.localAccountId,
+            loginHint: accountEntity.loginHint,
+            name: accountEntity.name,
+            nativeAccountId: accountEntity.nativeAccountId,
+            authorityType: accountEntity.authorityType,
+            // Deserialize tenant profiles array into a Map
+            tenantProfiles: new Map((accountEntity.tenantProfiles || []).map((tenantProfile) => {
+                return [tenantProfile.tenantId, tenantProfile];
+            })),
+            dataBoundary: accountEntity.dataBoundary,
+        };
+    }
+    /**
+     * Returns true if the account entity is in single tenant format (outdated), false otherwise
+     */
+    isSingleTenant() {
+        return !this.tenantProfiles;
+    }
+    /**
+     * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
+     * @param accountDetails
+     */
+    static createAccount(accountDetails, authority, base64Decode) {
+        const account = new AccountEntity();
+        if (authority.authorityType === AuthorityType.Adfs) {
+            account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
+        }
+        else if (authority.protocolMode === ProtocolMode.OIDC) {
+            account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
+        }
+        else {
+            account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
+        }
+        let clientInfo;
+        if (accountDetails.clientInfo && base64Decode) {
+            clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
+            if (clientInfo.xms_tdbr) {
+                account.dataBoundary =
+                    clientInfo.xms_tdbr === "EU" ? "EU" : "None";
+            }
+        }
+        account.clientInfo = accountDetails.clientInfo;
+        account.homeAccountId = accountDetails.homeAccountId;
+        account.nativeAccountId = accountDetails.nativeAccountId;
+        const env = accountDetails.environment ||
+            (authority && authority.getPreferredCache());
+        if (!env) {
+            throw createClientAuthError(invalidCacheEnvironment);
+        }
+        account.environment = env;
+        // non AAD scenarios can have empty realm
+        account.realm =
+            clientInfo?.utid ||
+                getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
+                "";
+        // How do you account for MSA CID here?
+        account.localAccountId =
+            clientInfo?.uid ||
+                accountDetails.idTokenClaims?.oid ||
+                accountDetails.idTokenClaims?.sub ||
+                "";
+        /*
+         * In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
+         * In most cases it will contain a single email. This field should not be relied upon if a custom
+         * policy is configured to return more than 1 email.
+         */
+        const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
+            accountDetails.idTokenClaims?.upn;
+        const email = accountDetails.idTokenClaims?.emails
+            ? accountDetails.idTokenClaims.emails[0]
+            : null;
+        account.username = preferredUsername || email || "";
+        account.loginHint = accountDetails.idTokenClaims?.login_hint;
+        account.name = accountDetails.idTokenClaims?.name || "";
+        account.cloudGraphHostName = accountDetails.cloudGraphHostName;
+        account.msGraphHost = accountDetails.msGraphHost;
+        if (accountDetails.tenantProfiles) {
+            account.tenantProfiles = accountDetails.tenantProfiles;
+        }
+        else {
+            const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
+            account.tenantProfiles = [tenantProfile];
+        }
+        return account;
+    }
+    /**
+     * Creates an AccountEntity object from AccountInfo
+     * @param accountInfo
+     * @param cloudGraphHostName
+     * @param msGraphHost
+     * @returns
+     */
+    static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
+        const account = new AccountEntity();
+        account.authorityType =
+            accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
+        account.homeAccountId = accountInfo.homeAccountId;
+        account.localAccountId = accountInfo.localAccountId;
+        account.nativeAccountId = accountInfo.nativeAccountId;
+        account.realm = accountInfo.tenantId;
+        account.environment = accountInfo.environment;
+        account.username = accountInfo.username;
+        account.name = accountInfo.name;
+        account.loginHint = accountInfo.loginHint;
+        account.cloudGraphHostName = cloudGraphHostName;
+        account.msGraphHost = msGraphHost;
+        // Serialize tenant profiles map into an array
+        account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
+        account.dataBoundary = accountInfo.dataBoundary;
+        return account;
+    }
+    /**
+     * Generate HomeAccountId from server response
+     * @param serverClientInfo
+     * @param authType
+     */
+    static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
+        // since ADFS/DSTS do not have tid and does not set client_info
+        if (!(authType === AuthorityType.Adfs ||
+            authType === AuthorityType.Dsts)) {
+            // for cases where there is clientInfo
+            if (serverClientInfo) {
+                try {
+                    const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);
+                    if (clientInfo.uid && clientInfo.utid) {
+                        return `${clientInfo.uid}.${clientInfo.utid}`;
+                    }
+                }
+                catch (e) { }
+            }
+            logger.warning("No client info in response");
+        }
+        // default to "sub" claim
+        return idTokenClaims?.sub || "";
+    }
+    /**
+     * Validates an entity: checks for all expected params
+     * @param entity
+     */
+    static isAccountEntity(entity) {
+        if (!entity) {
+            return false;
+        }
+        return (entity.hasOwnProperty("homeAccountId") &&
+            entity.hasOwnProperty("environment") &&
+            entity.hasOwnProperty("realm") &&
+            entity.hasOwnProperty("localAccountId") &&
+            entity.hasOwnProperty("username") &&
+            entity.hasOwnProperty("authorityType"));
+    }
+    /**
+     * Helper function to determine whether 2 accountInfo objects represent the same account
+     * @param accountA
+     * @param accountB
+     * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
+     */
+    static accountInfoIsEqual(accountA, accountB, compareClaims) {
+        if (!accountA || !accountB) {
+            return false;
+        }
+        let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
+        if (compareClaims) {
+            const accountAClaims = (accountA.idTokenClaims ||
+                {});
+            const accountBClaims = (accountB.idTokenClaims ||
+                {});
+            // issued at timestamp and nonce are expected to change each time a new id token is acquired
+            claimsMatch =
+                accountAClaims.iat === accountBClaims.iat &&
+                    accountAClaims.nonce === accountBClaims.nonce;
+        }
+        return (accountA.homeAccountId === accountB.homeAccountId &&
+            accountA.localAccountId === accountB.localAccountId &&
+            accountA.username === accountB.username &&
+            accountA.tenantId === accountB.tenantId &&
+            accountA.loginHint === accountB.loginHint &&
+            accountA.environment === accountB.environment &&
+            accountA.nativeAccountId === accountB.nativeAccountId &&
+            claimsMatch);
+    }
+}
+
+export { AccountEntity };
+//# sourceMappingURL=AccountEntity.mjs.map

extracted-source/node_modules/@azure/msal-common/dist/cache/persistence/TokenCacheContext.mjs

@@ -0,0 +1,30 @@
+/*! @azure/msal-common v15.13.1 2025-10-29 */
+'use strict';
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+/**
+ * This class instance helps track the memory changes facilitating
+ * decisions to read from and write to the persistent cache
+ */ class TokenCacheContext {
+    constructor(tokenCache, hasChanged) {
+        this.cache = tokenCache;
+        this.hasChanged = hasChanged;
+    }
+    /**
+     * boolean which indicates the changes in cache
+     */
+    get cacheHasChanged() {
+        return this.hasChanged;
+    }
+    /**
+     * function to retrieve the token cache
+     */
+    get tokenCache() {
+        return this.cache;
+    }
+}
+
+export { TokenCacheContext };
+//# sourceMappingURL=TokenCacheContext.mjs.map

extracted-source/node_modules/@azure/msal-common/dist/cache/utils/CacheHelpers.mjs

@@ -0,0 +1,270 @@
+/*! @azure/msal-common v15.13.1 2025-10-29 */
+'use strict';
+import { extractTokenClaims } from '../../account/AuthToken.mjs';
+import { createClientAuthError } from '../../error/ClientAuthError.mjs';
+import { CredentialType, AuthenticationScheme, SERVER_TELEM_CONSTANTS, ThrottlingConstants, APP_METADATA, Separators, AUTHORITY_METADATA_CONSTANTS } from '../../utils/Constants.mjs';
+import { nowSeconds } from '../../utils/TimeUtils.mjs';
+import { tokenClaimsCnfRequiredForSignedJwt } from '../../error/ClientAuthErrorCodes.mjs';
+
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+/**
+ * Create IdTokenEntity
+ * @param homeAccountId
+ * @param authenticationResult
+ * @param clientId
+ * @param authority
+ */
+function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
+    const idTokenEntity = {
+        credentialType: CredentialType.ID_TOKEN,
+        homeAccountId: homeAccountId,
+        environment: environment,
+        clientId: clientId,
+        secret: idToken,
+        realm: tenantId,
+        lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
+    };
+    return idTokenEntity;
+}
+/**
+ * Create AccessTokenEntity
+ * @param homeAccountId
+ * @param environment
+ * @param accessToken
+ * @param clientId
+ * @param tenantId
+ * @param scopes
+ * @param expiresOn
+ * @param extExpiresOn
+ */
+function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) {
+    const atEntity = {
+        homeAccountId: homeAccountId,
+        credentialType: CredentialType.ACCESS_TOKEN,
+        secret: accessToken,
+        cachedAt: nowSeconds().toString(),
+        expiresOn: expiresOn.toString(),
+        extendedExpiresOn: extExpiresOn.toString(),
+        environment: environment,
+        clientId: clientId,
+        realm: tenantId,
+        target: scopes,
+        tokenType: tokenType || AuthenticationScheme.BEARER,
+        lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
+    };
+    if (userAssertionHash) {
+        atEntity.userAssertionHash = userAssertionHash;
+    }
+    if (refreshOn) {
+        atEntity.refreshOn = refreshOn.toString();
+    }
+    if (requestedClaims) {
+        atEntity.requestedClaims = requestedClaims;
+        atEntity.requestedClaimsHash = requestedClaimsHash;
+    }
+    /*
+     * Create Access Token With Auth Scheme instead of regular access token
+     * Cast to lower to handle "bearer" from ADFS
+     */
+    if (atEntity.tokenType?.toLowerCase() !==
+        AuthenticationScheme.BEARER.toLowerCase()) {
+        atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
+        switch (atEntity.tokenType) {
+            case AuthenticationScheme.POP:
+                // Make sure keyId is present and add it to credential
+                const tokenClaims = extractTokenClaims(accessToken, base64Decode);
+                if (!tokenClaims?.cnf?.kid) {
+                    throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
+                }
+                atEntity.keyId = tokenClaims.cnf.kid;
+                break;
+            case AuthenticationScheme.SSH:
+                atEntity.keyId = keyId;
+        }
+    }
+    return atEntity;
+}
+/**
+ * Create RefreshTokenEntity
+ * @param homeAccountId
+ * @param authenticationResult
+ * @param clientId
+ * @param authority
+ */
+function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
+    const rtEntity = {
+        credentialType: CredentialType.REFRESH_TOKEN,
+        homeAccountId: homeAccountId,
+        environment: environment,
+        clientId: clientId,
+        secret: refreshToken,
+        lastUpdatedAt: Date.now().toString(),
+    };
+    if (userAssertionHash) {
+        rtEntity.userAssertionHash = userAssertionHash;
+    }
+    if (familyId) {
+        rtEntity.familyId = familyId;
+    }
+    if (expiresOn) {
+        rtEntity.expiresOn = expiresOn.toString();
+    }
+    return rtEntity;
+}
+function isCredentialEntity(entity) {
+    return (entity.hasOwnProperty("homeAccountId") &&
+        entity.hasOwnProperty("environment") &&
+        entity.hasOwnProperty("credentialType") &&
+        entity.hasOwnProperty("clientId") &&
+        entity.hasOwnProperty("secret"));
+}
+/**
+ * Validates an entity: checks for all expected params
+ * @param entity
+ */
+function isAccessTokenEntity(entity) {
+    if (!entity) {
+        return false;
+    }
+    return (isCredentialEntity(entity) &&
+        entity.hasOwnProperty("realm") &&
+        entity.hasOwnProperty("target") &&
+        (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
+            entity["credentialType"] ===
+                CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
+}
+/**
+ * Validates an entity: checks for all expected params
+ * @param entity
+ */
+function isIdTokenEntity(entity) {
+    if (!entity) {
+        return false;
+    }
+    return (isCredentialEntity(entity) &&
+        entity.hasOwnProperty("realm") &&
+        entity["credentialType"] === CredentialType.ID_TOKEN);
+}
+/**
+ * Validates an entity: checks for all expected params
+ * @param entity
+ */
+function isRefreshTokenEntity(entity) {
+    if (!entity) {
+        return false;
+    }
+    return (isCredentialEntity(entity) &&
+        entity["credentialType"] === CredentialType.REFRESH_TOKEN);
+}
+/**
+ * validates if a given cache entry is "Telemetry", parses <key,value>
+ * @param key
+ * @param entity
+ */
+function isServerTelemetryEntity(key, entity) {
+    const validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0;
+    let validateEntity = true;
+    if (entity) {
+        validateEntity =
+            entity.hasOwnProperty("failedRequests") &&
+                entity.hasOwnProperty("errors") &&
+                entity.hasOwnProperty("cacheHits");
+    }
+    return validateKey && validateEntity;
+}
+/**
+ * validates if a given cache entry is "Throttling", parses <key,value>
+ * @param key
+ * @param entity
+ */
+function isThrottlingEntity(key, entity) {
+    let validateKey = false;
+    if (key) {
+        validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;
+    }
+    let validateEntity = true;
+    if (entity) {
+        validateEntity = entity.hasOwnProperty("throttleTime");
+    }
+    return validateKey && validateEntity;
+}
+/**
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
+ */
+function generateAppMetadataKey({ environment, clientId, }) {
+    const appMetaDataKeyArray = [
+        APP_METADATA,
+        environment,
+        clientId,
+    ];
+    return appMetaDataKeyArray
+        .join(Separators.CACHE_KEY_SEPARATOR)
+        .toLowerCase();
+}
+/*
+ * Validates an entity: checks for all expected params
+ * @param entity
+ */
+function isAppMetadataEntity(key, entity) {
+    if (!entity) {
+        return false;
+    }
+    return (key.indexOf(APP_METADATA) === 0 &&
+        entity.hasOwnProperty("clientId") &&
+        entity.hasOwnProperty("environment"));
+}
+/**
+ * Validates an entity: checks for all expected params
+ * @param entity
+ */
+function isAuthorityMetadataEntity(key, entity) {
+    if (!entity) {
+        return false;
+    }
+    return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 &&
+        entity.hasOwnProperty("aliases") &&
+        entity.hasOwnProperty("preferred_cache") &&
+        entity.hasOwnProperty("preferred_network") &&
+        entity.hasOwnProperty("canonical_authority") &&
+        entity.hasOwnProperty("authorization_endpoint") &&
+        entity.hasOwnProperty("token_endpoint") &&
+        entity.hasOwnProperty("issuer") &&
+        entity.hasOwnProperty("aliasesFromNetwork") &&
+        entity.hasOwnProperty("endpointsFromNetwork") &&
+        entity.hasOwnProperty("expiresAt") &&
+        entity.hasOwnProperty("jwks_uri"));
+}
+/**
+ * Reset the exiresAt value
+ */
+function generateAuthorityMetadataExpiresAt() {
+    return (nowSeconds() +
+        AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS);
+}
+function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
+    authorityMetadata.authorization_endpoint =
+        updatedValues.authorization_endpoint;
+    authorityMetadata.token_endpoint = updatedValues.token_endpoint;
+    authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
+    authorityMetadata.issuer = updatedValues.issuer;
+    authorityMetadata.endpointsFromNetwork = fromNetwork;
+    authorityMetadata.jwks_uri = updatedValues.jwks_uri;
+}
+function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
+    authorityMetadata.aliases = updatedValues.aliases;
+    authorityMetadata.preferred_cache = updatedValues.preferred_cache;
+    authorityMetadata.preferred_network = updatedValues.preferred_network;
+    authorityMetadata.aliasesFromNetwork = fromNetwork;
+}
+/**
+ * Returns whether or not the data needs to be refreshed
+ */
+function isAuthorityMetadataExpired(metadata) {
+    return metadata.expiresAt <= nowSeconds();
+}
+
+export { createAccessTokenEntity, createIdTokenEntity, createRefreshTokenEntity, generateAppMetadataKey, generateAuthorityMetadataExpiresAt, isAccessTokenEntity, isAppMetadataEntity, isAuthorityMetadataEntity, isAuthorityMetadataExpired, isCredentialEntity, isIdTokenEntity, isRefreshTokenEntity, isServerTelemetryEntity, isThrottlingEntity, updateAuthorityEndpointMetadata, updateCloudDiscoveryMetadata };
+//# sourceMappingURL=CacheHelpers.mjs.map