Merge branch 'dev' into msal-node-proxy-request

Author: Robbie-Microsoft

.github/workflows/msal-node-e2e.yml

@@ -105,3 +105,90 @@ jobs:
       with:
         name: e2e-test-screenshots
         path: samples/**/screenshots
+
+  run-electron-e2e:
+    if: (github.repository == 'AzureAD/microsoft-authentication-library-for-js') && (github.actor != 'dependabot[bot]') && ((github.event.pull_request.head.repo.full_name == github.repository) || (github.event_name == 'push'))
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [windows-latest, macos-latest]
+        sample:
+          - 'ElectronTestApp'
+
+    name: ${{ matrix.sample }} - ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Use Node.js
+      uses: actions/setup-node@v2
+      with:
+        node-version: 16
+
+    - name: Restore node_modules for libs
+      uses: actions/cache@v2
+      id: lib-cache
+      with:
+        path: |
+          node_modules
+          lib/*/node_modules
+        key: ${{ runner.os }}-${{ hashFiles('package-lock.json', 'lib/*/package-lock.json') }}
+
+    - name: Clean Install
+      if: steps.lib-cache.outputs.cache-hit != 'true'
+      run: npm ci
+
+    - name: Build Package
+      working-directory: samples/msal-node-samples
+      run: npm run build:package
+
+    - name: Restore node_modules for test tools
+      uses: actions/cache@v2
+      id: test-tools-cache
+      with:
+        path: samples/node_modules
+        key: ${{ runner.os }}-node-test-tools-${{ hashFiles('samples/package-lock.json') }}
+
+    - name: Install Test Tools
+      if: steps.test-tools-cache.outputs.cache-hit != 'true'
+      working-directory: samples
+      run: npm ci
+
+    - name: Restore node_modules for sample
+      uses: actions/cache@v2
+      id: sample-cache
+      with:
+        path: samples/msal-node-samples/${{ matrix.sample }}/node_modules
+        key: ${{ runner.os }}-electron-e2e-${{ matrix.sample }}-${{ hashFiles(format('samples/msal-node-samples/{0}/package.json', matrix.sample), 'samples/package-lock.json') }}
+
+    - name: Install Sample
+      if: steps.sample-cache.outputs.cache-hit != 'true'
+      working-directory: samples/msal-node-samples/${{ matrix.sample }}
+      run: |
+        npm run install:local
+        npm install
+      env:
+        PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
+
+    - name: Build Sample
+      working-directory: samples/msal-node-samples/${{ matrix.sample }}
+      run: |
+        npm run build
+
+    - name: E2E Tests
+      working-directory: samples/msal-node-samples/${{ matrix.sample }}
+      timeout-minutes: 10
+      env:
+        AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+        AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+        AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+        DEBUG: pw:browser
+      run: npm test
+
+    - name: Upload E2E Test Screenshots
+      uses: actions/upload-artifact@v2
+      if: failure()
+      with:
+        name: e2e-test-screenshots
+        path: samples/**/screenshots

change/@azure-msal-browser-0998dfea-ce52-42a7-9709-9fb13449d326.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Add keyId to SHR header and make x5c_ca claim type string array #4729",
+  "packageName": "@azure/msal-browser",
+  "email": "hemoral@microsoft.com",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-browser-68f39a4c-233b-471c-bdfa-1e9b1350d56b.json

@@ -0,0 +1,7 @@
+{
+  "type": "minor",
+  "comment": "Fix empty hash errors in popups #4793",
+  "packageName": "@azure/msal-browser",
+  "email": "thomas.norling@microsoft.com",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-browser-8cb89fc5-2c6f-40fe-96b4-99dfe7fb89aa.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Fallback to web flow when native broker throws 'DISABLED' status #4837",
+  "packageName": "@azure/msal-browser",
+  "email": "thomas.norling@microsoft.com",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-common-7c4978ac-13e5-4473-9a8c-728ec0bdafd1.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Add keyId to SHR header and make x5c_ca claim type string array #4729",
+  "packageName": "@azure/msal-common",
+  "email": "hemoral@microsoft.com",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-node-16f35a40-8506-4ab8-a9ed-cc62c026a5e2.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Updated the regex and added a test for detecting public cert for SNI #4790",
+  "packageName": "@azure/msal-node",
+  "email": "email not defined",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-node-2c44a8b8-4645-4ad0-8963-8ba5b369789a.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "export AuthorizationCodePayload type from msal-common #4803",
+  "packageName": "@azure/msal-node",
+  "email": "git@hens.by",
+  "dependentChangeType": "patch"
+}

lib/msal-angular/package-lock.json

@@ -11,6 +11,8 @@
 1. [interaction_in_progress](#interaction_in_progress)
 1. [block_iframe_reload](#block_iframe_reload)
 1. [monitor_window_timeout](#monitor_window_timeout)
+1. [hash_empty_error](#hash_empty_error)
+1. [hash_does_not_contain_known_properties](#hash_does_not_contain_known_properties)
 1. [unable_to_acquire_token_from_native_platform](#unable_to_acquire_token_from_native_platform)
 1. [native_connection_not_established](#native_connection_not_established)
 1. [native_broker_called_before_initialize](#native_broker_called_before_initialize)
@@ -159,6 +161,8 @@ This error can be thrown when calling `ssoSilent`, `acquireTokenSilent`, `acquir
 1. You are being throttled by your identity provider
 1. Your identity provider did not redirect back to your `redirectUri`.
 
+**Important**: If your application uses a router library (e.g. React Router, Angular Router), please make sure it does not strip the hash or auto-redirect while MSAL token acquisition is in progress. If possible, it is best if your `redirectUri` page does not invoke the router at all.
+
 #### Issues caused by the redirectUri page
 
 When you make a silent call, in some cases, an iframe will be opened and will navigate to your identity provider's authorization page. After the identity provider has authorized the user it will redirect the iframe back to the `redirectUri` with the authorization code or error information in the hash fragment. The MSAL instance running in the frame or window that originally made the request will extract this response hash and process it. If your `redirectUri` is removing or manipulating this hash or navigating to a different page before MSAL has extracted it you will receive this timeout error.
@@ -224,6 +228,25 @@ const msalConfig = {
 };
 ```
 
+### hash_empty_error
+
+**Error Messages**:
+
+> Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash.
+
+This error occurs when the page you use as your redirectUri is removing the hash, or auto-redirecting to another page. This most commonly happens when the application implements a router which navigates to another route, dropping the hash.
+
+To resolve this error we recommend using a dedicated redirectUri page which is not subject to the router. For silent and popup calls it's best to use a blank page. If this is not possible please make sure the router does not navigate while MSAL token acquisition is in progress. You can do this by detecting if your application is loaded in an iframe for silent calls, in a popup for popup calls or by awaiting `handleRedirectPromise` for redirect calls.
+
+### hash_does_not_contain_known_properties
+
+**Error Messages**:
+
+> Hash does not contain known properites. Please verify that your redirectUri is not changing the hash.
+
+Please see explanation for [hash_empty_error](#hash_empty_error) above. The root cause for this error is similar, the difference being the hash has been changed, rather than dropped.
+
+
 ### unable_to_acquire_token_from_native_platform
 
 **Error Messages**: