@azure/msal-browser 4.13.0 → 4.13.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (134) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.d.ts +1 -0
  5. package/dist/broker/nativeBroker/NativeStatusCodes.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +4 -3
  7. package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +6 -6
  11. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  12. package/dist/cache/AccountManager.mjs +1 -1
  13. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  14. package/dist/cache/BrowserCacheManager.d.ts +5 -6
  15. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  16. package/dist/cache/BrowserCacheManager.mjs +17 -18
  17. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  18. package/dist/cache/CacheHelpers.mjs +1 -1
  19. package/dist/cache/CookieStorage.mjs +1 -1
  20. package/dist/cache/DatabaseStorage.mjs +1 -1
  21. package/dist/cache/LocalStorage.mjs +1 -1
  22. package/dist/cache/MemoryStorage.mjs +1 -1
  23. package/dist/cache/SessionStorage.mjs +1 -1
  24. package/dist/cache/TokenCache.mjs +1 -1
  25. package/dist/config/Configuration.mjs +1 -1
  26. package/dist/controllers/ControllerFactory.mjs +1 -1
  27. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  28. package/dist/controllers/NestedAppAuthController.mjs +2 -2
  29. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  30. package/dist/controllers/StandardController.d.ts.map +1 -1
  31. package/dist/controllers/StandardController.mjs +3 -3
  32. package/dist/controllers/StandardController.mjs.map +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.d.ts +1 -1
  36. package/dist/crypto/CryptoOps.d.ts.map +1 -1
  37. package/dist/crypto/CryptoOps.mjs +5 -3
  38. package/dist/crypto/CryptoOps.mjs.map +1 -1
  39. package/dist/crypto/PkceGenerator.mjs +1 -1
  40. package/dist/crypto/SignedHttpRequest.d.ts.map +1 -1
  41. package/dist/crypto/SignedHttpRequest.mjs +16 -3
  42. package/dist/crypto/SignedHttpRequest.mjs.map +1 -1
  43. package/dist/encode/Base64Decode.mjs +1 -1
  44. package/dist/encode/Base64Encode.mjs +1 -1
  45. package/dist/error/BrowserAuthError.mjs +1 -1
  46. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  47. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  48. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  49. package/dist/error/NativeAuthError.d.ts.map +1 -1
  50. package/dist/error/NativeAuthError.mjs +5 -3
  51. package/dist/error/NativeAuthError.mjs.map +1 -1
  52. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  53. package/dist/error/NestedAppAuthError.mjs +1 -1
  54. package/dist/event/EventHandler.mjs +1 -1
  55. package/dist/event/EventMessage.mjs +1 -1
  56. package/dist/event/EventType.mjs +1 -1
  57. package/dist/index.mjs +1 -1
  58. package/dist/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  59. package/dist/interaction_client/BaseInteractionClient.mjs +3 -3
  60. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  61. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  62. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  63. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -4
  64. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  65. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  66. package/dist/interaction_client/PopupClient.mjs +2 -2
  67. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  68. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  69. package/dist/interaction_client/RedirectClient.mjs +2 -2
  70. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  71. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  72. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  73. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  74. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  75. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  76. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  77. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  78. package/dist/naa/BridgeError.mjs +1 -1
  79. package/dist/naa/BridgeProxy.mjs +1 -1
  80. package/dist/naa/BridgeStatusCode.mjs +1 -1
  81. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  82. package/dist/navigation/NavigationClient.mjs +3 -3
  83. package/dist/navigation/NavigationClient.mjs.map +1 -1
  84. package/dist/network/FetchClient.mjs +1 -1
  85. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  86. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  87. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  88. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  89. package/dist/packageMetadata.d.ts +1 -1
  90. package/dist/packageMetadata.mjs +2 -2
  91. package/dist/protocol/Authorize.mjs +1 -1
  92. package/dist/request/RequestHelpers.mjs +1 -1
  93. package/dist/response/ResponseHandler.mjs +1 -1
  94. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  95. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  96. package/dist/utils/BrowserConstants.mjs +1 -1
  97. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  98. package/dist/utils/BrowserUtils.mjs +1 -1
  99. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  100. package/lib/msal-browser.cjs +808 -796
  101. package/lib/msal-browser.cjs.map +1 -1
  102. package/lib/msal-browser.js +808 -796
  103. package/lib/msal-browser.js.map +1 -1
  104. package/lib/msal-browser.min.js +67 -65
  105. package/lib/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -0
  106. package/lib/types/broker/nativeBroker/NativeStatusCodes.d.ts.map +1 -1
  107. package/lib/types/cache/BrowserCacheManager.d.ts +5 -6
  108. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  109. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  110. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  111. package/lib/types/crypto/CryptoOps.d.ts +1 -1
  112. package/lib/types/crypto/CryptoOps.d.ts.map +1 -1
  113. package/lib/types/crypto/SignedHttpRequest.d.ts.map +1 -1
  114. package/lib/types/error/NativeAuthError.d.ts.map +1 -1
  115. package/lib/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  116. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  117. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  118. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  119. package/lib/types/packageMetadata.d.ts +1 -1
  120. package/package.json +2 -2
  121. package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -0
  122. package/src/broker/nativeBroker/PlatformAuthProvider.ts +5 -5
  123. package/src/cache/BrowserCacheManager.ts +22 -23
  124. package/src/controllers/NestedAppAuthController.ts +1 -3
  125. package/src/controllers/StandardController.ts +3 -2
  126. package/src/crypto/CryptoOps.ts +8 -2
  127. package/src/crypto/SignedHttpRequest.ts +19 -1
  128. package/src/error/NativeAuthError.ts +4 -0
  129. package/src/interaction_client/BaseInteractionClient.ts +4 -3
  130. package/src/interaction_client/PlatformAuthInteractionClient.ts +4 -5
  131. package/src/interaction_client/PopupClient.ts +3 -2
  132. package/src/interaction_client/RedirectClient.ts +3 -2
  133. package/src/navigation/NavigationClient.ts +2 -2
  134. package/src/packageMetadata.ts +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.13.0 2025-05-30 */
1
+ /*! @azure/msal-browser v4.13.2 2025-06-18 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.7.0 2025-05-30 */
5
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -298,7 +298,7 @@ const JsonWebTokenTypes = {
298
298
  // Token renewal offset default in seconds
299
299
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
300
300
 
301
- /*! @azure/msal-common v15.7.0 2025-05-30 */
301
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
302
302
  /*
303
303
  * Copyright (c) Microsoft Corporation. All rights reserved.
304
304
  * Licensed under the MIT License.
@@ -315,7 +315,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
315
315
  unexpectedError: unexpectedError
316
316
  });
317
317
 
318
- /*! @azure/msal-common v15.7.0 2025-05-30 */
318
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
319
319
 
320
320
  /*
321
321
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -364,7 +364,7 @@ function createAuthError(code, additionalMessage) {
364
364
  : AuthErrorMessages[code]);
365
365
  }
366
366
 
367
- /*! @azure/msal-common v15.7.0 2025-05-30 */
367
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
368
368
  /*
369
369
  * Copyright (c) Microsoft Corporation. All rights reserved.
370
370
  * Licensed under the MIT License.
@@ -462,7 +462,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
462
462
  userTimeoutReached: userTimeoutReached
463
463
  });
464
464
 
465
- /*! @azure/msal-common v15.7.0 2025-05-30 */
465
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
466
466
 
467
467
  /*
468
468
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -714,7 +714,7 @@ function createClientAuthError(errorCode, additionalMessage) {
714
714
  return new ClientAuthError(errorCode, additionalMessage);
715
715
  }
716
716
 
717
- /*! @azure/msal-common v15.7.0 2025-05-30 */
717
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
718
718
 
719
719
  /*
720
720
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -753,7 +753,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
753
753
  },
754
754
  };
755
755
 
756
- /*! @azure/msal-common v15.7.0 2025-05-30 */
756
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
757
757
 
758
758
  /*
759
759
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -944,12 +944,12 @@ class Logger {
944
944
  }
945
945
  }
946
946
 
947
- /*! @azure/msal-common v15.7.0 2025-05-30 */
947
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
948
948
  /* eslint-disable header/header */
949
949
  const name$1 = "@azure/msal-common";
950
- const version$1 = "15.7.0";
950
+ const version$1 = "15.7.1";
951
951
 
952
- /*! @azure/msal-common v15.7.0 2025-05-30 */
952
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
953
953
  /*
954
954
  * Copyright (c) Microsoft Corporation. All rights reserved.
955
955
  * Licensed under the MIT License.
@@ -969,7 +969,7 @@ const AzureCloudInstance = {
969
969
  AzureUsGovernment: "https://login.microsoftonline.us",
970
970
  };
971
971
 
972
- /*! @azure/msal-common v15.7.0 2025-05-30 */
972
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
973
973
 
974
974
  /*
975
975
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1030,7 +1030,7 @@ function checkMaxAge(authTime, maxAge) {
1030
1030
  }
1031
1031
  }
1032
1032
 
1033
- /*! @azure/msal-common v15.7.0 2025-05-30 */
1033
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1034
1034
  /*
1035
1035
  * Copyright (c) Microsoft Corporation. All rights reserved.
1036
1036
  * Licensed under the MIT License.
@@ -1085,7 +1085,7 @@ function wasClockTurnedBack(cachedAt) {
1085
1085
  return cachedAtSec > nowSeconds();
1086
1086
  }
1087
1087
 
1088
- /*! @azure/msal-common v15.7.0 2025-05-30 */
1088
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1089
1089
 
1090
1090
  /*
1091
1091
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1412,7 +1412,7 @@ function isAuthorityMetadataExpired(metadata) {
1412
1412
  return metadata.expiresAt <= nowSeconds();
1413
1413
  }
1414
1414
 
1415
- /*! @azure/msal-common v15.7.0 2025-05-30 */
1415
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1416
1416
  /*
1417
1417
  * Copyright (c) Microsoft Corporation. All rights reserved.
1418
1418
  * Licensed under the MIT License.
@@ -1466,7 +1466,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
1466
1466
  urlParseError: urlParseError
1467
1467
  });
1468
1468
 
1469
- /*! @azure/msal-common v15.7.0 2025-05-30 */
1469
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1470
1470
 
1471
1471
  /*
1472
1472
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1604,7 +1604,7 @@ function createClientConfigurationError(errorCode) {
1604
1604
  return new ClientConfigurationError(errorCode);
1605
1605
  }
1606
1606
 
1607
- /*! @azure/msal-common v15.7.0 2025-05-30 */
1607
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1608
1608
  /*
1609
1609
  * Copyright (c) Microsoft Corporation. All rights reserved.
1610
1610
  * Licensed under the MIT License.
@@ -1701,7 +1701,7 @@ class StringUtils {
1701
1701
  }
1702
1702
  }
1703
1703
 
1704
- /*! @azure/msal-common v15.7.0 2025-05-30 */
1704
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1705
1705
 
1706
1706
  /*
1707
1707
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1892,7 +1892,7 @@ class ScopeSet {
1892
1892
  }
1893
1893
  }
1894
1894
 
1895
- /*! @azure/msal-common v15.7.0 2025-05-30 */
1895
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1896
1896
 
1897
1897
  /*
1898
1898
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1932,7 +1932,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1932
1932
  };
1933
1933
  }
1934
1934
 
1935
- /*! @azure/msal-common v15.7.0 2025-05-30 */
1935
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1936
1936
  /*
1937
1937
  * Copyright (c) Microsoft Corporation. All rights reserved.
1938
1938
  * Licensed under the MIT License.
@@ -2011,7 +2011,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
2011
2011
  return updatedAccountInfo;
2012
2012
  }
2013
2013
 
2014
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2014
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2015
2015
  /*
2016
2016
  * Copyright (c) Microsoft Corporation. All rights reserved.
2017
2017
  * Licensed under the MIT License.
@@ -2026,7 +2026,7 @@ const AuthorityType = {
2026
2026
  Ciam: 3,
2027
2027
  };
2028
2028
 
2029
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2029
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2030
2030
  /*
2031
2031
  * Copyright (c) Microsoft Corporation. All rights reserved.
2032
2032
  * Licensed under the MIT License.
@@ -2048,7 +2048,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2048
2048
  return null;
2049
2049
  }
2050
2050
 
2051
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2051
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2052
2052
  /*
2053
2053
  * Copyright (c) Microsoft Corporation. All rights reserved.
2054
2054
  * Licensed under the MIT License.
@@ -2072,7 +2072,7 @@ const ProtocolMode = {
2072
2072
  EAR: "EAR",
2073
2073
  };
2074
2074
 
2075
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2075
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2076
2076
 
2077
2077
  /*
2078
2078
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2315,7 +2315,7 @@ class AccountEntity {
2315
2315
  }
2316
2316
  }
2317
2317
 
2318
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2318
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2319
2319
 
2320
2320
  /*
2321
2321
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2380,7 +2380,7 @@ function mapToQueryString(parameters, encodeExtraParams = true, extraQueryParame
2380
2380
  return queryParameterArray.join("&");
2381
2381
  }
2382
2382
 
2383
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2383
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2384
2384
 
2385
2385
  /*
2386
2386
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2544,7 +2544,7 @@ class UrlString {
2544
2544
  }
2545
2545
  }
2546
2546
 
2547
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2547
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2548
2548
 
2549
2549
  /*
2550
2550
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2684,7 +2684,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2684
2684
  return null;
2685
2685
  }
2686
2686
 
2687
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2687
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2688
2688
  /*
2689
2689
  * Copyright (c) Microsoft Corporation. All rights reserved.
2690
2690
  * Licensed under the MIT License.
@@ -2692,7 +2692,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2692
2692
  const cacheQuotaExceededErrorCode = "cache_quota_exceeded";
2693
2693
  const cacheUnknownErrorCode = "cache_error_unknown";
2694
2694
 
2695
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2695
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2696
2696
 
2697
2697
  /*
2698
2698
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2719,7 +2719,7 @@ class CacheError extends Error {
2719
2719
  }
2720
2720
  }
2721
2721
 
2722
- /*! @azure/msal-common v15.7.0 2025-05-30 */
2722
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2723
2723
 
2724
2724
  /*
2725
2725
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2730,11 +2730,12 @@ class CacheError extends Error {
2730
2730
  * @internal
2731
2731
  */
2732
2732
  class CacheManager {
2733
- constructor(clientId, cryptoImpl, logger, staticAuthorityOptions) {
2733
+ constructor(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions) {
2734
2734
  this.clientId = clientId;
2735
2735
  this.cryptoImpl = cryptoImpl;
2736
2736
  this.commonLogger = logger.clone(name$1, version$1);
2737
2737
  this.staticAuthorityOptions = staticAuthorityOptions;
2738
+ this.performanceClient = performanceClient;
2738
2739
  }
2739
2740
  /**
2740
2741
  * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
@@ -2943,7 +2944,6 @@ class CacheManager {
2943
2944
  };
2944
2945
  const tokenKeys = this.getTokenKeys();
2945
2946
  const currentScopes = ScopeSet.fromString(credential.target);
2946
- const removedAccessTokens = [];
2947
2947
  tokenKeys.accessToken.forEach((key) => {
2948
2948
  if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {
2949
2949
  return;
@@ -2953,11 +2953,10 @@ class CacheManager {
2953
2953
  this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {
2954
2954
  const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
2955
2955
  if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
2956
- removedAccessTokens.push(this.removeAccessToken(key));
2956
+ this.removeAccessToken(key, correlationId);
2957
2957
  }
2958
2958
  }
2959
2959
  });
2960
- await Promise.all(removedAccessTokens);
2961
2960
  await this.setAccessTokenCredential(credential, correlationId);
2962
2961
  }
2963
2962
  /**
@@ -3199,34 +3198,31 @@ class CacheManager {
3199
3198
  /**
3200
3199
  * Removes all accounts and related tokens from cache.
3201
3200
  */
3202
- async removeAllAccounts() {
3201
+ removeAllAccounts(correlationId) {
3203
3202
  const allAccountKeys = this.getAccountKeys();
3204
- const removedAccounts = [];
3205
3203
  allAccountKeys.forEach((cacheKey) => {
3206
- removedAccounts.push(this.removeAccount(cacheKey));
3204
+ this.removeAccount(cacheKey, correlationId);
3207
3205
  });
3208
- await Promise.all(removedAccounts);
3209
3206
  }
3210
3207
  /**
3211
3208
  * Removes the account and related tokens for a given account key
3212
3209
  * @param account
3213
3210
  */
3214
- async removeAccount(accountKey) {
3211
+ removeAccount(accountKey, correlationId) {
3215
3212
  const account = this.getAccount(accountKey, this.commonLogger);
3216
3213
  if (!account) {
3217
3214
  return;
3218
3215
  }
3219
- await this.removeAccountContext(account);
3216
+ this.removeAccountContext(account, correlationId);
3220
3217
  this.removeItem(accountKey);
3221
3218
  }
3222
3219
  /**
3223
3220
  * Removes credentials associated with the provided account
3224
3221
  * @param account
3225
3222
  */
3226
- async removeAccountContext(account) {
3223
+ removeAccountContext(account, correlationId) {
3227
3224
  const allTokenKeys = this.getTokenKeys();
3228
3225
  const accountId = account.generateAccountId();
3229
- const removedCredentials = [];
3230
3226
  allTokenKeys.idToken.forEach((key) => {
3231
3227
  if (key.indexOf(accountId) === 0) {
3232
3228
  this.removeIdToken(key);
@@ -3234,7 +3230,7 @@ class CacheManager {
3234
3230
  });
3235
3231
  allTokenKeys.accessToken.forEach((key) => {
3236
3232
  if (key.indexOf(accountId) === 0) {
3237
- removedCredentials.push(this.removeAccessToken(key));
3233
+ this.removeAccessToken(key, correlationId);
3238
3234
  }
3239
3235
  });
3240
3236
  allTokenKeys.refreshToken.forEach((key) => {
@@ -3242,17 +3238,17 @@ class CacheManager {
3242
3238
  this.removeRefreshToken(key);
3243
3239
  }
3244
3240
  });
3245
- await Promise.all(removedCredentials);
3246
3241
  }
3247
3242
  /**
3248
3243
  * returns a boolean if the given credential is removed
3249
3244
  * @param credential
3250
3245
  */
3251
- async removeAccessToken(key) {
3246
+ removeAccessToken(key, correlationId) {
3252
3247
  const credential = this.getAccessTokenCredential(key);
3253
3248
  if (!credential) {
3254
3249
  return;
3255
3250
  }
3251
+ this.removeItem(key);
3256
3252
  // Remove Token Binding Key from key store for PoP Tokens Credentials
3257
3253
  if (credential.credentialType.toLowerCase() ===
3258
3254
  CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) {
@@ -3260,16 +3256,15 @@ class CacheManager {
3260
3256
  const accessTokenWithAuthSchemeEntity = credential;
3261
3257
  const kid = accessTokenWithAuthSchemeEntity.keyId;
3262
3258
  if (kid) {
3263
- try {
3264
- await this.cryptoImpl.removeTokenBindingKey(kid);
3265
- }
3266
- catch (error) {
3267
- throw createClientAuthError(bindingKeyNotRemoved);
3268
- }
3259
+ void this.cryptoImpl
3260
+ .removeTokenBindingKey(kid)
3261
+ .catch(() => {
3262
+ this.commonLogger.error(`Failed to remove token binding key ${kid}`, correlationId);
3263
+ this.performanceClient?.incrementFields({ removeTokenBindingKeyFailure: 1 }, correlationId);
3264
+ });
3269
3265
  }
3270
3266
  }
3271
3267
  }
3272
- return this.removeItem(key);
3273
3268
  }
3274
3269
  /**
3275
3270
  * Removes all app metadata objects from cache.
@@ -3411,10 +3406,10 @@ class CacheManager {
3411
3406
  * @param request {BaseAuthRequest}
3412
3407
  * @param tokenKeys {?TokenKeys}
3413
3408
  * @param performanceClient {?IPerformanceClient}
3414
- * @param correlationId {?string}
3415
3409
  */
3416
- getAccessToken(account, request, tokenKeys, targetRealm, performanceClient, correlationId) {
3417
- this.commonLogger.trace("CacheManager - getAccessToken called");
3410
+ getAccessToken(account, request, tokenKeys, targetRealm) {
3411
+ const correlationId = request.correlationId;
3412
+ this.commonLogger.trace("CacheManager - getAccessToken called", correlationId);
3418
3413
  const scopes = ScopeSet.createSearchScopes(request.scopes);
3419
3414
  const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;
3420
3415
  /*
@@ -3453,20 +3448,18 @@ class CacheManager {
3453
3448
  });
3454
3449
  const numAccessTokens = accessTokens.length;
3455
3450
  if (numAccessTokens < 1) {
3456
- this.commonLogger.info("CacheManager:getAccessToken - No token found");
3451
+ this.commonLogger.info("CacheManager:getAccessToken - No token found", correlationId);
3457
3452
  return null;
3458
3453
  }
3459
3454
  else if (numAccessTokens > 1) {
3460
- this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them");
3455
+ this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them", correlationId);
3461
3456
  accessTokens.forEach((accessToken) => {
3462
- void this.removeAccessToken(generateCredentialKey(accessToken));
3457
+ this.removeAccessToken(generateCredentialKey(accessToken), correlationId);
3463
3458
  });
3464
- if (performanceClient && correlationId) {
3465
- performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
3466
- }
3459
+ this.performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
3467
3460
  return null;
3468
3461
  }
3469
- this.commonLogger.info("CacheManager:getAccessToken - Returning access token");
3462
+ this.commonLogger.info("CacheManager:getAccessToken - Returning access token", correlationId);
3470
3463
  return accessTokens[0];
3471
3464
  }
3472
3465
  /**
@@ -3904,576 +3897,16 @@ class DefaultStorageClass extends CacheManager {
3904
3897
  }
3905
3898
  }
3906
3899
 
3907
- /*! @azure/msal-common v15.7.0 2025-05-30 */
3908
-
3900
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
3909
3901
  /*
3910
3902
  * Copyright (c) Microsoft Corporation. All rights reserved.
3911
3903
  * Licensed under the MIT License.
3912
3904
  */
3913
- const DEFAULT_SYSTEM_OPTIONS = {
3914
- tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
3915
- preventCorsPreflight: false,
3916
- };
3917
- const DEFAULT_LOGGER_IMPLEMENTATION = {
3918
- loggerCallback: () => {
3919
- // allow users to not set loggerCallback
3920
- },
3921
- piiLoggingEnabled: false,
3922
- logLevel: exports.LogLevel.Info,
3923
- correlationId: Constants.EMPTY_STRING,
3924
- };
3925
- const DEFAULT_CACHE_OPTIONS = {
3926
- claimsBasedCachingEnabled: false,
3927
- };
3928
- const DEFAULT_NETWORK_IMPLEMENTATION = {
3929
- async sendGetRequestAsync() {
3930
- throw createClientAuthError(methodNotImplemented);
3931
- },
3932
- async sendPostRequestAsync() {
3933
- throw createClientAuthError(methodNotImplemented);
3934
- },
3935
- };
3936
- const DEFAULT_LIBRARY_INFO = {
3937
- sku: Constants.SKU,
3938
- version: version$1,
3939
- cpu: Constants.EMPTY_STRING,
3940
- os: Constants.EMPTY_STRING,
3941
- };
3942
- const DEFAULT_CLIENT_CREDENTIALS = {
3943
- clientSecret: Constants.EMPTY_STRING,
3944
- clientAssertion: undefined,
3945
- };
3946
- const DEFAULT_AZURE_CLOUD_OPTIONS = {
3947
- azureCloudInstance: AzureCloudInstance.None,
3948
- tenant: `${Constants.DEFAULT_COMMON_TENANT}`,
3949
- };
3950
- const DEFAULT_TELEMETRY_OPTIONS = {
3951
- application: {
3952
- appName: "",
3953
- appVersion: "",
3954
- },
3955
- };
3956
3905
  /**
3957
- * Function that sets the default options when not explicitly configured from app developer
3958
- *
3959
- * @param Configuration
3906
+ * Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.
3960
3907
  *
3961
- * @returns Configuration
3962
- */
3963
- function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {
3964
- const loggerOptions = {
3965
- ...DEFAULT_LOGGER_IMPLEMENTATION,
3966
- ...userLoggerOption,
3967
- };
3968
- return {
3969
- authOptions: buildAuthOptions(userAuthOptions),
3970
- systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
3971
- loggerOptions: loggerOptions,
3972
- cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
3973
- storageInterface: storageImplementation ||
3974
- new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions)),
3975
- networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
3976
- cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
3977
- clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
3978
- libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },
3979
- telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },
3980
- serverTelemetryManager: serverTelemetryManager || null,
3981
- persistencePlugin: persistencePlugin || null,
3982
- serializableCache: serializableCache || null,
3983
- };
3984
- }
3985
- /**
3986
- * Construct authoptions from the client and platform passed values
3987
- * @param authOptions
3988
- */
3989
- function buildAuthOptions(authOptions) {
3990
- return {
3991
- clientCapabilities: [],
3992
- azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3993
- skipAuthorityMetadataCache: false,
3994
- instanceAware: false,
3995
- encodeExtraQueryParams: false,
3996
- ...authOptions,
3997
- };
3998
- }
3999
- /**
4000
- * Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
4001
- * @param ClientConfiguration
4002
- */
4003
- function isOidcProtocolMode(config) {
4004
- return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4005
- }
4006
-
4007
- /*! @azure/msal-common v15.7.0 2025-05-30 */
4008
- /*
4009
- * Copyright (c) Microsoft Corporation. All rights reserved.
4010
- * Licensed under the MIT License.
4011
- */
4012
- const CcsCredentialType = {
4013
- HOME_ACCOUNT_ID: "home_account_id",
4014
- UPN: "UPN",
4015
- };
4016
-
4017
- /*! @azure/msal-common v15.7.0 2025-05-30 */
4018
- /*
4019
- * Copyright (c) Microsoft Corporation. All rights reserved.
4020
- * Licensed under the MIT License.
4021
- */
4022
- const CLIENT_ID = "client_id";
4023
- const REDIRECT_URI = "redirect_uri";
4024
- const RESPONSE_TYPE = "response_type";
4025
- const RESPONSE_MODE = "response_mode";
4026
- const GRANT_TYPE = "grant_type";
4027
- const CLAIMS = "claims";
4028
- const SCOPE = "scope";
4029
- const REFRESH_TOKEN = "refresh_token";
4030
- const STATE = "state";
4031
- const NONCE = "nonce";
4032
- const PROMPT = "prompt";
4033
- const CODE = "code";
4034
- const CODE_CHALLENGE = "code_challenge";
4035
- const CODE_CHALLENGE_METHOD = "code_challenge_method";
4036
- const CODE_VERIFIER = "code_verifier";
4037
- const CLIENT_REQUEST_ID = "client-request-id";
4038
- const X_CLIENT_SKU = "x-client-SKU";
4039
- const X_CLIENT_VER = "x-client-VER";
4040
- const X_CLIENT_OS = "x-client-OS";
4041
- const X_CLIENT_CPU = "x-client-CPU";
4042
- const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
4043
- const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
4044
- const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
4045
- const X_APP_NAME = "x-app-name";
4046
- const X_APP_VER = "x-app-ver";
4047
- const POST_LOGOUT_URI = "post_logout_redirect_uri";
4048
- const ID_TOKEN_HINT = "id_token_hint";
4049
- const CLIENT_SECRET = "client_secret";
4050
- const CLIENT_ASSERTION = "client_assertion";
4051
- const CLIENT_ASSERTION_TYPE = "client_assertion_type";
4052
- const TOKEN_TYPE = "token_type";
4053
- const REQ_CNF = "req_cnf";
4054
- const RETURN_SPA_CODE = "return_spa_code";
4055
- const NATIVE_BROKER = "nativebroker";
4056
- const LOGOUT_HINT = "logout_hint";
4057
- const SID = "sid";
4058
- const LOGIN_HINT = "login_hint";
4059
- const DOMAIN_HINT = "domain_hint";
4060
- const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
4061
- const BROKER_CLIENT_ID = "brk_client_id";
4062
- const BROKER_REDIRECT_URI = "brk_redirect_uri";
4063
- const INSTANCE_AWARE = "instance_aware";
4064
- const EAR_JWK = "ear_jwk";
4065
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4066
-
4067
- /*! @azure/msal-common v15.7.0 2025-05-30 */
4068
-
4069
- /*
4070
- * Copyright (c) Microsoft Corporation. All rights reserved.
4071
- * Licensed under the MIT License.
4072
- */
4073
- function instrumentBrokerParams(parameters, correlationId, performanceClient) {
4074
- if (!correlationId) {
4075
- return;
4076
- }
4077
- const clientId = parameters.get(CLIENT_ID);
4078
- if (clientId && parameters.has(BROKER_CLIENT_ID)) {
4079
- performanceClient?.addFields({
4080
- embeddedClientId: clientId,
4081
- embeddedRedirectUri: parameters.get(REDIRECT_URI),
4082
- }, correlationId);
4083
- }
4084
- }
4085
- /**
4086
- * Add the given response_type
4087
- * @param parameters
4088
- * @param responseType
4089
- */
4090
- function addResponseType(parameters, responseType) {
4091
- parameters.set(RESPONSE_TYPE, responseType);
4092
- }
4093
- /**
4094
- * add response_mode. defaults to query.
4095
- * @param responseMode
4096
- */
4097
- function addResponseMode(parameters, responseMode) {
4098
- parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
4099
- }
4100
- /**
4101
- * Add flag to indicate STS should attempt to use WAM if available
4102
- */
4103
- function addNativeBroker(parameters) {
4104
- parameters.set(NATIVE_BROKER, "1");
4105
- }
4106
- /**
4107
- * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
4108
- * @param scopeSet
4109
- * @param addOidcScopes
4110
- */
4111
- function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
4112
- // Always add openid to the scopes when adding OIDC scopes
4113
- if (addOidcScopes &&
4114
- !defaultScopes.includes("openid") &&
4115
- !scopes.includes("openid")) {
4116
- defaultScopes.push("openid");
4117
- }
4118
- const requestScopes = addOidcScopes
4119
- ? [...(scopes || []), ...defaultScopes]
4120
- : scopes || [];
4121
- const scopeSet = new ScopeSet(requestScopes);
4122
- parameters.set(SCOPE, scopeSet.printScopes());
4123
- }
4124
- /**
4125
- * add clientId
4126
- * @param clientId
4127
- */
4128
- function addClientId(parameters, clientId) {
4129
- parameters.set(CLIENT_ID, clientId);
4130
- }
4131
- /**
4132
- * add redirect_uri
4133
- * @param redirectUri
4134
- */
4135
- function addRedirectUri(parameters, redirectUri) {
4136
- parameters.set(REDIRECT_URI, redirectUri);
4137
- }
4138
- /**
4139
- * add post logout redirectUri
4140
- * @param redirectUri
4141
- */
4142
- function addPostLogoutRedirectUri(parameters, redirectUri) {
4143
- parameters.set(POST_LOGOUT_URI, redirectUri);
4144
- }
4145
- /**
4146
- * add id_token_hint to logout request
4147
- * @param idTokenHint
4148
- */
4149
- function addIdTokenHint(parameters, idTokenHint) {
4150
- parameters.set(ID_TOKEN_HINT, idTokenHint);
4151
- }
4152
- /**
4153
- * add domain_hint
4154
- * @param domainHint
4155
- */
4156
- function addDomainHint(parameters, domainHint) {
4157
- parameters.set(DOMAIN_HINT, domainHint);
4158
- }
4159
- /**
4160
- * add login_hint
4161
- * @param loginHint
4162
- */
4163
- function addLoginHint(parameters, loginHint) {
4164
- parameters.set(LOGIN_HINT, loginHint);
4165
- }
4166
- /**
4167
- * Adds the CCS (Cache Credential Service) query parameter for login_hint
4168
- * @param loginHint
4169
- */
4170
- function addCcsUpn(parameters, loginHint) {
4171
- parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
4172
- }
4173
- /**
4174
- * Adds the CCS (Cache Credential Service) query parameter for account object
4175
- * @param loginHint
4176
- */
4177
- function addCcsOid(parameters, clientInfo) {
4178
- parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
4179
- }
4180
- /**
4181
- * add sid
4182
- * @param sid
4183
- */
4184
- function addSid(parameters, sid) {
4185
- parameters.set(SID, sid);
4186
- }
4187
- /**
4188
- * add claims
4189
- * @param claims
4190
- */
4191
- function addClaims(parameters, claims, clientCapabilities) {
4192
- const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
4193
- try {
4194
- JSON.parse(mergedClaims);
4195
- }
4196
- catch (e) {
4197
- throw createClientConfigurationError(invalidClaims);
4198
- }
4199
- parameters.set(CLAIMS, mergedClaims);
4200
- }
4201
- /**
4202
- * add correlationId
4203
- * @param correlationId
4204
- */
4205
- function addCorrelationId(parameters, correlationId) {
4206
- parameters.set(CLIENT_REQUEST_ID, correlationId);
4207
- }
4208
- /**
4209
- * add library info query params
4210
- * @param libraryInfo
4211
- */
4212
- function addLibraryInfo(parameters, libraryInfo) {
4213
- // Telemetry Info
4214
- parameters.set(X_CLIENT_SKU, libraryInfo.sku);
4215
- parameters.set(X_CLIENT_VER, libraryInfo.version);
4216
- if (libraryInfo.os) {
4217
- parameters.set(X_CLIENT_OS, libraryInfo.os);
4218
- }
4219
- if (libraryInfo.cpu) {
4220
- parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
4221
- }
4222
- }
4223
- /**
4224
- * Add client telemetry parameters
4225
- * @param appTelemetry
4226
- */
4227
- function addApplicationTelemetry(parameters, appTelemetry) {
4228
- if (appTelemetry?.appName) {
4229
- parameters.set(X_APP_NAME, appTelemetry.appName);
4230
- }
4231
- if (appTelemetry?.appVersion) {
4232
- parameters.set(X_APP_VER, appTelemetry.appVersion);
4233
- }
4234
- }
4235
- /**
4236
- * add prompt
4237
- * @param prompt
4238
- */
4239
- function addPrompt(parameters, prompt) {
4240
- parameters.set(PROMPT, prompt);
4241
- }
4242
- /**
4243
- * add state
4244
- * @param state
4245
- */
4246
- function addState(parameters, state) {
4247
- if (state) {
4248
- parameters.set(STATE, state);
4249
- }
4250
- }
4251
- /**
4252
- * add nonce
4253
- * @param nonce
4254
- */
4255
- function addNonce(parameters, nonce) {
4256
- parameters.set(NONCE, nonce);
4257
- }
4258
- /**
4259
- * add code_challenge and code_challenge_method
4260
- * - throw if either of them are not passed
4261
- * @param codeChallenge
4262
- * @param codeChallengeMethod
4263
- */
4264
- function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
4265
- if (codeChallenge && codeChallengeMethod) {
4266
- parameters.set(CODE_CHALLENGE, codeChallenge);
4267
- parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
4268
- }
4269
- else {
4270
- throw createClientConfigurationError(pkceParamsMissing);
4271
- }
4272
- }
4273
- /**
4274
- * add the `authorization_code` passed by the user to exchange for a token
4275
- * @param code
4276
- */
4277
- function addAuthorizationCode(parameters, code) {
4278
- parameters.set(CODE, code);
4279
- }
4280
- /**
4281
- * add the `refreshToken` passed by the user
4282
- * @param refreshToken
4283
- */
4284
- function addRefreshToken(parameters, refreshToken) {
4285
- parameters.set(REFRESH_TOKEN, refreshToken);
4286
- }
4287
- /**
4288
- * add the `code_verifier` passed by the user to exchange for a token
4289
- * @param codeVerifier
4290
- */
4291
- function addCodeVerifier(parameters, codeVerifier) {
4292
- parameters.set(CODE_VERIFIER, codeVerifier);
4293
- }
4294
- /**
4295
- * add client_secret
4296
- * @param clientSecret
4297
- */
4298
- function addClientSecret(parameters, clientSecret) {
4299
- parameters.set(CLIENT_SECRET, clientSecret);
4300
- }
4301
- /**
4302
- * add clientAssertion for confidential client flows
4303
- * @param clientAssertion
4304
- */
4305
- function addClientAssertion(parameters, clientAssertion) {
4306
- if (clientAssertion) {
4307
- parameters.set(CLIENT_ASSERTION, clientAssertion);
4308
- }
4309
- }
4310
- /**
4311
- * add clientAssertionType for confidential client flows
4312
- * @param clientAssertionType
4313
- */
4314
- function addClientAssertionType(parameters, clientAssertionType) {
4315
- if (clientAssertionType) {
4316
- parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
4317
- }
4318
- }
4319
- /**
4320
- * add grant type
4321
- * @param grantType
4322
- */
4323
- function addGrantType(parameters, grantType) {
4324
- parameters.set(GRANT_TYPE, grantType);
4325
- }
4326
- /**
4327
- * add client info
4328
- *
4329
- */
4330
- function addClientInfo(parameters) {
4331
- parameters.set(CLIENT_INFO, "1");
4332
- }
4333
- function addInstanceAware(parameters) {
4334
- if (!parameters.has(INSTANCE_AWARE)) {
4335
- parameters.set(INSTANCE_AWARE, "true");
4336
- }
4337
- }
4338
- /**
4339
- * add extraQueryParams
4340
- * @param eQParams
4341
- */
4342
- function addExtraQueryParameters(parameters, eQParams) {
4343
- Object.entries(eQParams).forEach(([key, value]) => {
4344
- if (!parameters.has(key) && value) {
4345
- parameters.set(key, value);
4346
- }
4347
- });
4348
- }
4349
- function addClientCapabilitiesToClaims(claims, clientCapabilities) {
4350
- let mergedClaims;
4351
- // Parse provided claims into JSON object or initialize empty object
4352
- if (!claims) {
4353
- mergedClaims = {};
4354
- }
4355
- else {
4356
- try {
4357
- mergedClaims = JSON.parse(claims);
4358
- }
4359
- catch (e) {
4360
- throw createClientConfigurationError(invalidClaims);
4361
- }
4362
- }
4363
- if (clientCapabilities && clientCapabilities.length > 0) {
4364
- if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
4365
- // Add access_token key to claims object
4366
- mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
4367
- }
4368
- // Add xms_cc claim with provided clientCapabilities to access_token key
4369
- mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
4370
- {
4371
- values: clientCapabilities,
4372
- };
4373
- }
4374
- return JSON.stringify(mergedClaims);
4375
- }
4376
- /**
4377
- * add pop_jwk to query params
4378
- * @param cnfString
4379
- */
4380
- function addPopToken(parameters, cnfString) {
4381
- if (cnfString) {
4382
- parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
4383
- parameters.set(REQ_CNF, cnfString);
4384
- }
4385
- }
4386
- /**
4387
- * add SSH JWK and key ID to query params
4388
- */
4389
- function addSshJwk(parameters, sshJwkString) {
4390
- if (sshJwkString) {
4391
- parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
4392
- parameters.set(REQ_CNF, sshJwkString);
4393
- }
4394
- }
4395
- /**
4396
- * add server telemetry fields
4397
- * @param serverTelemetryManager
4398
- */
4399
- function addServerTelemetry(parameters, serverTelemetryManager) {
4400
- parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
4401
- parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
4402
- }
4403
- /**
4404
- * Adds parameter that indicates to the server that throttling is supported
4405
- */
4406
- function addThrottling(parameters) {
4407
- parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
4408
- }
4409
- /**
4410
- * Adds logout_hint parameter for "silent" logout which prevent server account picker
4411
- */
4412
- function addLogoutHint(parameters, logoutHint) {
4413
- parameters.set(LOGOUT_HINT, logoutHint);
4414
- }
4415
- function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
4416
- if (!parameters.has(BROKER_CLIENT_ID)) {
4417
- parameters.set(BROKER_CLIENT_ID, brokerClientId);
4418
- }
4419
- if (!parameters.has(BROKER_REDIRECT_URI)) {
4420
- parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
4421
- }
4422
- }
4423
- /**
4424
- * Add EAR (Encrypted Authorize Response) request parameters
4425
- * @param parameters
4426
- * @param jwk
4427
- */
4428
- function addEARParameters(parameters, jwk) {
4429
- parameters.set(EAR_JWK, encodeURIComponent(jwk));
4430
- // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
4431
- const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
4432
- parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
4433
- }
4434
-
4435
- /*! @azure/msal-common v15.7.0 2025-05-30 */
4436
- /*
4437
- * Copyright (c) Microsoft Corporation. All rights reserved.
4438
- * Licensed under the MIT License.
4439
- */
4440
- function isOpenIdConfigResponse(response) {
4441
- return (response.hasOwnProperty("authorization_endpoint") &&
4442
- response.hasOwnProperty("token_endpoint") &&
4443
- response.hasOwnProperty("issuer") &&
4444
- response.hasOwnProperty("jwks_uri"));
4445
- }
4446
-
4447
- /*! @azure/msal-common v15.7.0 2025-05-30 */
4448
- /*
4449
- * Copyright (c) Microsoft Corporation. All rights reserved.
4450
- * Licensed under the MIT License.
4451
- */
4452
- function isCloudInstanceDiscoveryResponse(response) {
4453
- return (response.hasOwnProperty("tenant_discovery_endpoint") &&
4454
- response.hasOwnProperty("metadata"));
4455
- }
4456
-
4457
- /*! @azure/msal-common v15.7.0 2025-05-30 */
4458
- /*
4459
- * Copyright (c) Microsoft Corporation. All rights reserved.
4460
- * Licensed under the MIT License.
4461
- */
4462
- function isCloudInstanceDiscoveryErrorResponse(response) {
4463
- return (response.hasOwnProperty("error") &&
4464
- response.hasOwnProperty("error_description"));
4465
- }
4466
-
4467
- /*! @azure/msal-common v15.7.0 2025-05-30 */
4468
- /*
4469
- * Copyright (c) Microsoft Corporation. All rights reserved.
4470
- * Licensed under the MIT License.
4471
- */
4472
- /**
4473
- * Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.
4474
- *
4475
- * @export
4476
- * @enum {number}
3908
+ * @export
3909
+ * @enum {number}
4477
3910
  */
4478
3911
  const PerformanceEvents = {
4479
3912
  /**
@@ -4950,34 +4383,673 @@ const PerformanceEventAbbreviations = new Map([
4950
4383
  [PerformanceEvents.DecryptEarResponse, "decryptEarResp"],
4951
4384
  ]);
4952
4385
  /**
4953
- * State of the performance event.
4386
+ * State of the performance event.
4387
+ *
4388
+ * @export
4389
+ * @enum {number}
4390
+ */
4391
+ const PerformanceEventStatus = {
4392
+ NotStarted: 0,
4393
+ InProgress: 1,
4394
+ Completed: 2,
4395
+ };
4396
+ const IntFields = new Set([
4397
+ "accessTokenSize",
4398
+ "durationMs",
4399
+ "idTokenSize",
4400
+ "matsSilentStatus",
4401
+ "matsHttpStatus",
4402
+ "refreshTokenSize",
4403
+ "queuedTimeMs",
4404
+ "startTimeMs",
4405
+ "status",
4406
+ "multiMatchedAT",
4407
+ "multiMatchedID",
4408
+ "multiMatchedRT",
4409
+ "unencryptedCacheCount",
4410
+ "encryptedCacheExpiredCount",
4411
+ ]);
4412
+
4413
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4414
+
4415
+ /*
4416
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4417
+ * Licensed under the MIT License.
4418
+ */
4419
+ class StubPerformanceMeasurement {
4420
+ startMeasurement() {
4421
+ return;
4422
+ }
4423
+ endMeasurement() {
4424
+ return;
4425
+ }
4426
+ flushMeasurement() {
4427
+ return null;
4428
+ }
4429
+ }
4430
+ class StubPerformanceClient {
4431
+ generateId() {
4432
+ return "callback-id";
4433
+ }
4434
+ startMeasurement(measureName, correlationId) {
4435
+ return {
4436
+ end: () => null,
4437
+ discard: () => { },
4438
+ add: () => { },
4439
+ increment: () => { },
4440
+ event: {
4441
+ eventId: this.generateId(),
4442
+ status: PerformanceEventStatus.InProgress,
4443
+ authority: "",
4444
+ libraryName: "",
4445
+ libraryVersion: "",
4446
+ clientId: "",
4447
+ name: measureName,
4448
+ startTimeMs: Date.now(),
4449
+ correlationId: correlationId || "",
4450
+ },
4451
+ measurement: new StubPerformanceMeasurement(),
4452
+ };
4453
+ }
4454
+ startPerformanceMeasurement() {
4455
+ return new StubPerformanceMeasurement();
4456
+ }
4457
+ calculateQueuedTime() {
4458
+ return 0;
4459
+ }
4460
+ addQueueMeasurement() {
4461
+ return;
4462
+ }
4463
+ setPreQueueTime() {
4464
+ return;
4465
+ }
4466
+ endMeasurement() {
4467
+ return null;
4468
+ }
4469
+ discardMeasurements() {
4470
+ return;
4471
+ }
4472
+ removePerformanceCallback() {
4473
+ return true;
4474
+ }
4475
+ addPerformanceCallback() {
4476
+ return "";
4477
+ }
4478
+ emitEvents() {
4479
+ return;
4480
+ }
4481
+ addFields() {
4482
+ return;
4483
+ }
4484
+ incrementFields() {
4485
+ return;
4486
+ }
4487
+ cacheEventByCorrelationId() {
4488
+ return;
4489
+ }
4490
+ }
4491
+
4492
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4493
+
4494
+ /*
4495
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4496
+ * Licensed under the MIT License.
4497
+ */
4498
+ const DEFAULT_SYSTEM_OPTIONS = {
4499
+ tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
4500
+ preventCorsPreflight: false,
4501
+ };
4502
+ const DEFAULT_LOGGER_IMPLEMENTATION = {
4503
+ loggerCallback: () => {
4504
+ // allow users to not set loggerCallback
4505
+ },
4506
+ piiLoggingEnabled: false,
4507
+ logLevel: exports.LogLevel.Info,
4508
+ correlationId: Constants.EMPTY_STRING,
4509
+ };
4510
+ const DEFAULT_CACHE_OPTIONS = {
4511
+ claimsBasedCachingEnabled: false,
4512
+ };
4513
+ const DEFAULT_NETWORK_IMPLEMENTATION = {
4514
+ async sendGetRequestAsync() {
4515
+ throw createClientAuthError(methodNotImplemented);
4516
+ },
4517
+ async sendPostRequestAsync() {
4518
+ throw createClientAuthError(methodNotImplemented);
4519
+ },
4520
+ };
4521
+ const DEFAULT_LIBRARY_INFO = {
4522
+ sku: Constants.SKU,
4523
+ version: version$1,
4524
+ cpu: Constants.EMPTY_STRING,
4525
+ os: Constants.EMPTY_STRING,
4526
+ };
4527
+ const DEFAULT_CLIENT_CREDENTIALS = {
4528
+ clientSecret: Constants.EMPTY_STRING,
4529
+ clientAssertion: undefined,
4530
+ };
4531
+ const DEFAULT_AZURE_CLOUD_OPTIONS = {
4532
+ azureCloudInstance: AzureCloudInstance.None,
4533
+ tenant: `${Constants.DEFAULT_COMMON_TENANT}`,
4534
+ };
4535
+ const DEFAULT_TELEMETRY_OPTIONS = {
4536
+ application: {
4537
+ appName: "",
4538
+ appVersion: "",
4539
+ },
4540
+ };
4541
+ /**
4542
+ * Function that sets the default options when not explicitly configured from app developer
4543
+ *
4544
+ * @param Configuration
4545
+ *
4546
+ * @returns Configuration
4547
+ */
4548
+ function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {
4549
+ const loggerOptions = {
4550
+ ...DEFAULT_LOGGER_IMPLEMENTATION,
4551
+ ...userLoggerOption,
4552
+ };
4553
+ return {
4554
+ authOptions: buildAuthOptions(userAuthOptions),
4555
+ systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
4556
+ loggerOptions: loggerOptions,
4557
+ cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
4558
+ storageInterface: storageImplementation ||
4559
+ new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions), new StubPerformanceClient()),
4560
+ networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
4561
+ cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
4562
+ clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
4563
+ libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },
4564
+ telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },
4565
+ serverTelemetryManager: serverTelemetryManager || null,
4566
+ persistencePlugin: persistencePlugin || null,
4567
+ serializableCache: serializableCache || null,
4568
+ };
4569
+ }
4570
+ /**
4571
+ * Construct authoptions from the client and platform passed values
4572
+ * @param authOptions
4573
+ */
4574
+ function buildAuthOptions(authOptions) {
4575
+ return {
4576
+ clientCapabilities: [],
4577
+ azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
4578
+ skipAuthorityMetadataCache: false,
4579
+ instanceAware: false,
4580
+ encodeExtraQueryParams: false,
4581
+ ...authOptions,
4582
+ };
4583
+ }
4584
+ /**
4585
+ * Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
4586
+ * @param ClientConfiguration
4587
+ */
4588
+ function isOidcProtocolMode(config) {
4589
+ return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4590
+ }
4591
+
4592
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4593
+ /*
4594
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4595
+ * Licensed under the MIT License.
4596
+ */
4597
+ const CcsCredentialType = {
4598
+ HOME_ACCOUNT_ID: "home_account_id",
4599
+ UPN: "UPN",
4600
+ };
4601
+
4602
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4603
+ /*
4604
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4605
+ * Licensed under the MIT License.
4606
+ */
4607
+ const CLIENT_ID = "client_id";
4608
+ const REDIRECT_URI = "redirect_uri";
4609
+ const RESPONSE_TYPE = "response_type";
4610
+ const RESPONSE_MODE = "response_mode";
4611
+ const GRANT_TYPE = "grant_type";
4612
+ const CLAIMS = "claims";
4613
+ const SCOPE = "scope";
4614
+ const REFRESH_TOKEN = "refresh_token";
4615
+ const STATE = "state";
4616
+ const NONCE = "nonce";
4617
+ const PROMPT = "prompt";
4618
+ const CODE = "code";
4619
+ const CODE_CHALLENGE = "code_challenge";
4620
+ const CODE_CHALLENGE_METHOD = "code_challenge_method";
4621
+ const CODE_VERIFIER = "code_verifier";
4622
+ const CLIENT_REQUEST_ID = "client-request-id";
4623
+ const X_CLIENT_SKU = "x-client-SKU";
4624
+ const X_CLIENT_VER = "x-client-VER";
4625
+ const X_CLIENT_OS = "x-client-OS";
4626
+ const X_CLIENT_CPU = "x-client-CPU";
4627
+ const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
4628
+ const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
4629
+ const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
4630
+ const X_APP_NAME = "x-app-name";
4631
+ const X_APP_VER = "x-app-ver";
4632
+ const POST_LOGOUT_URI = "post_logout_redirect_uri";
4633
+ const ID_TOKEN_HINT = "id_token_hint";
4634
+ const CLIENT_SECRET = "client_secret";
4635
+ const CLIENT_ASSERTION = "client_assertion";
4636
+ const CLIENT_ASSERTION_TYPE = "client_assertion_type";
4637
+ const TOKEN_TYPE = "token_type";
4638
+ const REQ_CNF = "req_cnf";
4639
+ const RETURN_SPA_CODE = "return_spa_code";
4640
+ const NATIVE_BROKER = "nativebroker";
4641
+ const LOGOUT_HINT = "logout_hint";
4642
+ const SID = "sid";
4643
+ const LOGIN_HINT = "login_hint";
4644
+ const DOMAIN_HINT = "domain_hint";
4645
+ const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
4646
+ const BROKER_CLIENT_ID = "brk_client_id";
4647
+ const BROKER_REDIRECT_URI = "brk_redirect_uri";
4648
+ const INSTANCE_AWARE = "instance_aware";
4649
+ const EAR_JWK = "ear_jwk";
4650
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4651
+
4652
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4653
+
4654
+ /*
4655
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4656
+ * Licensed under the MIT License.
4657
+ */
4658
+ function instrumentBrokerParams(parameters, correlationId, performanceClient) {
4659
+ if (!correlationId) {
4660
+ return;
4661
+ }
4662
+ const clientId = parameters.get(CLIENT_ID);
4663
+ if (clientId && parameters.has(BROKER_CLIENT_ID)) {
4664
+ performanceClient?.addFields({
4665
+ embeddedClientId: clientId,
4666
+ embeddedRedirectUri: parameters.get(REDIRECT_URI),
4667
+ }, correlationId);
4668
+ }
4669
+ }
4670
+ /**
4671
+ * Add the given response_type
4672
+ * @param parameters
4673
+ * @param responseType
4674
+ */
4675
+ function addResponseType(parameters, responseType) {
4676
+ parameters.set(RESPONSE_TYPE, responseType);
4677
+ }
4678
+ /**
4679
+ * add response_mode. defaults to query.
4680
+ * @param responseMode
4681
+ */
4682
+ function addResponseMode(parameters, responseMode) {
4683
+ parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
4684
+ }
4685
+ /**
4686
+ * Add flag to indicate STS should attempt to use WAM if available
4687
+ */
4688
+ function addNativeBroker(parameters) {
4689
+ parameters.set(NATIVE_BROKER, "1");
4690
+ }
4691
+ /**
4692
+ * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
4693
+ * @param scopeSet
4694
+ * @param addOidcScopes
4695
+ */
4696
+ function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
4697
+ // Always add openid to the scopes when adding OIDC scopes
4698
+ if (addOidcScopes &&
4699
+ !defaultScopes.includes("openid") &&
4700
+ !scopes.includes("openid")) {
4701
+ defaultScopes.push("openid");
4702
+ }
4703
+ const requestScopes = addOidcScopes
4704
+ ? [...(scopes || []), ...defaultScopes]
4705
+ : scopes || [];
4706
+ const scopeSet = new ScopeSet(requestScopes);
4707
+ parameters.set(SCOPE, scopeSet.printScopes());
4708
+ }
4709
+ /**
4710
+ * add clientId
4711
+ * @param clientId
4712
+ */
4713
+ function addClientId(parameters, clientId) {
4714
+ parameters.set(CLIENT_ID, clientId);
4715
+ }
4716
+ /**
4717
+ * add redirect_uri
4718
+ * @param redirectUri
4719
+ */
4720
+ function addRedirectUri(parameters, redirectUri) {
4721
+ parameters.set(REDIRECT_URI, redirectUri);
4722
+ }
4723
+ /**
4724
+ * add post logout redirectUri
4725
+ * @param redirectUri
4726
+ */
4727
+ function addPostLogoutRedirectUri(parameters, redirectUri) {
4728
+ parameters.set(POST_LOGOUT_URI, redirectUri);
4729
+ }
4730
+ /**
4731
+ * add id_token_hint to logout request
4732
+ * @param idTokenHint
4733
+ */
4734
+ function addIdTokenHint(parameters, idTokenHint) {
4735
+ parameters.set(ID_TOKEN_HINT, idTokenHint);
4736
+ }
4737
+ /**
4738
+ * add domain_hint
4739
+ * @param domainHint
4740
+ */
4741
+ function addDomainHint(parameters, domainHint) {
4742
+ parameters.set(DOMAIN_HINT, domainHint);
4743
+ }
4744
+ /**
4745
+ * add login_hint
4746
+ * @param loginHint
4747
+ */
4748
+ function addLoginHint(parameters, loginHint) {
4749
+ parameters.set(LOGIN_HINT, loginHint);
4750
+ }
4751
+ /**
4752
+ * Adds the CCS (Cache Credential Service) query parameter for login_hint
4753
+ * @param loginHint
4754
+ */
4755
+ function addCcsUpn(parameters, loginHint) {
4756
+ parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
4757
+ }
4758
+ /**
4759
+ * Adds the CCS (Cache Credential Service) query parameter for account object
4760
+ * @param loginHint
4761
+ */
4762
+ function addCcsOid(parameters, clientInfo) {
4763
+ parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
4764
+ }
4765
+ /**
4766
+ * add sid
4767
+ * @param sid
4768
+ */
4769
+ function addSid(parameters, sid) {
4770
+ parameters.set(SID, sid);
4771
+ }
4772
+ /**
4773
+ * add claims
4774
+ * @param claims
4775
+ */
4776
+ function addClaims(parameters, claims, clientCapabilities) {
4777
+ const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
4778
+ try {
4779
+ JSON.parse(mergedClaims);
4780
+ }
4781
+ catch (e) {
4782
+ throw createClientConfigurationError(invalidClaims);
4783
+ }
4784
+ parameters.set(CLAIMS, mergedClaims);
4785
+ }
4786
+ /**
4787
+ * add correlationId
4788
+ * @param correlationId
4789
+ */
4790
+ function addCorrelationId(parameters, correlationId) {
4791
+ parameters.set(CLIENT_REQUEST_ID, correlationId);
4792
+ }
4793
+ /**
4794
+ * add library info query params
4795
+ * @param libraryInfo
4796
+ */
4797
+ function addLibraryInfo(parameters, libraryInfo) {
4798
+ // Telemetry Info
4799
+ parameters.set(X_CLIENT_SKU, libraryInfo.sku);
4800
+ parameters.set(X_CLIENT_VER, libraryInfo.version);
4801
+ if (libraryInfo.os) {
4802
+ parameters.set(X_CLIENT_OS, libraryInfo.os);
4803
+ }
4804
+ if (libraryInfo.cpu) {
4805
+ parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
4806
+ }
4807
+ }
4808
+ /**
4809
+ * Add client telemetry parameters
4810
+ * @param appTelemetry
4811
+ */
4812
+ function addApplicationTelemetry(parameters, appTelemetry) {
4813
+ if (appTelemetry?.appName) {
4814
+ parameters.set(X_APP_NAME, appTelemetry.appName);
4815
+ }
4816
+ if (appTelemetry?.appVersion) {
4817
+ parameters.set(X_APP_VER, appTelemetry.appVersion);
4818
+ }
4819
+ }
4820
+ /**
4821
+ * add prompt
4822
+ * @param prompt
4823
+ */
4824
+ function addPrompt(parameters, prompt) {
4825
+ parameters.set(PROMPT, prompt);
4826
+ }
4827
+ /**
4828
+ * add state
4829
+ * @param state
4830
+ */
4831
+ function addState(parameters, state) {
4832
+ if (state) {
4833
+ parameters.set(STATE, state);
4834
+ }
4835
+ }
4836
+ /**
4837
+ * add nonce
4838
+ * @param nonce
4839
+ */
4840
+ function addNonce(parameters, nonce) {
4841
+ parameters.set(NONCE, nonce);
4842
+ }
4843
+ /**
4844
+ * add code_challenge and code_challenge_method
4845
+ * - throw if either of them are not passed
4846
+ * @param codeChallenge
4847
+ * @param codeChallengeMethod
4848
+ */
4849
+ function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
4850
+ if (codeChallenge && codeChallengeMethod) {
4851
+ parameters.set(CODE_CHALLENGE, codeChallenge);
4852
+ parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
4853
+ }
4854
+ else {
4855
+ throw createClientConfigurationError(pkceParamsMissing);
4856
+ }
4857
+ }
4858
+ /**
4859
+ * add the `authorization_code` passed by the user to exchange for a token
4860
+ * @param code
4861
+ */
4862
+ function addAuthorizationCode(parameters, code) {
4863
+ parameters.set(CODE, code);
4864
+ }
4865
+ /**
4866
+ * add the `refreshToken` passed by the user
4867
+ * @param refreshToken
4868
+ */
4869
+ function addRefreshToken(parameters, refreshToken) {
4870
+ parameters.set(REFRESH_TOKEN, refreshToken);
4871
+ }
4872
+ /**
4873
+ * add the `code_verifier` passed by the user to exchange for a token
4874
+ * @param codeVerifier
4875
+ */
4876
+ function addCodeVerifier(parameters, codeVerifier) {
4877
+ parameters.set(CODE_VERIFIER, codeVerifier);
4878
+ }
4879
+ /**
4880
+ * add client_secret
4881
+ * @param clientSecret
4882
+ */
4883
+ function addClientSecret(parameters, clientSecret) {
4884
+ parameters.set(CLIENT_SECRET, clientSecret);
4885
+ }
4886
+ /**
4887
+ * add clientAssertion for confidential client flows
4888
+ * @param clientAssertion
4889
+ */
4890
+ function addClientAssertion(parameters, clientAssertion) {
4891
+ if (clientAssertion) {
4892
+ parameters.set(CLIENT_ASSERTION, clientAssertion);
4893
+ }
4894
+ }
4895
+ /**
4896
+ * add clientAssertionType for confidential client flows
4897
+ * @param clientAssertionType
4898
+ */
4899
+ function addClientAssertionType(parameters, clientAssertionType) {
4900
+ if (clientAssertionType) {
4901
+ parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
4902
+ }
4903
+ }
4904
+ /**
4905
+ * add grant type
4906
+ * @param grantType
4907
+ */
4908
+ function addGrantType(parameters, grantType) {
4909
+ parameters.set(GRANT_TYPE, grantType);
4910
+ }
4911
+ /**
4912
+ * add client info
4954
4913
  *
4955
- * @export
4956
- * @enum {number}
4957
4914
  */
4958
- const PerformanceEventStatus = {
4959
- NotStarted: 0,
4960
- InProgress: 1,
4961
- Completed: 2,
4962
- };
4963
- const IntFields = new Set([
4964
- "accessTokenSize",
4965
- "durationMs",
4966
- "idTokenSize",
4967
- "matsSilentStatus",
4968
- "matsHttpStatus",
4969
- "refreshTokenSize",
4970
- "queuedTimeMs",
4971
- "startTimeMs",
4972
- "status",
4973
- "multiMatchedAT",
4974
- "multiMatchedID",
4975
- "multiMatchedRT",
4976
- "unencryptedCacheCount",
4977
- "encryptedCacheExpiredCount",
4978
- ]);
4915
+ function addClientInfo(parameters) {
4916
+ parameters.set(CLIENT_INFO, "1");
4917
+ }
4918
+ function addInstanceAware(parameters) {
4919
+ if (!parameters.has(INSTANCE_AWARE)) {
4920
+ parameters.set(INSTANCE_AWARE, "true");
4921
+ }
4922
+ }
4923
+ /**
4924
+ * add extraQueryParams
4925
+ * @param eQParams
4926
+ */
4927
+ function addExtraQueryParameters(parameters, eQParams) {
4928
+ Object.entries(eQParams).forEach(([key, value]) => {
4929
+ if (!parameters.has(key) && value) {
4930
+ parameters.set(key, value);
4931
+ }
4932
+ });
4933
+ }
4934
+ function addClientCapabilitiesToClaims(claims, clientCapabilities) {
4935
+ let mergedClaims;
4936
+ // Parse provided claims into JSON object or initialize empty object
4937
+ if (!claims) {
4938
+ mergedClaims = {};
4939
+ }
4940
+ else {
4941
+ try {
4942
+ mergedClaims = JSON.parse(claims);
4943
+ }
4944
+ catch (e) {
4945
+ throw createClientConfigurationError(invalidClaims);
4946
+ }
4947
+ }
4948
+ if (clientCapabilities && clientCapabilities.length > 0) {
4949
+ if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
4950
+ // Add access_token key to claims object
4951
+ mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
4952
+ }
4953
+ // Add xms_cc claim with provided clientCapabilities to access_token key
4954
+ mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
4955
+ {
4956
+ values: clientCapabilities,
4957
+ };
4958
+ }
4959
+ return JSON.stringify(mergedClaims);
4960
+ }
4961
+ /**
4962
+ * add pop_jwk to query params
4963
+ * @param cnfString
4964
+ */
4965
+ function addPopToken(parameters, cnfString) {
4966
+ if (cnfString) {
4967
+ parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
4968
+ parameters.set(REQ_CNF, cnfString);
4969
+ }
4970
+ }
4971
+ /**
4972
+ * add SSH JWK and key ID to query params
4973
+ */
4974
+ function addSshJwk(parameters, sshJwkString) {
4975
+ if (sshJwkString) {
4976
+ parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
4977
+ parameters.set(REQ_CNF, sshJwkString);
4978
+ }
4979
+ }
4980
+ /**
4981
+ * add server telemetry fields
4982
+ * @param serverTelemetryManager
4983
+ */
4984
+ function addServerTelemetry(parameters, serverTelemetryManager) {
4985
+ parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
4986
+ parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
4987
+ }
4988
+ /**
4989
+ * Adds parameter that indicates to the server that throttling is supported
4990
+ */
4991
+ function addThrottling(parameters) {
4992
+ parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
4993
+ }
4994
+ /**
4995
+ * Adds logout_hint parameter for "silent" logout which prevent server account picker
4996
+ */
4997
+ function addLogoutHint(parameters, logoutHint) {
4998
+ parameters.set(LOGOUT_HINT, logoutHint);
4999
+ }
5000
+ function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
5001
+ if (!parameters.has(BROKER_CLIENT_ID)) {
5002
+ parameters.set(BROKER_CLIENT_ID, brokerClientId);
5003
+ }
5004
+ if (!parameters.has(BROKER_REDIRECT_URI)) {
5005
+ parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
5006
+ }
5007
+ }
5008
+ /**
5009
+ * Add EAR (Encrypted Authorize Response) request parameters
5010
+ * @param parameters
5011
+ * @param jwk
5012
+ */
5013
+ function addEARParameters(parameters, jwk) {
5014
+ parameters.set(EAR_JWK, encodeURIComponent(jwk));
5015
+ // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
5016
+ const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
5017
+ parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
5018
+ }
5019
+
5020
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5021
+ /*
5022
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5023
+ * Licensed under the MIT License.
5024
+ */
5025
+ function isOpenIdConfigResponse(response) {
5026
+ return (response.hasOwnProperty("authorization_endpoint") &&
5027
+ response.hasOwnProperty("token_endpoint") &&
5028
+ response.hasOwnProperty("issuer") &&
5029
+ response.hasOwnProperty("jwks_uri"));
5030
+ }
5031
+
5032
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5033
+ /*
5034
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5035
+ * Licensed under the MIT License.
5036
+ */
5037
+ function isCloudInstanceDiscoveryResponse(response) {
5038
+ return (response.hasOwnProperty("tenant_discovery_endpoint") &&
5039
+ response.hasOwnProperty("metadata"));
5040
+ }
5041
+
5042
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5043
+ /*
5044
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5045
+ * Licensed under the MIT License.
5046
+ */
5047
+ function isCloudInstanceDiscoveryErrorResponse(response) {
5048
+ return (response.hasOwnProperty("error") &&
5049
+ response.hasOwnProperty("error_description"));
5050
+ }
4979
5051
 
4980
- /*! @azure/msal-common v15.7.0 2025-05-30 */
5052
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4981
5053
  /*
4982
5054
  * Copyright (c) Microsoft Corporation. All rights reserved.
4983
5055
  * Licensed under the MIT License.
@@ -5073,7 +5145,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
5073
5145
  };
5074
5146
  };
5075
5147
 
5076
- /*! @azure/msal-common v15.7.0 2025-05-30 */
5148
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5077
5149
 
5078
5150
  /*
5079
5151
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5179,7 +5251,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5179
5251
  },
5180
5252
  };
5181
5253
 
5182
- /*! @azure/msal-common v15.7.0 2025-05-30 */
5254
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5183
5255
 
5184
5256
  /*
5185
5257
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6018,7 +6090,7 @@ function buildStaticAuthorityOptions(authOptions) {
6018
6090
  };
6019
6091
  }
6020
6092
 
6021
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6093
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6022
6094
 
6023
6095
  /*
6024
6096
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6049,7 +6121,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6049
6121
  }
6050
6122
  }
6051
6123
 
6052
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6124
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6053
6125
 
6054
6126
  /*
6055
6127
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6068,7 +6140,7 @@ class ServerError extends AuthError {
6068
6140
  }
6069
6141
  }
6070
6142
 
6071
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6143
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6072
6144
  /*
6073
6145
  * Copyright (c) Microsoft Corporation. All rights reserved.
6074
6146
  * Licensed under the MIT License.
@@ -6089,7 +6161,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
6089
6161
  };
6090
6162
  }
6091
6163
 
6092
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6164
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6093
6165
 
6094
6166
  /*
6095
6167
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6176,7 +6248,7 @@ class ThrottlingUtils {
6176
6248
  }
6177
6249
  }
6178
6250
 
6179
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6251
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6180
6252
 
6181
6253
  /*
6182
6254
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6207,7 +6279,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
6207
6279
  return new NetworkError(error, httpStatus, responseHeaders);
6208
6280
  }
6209
6281
 
6210
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6282
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6211
6283
 
6212
6284
  /*
6213
6285
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6355,7 +6427,7 @@ class BaseClient {
6355
6427
  }
6356
6428
  }
6357
6429
 
6358
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6430
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6359
6431
  /*
6360
6432
  * Copyright (c) Microsoft Corporation. All rights reserved.
6361
6433
  * Licensed under the MIT License.
@@ -6364,6 +6436,7 @@ class BaseClient {
6364
6436
  const noTokensFound = "no_tokens_found";
6365
6437
  const nativeAccountUnavailable = "native_account_unavailable";
6366
6438
  const refreshTokenExpired = "refresh_token_expired";
6439
+ const uxNotAllowed = "ux_not_allowed";
6367
6440
  // Codes potentially returned by server
6368
6441
  const interactionRequired = "interaction_required";
6369
6442
  const consentRequired = "consent_required";
@@ -6378,10 +6451,11 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
6378
6451
  loginRequired: loginRequired,
6379
6452
  nativeAccountUnavailable: nativeAccountUnavailable,
6380
6453
  noTokensFound: noTokensFound,
6381
- refreshTokenExpired: refreshTokenExpired
6454
+ refreshTokenExpired: refreshTokenExpired,
6455
+ uxNotAllowed: uxNotAllowed
6382
6456
  });
6383
6457
 
6384
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6458
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6385
6459
 
6386
6460
  /*
6387
6461
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6395,6 +6469,7 @@ const InteractionRequiredServerErrorMessage = [
6395
6469
  consentRequired,
6396
6470
  loginRequired,
6397
6471
  badToken,
6472
+ uxNotAllowed,
6398
6473
  ];
6399
6474
  const InteractionRequiredAuthSubErrorMessage = [
6400
6475
  "message_only",
@@ -6409,6 +6484,7 @@ const InteractionRequiredAuthErrorMessages = {
6409
6484
  [nativeAccountUnavailable]: "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",
6410
6485
  [refreshTokenExpired]: "Refresh token has expired.",
6411
6486
  [badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",
6487
+ [uxNotAllowed]: "`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve.",
6412
6488
  };
6413
6489
  /**
6414
6490
  * Interaction required errors defined by the SDK
@@ -6469,7 +6545,7 @@ function createInteractionRequiredAuthError(errorCode) {
6469
6545
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
6470
6546
  }
6471
6547
 
6472
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6548
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6473
6549
 
6474
6550
  /*
6475
6551
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6541,7 +6617,7 @@ class ProtocolUtils {
6541
6617
  }
6542
6618
  }
6543
6619
 
6544
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6620
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6545
6621
 
6546
6622
  /*
6547
6623
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6625,7 +6701,7 @@ class PopTokenGenerator {
6625
6701
  }
6626
6702
  }
6627
6703
 
6628
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6704
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6629
6705
  /*
6630
6706
  * Copyright (c) Microsoft Corporation. All rights reserved.
6631
6707
  * Licensed under the MIT License.
@@ -6652,7 +6728,7 @@ class PopTokenGenerator {
6652
6728
  }
6653
6729
  }
6654
6730
 
6655
- /*! @azure/msal-common v15.7.0 2025-05-30 */
6731
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6656
6732
 
6657
6733
  /*
6658
6734
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6983,7 +7059,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6983
7059
  return baseAccount;
6984
7060
  }
6985
7061
 
6986
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7062
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6987
7063
 
6988
7064
  /*
6989
7065
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7050,7 +7126,7 @@ class RequestValidator {
7050
7126
  }
7051
7127
  }
7052
7128
 
7053
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7129
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7054
7130
  /*
7055
7131
  * Copyright (c) Microsoft Corporation. All rights reserved.
7056
7132
  * Licensed under the MIT License.
@@ -7068,7 +7144,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
7068
7144
  }
7069
7145
  }
7070
7146
 
7071
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7147
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7072
7148
 
7073
7149
  /*
7074
7150
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7301,7 +7377,7 @@ class AuthorizationCodeClient extends BaseClient {
7301
7377
  }
7302
7378
  }
7303
7379
 
7304
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7380
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7305
7381
 
7306
7382
  /*
7307
7383
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7510,7 +7586,7 @@ class RefreshTokenClient extends BaseClient {
7510
7586
  }
7511
7587
  }
7512
7588
 
7513
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7589
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7514
7590
 
7515
7591
  /*
7516
7592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7542,7 +7618,7 @@ class SilentFlowClient extends BaseClient {
7542
7618
  const requestTenantId = request.account.tenantId ||
7543
7619
  getTenantFromAuthorityString(request.authority);
7544
7620
  const tokenKeys = this.cacheManager.getTokenKeys();
7545
- const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient, request.correlationId);
7621
+ const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId);
7546
7622
  if (!cachedAccessToken) {
7547
7623
  // must refresh due to non-existent access_token
7548
7624
  this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
@@ -7608,7 +7684,7 @@ class SilentFlowClient extends BaseClient {
7608
7684
  }
7609
7685
  }
7610
7686
 
7611
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7687
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7612
7688
 
7613
7689
  /*
7614
7690
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7623,7 +7699,7 @@ const StubbedNetworkModule = {
7623
7699
  },
7624
7700
  };
7625
7701
 
7626
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7702
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7627
7703
 
7628
7704
  /*
7629
7705
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7847,7 +7923,7 @@ function extractLoginHint(account) {
7847
7923
  return account.idTokenClaims?.login_hint || null;
7848
7924
  }
7849
7925
 
7850
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7926
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7851
7927
 
7852
7928
  /*
7853
7929
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7905,7 +7981,7 @@ class AuthenticationHeaderParser {
7905
7981
  }
7906
7982
  }
7907
7983
 
7908
- /*! @azure/msal-common v15.7.0 2025-05-30 */
7984
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7909
7985
 
7910
7986
  /*
7911
7987
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8168,7 +8244,7 @@ class ServerTelemetryManager {
8168
8244
  }
8169
8245
  }
8170
8246
 
8171
- /*! @azure/msal-common v15.7.0 2025-05-30 */
8247
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
8172
8248
  /*
8173
8249
  * Copyright (c) Microsoft Corporation. All rights reserved.
8174
8250
  * Licensed under the MIT License.
@@ -8176,7 +8252,7 @@ class ServerTelemetryManager {
8176
8252
  const missingKidError = "missing_kid_error";
8177
8253
  const missingAlgError = "missing_alg_error";
8178
8254
 
8179
- /*! @azure/msal-common v15.7.0 2025-05-30 */
8255
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
8180
8256
 
8181
8257
  /*
8182
8258
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8201,7 +8277,7 @@ function createJoseHeaderError(code) {
8201
8277
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
8202
8278
  }
8203
8279
 
8204
- /*! @azure/msal-common v15.7.0 2025-05-30 */
8280
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
8205
8281
 
8206
8282
  /*
8207
8283
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8241,86 +8317,7 @@ class JoseHeader {
8241
8317
  }
8242
8318
  }
8243
8319
 
8244
- /*! @azure/msal-common v15.7.0 2025-05-30 */
8245
-
8246
- /*
8247
- * Copyright (c) Microsoft Corporation. All rights reserved.
8248
- * Licensed under the MIT License.
8249
- */
8250
- class StubPerformanceMeasurement {
8251
- startMeasurement() {
8252
- return;
8253
- }
8254
- endMeasurement() {
8255
- return;
8256
- }
8257
- flushMeasurement() {
8258
- return null;
8259
- }
8260
- }
8261
- class StubPerformanceClient {
8262
- generateId() {
8263
- return "callback-id";
8264
- }
8265
- startMeasurement(measureName, correlationId) {
8266
- return {
8267
- end: () => null,
8268
- discard: () => { },
8269
- add: () => { },
8270
- increment: () => { },
8271
- event: {
8272
- eventId: this.generateId(),
8273
- status: PerformanceEventStatus.InProgress,
8274
- authority: "",
8275
- libraryName: "",
8276
- libraryVersion: "",
8277
- clientId: "",
8278
- name: measureName,
8279
- startTimeMs: Date.now(),
8280
- correlationId: correlationId || "",
8281
- },
8282
- measurement: new StubPerformanceMeasurement(),
8283
- };
8284
- }
8285
- startPerformanceMeasurement() {
8286
- return new StubPerformanceMeasurement();
8287
- }
8288
- calculateQueuedTime() {
8289
- return 0;
8290
- }
8291
- addQueueMeasurement() {
8292
- return;
8293
- }
8294
- setPreQueueTime() {
8295
- return;
8296
- }
8297
- endMeasurement() {
8298
- return null;
8299
- }
8300
- discardMeasurements() {
8301
- return;
8302
- }
8303
- removePerformanceCallback() {
8304
- return true;
8305
- }
8306
- addPerformanceCallback() {
8307
- return "";
8308
- }
8309
- emitEvents() {
8310
- return;
8311
- }
8312
- addFields() {
8313
- return;
8314
- }
8315
- incrementFields() {
8316
- return;
8317
- }
8318
- cacheEventByCorrelationId() {
8319
- return;
8320
- }
8321
- }
8322
-
8323
- /*! @azure/msal-common v15.7.0 2025-05-30 */
8320
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
8324
8321
 
8325
8322
  /*
8326
8323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10160,10 +10157,10 @@ class NavigationClient {
10160
10157
  */
10161
10158
  static defaultNavigateWindow(url, options) {
10162
10159
  if (options.noHistory) {
10163
- window.location.replace(url);
10160
+ window.location.replace(url); // CodeQL [SM03712] Application owner controls the URL. User can't change it.
10164
10161
  }
10165
10162
  else {
10166
- window.location.assign(url);
10163
+ window.location.assign(url); // CodeQL [SM03712] Application owner controls the URL. User can't change it.
10167
10164
  }
10168
10165
  return new Promise((resolve) => {
10169
10166
  setTimeout(() => {
@@ -10425,7 +10422,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
10425
10422
 
10426
10423
  /* eslint-disable header/header */
10427
10424
  const name = "@azure/msal-browser";
10428
- const version = "4.13.0";
10425
+ const version = "4.13.2";
10429
10426
 
10430
10427
  /*
10431
10428
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -11269,7 +11266,9 @@ class CryptoOps {
11269
11266
  async removeTokenBindingKey(kid) {
11270
11267
  await this.cache.removeItem(kid);
11271
11268
  const keyFound = await this.cache.containsKey(kid);
11272
- return !keyFound;
11269
+ if (keyFound) {
11270
+ throw createClientAuthError(bindingKeyNotRemoved);
11271
+ }
11273
11272
  }
11274
11273
  /**
11275
11274
  * Removes all cryptographic keys from IndexedDB storage
@@ -11791,14 +11790,13 @@ const EventType = {
11791
11790
  */
11792
11791
  class BrowserCacheManager extends CacheManager {
11793
11792
  constructor(clientId, cacheConfig, cryptoImpl, logger, performanceClient, eventHandler, staticAuthorityOptions) {
11794
- super(clientId, cryptoImpl, logger, staticAuthorityOptions);
11793
+ super(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions);
11795
11794
  this.cacheConfig = cacheConfig;
11796
11795
  this.logger = logger;
11797
11796
  this.internalStorage = new MemoryStorage();
11798
11797
  this.browserStorage = getStorageImplementation(clientId, cacheConfig.cacheLocation, logger, performanceClient);
11799
11798
  this.temporaryCacheStorage = getStorageImplementation(clientId, cacheConfig.temporaryCacheLocation, logger, performanceClient);
11800
11799
  this.cookieStorage = new CookieStorage();
11801
- this.performanceClient = performanceClient;
11802
11800
  this.eventHandler = eventHandler;
11803
11801
  }
11804
11802
  async initialize(correlationId) {
@@ -11926,16 +11924,16 @@ class BrowserCacheManager extends CacheManager {
11926
11924
  * Extends inherited removeAccount function to include removal of the account key from the map
11927
11925
  * @param key
11928
11926
  */
11929
- async removeAccount(key) {
11930
- void super.removeAccount(key);
11927
+ removeAccount(key, correlationId) {
11928
+ super.removeAccount(key, correlationId);
11931
11929
  this.removeAccountKeyFromMap(key);
11932
11930
  }
11933
11931
  /**
11934
11932
  * Removes credentials associated with the provided account
11935
11933
  * @param account
11936
11934
  */
11937
- async removeAccountContext(account) {
11938
- await super.removeAccountContext(account);
11935
+ removeAccountContext(account, correlationId) {
11936
+ super.removeAccountContext(account, correlationId);
11939
11937
  /**
11940
11938
  * @deprecated - Remove this in next major version in favor of more consistent LOGOUT event
11941
11939
  */
@@ -11955,8 +11953,8 @@ class BrowserCacheManager extends CacheManager {
11955
11953
  * Removes given accessToken from the cache and from the key map
11956
11954
  * @param key
11957
11955
  */
11958
- async removeAccessToken(key) {
11959
- void super.removeAccessToken(key);
11956
+ removeAccessToken(key, correlationId) {
11957
+ super.removeAccessToken(key, correlationId);
11960
11958
  this.removeTokenKey(key, CredentialType.ACCESS_TOKEN);
11961
11959
  }
11962
11960
  /**
@@ -12401,9 +12399,9 @@ class BrowserCacheManager extends CacheManager {
12401
12399
  /**
12402
12400
  * Clears all cache entries created by MSAL.
12403
12401
  */
12404
- async clear() {
12402
+ clear(correlationId) {
12405
12403
  // Removes all accounts and their credentials
12406
- await this.removeAllAccounts();
12404
+ this.removeAllAccounts(correlationId);
12407
12405
  this.removeAppMetadata();
12408
12406
  // Remove temp storage first to make sure any cookies are cleared
12409
12407
  this.temporaryCacheStorage.getKeys().forEach((cacheKey) => {
@@ -12427,22 +12425,22 @@ class BrowserCacheManager extends CacheManager {
12427
12425
  * @param correlationId {string} correlation id
12428
12426
  * @returns
12429
12427
  */
12430
- async clearTokensAndKeysWithClaims(performanceClient, correlationId) {
12431
- performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId);
12428
+ clearTokensAndKeysWithClaims(correlationId) {
12429
+ this.performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId);
12432
12430
  const tokenKeys = this.getTokenKeys();
12433
- const removedAccessTokens = [];
12431
+ let removedAccessTokens = 0;
12434
12432
  tokenKeys.accessToken.forEach((key) => {
12435
12433
  // if the access token has claims in its key, remove the token key and the token
12436
12434
  const credential = this.getAccessTokenCredential(key);
12437
12435
  if (credential?.requestedClaimsHash &&
12438
12436
  key.includes(credential.requestedClaimsHash.toLowerCase())) {
12439
- removedAccessTokens.push(this.removeAccessToken(key));
12437
+ this.removeAccessToken(key, correlationId);
12438
+ removedAccessTokens++;
12440
12439
  }
12441
12440
  });
12442
- await Promise.all(removedAccessTokens);
12443
12441
  // warn if any access tokens are removed
12444
- if (removedAccessTokens.length > 0) {
12445
- this.logger.warning(`${removedAccessTokens.length} access tokens with claims in the cache keys have been removed from the cache.`);
12442
+ if (removedAccessTokens > 0) {
12443
+ this.logger.warning(`${removedAccessTokens} access tokens with claims in the cache keys have been removed from the cache.`);
12446
12444
  }
12447
12445
  }
12448
12446
  /**
@@ -12916,7 +12914,7 @@ class BaseInteractionClient {
12916
12914
  }
12917
12915
  // Clear given account.
12918
12916
  try {
12919
- await this.browserStorage.removeAccount(AccountEntity.generateAccountCacheKey(account));
12917
+ this.browserStorage.removeAccount(AccountEntity.generateAccountCacheKey(account), this.correlationId);
12920
12918
  this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.");
12921
12919
  }
12922
12920
  catch (error) {
@@ -12927,7 +12925,7 @@ class BaseInteractionClient {
12927
12925
  try {
12928
12926
  this.logger.verbose("No account provided in logout request, clearing all cache items.", this.correlationId);
12929
12927
  // Clear all accounts and tokens
12930
- await this.browserStorage.clear();
12928
+ this.browserStorage.clear(this.correlationId);
12931
12929
  // Clear any stray keys from IndexedDB
12932
12930
  await this.browserCrypto.clearKeystore();
12933
12931
  }
@@ -13429,7 +13427,8 @@ const USER_CANCEL = "USER_CANCEL";
13429
13427
  const NO_NETWORK = "NO_NETWORK";
13430
13428
  const PERSISTENT_ERROR = "PERSISTENT_ERROR";
13431
13429
  const DISABLED = "DISABLED";
13432
- const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
13430
+ const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
13431
+ const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
13433
13432
 
13434
13433
  /*
13435
13434
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -13487,6 +13486,8 @@ function createNativeAuthError(code, description, ext) {
13487
13486
  return createBrowserAuthError(userCancelled);
13488
13487
  case NO_NETWORK:
13489
13488
  return createBrowserAuthError(noNetworkConnectivity);
13489
+ case UX_NOT_ALLOWED:
13490
+ return createInteractionRequiredAuthError(uxNotAllowed);
13490
13491
  }
13491
13492
  }
13492
13493
  return new NativeAuthError(code, NativeAuthErrorMessages[code] || description, ext);
@@ -13927,9 +13928,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
13927
13928
  // Store the account info and hence `nativeAccountId` in browser cache
13928
13929
  await this.browserStorage.setAccount(accountEntity, this.correlationId);
13929
13930
  // Remove any existing cached tokens for this account in browser storage
13930
- this.browserStorage.removeAccountContext(accountEntity).catch((e) => {
13931
- this.logger.error(`Error occurred while removing account context from browser storage. ${e}`);
13932
- });
13931
+ this.browserStorage.removeAccountContext(accountEntity, this.correlationId);
13933
13932
  }
13934
13933
  /**
13935
13934
  * Stores the access_token and id_token in inmemory storage
@@ -14885,14 +14884,14 @@ function isDomEnabledForPlatformAuth() {
14885
14884
  * @param authenticationScheme
14886
14885
  */
14887
14886
  function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticationScheme) {
14888
- logger.trace("isBrokerAvailable called");
14887
+ logger.trace("isPlatformAuthAllowed called");
14889
14888
  if (!config.system.allowPlatformBroker) {
14890
- logger.trace("isBrokerAvailable: allowPlatformBroker is not enabled, returning false");
14889
+ logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false");
14891
14890
  // Developer disabled WAM
14892
14891
  return false;
14893
14892
  }
14894
14893
  if (!platformAuthProvider) {
14895
- logger.trace("isBrokerAvailable: Platform auth provider is not initialized, returning false");
14894
+ logger.trace("isPlatformAuthAllowed: Platform auth provider is not initialized, returning false");
14896
14895
  // Platform broker auth providers are not available
14897
14896
  return false;
14898
14897
  }
@@ -14900,10 +14899,10 @@ function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticat
14900
14899
  switch (authenticationScheme) {
14901
14900
  case AuthenticationScheme.BEARER:
14902
14901
  case AuthenticationScheme.POP:
14903
- logger.trace("isBrokerAvailable: authenticationScheme is supported, returning true");
14902
+ logger.trace("isPlatformAuthAllowed: authenticationScheme is supported, returning true");
14904
14903
  return true;
14905
14904
  default:
14906
- logger.trace("isBrokerAvailable: authenticationScheme is not supported, returning false");
14905
+ logger.trace("isPlatformAuthAllowed: authenticationScheme is not supported, returning false");
14907
14906
  return false;
14908
14907
  }
14909
14908
  }
@@ -15113,7 +15112,7 @@ class PopupClient extends StandardInteractionClient {
15113
15112
  if (validRequest.account?.homeAccountId &&
15114
15113
  validRequest.postLogoutRedirectUri &&
15115
15114
  authClient.authority.protocolMode === ProtocolMode.OIDC) {
15116
- void this.browserStorage.removeAccount(validRequest.account?.homeAccountId);
15115
+ this.browserStorage.removeAccount(validRequest.account?.homeAccountId, this.correlationId);
15117
15116
  this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, exports.InteractionType.Popup, validRequest);
15118
15117
  if (mainWindowRedirectUri) {
15119
15118
  const navigationOptions = {
@@ -15709,7 +15708,7 @@ class RedirectClient extends StandardInteractionClient {
15709
15708
  }
15710
15709
  catch {
15711
15710
  if (validLogoutRequest.account?.homeAccountId) {
15712
- void this.browserStorage.removeAccount(validLogoutRequest.account?.homeAccountId);
15711
+ this.browserStorage.removeAccount(validLogoutRequest.account?.homeAccountId, this.correlationId);
15713
15712
  this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, exports.InteractionType.Redirect, validLogoutRequest);
15714
15713
  return;
15715
15714
  }
@@ -16549,7 +16548,7 @@ class StandardController {
16549
16548
  }
16550
16549
  if (!this.config.cache.claimsBasedCachingEnabled) {
16551
16550
  this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims");
16552
- await invokeAsync(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage), PerformanceEvents.ClearTokensAndKeysWithClaims, this.logger, this.performanceClient, initCorrelationId)(this.performanceClient, initCorrelationId);
16551
+ invoke(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage), PerformanceEvents.ClearTokensAndKeysWithClaims, this.logger, this.performanceClient, initCorrelationId)(initCorrelationId);
16553
16552
  }
16554
16553
  this.config.system.asyncPopups &&
16555
16554
  (await this.preGeneratePkceCodes(initCorrelationId));
@@ -18299,7 +18298,7 @@ class NestedAppAuthController {
18299
18298
  };
18300
18299
  // fetch access token and check for expiry
18301
18300
  const tokenKeys = this.browserStorage.getTokenKeys();
18302
- const cachedAccessToken = this.browserStorage.getAccessToken(currentAccount, authRequest, tokenKeys, currentAccount.tenantId, this.performanceClient, authRequest.correlationId);
18301
+ const cachedAccessToken = this.browserStorage.getAccessToken(currentAccount, authRequest, tokenKeys, currentAccount.tenantId);
18303
18302
  // If there is no access token, log it and return null
18304
18303
  if (!cachedAccessToken) {
18305
18304
  this.logger.verbose("No cached access token found");
@@ -19812,7 +19811,20 @@ class SignedHttpRequest {
19812
19811
  * @returns If keys are properly deleted
19813
19812
  */
19814
19813
  async removeKeys(publicKeyThumbprint) {
19815
- return this.cryptoOps.removeTokenBindingKey(publicKeyThumbprint);
19814
+ return this.cryptoOps
19815
+ .removeTokenBindingKey(publicKeyThumbprint)
19816
+ .then(() => true)
19817
+ .catch((error) => {
19818
+ /*
19819
+ * @deprecated - To maintain public API signature, we return false if the error is due to the key still being present in indexedDB.
19820
+ */
19821
+ if (error instanceof ClientAuthError &&
19822
+ error.errorCode ===
19823
+ bindingKeyNotRemoved) {
19824
+ return false;
19825
+ }
19826
+ throw error;
19827
+ });
19816
19828
  }
19817
19829
  }
19818
19830