@azure/msal-browser 4.13.1 → 4.13.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (132) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.d.ts +1 -0
  5. package/dist/broker/nativeBroker/NativeStatusCodes.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +4 -3
  7. package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +6 -6
  11. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  12. package/dist/cache/AccountManager.mjs +1 -1
  13. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  14. package/dist/cache/BrowserCacheManager.d.ts +5 -6
  15. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  16. package/dist/cache/BrowserCacheManager.mjs +17 -18
  17. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  18. package/dist/cache/CacheHelpers.mjs +1 -1
  19. package/dist/cache/CookieStorage.mjs +1 -1
  20. package/dist/cache/DatabaseStorage.mjs +1 -1
  21. package/dist/cache/LocalStorage.mjs +1 -1
  22. package/dist/cache/MemoryStorage.mjs +1 -1
  23. package/dist/cache/SessionStorage.mjs +1 -1
  24. package/dist/cache/TokenCache.mjs +1 -1
  25. package/dist/config/Configuration.mjs +1 -1
  26. package/dist/controllers/ControllerFactory.mjs +1 -1
  27. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  28. package/dist/controllers/NestedAppAuthController.mjs +2 -2
  29. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  30. package/dist/controllers/StandardController.d.ts.map +1 -1
  31. package/dist/controllers/StandardController.mjs +3 -3
  32. package/dist/controllers/StandardController.mjs.map +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.d.ts +1 -1
  36. package/dist/crypto/CryptoOps.d.ts.map +1 -1
  37. package/dist/crypto/CryptoOps.mjs +5 -3
  38. package/dist/crypto/CryptoOps.mjs.map +1 -1
  39. package/dist/crypto/PkceGenerator.mjs +1 -1
  40. package/dist/crypto/SignedHttpRequest.d.ts.map +1 -1
  41. package/dist/crypto/SignedHttpRequest.mjs +16 -3
  42. package/dist/crypto/SignedHttpRequest.mjs.map +1 -1
  43. package/dist/encode/Base64Decode.mjs +1 -1
  44. package/dist/encode/Base64Encode.mjs +1 -1
  45. package/dist/error/BrowserAuthError.mjs +1 -1
  46. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  47. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  48. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  49. package/dist/error/NativeAuthError.d.ts.map +1 -1
  50. package/dist/error/NativeAuthError.mjs +5 -3
  51. package/dist/error/NativeAuthError.mjs.map +1 -1
  52. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  53. package/dist/error/NestedAppAuthError.mjs +1 -1
  54. package/dist/event/EventHandler.mjs +1 -1
  55. package/dist/event/EventMessage.mjs +1 -1
  56. package/dist/event/EventType.mjs +1 -1
  57. package/dist/index.mjs +1 -1
  58. package/dist/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  59. package/dist/interaction_client/BaseInteractionClient.mjs +3 -3
  60. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  61. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  62. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  63. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -4
  64. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  65. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  66. package/dist/interaction_client/PopupClient.mjs +2 -2
  67. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  68. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  69. package/dist/interaction_client/RedirectClient.mjs +2 -2
  70. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  71. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  72. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  73. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  74. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  75. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  76. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  77. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  78. package/dist/naa/BridgeError.mjs +1 -1
  79. package/dist/naa/BridgeProxy.mjs +1 -1
  80. package/dist/naa/BridgeStatusCode.mjs +1 -1
  81. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  82. package/dist/navigation/NavigationClient.mjs +1 -1
  83. package/dist/network/FetchClient.mjs +1 -1
  84. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  85. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  86. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  87. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  88. package/dist/packageMetadata.d.ts +1 -1
  89. package/dist/packageMetadata.mjs +2 -2
  90. package/dist/protocol/Authorize.mjs +1 -1
  91. package/dist/request/RequestHelpers.mjs +1 -1
  92. package/dist/response/ResponseHandler.mjs +1 -1
  93. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  94. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  95. package/dist/utils/BrowserConstants.mjs +1 -1
  96. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  97. package/dist/utils/BrowserUtils.mjs +1 -1
  98. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  99. package/lib/msal-browser.cjs +806 -794
  100. package/lib/msal-browser.cjs.map +1 -1
  101. package/lib/msal-browser.js +806 -794
  102. package/lib/msal-browser.js.map +1 -1
  103. package/lib/msal-browser.min.js +67 -65
  104. package/lib/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -0
  105. package/lib/types/broker/nativeBroker/NativeStatusCodes.d.ts.map +1 -1
  106. package/lib/types/cache/BrowserCacheManager.d.ts +5 -6
  107. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  108. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  109. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  110. package/lib/types/crypto/CryptoOps.d.ts +1 -1
  111. package/lib/types/crypto/CryptoOps.d.ts.map +1 -1
  112. package/lib/types/crypto/SignedHttpRequest.d.ts.map +1 -1
  113. package/lib/types/error/NativeAuthError.d.ts.map +1 -1
  114. package/lib/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  115. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  116. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  117. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  118. package/lib/types/packageMetadata.d.ts +1 -1
  119. package/package.json +2 -2
  120. package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -0
  121. package/src/broker/nativeBroker/PlatformAuthProvider.ts +5 -5
  122. package/src/cache/BrowserCacheManager.ts +22 -23
  123. package/src/controllers/NestedAppAuthController.ts +1 -3
  124. package/src/controllers/StandardController.ts +3 -2
  125. package/src/crypto/CryptoOps.ts +8 -2
  126. package/src/crypto/SignedHttpRequest.ts +19 -1
  127. package/src/error/NativeAuthError.ts +4 -0
  128. package/src/interaction_client/BaseInteractionClient.ts +4 -3
  129. package/src/interaction_client/PlatformAuthInteractionClient.ts +4 -5
  130. package/src/interaction_client/PopupClient.ts +3 -2
  131. package/src/interaction_client/RedirectClient.ts +3 -2
  132. package/src/packageMetadata.ts +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v4.13.1 2025-06-10 */
1
+ /*! @azure/msal-browser v4.13.2 2025-06-18 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v15.7.0 2025-06-10 */
9
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -302,7 +302,7 @@
302
302
  // Token renewal offset default in seconds
303
303
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
304
304
 
305
- /*! @azure/msal-common v15.7.0 2025-06-10 */
305
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
306
306
  /*
307
307
  * Copyright (c) Microsoft Corporation. All rights reserved.
308
308
  * Licensed under the MIT License.
@@ -319,7 +319,7 @@
319
319
  unexpectedError: unexpectedError
320
320
  });
321
321
 
322
- /*! @azure/msal-common v15.7.0 2025-06-10 */
322
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
323
323
 
324
324
  /*
325
325
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -368,7 +368,7 @@
368
368
  : AuthErrorMessages[code]);
369
369
  }
370
370
 
371
- /*! @azure/msal-common v15.7.0 2025-06-10 */
371
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
372
372
  /*
373
373
  * Copyright (c) Microsoft Corporation. All rights reserved.
374
374
  * Licensed under the MIT License.
@@ -466,7 +466,7 @@
466
466
  userTimeoutReached: userTimeoutReached
467
467
  });
468
468
 
469
- /*! @azure/msal-common v15.7.0 2025-06-10 */
469
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
470
470
 
471
471
  /*
472
472
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -718,7 +718,7 @@
718
718
  return new ClientAuthError(errorCode, additionalMessage);
719
719
  }
720
720
 
721
- /*! @azure/msal-common v15.7.0 2025-06-10 */
721
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
722
722
 
723
723
  /*
724
724
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -757,7 +757,7 @@
757
757
  },
758
758
  };
759
759
 
760
- /*! @azure/msal-common v15.7.0 2025-06-10 */
760
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
761
761
 
762
762
  /*
763
763
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -948,12 +948,12 @@
948
948
  }
949
949
  }
950
950
 
951
- /*! @azure/msal-common v15.7.0 2025-06-10 */
951
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
952
952
  /* eslint-disable header/header */
953
953
  const name$1 = "@azure/msal-common";
954
- const version$1 = "15.7.0";
954
+ const version$1 = "15.7.1";
955
955
 
956
- /*! @azure/msal-common v15.7.0 2025-06-10 */
956
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
957
957
  /*
958
958
  * Copyright (c) Microsoft Corporation. All rights reserved.
959
959
  * Licensed under the MIT License.
@@ -973,7 +973,7 @@
973
973
  AzureUsGovernment: "https://login.microsoftonline.us",
974
974
  };
975
975
 
976
- /*! @azure/msal-common v15.7.0 2025-06-10 */
976
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
977
977
 
978
978
  /*
979
979
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1034,7 +1034,7 @@
1034
1034
  }
1035
1035
  }
1036
1036
 
1037
- /*! @azure/msal-common v15.7.0 2025-06-10 */
1037
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1038
1038
  /*
1039
1039
  * Copyright (c) Microsoft Corporation. All rights reserved.
1040
1040
  * Licensed under the MIT License.
@@ -1089,7 +1089,7 @@
1089
1089
  return cachedAtSec > nowSeconds();
1090
1090
  }
1091
1091
 
1092
- /*! @azure/msal-common v15.7.0 2025-06-10 */
1092
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1093
1093
 
1094
1094
  /*
1095
1095
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1416,7 +1416,7 @@
1416
1416
  return metadata.expiresAt <= nowSeconds();
1417
1417
  }
1418
1418
 
1419
- /*! @azure/msal-common v15.7.0 2025-06-10 */
1419
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1420
1420
  /*
1421
1421
  * Copyright (c) Microsoft Corporation. All rights reserved.
1422
1422
  * Licensed under the MIT License.
@@ -1470,7 +1470,7 @@
1470
1470
  urlParseError: urlParseError
1471
1471
  });
1472
1472
 
1473
- /*! @azure/msal-common v15.7.0 2025-06-10 */
1473
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1474
1474
 
1475
1475
  /*
1476
1476
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1608,7 +1608,7 @@
1608
1608
  return new ClientConfigurationError(errorCode);
1609
1609
  }
1610
1610
 
1611
- /*! @azure/msal-common v15.7.0 2025-06-10 */
1611
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1612
1612
  /*
1613
1613
  * Copyright (c) Microsoft Corporation. All rights reserved.
1614
1614
  * Licensed under the MIT License.
@@ -1705,7 +1705,7 @@
1705
1705
  }
1706
1706
  }
1707
1707
 
1708
- /*! @azure/msal-common v15.7.0 2025-06-10 */
1708
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1709
1709
 
1710
1710
  /*
1711
1711
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1896,7 +1896,7 @@
1896
1896
  }
1897
1897
  }
1898
1898
 
1899
- /*! @azure/msal-common v15.7.0 2025-06-10 */
1899
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1900
1900
 
1901
1901
  /*
1902
1902
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1936,7 +1936,7 @@
1936
1936
  };
1937
1937
  }
1938
1938
 
1939
- /*! @azure/msal-common v15.7.0 2025-06-10 */
1939
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
1940
1940
  /*
1941
1941
  * Copyright (c) Microsoft Corporation. All rights reserved.
1942
1942
  * Licensed under the MIT License.
@@ -2015,7 +2015,7 @@
2015
2015
  return updatedAccountInfo;
2016
2016
  }
2017
2017
 
2018
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2018
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2019
2019
  /*
2020
2020
  * Copyright (c) Microsoft Corporation. All rights reserved.
2021
2021
  * Licensed under the MIT License.
@@ -2030,7 +2030,7 @@
2030
2030
  Ciam: 3,
2031
2031
  };
2032
2032
 
2033
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2033
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2034
2034
  /*
2035
2035
  * Copyright (c) Microsoft Corporation. All rights reserved.
2036
2036
  * Licensed under the MIT License.
@@ -2052,7 +2052,7 @@
2052
2052
  return null;
2053
2053
  }
2054
2054
 
2055
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2055
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2056
2056
  /*
2057
2057
  * Copyright (c) Microsoft Corporation. All rights reserved.
2058
2058
  * Licensed under the MIT License.
@@ -2076,7 +2076,7 @@
2076
2076
  EAR: "EAR",
2077
2077
  };
2078
2078
 
2079
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2079
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2080
2080
 
2081
2081
  /*
2082
2082
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2319,7 +2319,7 @@
2319
2319
  }
2320
2320
  }
2321
2321
 
2322
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2322
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2323
2323
 
2324
2324
  /*
2325
2325
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2384,7 +2384,7 @@
2384
2384
  return queryParameterArray.join("&");
2385
2385
  }
2386
2386
 
2387
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2387
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2388
2388
 
2389
2389
  /*
2390
2390
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2548,7 +2548,7 @@
2548
2548
  }
2549
2549
  }
2550
2550
 
2551
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2551
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2552
2552
 
2553
2553
  /*
2554
2554
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2688,7 +2688,7 @@
2688
2688
  return null;
2689
2689
  }
2690
2690
 
2691
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2691
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2692
2692
  /*
2693
2693
  * Copyright (c) Microsoft Corporation. All rights reserved.
2694
2694
  * Licensed under the MIT License.
@@ -2696,7 +2696,7 @@
2696
2696
  const cacheQuotaExceededErrorCode = "cache_quota_exceeded";
2697
2697
  const cacheUnknownErrorCode = "cache_error_unknown";
2698
2698
 
2699
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2699
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2700
2700
 
2701
2701
  /*
2702
2702
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2723,7 +2723,7 @@
2723
2723
  }
2724
2724
  }
2725
2725
 
2726
- /*! @azure/msal-common v15.7.0 2025-06-10 */
2726
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
2727
2727
 
2728
2728
  /*
2729
2729
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2734,11 +2734,12 @@
2734
2734
  * @internal
2735
2735
  */
2736
2736
  class CacheManager {
2737
- constructor(clientId, cryptoImpl, logger, staticAuthorityOptions) {
2737
+ constructor(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions) {
2738
2738
  this.clientId = clientId;
2739
2739
  this.cryptoImpl = cryptoImpl;
2740
2740
  this.commonLogger = logger.clone(name$1, version$1);
2741
2741
  this.staticAuthorityOptions = staticAuthorityOptions;
2742
+ this.performanceClient = performanceClient;
2742
2743
  }
2743
2744
  /**
2744
2745
  * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
@@ -2947,7 +2948,6 @@
2947
2948
  };
2948
2949
  const tokenKeys = this.getTokenKeys();
2949
2950
  const currentScopes = ScopeSet.fromString(credential.target);
2950
- const removedAccessTokens = [];
2951
2951
  tokenKeys.accessToken.forEach((key) => {
2952
2952
  if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {
2953
2953
  return;
@@ -2957,11 +2957,10 @@
2957
2957
  this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {
2958
2958
  const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
2959
2959
  if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
2960
- removedAccessTokens.push(this.removeAccessToken(key));
2960
+ this.removeAccessToken(key, correlationId);
2961
2961
  }
2962
2962
  }
2963
2963
  });
2964
- await Promise.all(removedAccessTokens);
2965
2964
  await this.setAccessTokenCredential(credential, correlationId);
2966
2965
  }
2967
2966
  /**
@@ -3203,34 +3202,31 @@
3203
3202
  /**
3204
3203
  * Removes all accounts and related tokens from cache.
3205
3204
  */
3206
- async removeAllAccounts() {
3205
+ removeAllAccounts(correlationId) {
3207
3206
  const allAccountKeys = this.getAccountKeys();
3208
- const removedAccounts = [];
3209
3207
  allAccountKeys.forEach((cacheKey) => {
3210
- removedAccounts.push(this.removeAccount(cacheKey));
3208
+ this.removeAccount(cacheKey, correlationId);
3211
3209
  });
3212
- await Promise.all(removedAccounts);
3213
3210
  }
3214
3211
  /**
3215
3212
  * Removes the account and related tokens for a given account key
3216
3213
  * @param account
3217
3214
  */
3218
- async removeAccount(accountKey) {
3215
+ removeAccount(accountKey, correlationId) {
3219
3216
  const account = this.getAccount(accountKey, this.commonLogger);
3220
3217
  if (!account) {
3221
3218
  return;
3222
3219
  }
3223
- await this.removeAccountContext(account);
3220
+ this.removeAccountContext(account, correlationId);
3224
3221
  this.removeItem(accountKey);
3225
3222
  }
3226
3223
  /**
3227
3224
  * Removes credentials associated with the provided account
3228
3225
  * @param account
3229
3226
  */
3230
- async removeAccountContext(account) {
3227
+ removeAccountContext(account, correlationId) {
3231
3228
  const allTokenKeys = this.getTokenKeys();
3232
3229
  const accountId = account.generateAccountId();
3233
- const removedCredentials = [];
3234
3230
  allTokenKeys.idToken.forEach((key) => {
3235
3231
  if (key.indexOf(accountId) === 0) {
3236
3232
  this.removeIdToken(key);
@@ -3238,7 +3234,7 @@
3238
3234
  });
3239
3235
  allTokenKeys.accessToken.forEach((key) => {
3240
3236
  if (key.indexOf(accountId) === 0) {
3241
- removedCredentials.push(this.removeAccessToken(key));
3237
+ this.removeAccessToken(key, correlationId);
3242
3238
  }
3243
3239
  });
3244
3240
  allTokenKeys.refreshToken.forEach((key) => {
@@ -3246,17 +3242,17 @@
3246
3242
  this.removeRefreshToken(key);
3247
3243
  }
3248
3244
  });
3249
- await Promise.all(removedCredentials);
3250
3245
  }
3251
3246
  /**
3252
3247
  * returns a boolean if the given credential is removed
3253
3248
  * @param credential
3254
3249
  */
3255
- async removeAccessToken(key) {
3250
+ removeAccessToken(key, correlationId) {
3256
3251
  const credential = this.getAccessTokenCredential(key);
3257
3252
  if (!credential) {
3258
3253
  return;
3259
3254
  }
3255
+ this.removeItem(key);
3260
3256
  // Remove Token Binding Key from key store for PoP Tokens Credentials
3261
3257
  if (credential.credentialType.toLowerCase() ===
3262
3258
  CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) {
@@ -3264,16 +3260,15 @@
3264
3260
  const accessTokenWithAuthSchemeEntity = credential;
3265
3261
  const kid = accessTokenWithAuthSchemeEntity.keyId;
3266
3262
  if (kid) {
3267
- try {
3268
- await this.cryptoImpl.removeTokenBindingKey(kid);
3269
- }
3270
- catch (error) {
3271
- throw createClientAuthError(bindingKeyNotRemoved);
3272
- }
3263
+ void this.cryptoImpl
3264
+ .removeTokenBindingKey(kid)
3265
+ .catch(() => {
3266
+ this.commonLogger.error(`Failed to remove token binding key ${kid}`, correlationId);
3267
+ this.performanceClient?.incrementFields({ removeTokenBindingKeyFailure: 1 }, correlationId);
3268
+ });
3273
3269
  }
3274
3270
  }
3275
3271
  }
3276
- return this.removeItem(key);
3277
3272
  }
3278
3273
  /**
3279
3274
  * Removes all app metadata objects from cache.
@@ -3415,10 +3410,10 @@
3415
3410
  * @param request {BaseAuthRequest}
3416
3411
  * @param tokenKeys {?TokenKeys}
3417
3412
  * @param performanceClient {?IPerformanceClient}
3418
- * @param correlationId {?string}
3419
3413
  */
3420
- getAccessToken(account, request, tokenKeys, targetRealm, performanceClient, correlationId) {
3421
- this.commonLogger.trace("CacheManager - getAccessToken called");
3414
+ getAccessToken(account, request, tokenKeys, targetRealm) {
3415
+ const correlationId = request.correlationId;
3416
+ this.commonLogger.trace("CacheManager - getAccessToken called", correlationId);
3422
3417
  const scopes = ScopeSet.createSearchScopes(request.scopes);
3423
3418
  const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;
3424
3419
  /*
@@ -3457,20 +3452,18 @@
3457
3452
  });
3458
3453
  const numAccessTokens = accessTokens.length;
3459
3454
  if (numAccessTokens < 1) {
3460
- this.commonLogger.info("CacheManager:getAccessToken - No token found");
3455
+ this.commonLogger.info("CacheManager:getAccessToken - No token found", correlationId);
3461
3456
  return null;
3462
3457
  }
3463
3458
  else if (numAccessTokens > 1) {
3464
- this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them");
3459
+ this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them", correlationId);
3465
3460
  accessTokens.forEach((accessToken) => {
3466
- void this.removeAccessToken(generateCredentialKey(accessToken));
3461
+ this.removeAccessToken(generateCredentialKey(accessToken), correlationId);
3467
3462
  });
3468
- if (performanceClient && correlationId) {
3469
- performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
3470
- }
3463
+ this.performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
3471
3464
  return null;
3472
3465
  }
3473
- this.commonLogger.info("CacheManager:getAccessToken - Returning access token");
3466
+ this.commonLogger.info("CacheManager:getAccessToken - Returning access token", correlationId);
3474
3467
  return accessTokens[0];
3475
3468
  }
3476
3469
  /**
@@ -3908,576 +3901,16 @@
3908
3901
  }
3909
3902
  }
3910
3903
 
3911
- /*! @azure/msal-common v15.7.0 2025-06-10 */
3912
-
3904
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
3913
3905
  /*
3914
3906
  * Copyright (c) Microsoft Corporation. All rights reserved.
3915
3907
  * Licensed under the MIT License.
3916
3908
  */
3917
- const DEFAULT_SYSTEM_OPTIONS = {
3918
- tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
3919
- preventCorsPreflight: false,
3920
- };
3921
- const DEFAULT_LOGGER_IMPLEMENTATION = {
3922
- loggerCallback: () => {
3923
- // allow users to not set loggerCallback
3924
- },
3925
- piiLoggingEnabled: false,
3926
- logLevel: exports.LogLevel.Info,
3927
- correlationId: Constants.EMPTY_STRING,
3928
- };
3929
- const DEFAULT_CACHE_OPTIONS = {
3930
- claimsBasedCachingEnabled: false,
3931
- };
3932
- const DEFAULT_NETWORK_IMPLEMENTATION = {
3933
- async sendGetRequestAsync() {
3934
- throw createClientAuthError(methodNotImplemented);
3935
- },
3936
- async sendPostRequestAsync() {
3937
- throw createClientAuthError(methodNotImplemented);
3938
- },
3939
- };
3940
- const DEFAULT_LIBRARY_INFO = {
3941
- sku: Constants.SKU,
3942
- version: version$1,
3943
- cpu: Constants.EMPTY_STRING,
3944
- os: Constants.EMPTY_STRING,
3945
- };
3946
- const DEFAULT_CLIENT_CREDENTIALS = {
3947
- clientSecret: Constants.EMPTY_STRING,
3948
- clientAssertion: undefined,
3949
- };
3950
- const DEFAULT_AZURE_CLOUD_OPTIONS = {
3951
- azureCloudInstance: AzureCloudInstance.None,
3952
- tenant: `${Constants.DEFAULT_COMMON_TENANT}`,
3953
- };
3954
- const DEFAULT_TELEMETRY_OPTIONS = {
3955
- application: {
3956
- appName: "",
3957
- appVersion: "",
3958
- },
3959
- };
3960
3909
  /**
3961
- * Function that sets the default options when not explicitly configured from app developer
3962
- *
3963
- * @param Configuration
3910
+ * Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.
3964
3911
  *
3965
- * @returns Configuration
3966
- */
3967
- function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {
3968
- const loggerOptions = {
3969
- ...DEFAULT_LOGGER_IMPLEMENTATION,
3970
- ...userLoggerOption,
3971
- };
3972
- return {
3973
- authOptions: buildAuthOptions(userAuthOptions),
3974
- systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
3975
- loggerOptions: loggerOptions,
3976
- cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
3977
- storageInterface: storageImplementation ||
3978
- new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions)),
3979
- networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
3980
- cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
3981
- clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
3982
- libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },
3983
- telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },
3984
- serverTelemetryManager: serverTelemetryManager || null,
3985
- persistencePlugin: persistencePlugin || null,
3986
- serializableCache: serializableCache || null,
3987
- };
3988
- }
3989
- /**
3990
- * Construct authoptions from the client and platform passed values
3991
- * @param authOptions
3992
- */
3993
- function buildAuthOptions(authOptions) {
3994
- return {
3995
- clientCapabilities: [],
3996
- azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3997
- skipAuthorityMetadataCache: false,
3998
- instanceAware: false,
3999
- encodeExtraQueryParams: false,
4000
- ...authOptions,
4001
- };
4002
- }
4003
- /**
4004
- * Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
4005
- * @param ClientConfiguration
4006
- */
4007
- function isOidcProtocolMode(config) {
4008
- return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4009
- }
4010
-
4011
- /*! @azure/msal-common v15.7.0 2025-06-10 */
4012
- /*
4013
- * Copyright (c) Microsoft Corporation. All rights reserved.
4014
- * Licensed under the MIT License.
4015
- */
4016
- const CcsCredentialType = {
4017
- HOME_ACCOUNT_ID: "home_account_id",
4018
- UPN: "UPN",
4019
- };
4020
-
4021
- /*! @azure/msal-common v15.7.0 2025-06-10 */
4022
- /*
4023
- * Copyright (c) Microsoft Corporation. All rights reserved.
4024
- * Licensed under the MIT License.
4025
- */
4026
- const CLIENT_ID = "client_id";
4027
- const REDIRECT_URI = "redirect_uri";
4028
- const RESPONSE_TYPE = "response_type";
4029
- const RESPONSE_MODE = "response_mode";
4030
- const GRANT_TYPE = "grant_type";
4031
- const CLAIMS = "claims";
4032
- const SCOPE = "scope";
4033
- const REFRESH_TOKEN = "refresh_token";
4034
- const STATE = "state";
4035
- const NONCE = "nonce";
4036
- const PROMPT = "prompt";
4037
- const CODE = "code";
4038
- const CODE_CHALLENGE = "code_challenge";
4039
- const CODE_CHALLENGE_METHOD = "code_challenge_method";
4040
- const CODE_VERIFIER = "code_verifier";
4041
- const CLIENT_REQUEST_ID = "client-request-id";
4042
- const X_CLIENT_SKU = "x-client-SKU";
4043
- const X_CLIENT_VER = "x-client-VER";
4044
- const X_CLIENT_OS = "x-client-OS";
4045
- const X_CLIENT_CPU = "x-client-CPU";
4046
- const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
4047
- const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
4048
- const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
4049
- const X_APP_NAME = "x-app-name";
4050
- const X_APP_VER = "x-app-ver";
4051
- const POST_LOGOUT_URI = "post_logout_redirect_uri";
4052
- const ID_TOKEN_HINT = "id_token_hint";
4053
- const CLIENT_SECRET = "client_secret";
4054
- const CLIENT_ASSERTION = "client_assertion";
4055
- const CLIENT_ASSERTION_TYPE = "client_assertion_type";
4056
- const TOKEN_TYPE = "token_type";
4057
- const REQ_CNF = "req_cnf";
4058
- const RETURN_SPA_CODE = "return_spa_code";
4059
- const NATIVE_BROKER = "nativebroker";
4060
- const LOGOUT_HINT = "logout_hint";
4061
- const SID = "sid";
4062
- const LOGIN_HINT = "login_hint";
4063
- const DOMAIN_HINT = "domain_hint";
4064
- const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
4065
- const BROKER_CLIENT_ID = "brk_client_id";
4066
- const BROKER_REDIRECT_URI = "brk_redirect_uri";
4067
- const INSTANCE_AWARE = "instance_aware";
4068
- const EAR_JWK = "ear_jwk";
4069
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4070
-
4071
- /*! @azure/msal-common v15.7.0 2025-06-10 */
4072
-
4073
- /*
4074
- * Copyright (c) Microsoft Corporation. All rights reserved.
4075
- * Licensed under the MIT License.
4076
- */
4077
- function instrumentBrokerParams(parameters, correlationId, performanceClient) {
4078
- if (!correlationId) {
4079
- return;
4080
- }
4081
- const clientId = parameters.get(CLIENT_ID);
4082
- if (clientId && parameters.has(BROKER_CLIENT_ID)) {
4083
- performanceClient?.addFields({
4084
- embeddedClientId: clientId,
4085
- embeddedRedirectUri: parameters.get(REDIRECT_URI),
4086
- }, correlationId);
4087
- }
4088
- }
4089
- /**
4090
- * Add the given response_type
4091
- * @param parameters
4092
- * @param responseType
4093
- */
4094
- function addResponseType(parameters, responseType) {
4095
- parameters.set(RESPONSE_TYPE, responseType);
4096
- }
4097
- /**
4098
- * add response_mode. defaults to query.
4099
- * @param responseMode
4100
- */
4101
- function addResponseMode(parameters, responseMode) {
4102
- parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
4103
- }
4104
- /**
4105
- * Add flag to indicate STS should attempt to use WAM if available
4106
- */
4107
- function addNativeBroker(parameters) {
4108
- parameters.set(NATIVE_BROKER, "1");
4109
- }
4110
- /**
4111
- * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
4112
- * @param scopeSet
4113
- * @param addOidcScopes
4114
- */
4115
- function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
4116
- // Always add openid to the scopes when adding OIDC scopes
4117
- if (addOidcScopes &&
4118
- !defaultScopes.includes("openid") &&
4119
- !scopes.includes("openid")) {
4120
- defaultScopes.push("openid");
4121
- }
4122
- const requestScopes = addOidcScopes
4123
- ? [...(scopes || []), ...defaultScopes]
4124
- : scopes || [];
4125
- const scopeSet = new ScopeSet(requestScopes);
4126
- parameters.set(SCOPE, scopeSet.printScopes());
4127
- }
4128
- /**
4129
- * add clientId
4130
- * @param clientId
4131
- */
4132
- function addClientId(parameters, clientId) {
4133
- parameters.set(CLIENT_ID, clientId);
4134
- }
4135
- /**
4136
- * add redirect_uri
4137
- * @param redirectUri
4138
- */
4139
- function addRedirectUri(parameters, redirectUri) {
4140
- parameters.set(REDIRECT_URI, redirectUri);
4141
- }
4142
- /**
4143
- * add post logout redirectUri
4144
- * @param redirectUri
4145
- */
4146
- function addPostLogoutRedirectUri(parameters, redirectUri) {
4147
- parameters.set(POST_LOGOUT_URI, redirectUri);
4148
- }
4149
- /**
4150
- * add id_token_hint to logout request
4151
- * @param idTokenHint
4152
- */
4153
- function addIdTokenHint(parameters, idTokenHint) {
4154
- parameters.set(ID_TOKEN_HINT, idTokenHint);
4155
- }
4156
- /**
4157
- * add domain_hint
4158
- * @param domainHint
4159
- */
4160
- function addDomainHint(parameters, domainHint) {
4161
- parameters.set(DOMAIN_HINT, domainHint);
4162
- }
4163
- /**
4164
- * add login_hint
4165
- * @param loginHint
4166
- */
4167
- function addLoginHint(parameters, loginHint) {
4168
- parameters.set(LOGIN_HINT, loginHint);
4169
- }
4170
- /**
4171
- * Adds the CCS (Cache Credential Service) query parameter for login_hint
4172
- * @param loginHint
4173
- */
4174
- function addCcsUpn(parameters, loginHint) {
4175
- parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
4176
- }
4177
- /**
4178
- * Adds the CCS (Cache Credential Service) query parameter for account object
4179
- * @param loginHint
4180
- */
4181
- function addCcsOid(parameters, clientInfo) {
4182
- parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
4183
- }
4184
- /**
4185
- * add sid
4186
- * @param sid
4187
- */
4188
- function addSid(parameters, sid) {
4189
- parameters.set(SID, sid);
4190
- }
4191
- /**
4192
- * add claims
4193
- * @param claims
4194
- */
4195
- function addClaims(parameters, claims, clientCapabilities) {
4196
- const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
4197
- try {
4198
- JSON.parse(mergedClaims);
4199
- }
4200
- catch (e) {
4201
- throw createClientConfigurationError(invalidClaims);
4202
- }
4203
- parameters.set(CLAIMS, mergedClaims);
4204
- }
4205
- /**
4206
- * add correlationId
4207
- * @param correlationId
4208
- */
4209
- function addCorrelationId(parameters, correlationId) {
4210
- parameters.set(CLIENT_REQUEST_ID, correlationId);
4211
- }
4212
- /**
4213
- * add library info query params
4214
- * @param libraryInfo
4215
- */
4216
- function addLibraryInfo(parameters, libraryInfo) {
4217
- // Telemetry Info
4218
- parameters.set(X_CLIENT_SKU, libraryInfo.sku);
4219
- parameters.set(X_CLIENT_VER, libraryInfo.version);
4220
- if (libraryInfo.os) {
4221
- parameters.set(X_CLIENT_OS, libraryInfo.os);
4222
- }
4223
- if (libraryInfo.cpu) {
4224
- parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
4225
- }
4226
- }
4227
- /**
4228
- * Add client telemetry parameters
4229
- * @param appTelemetry
4230
- */
4231
- function addApplicationTelemetry(parameters, appTelemetry) {
4232
- if (appTelemetry?.appName) {
4233
- parameters.set(X_APP_NAME, appTelemetry.appName);
4234
- }
4235
- if (appTelemetry?.appVersion) {
4236
- parameters.set(X_APP_VER, appTelemetry.appVersion);
4237
- }
4238
- }
4239
- /**
4240
- * add prompt
4241
- * @param prompt
4242
- */
4243
- function addPrompt(parameters, prompt) {
4244
- parameters.set(PROMPT, prompt);
4245
- }
4246
- /**
4247
- * add state
4248
- * @param state
4249
- */
4250
- function addState(parameters, state) {
4251
- if (state) {
4252
- parameters.set(STATE, state);
4253
- }
4254
- }
4255
- /**
4256
- * add nonce
4257
- * @param nonce
4258
- */
4259
- function addNonce(parameters, nonce) {
4260
- parameters.set(NONCE, nonce);
4261
- }
4262
- /**
4263
- * add code_challenge and code_challenge_method
4264
- * - throw if either of them are not passed
4265
- * @param codeChallenge
4266
- * @param codeChallengeMethod
4267
- */
4268
- function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
4269
- if (codeChallenge && codeChallengeMethod) {
4270
- parameters.set(CODE_CHALLENGE, codeChallenge);
4271
- parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
4272
- }
4273
- else {
4274
- throw createClientConfigurationError(pkceParamsMissing);
4275
- }
4276
- }
4277
- /**
4278
- * add the `authorization_code` passed by the user to exchange for a token
4279
- * @param code
4280
- */
4281
- function addAuthorizationCode(parameters, code) {
4282
- parameters.set(CODE, code);
4283
- }
4284
- /**
4285
- * add the `refreshToken` passed by the user
4286
- * @param refreshToken
4287
- */
4288
- function addRefreshToken(parameters, refreshToken) {
4289
- parameters.set(REFRESH_TOKEN, refreshToken);
4290
- }
4291
- /**
4292
- * add the `code_verifier` passed by the user to exchange for a token
4293
- * @param codeVerifier
4294
- */
4295
- function addCodeVerifier(parameters, codeVerifier) {
4296
- parameters.set(CODE_VERIFIER, codeVerifier);
4297
- }
4298
- /**
4299
- * add client_secret
4300
- * @param clientSecret
4301
- */
4302
- function addClientSecret(parameters, clientSecret) {
4303
- parameters.set(CLIENT_SECRET, clientSecret);
4304
- }
4305
- /**
4306
- * add clientAssertion for confidential client flows
4307
- * @param clientAssertion
4308
- */
4309
- function addClientAssertion(parameters, clientAssertion) {
4310
- if (clientAssertion) {
4311
- parameters.set(CLIENT_ASSERTION, clientAssertion);
4312
- }
4313
- }
4314
- /**
4315
- * add clientAssertionType for confidential client flows
4316
- * @param clientAssertionType
4317
- */
4318
- function addClientAssertionType(parameters, clientAssertionType) {
4319
- if (clientAssertionType) {
4320
- parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
4321
- }
4322
- }
4323
- /**
4324
- * add grant type
4325
- * @param grantType
4326
- */
4327
- function addGrantType(parameters, grantType) {
4328
- parameters.set(GRANT_TYPE, grantType);
4329
- }
4330
- /**
4331
- * add client info
4332
- *
4333
- */
4334
- function addClientInfo(parameters) {
4335
- parameters.set(CLIENT_INFO, "1");
4336
- }
4337
- function addInstanceAware(parameters) {
4338
- if (!parameters.has(INSTANCE_AWARE)) {
4339
- parameters.set(INSTANCE_AWARE, "true");
4340
- }
4341
- }
4342
- /**
4343
- * add extraQueryParams
4344
- * @param eQParams
4345
- */
4346
- function addExtraQueryParameters(parameters, eQParams) {
4347
- Object.entries(eQParams).forEach(([key, value]) => {
4348
- if (!parameters.has(key) && value) {
4349
- parameters.set(key, value);
4350
- }
4351
- });
4352
- }
4353
- function addClientCapabilitiesToClaims(claims, clientCapabilities) {
4354
- let mergedClaims;
4355
- // Parse provided claims into JSON object or initialize empty object
4356
- if (!claims) {
4357
- mergedClaims = {};
4358
- }
4359
- else {
4360
- try {
4361
- mergedClaims = JSON.parse(claims);
4362
- }
4363
- catch (e) {
4364
- throw createClientConfigurationError(invalidClaims);
4365
- }
4366
- }
4367
- if (clientCapabilities && clientCapabilities.length > 0) {
4368
- if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
4369
- // Add access_token key to claims object
4370
- mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
4371
- }
4372
- // Add xms_cc claim with provided clientCapabilities to access_token key
4373
- mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
4374
- {
4375
- values: clientCapabilities,
4376
- };
4377
- }
4378
- return JSON.stringify(mergedClaims);
4379
- }
4380
- /**
4381
- * add pop_jwk to query params
4382
- * @param cnfString
4383
- */
4384
- function addPopToken(parameters, cnfString) {
4385
- if (cnfString) {
4386
- parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
4387
- parameters.set(REQ_CNF, cnfString);
4388
- }
4389
- }
4390
- /**
4391
- * add SSH JWK and key ID to query params
4392
- */
4393
- function addSshJwk(parameters, sshJwkString) {
4394
- if (sshJwkString) {
4395
- parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
4396
- parameters.set(REQ_CNF, sshJwkString);
4397
- }
4398
- }
4399
- /**
4400
- * add server telemetry fields
4401
- * @param serverTelemetryManager
4402
- */
4403
- function addServerTelemetry(parameters, serverTelemetryManager) {
4404
- parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
4405
- parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
4406
- }
4407
- /**
4408
- * Adds parameter that indicates to the server that throttling is supported
4409
- */
4410
- function addThrottling(parameters) {
4411
- parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
4412
- }
4413
- /**
4414
- * Adds logout_hint parameter for "silent" logout which prevent server account picker
4415
- */
4416
- function addLogoutHint(parameters, logoutHint) {
4417
- parameters.set(LOGOUT_HINT, logoutHint);
4418
- }
4419
- function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
4420
- if (!parameters.has(BROKER_CLIENT_ID)) {
4421
- parameters.set(BROKER_CLIENT_ID, brokerClientId);
4422
- }
4423
- if (!parameters.has(BROKER_REDIRECT_URI)) {
4424
- parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
4425
- }
4426
- }
4427
- /**
4428
- * Add EAR (Encrypted Authorize Response) request parameters
4429
- * @param parameters
4430
- * @param jwk
4431
- */
4432
- function addEARParameters(parameters, jwk) {
4433
- parameters.set(EAR_JWK, encodeURIComponent(jwk));
4434
- // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
4435
- const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
4436
- parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
4437
- }
4438
-
4439
- /*! @azure/msal-common v15.7.0 2025-06-10 */
4440
- /*
4441
- * Copyright (c) Microsoft Corporation. All rights reserved.
4442
- * Licensed under the MIT License.
4443
- */
4444
- function isOpenIdConfigResponse(response) {
4445
- return (response.hasOwnProperty("authorization_endpoint") &&
4446
- response.hasOwnProperty("token_endpoint") &&
4447
- response.hasOwnProperty("issuer") &&
4448
- response.hasOwnProperty("jwks_uri"));
4449
- }
4450
-
4451
- /*! @azure/msal-common v15.7.0 2025-06-10 */
4452
- /*
4453
- * Copyright (c) Microsoft Corporation. All rights reserved.
4454
- * Licensed under the MIT License.
4455
- */
4456
- function isCloudInstanceDiscoveryResponse(response) {
4457
- return (response.hasOwnProperty("tenant_discovery_endpoint") &&
4458
- response.hasOwnProperty("metadata"));
4459
- }
4460
-
4461
- /*! @azure/msal-common v15.7.0 2025-06-10 */
4462
- /*
4463
- * Copyright (c) Microsoft Corporation. All rights reserved.
4464
- * Licensed under the MIT License.
4465
- */
4466
- function isCloudInstanceDiscoveryErrorResponse(response) {
4467
- return (response.hasOwnProperty("error") &&
4468
- response.hasOwnProperty("error_description"));
4469
- }
4470
-
4471
- /*! @azure/msal-common v15.7.0 2025-06-10 */
4472
- /*
4473
- * Copyright (c) Microsoft Corporation. All rights reserved.
4474
- * Licensed under the MIT License.
4475
- */
4476
- /**
4477
- * Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.
4478
- *
4479
- * @export
4480
- * @enum {number}
3912
+ * @export
3913
+ * @enum {number}
4481
3914
  */
4482
3915
  const PerformanceEvents = {
4483
3916
  /**
@@ -4954,34 +4387,673 @@
4954
4387
  [PerformanceEvents.DecryptEarResponse, "decryptEarResp"],
4955
4388
  ]);
4956
4389
  /**
4957
- * State of the performance event.
4390
+ * State of the performance event.
4391
+ *
4392
+ * @export
4393
+ * @enum {number}
4394
+ */
4395
+ const PerformanceEventStatus = {
4396
+ NotStarted: 0,
4397
+ InProgress: 1,
4398
+ Completed: 2,
4399
+ };
4400
+ const IntFields = new Set([
4401
+ "accessTokenSize",
4402
+ "durationMs",
4403
+ "idTokenSize",
4404
+ "matsSilentStatus",
4405
+ "matsHttpStatus",
4406
+ "refreshTokenSize",
4407
+ "queuedTimeMs",
4408
+ "startTimeMs",
4409
+ "status",
4410
+ "multiMatchedAT",
4411
+ "multiMatchedID",
4412
+ "multiMatchedRT",
4413
+ "unencryptedCacheCount",
4414
+ "encryptedCacheExpiredCount",
4415
+ ]);
4416
+
4417
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4418
+
4419
+ /*
4420
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4421
+ * Licensed under the MIT License.
4422
+ */
4423
+ class StubPerformanceMeasurement {
4424
+ startMeasurement() {
4425
+ return;
4426
+ }
4427
+ endMeasurement() {
4428
+ return;
4429
+ }
4430
+ flushMeasurement() {
4431
+ return null;
4432
+ }
4433
+ }
4434
+ class StubPerformanceClient {
4435
+ generateId() {
4436
+ return "callback-id";
4437
+ }
4438
+ startMeasurement(measureName, correlationId) {
4439
+ return {
4440
+ end: () => null,
4441
+ discard: () => { },
4442
+ add: () => { },
4443
+ increment: () => { },
4444
+ event: {
4445
+ eventId: this.generateId(),
4446
+ status: PerformanceEventStatus.InProgress,
4447
+ authority: "",
4448
+ libraryName: "",
4449
+ libraryVersion: "",
4450
+ clientId: "",
4451
+ name: measureName,
4452
+ startTimeMs: Date.now(),
4453
+ correlationId: correlationId || "",
4454
+ },
4455
+ measurement: new StubPerformanceMeasurement(),
4456
+ };
4457
+ }
4458
+ startPerformanceMeasurement() {
4459
+ return new StubPerformanceMeasurement();
4460
+ }
4461
+ calculateQueuedTime() {
4462
+ return 0;
4463
+ }
4464
+ addQueueMeasurement() {
4465
+ return;
4466
+ }
4467
+ setPreQueueTime() {
4468
+ return;
4469
+ }
4470
+ endMeasurement() {
4471
+ return null;
4472
+ }
4473
+ discardMeasurements() {
4474
+ return;
4475
+ }
4476
+ removePerformanceCallback() {
4477
+ return true;
4478
+ }
4479
+ addPerformanceCallback() {
4480
+ return "";
4481
+ }
4482
+ emitEvents() {
4483
+ return;
4484
+ }
4485
+ addFields() {
4486
+ return;
4487
+ }
4488
+ incrementFields() {
4489
+ return;
4490
+ }
4491
+ cacheEventByCorrelationId() {
4492
+ return;
4493
+ }
4494
+ }
4495
+
4496
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4497
+
4498
+ /*
4499
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4500
+ * Licensed under the MIT License.
4501
+ */
4502
+ const DEFAULT_SYSTEM_OPTIONS = {
4503
+ tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
4504
+ preventCorsPreflight: false,
4505
+ };
4506
+ const DEFAULT_LOGGER_IMPLEMENTATION = {
4507
+ loggerCallback: () => {
4508
+ // allow users to not set loggerCallback
4509
+ },
4510
+ piiLoggingEnabled: false,
4511
+ logLevel: exports.LogLevel.Info,
4512
+ correlationId: Constants.EMPTY_STRING,
4513
+ };
4514
+ const DEFAULT_CACHE_OPTIONS = {
4515
+ claimsBasedCachingEnabled: false,
4516
+ };
4517
+ const DEFAULT_NETWORK_IMPLEMENTATION = {
4518
+ async sendGetRequestAsync() {
4519
+ throw createClientAuthError(methodNotImplemented);
4520
+ },
4521
+ async sendPostRequestAsync() {
4522
+ throw createClientAuthError(methodNotImplemented);
4523
+ },
4524
+ };
4525
+ const DEFAULT_LIBRARY_INFO = {
4526
+ sku: Constants.SKU,
4527
+ version: version$1,
4528
+ cpu: Constants.EMPTY_STRING,
4529
+ os: Constants.EMPTY_STRING,
4530
+ };
4531
+ const DEFAULT_CLIENT_CREDENTIALS = {
4532
+ clientSecret: Constants.EMPTY_STRING,
4533
+ clientAssertion: undefined,
4534
+ };
4535
+ const DEFAULT_AZURE_CLOUD_OPTIONS = {
4536
+ azureCloudInstance: AzureCloudInstance.None,
4537
+ tenant: `${Constants.DEFAULT_COMMON_TENANT}`,
4538
+ };
4539
+ const DEFAULT_TELEMETRY_OPTIONS = {
4540
+ application: {
4541
+ appName: "",
4542
+ appVersion: "",
4543
+ },
4544
+ };
4545
+ /**
4546
+ * Function that sets the default options when not explicitly configured from app developer
4547
+ *
4548
+ * @param Configuration
4549
+ *
4550
+ * @returns Configuration
4551
+ */
4552
+ function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {
4553
+ const loggerOptions = {
4554
+ ...DEFAULT_LOGGER_IMPLEMENTATION,
4555
+ ...userLoggerOption,
4556
+ };
4557
+ return {
4558
+ authOptions: buildAuthOptions(userAuthOptions),
4559
+ systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
4560
+ loggerOptions: loggerOptions,
4561
+ cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
4562
+ storageInterface: storageImplementation ||
4563
+ new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions), new StubPerformanceClient()),
4564
+ networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
4565
+ cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
4566
+ clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
4567
+ libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },
4568
+ telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },
4569
+ serverTelemetryManager: serverTelemetryManager || null,
4570
+ persistencePlugin: persistencePlugin || null,
4571
+ serializableCache: serializableCache || null,
4572
+ };
4573
+ }
4574
+ /**
4575
+ * Construct authoptions from the client and platform passed values
4576
+ * @param authOptions
4577
+ */
4578
+ function buildAuthOptions(authOptions) {
4579
+ return {
4580
+ clientCapabilities: [],
4581
+ azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
4582
+ skipAuthorityMetadataCache: false,
4583
+ instanceAware: false,
4584
+ encodeExtraQueryParams: false,
4585
+ ...authOptions,
4586
+ };
4587
+ }
4588
+ /**
4589
+ * Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
4590
+ * @param ClientConfiguration
4591
+ */
4592
+ function isOidcProtocolMode(config) {
4593
+ return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4594
+ }
4595
+
4596
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4597
+ /*
4598
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4599
+ * Licensed under the MIT License.
4600
+ */
4601
+ const CcsCredentialType = {
4602
+ HOME_ACCOUNT_ID: "home_account_id",
4603
+ UPN: "UPN",
4604
+ };
4605
+
4606
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4607
+ /*
4608
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4609
+ * Licensed under the MIT License.
4610
+ */
4611
+ const CLIENT_ID = "client_id";
4612
+ const REDIRECT_URI = "redirect_uri";
4613
+ const RESPONSE_TYPE = "response_type";
4614
+ const RESPONSE_MODE = "response_mode";
4615
+ const GRANT_TYPE = "grant_type";
4616
+ const CLAIMS = "claims";
4617
+ const SCOPE = "scope";
4618
+ const REFRESH_TOKEN = "refresh_token";
4619
+ const STATE = "state";
4620
+ const NONCE = "nonce";
4621
+ const PROMPT = "prompt";
4622
+ const CODE = "code";
4623
+ const CODE_CHALLENGE = "code_challenge";
4624
+ const CODE_CHALLENGE_METHOD = "code_challenge_method";
4625
+ const CODE_VERIFIER = "code_verifier";
4626
+ const CLIENT_REQUEST_ID = "client-request-id";
4627
+ const X_CLIENT_SKU = "x-client-SKU";
4628
+ const X_CLIENT_VER = "x-client-VER";
4629
+ const X_CLIENT_OS = "x-client-OS";
4630
+ const X_CLIENT_CPU = "x-client-CPU";
4631
+ const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
4632
+ const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
4633
+ const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
4634
+ const X_APP_NAME = "x-app-name";
4635
+ const X_APP_VER = "x-app-ver";
4636
+ const POST_LOGOUT_URI = "post_logout_redirect_uri";
4637
+ const ID_TOKEN_HINT = "id_token_hint";
4638
+ const CLIENT_SECRET = "client_secret";
4639
+ const CLIENT_ASSERTION = "client_assertion";
4640
+ const CLIENT_ASSERTION_TYPE = "client_assertion_type";
4641
+ const TOKEN_TYPE = "token_type";
4642
+ const REQ_CNF = "req_cnf";
4643
+ const RETURN_SPA_CODE = "return_spa_code";
4644
+ const NATIVE_BROKER = "nativebroker";
4645
+ const LOGOUT_HINT = "logout_hint";
4646
+ const SID = "sid";
4647
+ const LOGIN_HINT = "login_hint";
4648
+ const DOMAIN_HINT = "domain_hint";
4649
+ const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
4650
+ const BROKER_CLIENT_ID = "brk_client_id";
4651
+ const BROKER_REDIRECT_URI = "brk_redirect_uri";
4652
+ const INSTANCE_AWARE = "instance_aware";
4653
+ const EAR_JWK = "ear_jwk";
4654
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4655
+
4656
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4657
+
4658
+ /*
4659
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4660
+ * Licensed under the MIT License.
4661
+ */
4662
+ function instrumentBrokerParams(parameters, correlationId, performanceClient) {
4663
+ if (!correlationId) {
4664
+ return;
4665
+ }
4666
+ const clientId = parameters.get(CLIENT_ID);
4667
+ if (clientId && parameters.has(BROKER_CLIENT_ID)) {
4668
+ performanceClient?.addFields({
4669
+ embeddedClientId: clientId,
4670
+ embeddedRedirectUri: parameters.get(REDIRECT_URI),
4671
+ }, correlationId);
4672
+ }
4673
+ }
4674
+ /**
4675
+ * Add the given response_type
4676
+ * @param parameters
4677
+ * @param responseType
4678
+ */
4679
+ function addResponseType(parameters, responseType) {
4680
+ parameters.set(RESPONSE_TYPE, responseType);
4681
+ }
4682
+ /**
4683
+ * add response_mode. defaults to query.
4684
+ * @param responseMode
4685
+ */
4686
+ function addResponseMode(parameters, responseMode) {
4687
+ parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
4688
+ }
4689
+ /**
4690
+ * Add flag to indicate STS should attempt to use WAM if available
4691
+ */
4692
+ function addNativeBroker(parameters) {
4693
+ parameters.set(NATIVE_BROKER, "1");
4694
+ }
4695
+ /**
4696
+ * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
4697
+ * @param scopeSet
4698
+ * @param addOidcScopes
4699
+ */
4700
+ function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
4701
+ // Always add openid to the scopes when adding OIDC scopes
4702
+ if (addOidcScopes &&
4703
+ !defaultScopes.includes("openid") &&
4704
+ !scopes.includes("openid")) {
4705
+ defaultScopes.push("openid");
4706
+ }
4707
+ const requestScopes = addOidcScopes
4708
+ ? [...(scopes || []), ...defaultScopes]
4709
+ : scopes || [];
4710
+ const scopeSet = new ScopeSet(requestScopes);
4711
+ parameters.set(SCOPE, scopeSet.printScopes());
4712
+ }
4713
+ /**
4714
+ * add clientId
4715
+ * @param clientId
4716
+ */
4717
+ function addClientId(parameters, clientId) {
4718
+ parameters.set(CLIENT_ID, clientId);
4719
+ }
4720
+ /**
4721
+ * add redirect_uri
4722
+ * @param redirectUri
4723
+ */
4724
+ function addRedirectUri(parameters, redirectUri) {
4725
+ parameters.set(REDIRECT_URI, redirectUri);
4726
+ }
4727
+ /**
4728
+ * add post logout redirectUri
4729
+ * @param redirectUri
4730
+ */
4731
+ function addPostLogoutRedirectUri(parameters, redirectUri) {
4732
+ parameters.set(POST_LOGOUT_URI, redirectUri);
4733
+ }
4734
+ /**
4735
+ * add id_token_hint to logout request
4736
+ * @param idTokenHint
4737
+ */
4738
+ function addIdTokenHint(parameters, idTokenHint) {
4739
+ parameters.set(ID_TOKEN_HINT, idTokenHint);
4740
+ }
4741
+ /**
4742
+ * add domain_hint
4743
+ * @param domainHint
4744
+ */
4745
+ function addDomainHint(parameters, domainHint) {
4746
+ parameters.set(DOMAIN_HINT, domainHint);
4747
+ }
4748
+ /**
4749
+ * add login_hint
4750
+ * @param loginHint
4751
+ */
4752
+ function addLoginHint(parameters, loginHint) {
4753
+ parameters.set(LOGIN_HINT, loginHint);
4754
+ }
4755
+ /**
4756
+ * Adds the CCS (Cache Credential Service) query parameter for login_hint
4757
+ * @param loginHint
4758
+ */
4759
+ function addCcsUpn(parameters, loginHint) {
4760
+ parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
4761
+ }
4762
+ /**
4763
+ * Adds the CCS (Cache Credential Service) query parameter for account object
4764
+ * @param loginHint
4765
+ */
4766
+ function addCcsOid(parameters, clientInfo) {
4767
+ parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
4768
+ }
4769
+ /**
4770
+ * add sid
4771
+ * @param sid
4772
+ */
4773
+ function addSid(parameters, sid) {
4774
+ parameters.set(SID, sid);
4775
+ }
4776
+ /**
4777
+ * add claims
4778
+ * @param claims
4779
+ */
4780
+ function addClaims(parameters, claims, clientCapabilities) {
4781
+ const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
4782
+ try {
4783
+ JSON.parse(mergedClaims);
4784
+ }
4785
+ catch (e) {
4786
+ throw createClientConfigurationError(invalidClaims);
4787
+ }
4788
+ parameters.set(CLAIMS, mergedClaims);
4789
+ }
4790
+ /**
4791
+ * add correlationId
4792
+ * @param correlationId
4793
+ */
4794
+ function addCorrelationId(parameters, correlationId) {
4795
+ parameters.set(CLIENT_REQUEST_ID, correlationId);
4796
+ }
4797
+ /**
4798
+ * add library info query params
4799
+ * @param libraryInfo
4800
+ */
4801
+ function addLibraryInfo(parameters, libraryInfo) {
4802
+ // Telemetry Info
4803
+ parameters.set(X_CLIENT_SKU, libraryInfo.sku);
4804
+ parameters.set(X_CLIENT_VER, libraryInfo.version);
4805
+ if (libraryInfo.os) {
4806
+ parameters.set(X_CLIENT_OS, libraryInfo.os);
4807
+ }
4808
+ if (libraryInfo.cpu) {
4809
+ parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
4810
+ }
4811
+ }
4812
+ /**
4813
+ * Add client telemetry parameters
4814
+ * @param appTelemetry
4815
+ */
4816
+ function addApplicationTelemetry(parameters, appTelemetry) {
4817
+ if (appTelemetry?.appName) {
4818
+ parameters.set(X_APP_NAME, appTelemetry.appName);
4819
+ }
4820
+ if (appTelemetry?.appVersion) {
4821
+ parameters.set(X_APP_VER, appTelemetry.appVersion);
4822
+ }
4823
+ }
4824
+ /**
4825
+ * add prompt
4826
+ * @param prompt
4827
+ */
4828
+ function addPrompt(parameters, prompt) {
4829
+ parameters.set(PROMPT, prompt);
4830
+ }
4831
+ /**
4832
+ * add state
4833
+ * @param state
4834
+ */
4835
+ function addState(parameters, state) {
4836
+ if (state) {
4837
+ parameters.set(STATE, state);
4838
+ }
4839
+ }
4840
+ /**
4841
+ * add nonce
4842
+ * @param nonce
4843
+ */
4844
+ function addNonce(parameters, nonce) {
4845
+ parameters.set(NONCE, nonce);
4846
+ }
4847
+ /**
4848
+ * add code_challenge and code_challenge_method
4849
+ * - throw if either of them are not passed
4850
+ * @param codeChallenge
4851
+ * @param codeChallengeMethod
4852
+ */
4853
+ function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
4854
+ if (codeChallenge && codeChallengeMethod) {
4855
+ parameters.set(CODE_CHALLENGE, codeChallenge);
4856
+ parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
4857
+ }
4858
+ else {
4859
+ throw createClientConfigurationError(pkceParamsMissing);
4860
+ }
4861
+ }
4862
+ /**
4863
+ * add the `authorization_code` passed by the user to exchange for a token
4864
+ * @param code
4865
+ */
4866
+ function addAuthorizationCode(parameters, code) {
4867
+ parameters.set(CODE, code);
4868
+ }
4869
+ /**
4870
+ * add the `refreshToken` passed by the user
4871
+ * @param refreshToken
4872
+ */
4873
+ function addRefreshToken(parameters, refreshToken) {
4874
+ parameters.set(REFRESH_TOKEN, refreshToken);
4875
+ }
4876
+ /**
4877
+ * add the `code_verifier` passed by the user to exchange for a token
4878
+ * @param codeVerifier
4879
+ */
4880
+ function addCodeVerifier(parameters, codeVerifier) {
4881
+ parameters.set(CODE_VERIFIER, codeVerifier);
4882
+ }
4883
+ /**
4884
+ * add client_secret
4885
+ * @param clientSecret
4886
+ */
4887
+ function addClientSecret(parameters, clientSecret) {
4888
+ parameters.set(CLIENT_SECRET, clientSecret);
4889
+ }
4890
+ /**
4891
+ * add clientAssertion for confidential client flows
4892
+ * @param clientAssertion
4893
+ */
4894
+ function addClientAssertion(parameters, clientAssertion) {
4895
+ if (clientAssertion) {
4896
+ parameters.set(CLIENT_ASSERTION, clientAssertion);
4897
+ }
4898
+ }
4899
+ /**
4900
+ * add clientAssertionType for confidential client flows
4901
+ * @param clientAssertionType
4902
+ */
4903
+ function addClientAssertionType(parameters, clientAssertionType) {
4904
+ if (clientAssertionType) {
4905
+ parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
4906
+ }
4907
+ }
4908
+ /**
4909
+ * add grant type
4910
+ * @param grantType
4911
+ */
4912
+ function addGrantType(parameters, grantType) {
4913
+ parameters.set(GRANT_TYPE, grantType);
4914
+ }
4915
+ /**
4916
+ * add client info
4958
4917
  *
4959
- * @export
4960
- * @enum {number}
4961
4918
  */
4962
- const PerformanceEventStatus = {
4963
- NotStarted: 0,
4964
- InProgress: 1,
4965
- Completed: 2,
4966
- };
4967
- const IntFields = new Set([
4968
- "accessTokenSize",
4969
- "durationMs",
4970
- "idTokenSize",
4971
- "matsSilentStatus",
4972
- "matsHttpStatus",
4973
- "refreshTokenSize",
4974
- "queuedTimeMs",
4975
- "startTimeMs",
4976
- "status",
4977
- "multiMatchedAT",
4978
- "multiMatchedID",
4979
- "multiMatchedRT",
4980
- "unencryptedCacheCount",
4981
- "encryptedCacheExpiredCount",
4982
- ]);
4919
+ function addClientInfo(parameters) {
4920
+ parameters.set(CLIENT_INFO, "1");
4921
+ }
4922
+ function addInstanceAware(parameters) {
4923
+ if (!parameters.has(INSTANCE_AWARE)) {
4924
+ parameters.set(INSTANCE_AWARE, "true");
4925
+ }
4926
+ }
4927
+ /**
4928
+ * add extraQueryParams
4929
+ * @param eQParams
4930
+ */
4931
+ function addExtraQueryParameters(parameters, eQParams) {
4932
+ Object.entries(eQParams).forEach(([key, value]) => {
4933
+ if (!parameters.has(key) && value) {
4934
+ parameters.set(key, value);
4935
+ }
4936
+ });
4937
+ }
4938
+ function addClientCapabilitiesToClaims(claims, clientCapabilities) {
4939
+ let mergedClaims;
4940
+ // Parse provided claims into JSON object or initialize empty object
4941
+ if (!claims) {
4942
+ mergedClaims = {};
4943
+ }
4944
+ else {
4945
+ try {
4946
+ mergedClaims = JSON.parse(claims);
4947
+ }
4948
+ catch (e) {
4949
+ throw createClientConfigurationError(invalidClaims);
4950
+ }
4951
+ }
4952
+ if (clientCapabilities && clientCapabilities.length > 0) {
4953
+ if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
4954
+ // Add access_token key to claims object
4955
+ mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
4956
+ }
4957
+ // Add xms_cc claim with provided clientCapabilities to access_token key
4958
+ mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
4959
+ {
4960
+ values: clientCapabilities,
4961
+ };
4962
+ }
4963
+ return JSON.stringify(mergedClaims);
4964
+ }
4965
+ /**
4966
+ * add pop_jwk to query params
4967
+ * @param cnfString
4968
+ */
4969
+ function addPopToken(parameters, cnfString) {
4970
+ if (cnfString) {
4971
+ parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
4972
+ parameters.set(REQ_CNF, cnfString);
4973
+ }
4974
+ }
4975
+ /**
4976
+ * add SSH JWK and key ID to query params
4977
+ */
4978
+ function addSshJwk(parameters, sshJwkString) {
4979
+ if (sshJwkString) {
4980
+ parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
4981
+ parameters.set(REQ_CNF, sshJwkString);
4982
+ }
4983
+ }
4984
+ /**
4985
+ * add server telemetry fields
4986
+ * @param serverTelemetryManager
4987
+ */
4988
+ function addServerTelemetry(parameters, serverTelemetryManager) {
4989
+ parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
4990
+ parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
4991
+ }
4992
+ /**
4993
+ * Adds parameter that indicates to the server that throttling is supported
4994
+ */
4995
+ function addThrottling(parameters) {
4996
+ parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
4997
+ }
4998
+ /**
4999
+ * Adds logout_hint parameter for "silent" logout which prevent server account picker
5000
+ */
5001
+ function addLogoutHint(parameters, logoutHint) {
5002
+ parameters.set(LOGOUT_HINT, logoutHint);
5003
+ }
5004
+ function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
5005
+ if (!parameters.has(BROKER_CLIENT_ID)) {
5006
+ parameters.set(BROKER_CLIENT_ID, brokerClientId);
5007
+ }
5008
+ if (!parameters.has(BROKER_REDIRECT_URI)) {
5009
+ parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
5010
+ }
5011
+ }
5012
+ /**
5013
+ * Add EAR (Encrypted Authorize Response) request parameters
5014
+ * @param parameters
5015
+ * @param jwk
5016
+ */
5017
+ function addEARParameters(parameters, jwk) {
5018
+ parameters.set(EAR_JWK, encodeURIComponent(jwk));
5019
+ // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
5020
+ const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
5021
+ parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
5022
+ }
5023
+
5024
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5025
+ /*
5026
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5027
+ * Licensed under the MIT License.
5028
+ */
5029
+ function isOpenIdConfigResponse(response) {
5030
+ return (response.hasOwnProperty("authorization_endpoint") &&
5031
+ response.hasOwnProperty("token_endpoint") &&
5032
+ response.hasOwnProperty("issuer") &&
5033
+ response.hasOwnProperty("jwks_uri"));
5034
+ }
5035
+
5036
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5037
+ /*
5038
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5039
+ * Licensed under the MIT License.
5040
+ */
5041
+ function isCloudInstanceDiscoveryResponse(response) {
5042
+ return (response.hasOwnProperty("tenant_discovery_endpoint") &&
5043
+ response.hasOwnProperty("metadata"));
5044
+ }
5045
+
5046
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5047
+ /*
5048
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5049
+ * Licensed under the MIT License.
5050
+ */
5051
+ function isCloudInstanceDiscoveryErrorResponse(response) {
5052
+ return (response.hasOwnProperty("error") &&
5053
+ response.hasOwnProperty("error_description"));
5054
+ }
4983
5055
 
4984
- /*! @azure/msal-common v15.7.0 2025-06-10 */
5056
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
4985
5057
  /*
4986
5058
  * Copyright (c) Microsoft Corporation. All rights reserved.
4987
5059
  * Licensed under the MIT License.
@@ -5077,7 +5149,7 @@
5077
5149
  };
5078
5150
  };
5079
5151
 
5080
- /*! @azure/msal-common v15.7.0 2025-06-10 */
5152
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5081
5153
 
5082
5154
  /*
5083
5155
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5183,7 +5255,7 @@
5183
5255
  },
5184
5256
  };
5185
5257
 
5186
- /*! @azure/msal-common v15.7.0 2025-06-10 */
5258
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
5187
5259
 
5188
5260
  /*
5189
5261
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6022,7 +6094,7 @@
6022
6094
  };
6023
6095
  }
6024
6096
 
6025
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6097
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6026
6098
 
6027
6099
  /*
6028
6100
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6053,7 +6125,7 @@
6053
6125
  }
6054
6126
  }
6055
6127
 
6056
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6128
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6057
6129
 
6058
6130
  /*
6059
6131
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6072,7 +6144,7 @@
6072
6144
  }
6073
6145
  }
6074
6146
 
6075
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6147
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6076
6148
  /*
6077
6149
  * Copyright (c) Microsoft Corporation. All rights reserved.
6078
6150
  * Licensed under the MIT License.
@@ -6093,7 +6165,7 @@
6093
6165
  };
6094
6166
  }
6095
6167
 
6096
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6168
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6097
6169
 
6098
6170
  /*
6099
6171
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6180,7 +6252,7 @@
6180
6252
  }
6181
6253
  }
6182
6254
 
6183
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6255
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6184
6256
 
6185
6257
  /*
6186
6258
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6211,7 +6283,7 @@
6211
6283
  return new NetworkError(error, httpStatus, responseHeaders);
6212
6284
  }
6213
6285
 
6214
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6286
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6215
6287
 
6216
6288
  /*
6217
6289
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6359,7 +6431,7 @@
6359
6431
  }
6360
6432
  }
6361
6433
 
6362
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6434
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6363
6435
  /*
6364
6436
  * Copyright (c) Microsoft Corporation. All rights reserved.
6365
6437
  * Licensed under the MIT License.
@@ -6368,6 +6440,7 @@
6368
6440
  const noTokensFound = "no_tokens_found";
6369
6441
  const nativeAccountUnavailable = "native_account_unavailable";
6370
6442
  const refreshTokenExpired = "refresh_token_expired";
6443
+ const uxNotAllowed = "ux_not_allowed";
6371
6444
  // Codes potentially returned by server
6372
6445
  const interactionRequired = "interaction_required";
6373
6446
  const consentRequired = "consent_required";
@@ -6382,10 +6455,11 @@
6382
6455
  loginRequired: loginRequired,
6383
6456
  nativeAccountUnavailable: nativeAccountUnavailable,
6384
6457
  noTokensFound: noTokensFound,
6385
- refreshTokenExpired: refreshTokenExpired
6458
+ refreshTokenExpired: refreshTokenExpired,
6459
+ uxNotAllowed: uxNotAllowed
6386
6460
  });
6387
6461
 
6388
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6462
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6389
6463
 
6390
6464
  /*
6391
6465
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6399,6 +6473,7 @@
6399
6473
  consentRequired,
6400
6474
  loginRequired,
6401
6475
  badToken,
6476
+ uxNotAllowed,
6402
6477
  ];
6403
6478
  const InteractionRequiredAuthSubErrorMessage = [
6404
6479
  "message_only",
@@ -6413,6 +6488,7 @@
6413
6488
  [nativeAccountUnavailable]: "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",
6414
6489
  [refreshTokenExpired]: "Refresh token has expired.",
6415
6490
  [badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",
6491
+ [uxNotAllowed]: "`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve.",
6416
6492
  };
6417
6493
  /**
6418
6494
  * Interaction required errors defined by the SDK
@@ -6473,7 +6549,7 @@
6473
6549
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
6474
6550
  }
6475
6551
 
6476
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6552
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6477
6553
 
6478
6554
  /*
6479
6555
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6545,7 +6621,7 @@
6545
6621
  }
6546
6622
  }
6547
6623
 
6548
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6624
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6549
6625
 
6550
6626
  /*
6551
6627
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6629,7 +6705,7 @@
6629
6705
  }
6630
6706
  }
6631
6707
 
6632
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6708
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6633
6709
  /*
6634
6710
  * Copyright (c) Microsoft Corporation. All rights reserved.
6635
6711
  * Licensed under the MIT License.
@@ -6656,7 +6732,7 @@
6656
6732
  }
6657
6733
  }
6658
6734
 
6659
- /*! @azure/msal-common v15.7.0 2025-06-10 */
6735
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6660
6736
 
6661
6737
  /*
6662
6738
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6987,7 +7063,7 @@
6987
7063
  return baseAccount;
6988
7064
  }
6989
7065
 
6990
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7066
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
6991
7067
 
6992
7068
  /*
6993
7069
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7054,7 +7130,7 @@
7054
7130
  }
7055
7131
  }
7056
7132
 
7057
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7133
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7058
7134
  /*
7059
7135
  * Copyright (c) Microsoft Corporation. All rights reserved.
7060
7136
  * Licensed under the MIT License.
@@ -7072,7 +7148,7 @@
7072
7148
  }
7073
7149
  }
7074
7150
 
7075
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7151
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7076
7152
 
7077
7153
  /*
7078
7154
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7305,7 +7381,7 @@
7305
7381
  }
7306
7382
  }
7307
7383
 
7308
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7384
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7309
7385
 
7310
7386
  /*
7311
7387
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7514,7 +7590,7 @@
7514
7590
  }
7515
7591
  }
7516
7592
 
7517
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7593
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7518
7594
 
7519
7595
  /*
7520
7596
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7546,7 +7622,7 @@
7546
7622
  const requestTenantId = request.account.tenantId ||
7547
7623
  getTenantFromAuthorityString(request.authority);
7548
7624
  const tokenKeys = this.cacheManager.getTokenKeys();
7549
- const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient, request.correlationId);
7625
+ const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId);
7550
7626
  if (!cachedAccessToken) {
7551
7627
  // must refresh due to non-existent access_token
7552
7628
  this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
@@ -7612,7 +7688,7 @@
7612
7688
  }
7613
7689
  }
7614
7690
 
7615
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7691
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7616
7692
 
7617
7693
  /*
7618
7694
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7627,7 +7703,7 @@
7627
7703
  },
7628
7704
  };
7629
7705
 
7630
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7706
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7631
7707
 
7632
7708
  /*
7633
7709
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7851,7 +7927,7 @@
7851
7927
  return account.idTokenClaims?.login_hint || null;
7852
7928
  }
7853
7929
 
7854
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7930
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7855
7931
 
7856
7932
  /*
7857
7933
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7909,7 +7985,7 @@
7909
7985
  }
7910
7986
  }
7911
7987
 
7912
- /*! @azure/msal-common v15.7.0 2025-06-10 */
7988
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
7913
7989
 
7914
7990
  /*
7915
7991
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8172,7 +8248,7 @@
8172
8248
  }
8173
8249
  }
8174
8250
 
8175
- /*! @azure/msal-common v15.7.0 2025-06-10 */
8251
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
8176
8252
  /*
8177
8253
  * Copyright (c) Microsoft Corporation. All rights reserved.
8178
8254
  * Licensed under the MIT License.
@@ -8180,7 +8256,7 @@
8180
8256
  const missingKidError = "missing_kid_error";
8181
8257
  const missingAlgError = "missing_alg_error";
8182
8258
 
8183
- /*! @azure/msal-common v15.7.0 2025-06-10 */
8259
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
8184
8260
 
8185
8261
  /*
8186
8262
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8205,7 +8281,7 @@
8205
8281
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
8206
8282
  }
8207
8283
 
8208
- /*! @azure/msal-common v15.7.0 2025-06-10 */
8284
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
8209
8285
 
8210
8286
  /*
8211
8287
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8245,86 +8321,7 @@
8245
8321
  }
8246
8322
  }
8247
8323
 
8248
- /*! @azure/msal-common v15.7.0 2025-06-10 */
8249
-
8250
- /*
8251
- * Copyright (c) Microsoft Corporation. All rights reserved.
8252
- * Licensed under the MIT License.
8253
- */
8254
- class StubPerformanceMeasurement {
8255
- startMeasurement() {
8256
- return;
8257
- }
8258
- endMeasurement() {
8259
- return;
8260
- }
8261
- flushMeasurement() {
8262
- return null;
8263
- }
8264
- }
8265
- class StubPerformanceClient {
8266
- generateId() {
8267
- return "callback-id";
8268
- }
8269
- startMeasurement(measureName, correlationId) {
8270
- return {
8271
- end: () => null,
8272
- discard: () => { },
8273
- add: () => { },
8274
- increment: () => { },
8275
- event: {
8276
- eventId: this.generateId(),
8277
- status: PerformanceEventStatus.InProgress,
8278
- authority: "",
8279
- libraryName: "",
8280
- libraryVersion: "",
8281
- clientId: "",
8282
- name: measureName,
8283
- startTimeMs: Date.now(),
8284
- correlationId: correlationId || "",
8285
- },
8286
- measurement: new StubPerformanceMeasurement(),
8287
- };
8288
- }
8289
- startPerformanceMeasurement() {
8290
- return new StubPerformanceMeasurement();
8291
- }
8292
- calculateQueuedTime() {
8293
- return 0;
8294
- }
8295
- addQueueMeasurement() {
8296
- return;
8297
- }
8298
- setPreQueueTime() {
8299
- return;
8300
- }
8301
- endMeasurement() {
8302
- return null;
8303
- }
8304
- discardMeasurements() {
8305
- return;
8306
- }
8307
- removePerformanceCallback() {
8308
- return true;
8309
- }
8310
- addPerformanceCallback() {
8311
- return "";
8312
- }
8313
- emitEvents() {
8314
- return;
8315
- }
8316
- addFields() {
8317
- return;
8318
- }
8319
- incrementFields() {
8320
- return;
8321
- }
8322
- cacheEventByCorrelationId() {
8323
- return;
8324
- }
8325
- }
8326
-
8327
- /*! @azure/msal-common v15.7.0 2025-06-10 */
8324
+ /*! @azure/msal-common v15.7.1 2025-06-18 */
8328
8325
 
8329
8326
  /*
8330
8327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10429,7 +10426,7 @@
10429
10426
 
10430
10427
  /* eslint-disable header/header */
10431
10428
  const name = "@azure/msal-browser";
10432
- const version = "4.13.1";
10429
+ const version = "4.13.2";
10433
10430
 
10434
10431
  /*
10435
10432
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -11273,7 +11270,9 @@
11273
11270
  async removeTokenBindingKey(kid) {
11274
11271
  await this.cache.removeItem(kid);
11275
11272
  const keyFound = await this.cache.containsKey(kid);
11276
- return !keyFound;
11273
+ if (keyFound) {
11274
+ throw createClientAuthError(bindingKeyNotRemoved);
11275
+ }
11277
11276
  }
11278
11277
  /**
11279
11278
  * Removes all cryptographic keys from IndexedDB storage
@@ -11795,14 +11794,13 @@
11795
11794
  */
11796
11795
  class BrowserCacheManager extends CacheManager {
11797
11796
  constructor(clientId, cacheConfig, cryptoImpl, logger, performanceClient, eventHandler, staticAuthorityOptions) {
11798
- super(clientId, cryptoImpl, logger, staticAuthorityOptions);
11797
+ super(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions);
11799
11798
  this.cacheConfig = cacheConfig;
11800
11799
  this.logger = logger;
11801
11800
  this.internalStorage = new MemoryStorage();
11802
11801
  this.browserStorage = getStorageImplementation(clientId, cacheConfig.cacheLocation, logger, performanceClient);
11803
11802
  this.temporaryCacheStorage = getStorageImplementation(clientId, cacheConfig.temporaryCacheLocation, logger, performanceClient);
11804
11803
  this.cookieStorage = new CookieStorage();
11805
- this.performanceClient = performanceClient;
11806
11804
  this.eventHandler = eventHandler;
11807
11805
  }
11808
11806
  async initialize(correlationId) {
@@ -11930,16 +11928,16 @@
11930
11928
  * Extends inherited removeAccount function to include removal of the account key from the map
11931
11929
  * @param key
11932
11930
  */
11933
- async removeAccount(key) {
11934
- void super.removeAccount(key);
11931
+ removeAccount(key, correlationId) {
11932
+ super.removeAccount(key, correlationId);
11935
11933
  this.removeAccountKeyFromMap(key);
11936
11934
  }
11937
11935
  /**
11938
11936
  * Removes credentials associated with the provided account
11939
11937
  * @param account
11940
11938
  */
11941
- async removeAccountContext(account) {
11942
- await super.removeAccountContext(account);
11939
+ removeAccountContext(account, correlationId) {
11940
+ super.removeAccountContext(account, correlationId);
11943
11941
  /**
11944
11942
  * @deprecated - Remove this in next major version in favor of more consistent LOGOUT event
11945
11943
  */
@@ -11959,8 +11957,8 @@
11959
11957
  * Removes given accessToken from the cache and from the key map
11960
11958
  * @param key
11961
11959
  */
11962
- async removeAccessToken(key) {
11963
- void super.removeAccessToken(key);
11960
+ removeAccessToken(key, correlationId) {
11961
+ super.removeAccessToken(key, correlationId);
11964
11962
  this.removeTokenKey(key, CredentialType.ACCESS_TOKEN);
11965
11963
  }
11966
11964
  /**
@@ -12405,9 +12403,9 @@
12405
12403
  /**
12406
12404
  * Clears all cache entries created by MSAL.
12407
12405
  */
12408
- async clear() {
12406
+ clear(correlationId) {
12409
12407
  // Removes all accounts and their credentials
12410
- await this.removeAllAccounts();
12408
+ this.removeAllAccounts(correlationId);
12411
12409
  this.removeAppMetadata();
12412
12410
  // Remove temp storage first to make sure any cookies are cleared
12413
12411
  this.temporaryCacheStorage.getKeys().forEach((cacheKey) => {
@@ -12431,22 +12429,22 @@
12431
12429
  * @param correlationId {string} correlation id
12432
12430
  * @returns
12433
12431
  */
12434
- async clearTokensAndKeysWithClaims(performanceClient, correlationId) {
12435
- performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId);
12432
+ clearTokensAndKeysWithClaims(correlationId) {
12433
+ this.performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId);
12436
12434
  const tokenKeys = this.getTokenKeys();
12437
- const removedAccessTokens = [];
12435
+ let removedAccessTokens = 0;
12438
12436
  tokenKeys.accessToken.forEach((key) => {
12439
12437
  // if the access token has claims in its key, remove the token key and the token
12440
12438
  const credential = this.getAccessTokenCredential(key);
12441
12439
  if (credential?.requestedClaimsHash &&
12442
12440
  key.includes(credential.requestedClaimsHash.toLowerCase())) {
12443
- removedAccessTokens.push(this.removeAccessToken(key));
12441
+ this.removeAccessToken(key, correlationId);
12442
+ removedAccessTokens++;
12444
12443
  }
12445
12444
  });
12446
- await Promise.all(removedAccessTokens);
12447
12445
  // warn if any access tokens are removed
12448
- if (removedAccessTokens.length > 0) {
12449
- this.logger.warning(`${removedAccessTokens.length} access tokens with claims in the cache keys have been removed from the cache.`);
12446
+ if (removedAccessTokens > 0) {
12447
+ this.logger.warning(`${removedAccessTokens} access tokens with claims in the cache keys have been removed from the cache.`);
12450
12448
  }
12451
12449
  }
12452
12450
  /**
@@ -12920,7 +12918,7 @@
12920
12918
  }
12921
12919
  // Clear given account.
12922
12920
  try {
12923
- await this.browserStorage.removeAccount(AccountEntity.generateAccountCacheKey(account));
12921
+ this.browserStorage.removeAccount(AccountEntity.generateAccountCacheKey(account), this.correlationId);
12924
12922
  this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.");
12925
12923
  }
12926
12924
  catch (error) {
@@ -12931,7 +12929,7 @@
12931
12929
  try {
12932
12930
  this.logger.verbose("No account provided in logout request, clearing all cache items.", this.correlationId);
12933
12931
  // Clear all accounts and tokens
12934
- await this.browserStorage.clear();
12932
+ this.browserStorage.clear(this.correlationId);
12935
12933
  // Clear any stray keys from IndexedDB
12936
12934
  await this.browserCrypto.clearKeystore();
12937
12935
  }
@@ -13433,7 +13431,8 @@
13433
13431
  const NO_NETWORK = "NO_NETWORK";
13434
13432
  const PERSISTENT_ERROR = "PERSISTENT_ERROR";
13435
13433
  const DISABLED = "DISABLED";
13436
- const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
13434
+ const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
13435
+ const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
13437
13436
 
13438
13437
  /*
13439
13438
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -13491,6 +13490,8 @@
13491
13490
  return createBrowserAuthError(userCancelled);
13492
13491
  case NO_NETWORK:
13493
13492
  return createBrowserAuthError(noNetworkConnectivity);
13493
+ case UX_NOT_ALLOWED:
13494
+ return createInteractionRequiredAuthError(uxNotAllowed);
13494
13495
  }
13495
13496
  }
13496
13497
  return new NativeAuthError(code, NativeAuthErrorMessages[code] || description, ext);
@@ -13931,9 +13932,7 @@
13931
13932
  // Store the account info and hence `nativeAccountId` in browser cache
13932
13933
  await this.browserStorage.setAccount(accountEntity, this.correlationId);
13933
13934
  // Remove any existing cached tokens for this account in browser storage
13934
- this.browserStorage.removeAccountContext(accountEntity).catch((e) => {
13935
- this.logger.error(`Error occurred while removing account context from browser storage. ${e}`);
13936
- });
13935
+ this.browserStorage.removeAccountContext(accountEntity, this.correlationId);
13937
13936
  }
13938
13937
  /**
13939
13938
  * Stores the access_token and id_token in inmemory storage
@@ -14889,14 +14888,14 @@
14889
14888
  * @param authenticationScheme
14890
14889
  */
14891
14890
  function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticationScheme) {
14892
- logger.trace("isBrokerAvailable called");
14891
+ logger.trace("isPlatformAuthAllowed called");
14893
14892
  if (!config.system.allowPlatformBroker) {
14894
- logger.trace("isBrokerAvailable: allowPlatformBroker is not enabled, returning false");
14893
+ logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false");
14895
14894
  // Developer disabled WAM
14896
14895
  return false;
14897
14896
  }
14898
14897
  if (!platformAuthProvider) {
14899
- logger.trace("isBrokerAvailable: Platform auth provider is not initialized, returning false");
14898
+ logger.trace("isPlatformAuthAllowed: Platform auth provider is not initialized, returning false");
14900
14899
  // Platform broker auth providers are not available
14901
14900
  return false;
14902
14901
  }
@@ -14904,10 +14903,10 @@
14904
14903
  switch (authenticationScheme) {
14905
14904
  case AuthenticationScheme.BEARER:
14906
14905
  case AuthenticationScheme.POP:
14907
- logger.trace("isBrokerAvailable: authenticationScheme is supported, returning true");
14906
+ logger.trace("isPlatformAuthAllowed: authenticationScheme is supported, returning true");
14908
14907
  return true;
14909
14908
  default:
14910
- logger.trace("isBrokerAvailable: authenticationScheme is not supported, returning false");
14909
+ logger.trace("isPlatformAuthAllowed: authenticationScheme is not supported, returning false");
14911
14910
  return false;
14912
14911
  }
14913
14912
  }
@@ -15117,7 +15116,7 @@
15117
15116
  if (validRequest.account?.homeAccountId &&
15118
15117
  validRequest.postLogoutRedirectUri &&
15119
15118
  authClient.authority.protocolMode === ProtocolMode.OIDC) {
15120
- void this.browserStorage.removeAccount(validRequest.account?.homeAccountId);
15119
+ this.browserStorage.removeAccount(validRequest.account?.homeAccountId, this.correlationId);
15121
15120
  this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, exports.InteractionType.Popup, validRequest);
15122
15121
  if (mainWindowRedirectUri) {
15123
15122
  const navigationOptions = {
@@ -15713,7 +15712,7 @@
15713
15712
  }
15714
15713
  catch {
15715
15714
  if (validLogoutRequest.account?.homeAccountId) {
15716
- void this.browserStorage.removeAccount(validLogoutRequest.account?.homeAccountId);
15715
+ this.browserStorage.removeAccount(validLogoutRequest.account?.homeAccountId, this.correlationId);
15717
15716
  this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, exports.InteractionType.Redirect, validLogoutRequest);
15718
15717
  return;
15719
15718
  }
@@ -16553,7 +16552,7 @@
16553
16552
  }
16554
16553
  if (!this.config.cache.claimsBasedCachingEnabled) {
16555
16554
  this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims");
16556
- await invokeAsync(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage), PerformanceEvents.ClearTokensAndKeysWithClaims, this.logger, this.performanceClient, initCorrelationId)(this.performanceClient, initCorrelationId);
16555
+ invoke(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage), PerformanceEvents.ClearTokensAndKeysWithClaims, this.logger, this.performanceClient, initCorrelationId)(initCorrelationId);
16557
16556
  }
16558
16557
  this.config.system.asyncPopups &&
16559
16558
  (await this.preGeneratePkceCodes(initCorrelationId));
@@ -18303,7 +18302,7 @@
18303
18302
  };
18304
18303
  // fetch access token and check for expiry
18305
18304
  const tokenKeys = this.browserStorage.getTokenKeys();
18306
- const cachedAccessToken = this.browserStorage.getAccessToken(currentAccount, authRequest, tokenKeys, currentAccount.tenantId, this.performanceClient, authRequest.correlationId);
18305
+ const cachedAccessToken = this.browserStorage.getAccessToken(currentAccount, authRequest, tokenKeys, currentAccount.tenantId);
18307
18306
  // If there is no access token, log it and return null
18308
18307
  if (!cachedAccessToken) {
18309
18308
  this.logger.verbose("No cached access token found");
@@ -19816,7 +19815,20 @@
19816
19815
  * @returns If keys are properly deleted
19817
19816
  */
19818
19817
  async removeKeys(publicKeyThumbprint) {
19819
- return this.cryptoOps.removeTokenBindingKey(publicKeyThumbprint);
19818
+ return this.cryptoOps
19819
+ .removeTokenBindingKey(publicKeyThumbprint)
19820
+ .then(() => true)
19821
+ .catch((error) => {
19822
+ /*
19823
+ * @deprecated - To maintain public API signature, we return false if the error is due to the key still being present in indexedDB.
19824
+ */
19825
+ if (error instanceof ClientAuthError &&
19826
+ error.errorCode ===
19827
+ bindingKeyNotRemoved) {
19828
+ return false;
19829
+ }
19830
+ throw error;
19831
+ });
19820
19832
  }
19821
19833
  }
19822
19834