@azure/msal-browser 4.14.0 → 4.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (307) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/LocalStorage.mjs +1 -1
  15. package/dist/cache/MemoryStorage.mjs +1 -1
  16. package/dist/cache/SessionStorage.mjs +1 -1
  17. package/dist/cache/TokenCache.mjs +1 -1
  18. package/dist/config/Configuration.mjs +1 -1
  19. package/dist/controllers/ControllerFactory.mjs +1 -1
  20. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  21. package/dist/controllers/NestedAppAuthController.mjs +15 -3
  22. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  23. package/dist/controllers/StandardController.mjs +1 -1
  24. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  25. package/dist/crypto/BrowserCrypto.mjs +1 -1
  26. package/dist/crypto/CryptoOps.mjs +1 -1
  27. package/dist/crypto/PkceGenerator.mjs +1 -1
  28. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  29. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  30. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  31. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  32. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  33. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  34. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  35. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  36. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  37. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  38. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  39. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  40. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  41. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  42. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  43. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  44. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  45. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  46. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  47. package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
  48. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  49. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  50. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  51. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  52. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  53. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  54. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  55. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  56. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  57. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  58. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  59. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  60. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  61. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  62. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  63. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCredentialResult.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  141. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  142. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  143. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  144. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  145. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  146. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  147. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  148. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  149. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  150. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  151. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  152. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  153. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  154. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts +2 -1
  155. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  156. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +43 -14
  157. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  158. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts +5 -0
  159. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  160. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +42 -15
  161. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  162. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  163. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  164. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  165. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +13 -7
  166. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  167. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  168. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  169. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +7 -3
  170. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  171. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  172. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts +1 -0
  173. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
  174. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +12 -3
  175. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  176. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  177. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  178. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  180. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  181. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  182. package/dist/custom-auth-path/protocol/Authorize.d.ts +4 -0
  183. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  184. package/dist/custom-auth-path/protocol/Authorize.mjs +15 -2
  185. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  186. package/dist/custom-auth-path/request/RequestHelpers.d.ts +11 -1
  187. package/dist/custom-auth-path/request/RequestHelpers.d.ts.map +1 -1
  188. package/dist/custom-auth-path/request/RequestHelpers.mjs +32 -3
  189. package/dist/custom-auth-path/request/RequestHelpers.mjs.map +1 -1
  190. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  191. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  192. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  193. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  194. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  195. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  196. package/dist/encode/Base64Decode.mjs +1 -1
  197. package/dist/encode/Base64Encode.mjs +1 -1
  198. package/dist/error/BrowserAuthError.mjs +1 -1
  199. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  200. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  201. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  202. package/dist/error/NativeAuthError.mjs +1 -1
  203. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  204. package/dist/error/NestedAppAuthError.mjs +1 -1
  205. package/dist/event/EventHandler.mjs +1 -1
  206. package/dist/event/EventMessage.mjs +1 -1
  207. package/dist/event/EventType.mjs +1 -1
  208. package/dist/index.mjs +1 -1
  209. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  210. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  211. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  212. package/dist/interaction_client/PopupClient.d.ts +2 -1
  213. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  214. package/dist/interaction_client/PopupClient.mjs +43 -14
  215. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  216. package/dist/interaction_client/RedirectClient.d.ts +5 -0
  217. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  218. package/dist/interaction_client/RedirectClient.mjs +42 -15
  219. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  220. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  221. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  222. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  223. package/dist/interaction_client/SilentIframeClient.mjs +13 -7
  224. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  225. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  226. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  227. package/dist/interaction_client/StandardInteractionClient.mjs +7 -3
  228. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  229. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  230. package/dist/interaction_handler/SilentHandler.d.ts +1 -0
  231. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  232. package/dist/interaction_handler/SilentHandler.mjs +12 -3
  233. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  234. package/dist/naa/BridgeError.mjs +1 -1
  235. package/dist/naa/BridgeProxy.mjs +1 -1
  236. package/dist/naa/BridgeStatusCode.mjs +1 -1
  237. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  238. package/dist/navigation/NavigationClient.mjs +1 -1
  239. package/dist/network/FetchClient.mjs +1 -1
  240. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  241. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  242. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  243. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  244. package/dist/packageMetadata.d.ts +1 -1
  245. package/dist/packageMetadata.mjs +2 -2
  246. package/dist/protocol/Authorize.d.ts +4 -0
  247. package/dist/protocol/Authorize.d.ts.map +1 -1
  248. package/dist/protocol/Authorize.mjs +15 -2
  249. package/dist/protocol/Authorize.mjs.map +1 -1
  250. package/dist/request/RequestHelpers.d.ts +11 -1
  251. package/dist/request/RequestHelpers.d.ts.map +1 -1
  252. package/dist/request/RequestHelpers.mjs +32 -3
  253. package/dist/request/RequestHelpers.mjs.map +1 -1
  254. package/dist/response/ResponseHandler.mjs +1 -1
  255. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  256. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  257. package/dist/utils/BrowserConstants.mjs +1 -1
  258. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  259. package/dist/utils/BrowserUtils.mjs +1 -1
  260. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  261. package/lib/custom-auth-path/msal-custom-auth.cjs +233 -172
  262. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  263. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  264. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  265. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts +2 -1
  266. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  267. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts +5 -0
  268. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  269. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  270. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  271. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts +1 -0
  272. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  273. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  274. package/lib/custom-auth-path/types/protocol/Authorize.d.ts +4 -0
  275. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  276. package/lib/custom-auth-path/types/request/RequestHelpers.d.ts +11 -1
  277. package/lib/custom-auth-path/types/request/RequestHelpers.d.ts.map +1 -1
  278. package/lib/msal-browser.cjs +259 -180
  279. package/lib/msal-browser.cjs.map +1 -1
  280. package/lib/msal-browser.js +259 -180
  281. package/lib/msal-browser.js.map +1 -1
  282. package/lib/msal-browser.min.js +68 -69
  283. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  284. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  285. package/lib/types/interaction_client/PopupClient.d.ts +2 -1
  286. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  287. package/lib/types/interaction_client/RedirectClient.d.ts +5 -0
  288. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  289. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  290. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  291. package/lib/types/interaction_handler/SilentHandler.d.ts +1 -0
  292. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  293. package/lib/types/packageMetadata.d.ts +1 -1
  294. package/lib/types/protocol/Authorize.d.ts +4 -0
  295. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  296. package/lib/types/request/RequestHelpers.d.ts +11 -1
  297. package/lib/types/request/RequestHelpers.d.ts.map +1 -1
  298. package/package.json +2 -2
  299. package/src/controllers/NestedAppAuthController.ts +18 -2
  300. package/src/interaction_client/PopupClient.ts +161 -63
  301. package/src/interaction_client/RedirectClient.ts +86 -35
  302. package/src/interaction_client/SilentIframeClient.ts +49 -28
  303. package/src/interaction_client/StandardInteractionClient.ts +13 -2
  304. package/src/interaction_handler/SilentHandler.ts +24 -1
  305. package/src/packageMetadata.ts +1 -1
  306. package/src/protocol/Authorize.ts +48 -0
  307. package/src/request/RequestHelpers.ts +45 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.14.0 2025-07-01 */
1
+ /*! @azure/msal-browser v4.16.0 2025-07-23 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -82,6 +82,10 @@ const HttpStatus = {
82
82
  SERVER_ERROR_RANGE_END: 599,
83
83
  MULTI_SIDED_ERROR: 600,
84
84
  };
85
+ const HttpMethod = {
86
+ GET: "GET",
87
+ POST: "POST",
88
+ };
85
89
  const OIDC_DEFAULT_SCOPES = [
86
90
  Constants.OPENID_SCOPE,
87
91
  Constants.PROFILE_SCOPE,
@@ -135,13 +139,6 @@ const PromptValue = {
135
139
  CREATE: "create",
136
140
  NO_SESSION: "no_session",
137
141
  };
138
- /**
139
- * allowed values for codeVerifier
140
- */
141
- const CodeChallengeMethodValues = {
142
- PLAIN: "plain",
143
- S256: "S256",
144
- };
145
142
  /**
146
143
  * Allowed values for response_type
147
144
  */
@@ -284,7 +281,7 @@ const JsonWebTokenTypes = {
284
281
  // Token renewal offset default in seconds
285
282
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
286
283
 
287
- /*! @azure/msal-common v15.8.0 2025-07-01 */
284
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
288
285
  /*
289
286
  * Copyright (c) Microsoft Corporation. All rights reserved.
290
287
  * Licensed under the MIT License.
@@ -301,7 +298,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
301
298
  unexpectedError: unexpectedError
302
299
  });
303
300
 
304
- /*! @azure/msal-common v15.8.0 2025-07-01 */
301
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
305
302
 
306
303
  /*
307
304
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -350,7 +347,7 @@ function createAuthError(code, additionalMessage) {
350
347
  : AuthErrorMessages[code]);
351
348
  }
352
349
 
353
- /*! @azure/msal-common v15.8.0 2025-07-01 */
350
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
354
351
  /*
355
352
  * Copyright (c) Microsoft Corporation. All rights reserved.
356
353
  * Licensed under the MIT License.
@@ -448,7 +445,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
448
445
  userTimeoutReached: userTimeoutReached
449
446
  });
450
447
 
451
- /*! @azure/msal-common v15.8.0 2025-07-01 */
448
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
452
449
 
453
450
  /*
454
451
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -700,7 +697,7 @@ function createClientAuthError(errorCode, additionalMessage) {
700
697
  return new ClientAuthError(errorCode, additionalMessage);
701
698
  }
702
699
 
703
- /*! @azure/msal-common v15.8.0 2025-07-01 */
700
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
704
701
 
705
702
  /*
706
703
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -739,7 +736,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
739
736
  },
740
737
  };
741
738
 
742
- /*! @azure/msal-common v15.8.0 2025-07-01 */
739
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
743
740
 
744
741
  /*
745
742
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -930,12 +927,12 @@ class Logger {
930
927
  }
931
928
  }
932
929
 
933
- /*! @azure/msal-common v15.8.0 2025-07-01 */
930
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
934
931
  /* eslint-disable header/header */
935
932
  const name$1 = "@azure/msal-common";
936
- const version$1 = "15.8.0";
933
+ const version$1 = "15.9.0";
937
934
 
938
- /*! @azure/msal-common v15.8.0 2025-07-01 */
935
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
939
936
  /*
940
937
  * Copyright (c) Microsoft Corporation. All rights reserved.
941
938
  * Licensed under the MIT License.
@@ -955,7 +952,7 @@ const AzureCloudInstance = {
955
952
  AzureUsGovernment: "https://login.microsoftonline.us",
956
953
  };
957
954
 
958
- /*! @azure/msal-common v15.8.0 2025-07-01 */
955
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
959
956
 
960
957
  /*
961
958
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1016,7 +1013,7 @@ function checkMaxAge(authTime, maxAge) {
1016
1013
  }
1017
1014
  }
1018
1015
 
1019
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1016
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1020
1017
  /*
1021
1018
  * Copyright (c) Microsoft Corporation. All rights reserved.
1022
1019
  * Licensed under the MIT License.
@@ -1071,7 +1068,7 @@ function wasClockTurnedBack(cachedAt) {
1071
1068
  return cachedAtSec > nowSeconds();
1072
1069
  }
1073
1070
 
1074
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1071
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1075
1072
 
1076
1073
  /*
1077
1074
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1398,7 +1395,7 @@ function isAuthorityMetadataExpired(metadata) {
1398
1395
  return metadata.expiresAt <= nowSeconds();
1399
1396
  }
1400
1397
 
1401
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1398
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1402
1399
  /*
1403
1400
  * Copyright (c) Microsoft Corporation. All rights reserved.
1404
1401
  * Licensed under the MIT License.
@@ -1409,7 +1406,6 @@ const authorityUriInsecure = "authority_uri_insecure";
1409
1406
  const urlParseError = "url_parse_error";
1410
1407
  const urlEmptyError = "empty_url_error";
1411
1408
  const emptyInputScopesError = "empty_input_scopes_error";
1412
- const invalidPromptValue = "invalid_prompt_value";
1413
1409
  const invalidClaims = "invalid_claims";
1414
1410
  const tokenRequestEmpty = "token_request_empty";
1415
1411
  const logoutRequestEmpty = "logout_request_empty";
@@ -1424,7 +1420,9 @@ const missingNonceAuthenticationHeader = "missing_nonce_authentication_header";
1424
1420
  const invalidAuthenticationHeader = "invalid_authentication_header";
1425
1421
  const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
1426
1422
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
1427
- const authorityMismatch = "authority_mismatch";
1423
+ const authorityMismatch = "authority_mismatch";
1424
+ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
1425
+ const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
1428
1426
 
1429
1427
  var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
1430
1428
  __proto__: null,
@@ -1436,10 +1434,11 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
1436
1434
  emptyInputScopesError: emptyInputScopesError,
1437
1435
  invalidAuthenticationHeader: invalidAuthenticationHeader,
1438
1436
  invalidAuthorityMetadata: invalidAuthorityMetadata,
1437
+ invalidAuthorizePostBodyParameters: invalidAuthorizePostBodyParameters,
1439
1438
  invalidClaims: invalidClaims,
1440
1439
  invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
1441
1440
  invalidCodeChallengeMethod: invalidCodeChallengeMethod,
1442
- invalidPromptValue: invalidPromptValue,
1441
+ invalidRequestMethodForEAR: invalidRequestMethodForEAR,
1443
1442
  logoutRequestEmpty: logoutRequestEmpty,
1444
1443
  missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
1445
1444
  missingSshJwk: missingSshJwk,
@@ -1452,7 +1451,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
1452
1451
  urlParseError: urlParseError
1453
1452
  });
1454
1453
 
1455
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1454
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1456
1455
 
1457
1456
  /*
1458
1457
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1465,7 +1464,6 @@ const ClientConfigurationErrorMessages = {
1465
1464
  [urlParseError]: "URL could not be parsed into appropriate segments.",
1466
1465
  [urlEmptyError]: "URL was empty or null.",
1467
1466
  [emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
1468
- [invalidPromptValue]: "Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",
1469
1467
  [invalidClaims]: "Given claims parameter must be a stringified JSON object.",
1470
1468
  [tokenRequestEmpty]: "Token request was empty and not found in cache.",
1471
1469
  [logoutRequestEmpty]: "The logout request was null or undefined.",
@@ -1481,6 +1479,8 @@ const ClientConfigurationErrorMessages = {
1481
1479
  [cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
1482
1480
  [cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
1483
1481
  [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
1482
+ [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
1483
+ [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
1484
1484
  };
1485
1485
  /**
1486
1486
  * ClientConfigurationErrorMessage class containing string constants used by error codes and messages.
@@ -1511,10 +1511,6 @@ const ClientConfigurationErrorMessage = {
1511
1511
  code: emptyInputScopesError,
1512
1512
  desc: ClientConfigurationErrorMessages[emptyInputScopesError],
1513
1513
  },
1514
- invalidPrompt: {
1515
- code: invalidPromptValue,
1516
- desc: ClientConfigurationErrorMessages[invalidPromptValue],
1517
- },
1518
1514
  invalidClaimsRequest: {
1519
1515
  code: invalidClaims,
1520
1516
  desc: ClientConfigurationErrorMessages[invalidClaims],
@@ -1575,6 +1571,14 @@ const ClientConfigurationErrorMessage = {
1575
1571
  code: authorityMismatch,
1576
1572
  desc: ClientConfigurationErrorMessages[authorityMismatch],
1577
1573
  },
1574
+ invalidAuthorizePostBodyParameters: {
1575
+ code: invalidAuthorizePostBodyParameters,
1576
+ desc: ClientConfigurationErrorMessages[invalidAuthorizePostBodyParameters],
1577
+ },
1578
+ invalidRequestMethodForEAR: {
1579
+ code: invalidRequestMethodForEAR,
1580
+ desc: ClientConfigurationErrorMessages[invalidRequestMethodForEAR],
1581
+ },
1578
1582
  };
1579
1583
  /**
1580
1584
  * Error thrown when there is an error in configuration of the MSAL.js library.
@@ -1590,7 +1594,7 @@ function createClientConfigurationError(errorCode) {
1590
1594
  return new ClientConfigurationError(errorCode);
1591
1595
  }
1592
1596
 
1593
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1597
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1594
1598
  /*
1595
1599
  * Copyright (c) Microsoft Corporation. All rights reserved.
1596
1600
  * Licensed under the MIT License.
@@ -1687,7 +1691,7 @@ class StringUtils {
1687
1691
  }
1688
1692
  }
1689
1693
 
1690
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1694
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1691
1695
 
1692
1696
  /*
1693
1697
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1878,7 +1882,7 @@ class ScopeSet {
1878
1882
  }
1879
1883
  }
1880
1884
 
1881
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1885
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1882
1886
 
1883
1887
  /*
1884
1888
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1918,7 +1922,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1918
1922
  };
1919
1923
  }
1920
1924
 
1921
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1925
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1922
1926
  /*
1923
1927
  * Copyright (c) Microsoft Corporation. All rights reserved.
1924
1928
  * Licensed under the MIT License.
@@ -1997,7 +2001,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1997
2001
  return updatedAccountInfo;
1998
2002
  }
1999
2003
 
2000
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2004
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2001
2005
  /*
2002
2006
  * Copyright (c) Microsoft Corporation. All rights reserved.
2003
2007
  * Licensed under the MIT License.
@@ -2012,7 +2016,7 @@ const AuthorityType = {
2012
2016
  Ciam: 3,
2013
2017
  };
2014
2018
 
2015
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2019
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2016
2020
  /*
2017
2021
  * Copyright (c) Microsoft Corporation. All rights reserved.
2018
2022
  * Licensed under the MIT License.
@@ -2034,7 +2038,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2034
2038
  return null;
2035
2039
  }
2036
2040
 
2037
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2041
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2038
2042
  /*
2039
2043
  * Copyright (c) Microsoft Corporation. All rights reserved.
2040
2044
  * Licensed under the MIT License.
@@ -2058,7 +2062,7 @@ const ProtocolMode = {
2058
2062
  EAR: "EAR",
2059
2063
  };
2060
2064
 
2061
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2065
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2062
2066
 
2063
2067
  /*
2064
2068
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2301,7 +2305,7 @@ class AccountEntity {
2301
2305
  }
2302
2306
  }
2303
2307
 
2304
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2308
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2305
2309
 
2306
2310
  /*
2307
2311
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2366,7 +2370,7 @@ function mapToQueryString(parameters, encodeExtraParams = true, extraQueryParame
2366
2370
  return queryParameterArray.join("&");
2367
2371
  }
2368
2372
 
2369
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2373
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2370
2374
 
2371
2375
  /*
2372
2376
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2530,7 +2534,7 @@ class UrlString {
2530
2534
  }
2531
2535
  }
2532
2536
 
2533
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2537
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2534
2538
 
2535
2539
  /*
2536
2540
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2669,7 +2673,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2669
2673
  return null;
2670
2674
  }
2671
2675
 
2672
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2676
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2673
2677
  /*
2674
2678
  * Copyright (c) Microsoft Corporation. All rights reserved.
2675
2679
  * Licensed under the MIT License.
@@ -2677,7 +2681,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2677
2681
  const cacheQuotaExceeded = "cache_quota_exceeded";
2678
2682
  const cacheErrorUnknown = "cache_error_unknown";
2679
2683
 
2680
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2684
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2681
2685
 
2682
2686
  /*
2683
2687
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2722,7 +2726,7 @@ function createCacheError(e) {
2722
2726
  }
2723
2727
  }
2724
2728
 
2725
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2729
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2726
2730
 
2727
2731
  /*
2728
2732
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3889,7 +3893,7 @@ class DefaultStorageClass extends CacheManager {
3889
3893
  }
3890
3894
  }
3891
3895
 
3892
- /*! @azure/msal-common v15.8.0 2025-07-01 */
3896
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
3893
3897
  /*
3894
3898
  * Copyright (c) Microsoft Corporation. All rights reserved.
3895
3899
  * Licensed under the MIT License.
@@ -4401,7 +4405,7 @@ const IntFields = new Set([
4401
4405
  "encryptedCacheExpiredCount",
4402
4406
  ]);
4403
4407
 
4404
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4408
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4405
4409
 
4406
4410
  /*
4407
4411
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4480,7 +4484,7 @@ class StubPerformanceClient {
4480
4484
  }
4481
4485
  }
4482
4486
 
4483
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4487
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4484
4488
 
4485
4489
  /*
4486
4490
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4580,7 +4584,7 @@ function isOidcProtocolMode(config) {
4580
4584
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4581
4585
  }
4582
4586
 
4583
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4587
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4584
4588
  /*
4585
4589
  * Copyright (c) Microsoft Corporation. All rights reserved.
4586
4590
  * Licensed under the MIT License.
@@ -4590,7 +4594,7 @@ const CcsCredentialType = {
4590
4594
  UPN: "UPN",
4591
4595
  };
4592
4596
 
4593
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4597
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4594
4598
  /*
4595
4599
  * Copyright (c) Microsoft Corporation. All rights reserved.
4596
4600
  * Licensed under the MIT License.
@@ -4640,7 +4644,7 @@ const INSTANCE_AWARE = "instance_aware";
4640
4644
  const EAR_JWK = "ear_jwk";
4641
4645
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4642
4646
 
4643
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4647
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4644
4648
 
4645
4649
  /*
4646
4650
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5006,9 +5010,21 @@ function addEARParameters(parameters, jwk) {
5006
5010
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
5007
5011
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
5008
5012
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
5013
+ }
5014
+ /**
5015
+ * Adds authorize body parameters to the request parameters
5016
+ * @param parameters
5017
+ * @param bodyParameters
5018
+ */
5019
+ function addPostBodyParameters(parameters, bodyParameters) {
5020
+ Object.entries(bodyParameters).forEach(([key, value]) => {
5021
+ if (value) {
5022
+ parameters.set(key, value);
5023
+ }
5024
+ });
5009
5025
  }
5010
5026
 
5011
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5027
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5012
5028
  /*
5013
5029
  * Copyright (c) Microsoft Corporation. All rights reserved.
5014
5030
  * Licensed under the MIT License.
@@ -5020,7 +5036,7 @@ function isOpenIdConfigResponse(response) {
5020
5036
  response.hasOwnProperty("jwks_uri"));
5021
5037
  }
5022
5038
 
5023
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5039
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5024
5040
  /*
5025
5041
  * Copyright (c) Microsoft Corporation. All rights reserved.
5026
5042
  * Licensed under the MIT License.
@@ -5030,7 +5046,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5030
5046
  response.hasOwnProperty("metadata"));
5031
5047
  }
5032
5048
 
5033
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5049
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5034
5050
  /*
5035
5051
  * Copyright (c) Microsoft Corporation. All rights reserved.
5036
5052
  * Licensed under the MIT License.
@@ -5040,7 +5056,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5040
5056
  response.hasOwnProperty("error_description"));
5041
5057
  }
5042
5058
 
5043
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5059
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5044
5060
  /*
5045
5061
  * Copyright (c) Microsoft Corporation. All rights reserved.
5046
5062
  * Licensed under the MIT License.
@@ -5136,7 +5152,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
5136
5152
  };
5137
5153
  };
5138
5154
 
5139
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5155
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5140
5156
 
5141
5157
  /*
5142
5158
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5242,7 +5258,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5242
5258
  },
5243
5259
  };
5244
5260
 
5245
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5261
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5246
5262
 
5247
5263
  /*
5248
5264
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6081,7 +6097,7 @@ function buildStaticAuthorityOptions(authOptions) {
6081
6097
  };
6082
6098
  }
6083
6099
 
6084
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6100
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6085
6101
 
6086
6102
  /*
6087
6103
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6112,7 +6128,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6112
6128
  }
6113
6129
  }
6114
6130
 
6115
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6131
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6116
6132
 
6117
6133
  /*
6118
6134
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6131,7 +6147,7 @@ class ServerError extends AuthError {
6131
6147
  }
6132
6148
  }
6133
6149
 
6134
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6150
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6135
6151
  /*
6136
6152
  * Copyright (c) Microsoft Corporation. All rights reserved.
6137
6153
  * Licensed under the MIT License.
@@ -6152,7 +6168,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
6152
6168
  };
6153
6169
  }
6154
6170
 
6155
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6171
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6156
6172
 
6157
6173
  /*
6158
6174
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6239,7 +6255,7 @@ class ThrottlingUtils {
6239
6255
  }
6240
6256
  }
6241
6257
 
6242
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6258
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6243
6259
 
6244
6260
  /*
6245
6261
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6270,7 +6286,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
6270
6286
  return new NetworkError(error, httpStatus, responseHeaders);
6271
6287
  }
6272
6288
 
6273
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6289
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6274
6290
 
6275
6291
  /*
6276
6292
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6418,7 +6434,7 @@ class BaseClient {
6418
6434
  }
6419
6435
  }
6420
6436
 
6421
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6437
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6422
6438
  /*
6423
6439
  * Copyright (c) Microsoft Corporation. All rights reserved.
6424
6440
  * Licensed under the MIT License.
@@ -6446,7 +6462,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
6446
6462
  uxNotAllowed: uxNotAllowed
6447
6463
  });
6448
6464
 
6449
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6465
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6450
6466
 
6451
6467
  /*
6452
6468
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6536,7 +6552,7 @@ function createInteractionRequiredAuthError(errorCode) {
6536
6552
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
6537
6553
  }
6538
6554
 
6539
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6555
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6540
6556
 
6541
6557
  /*
6542
6558
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6608,7 +6624,7 @@ class ProtocolUtils {
6608
6624
  }
6609
6625
  }
6610
6626
 
6611
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6627
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6612
6628
 
6613
6629
  /*
6614
6630
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6690,7 +6706,7 @@ class PopTokenGenerator {
6690
6706
  }
6691
6707
  }
6692
6708
 
6693
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6709
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6694
6710
  /*
6695
6711
  * Copyright (c) Microsoft Corporation. All rights reserved.
6696
6712
  * Licensed under the MIT License.
@@ -6717,7 +6733,7 @@ class PopTokenGenerator {
6717
6733
  }
6718
6734
  }
6719
6735
 
6720
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6736
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6721
6737
 
6722
6738
  /*
6723
6739
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7048,74 +7064,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
7048
7064
  return baseAccount;
7049
7065
  }
7050
7066
 
7051
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7052
-
7053
- /*
7054
- * Copyright (c) Microsoft Corporation. All rights reserved.
7055
- * Licensed under the MIT License.
7056
- */
7057
- /**
7058
- * Validates server consumable params from the "request" objects
7059
- */
7060
- class RequestValidator {
7061
- /**
7062
- * Utility to check if the `redirectUri` in the request is a non-null value
7063
- * @param redirectUri
7064
- */
7065
- static validateRedirectUri(redirectUri) {
7066
- if (!redirectUri) {
7067
- throw createClientConfigurationError(redirectUriEmpty);
7068
- }
7069
- }
7070
- /**
7071
- * Utility to validate prompt sent by the user in the request
7072
- * @param prompt
7073
- */
7074
- static validatePrompt(prompt) {
7075
- const promptValues = [];
7076
- for (const value in PromptValue) {
7077
- promptValues.push(PromptValue[value]);
7078
- }
7079
- if (promptValues.indexOf(prompt) < 0) {
7080
- throw createClientConfigurationError(invalidPromptValue);
7081
- }
7082
- }
7083
- static validateClaims(claims) {
7084
- try {
7085
- JSON.parse(claims);
7086
- }
7087
- catch (e) {
7088
- throw createClientConfigurationError(invalidClaims);
7089
- }
7090
- }
7091
- /**
7092
- * Utility to validate code_challenge and code_challenge_method
7093
- * @param codeChallenge
7094
- * @param codeChallengeMethod
7095
- */
7096
- static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) {
7097
- if (!codeChallenge || !codeChallengeMethod) {
7098
- throw createClientConfigurationError(pkceParamsMissing);
7099
- }
7100
- else {
7101
- this.validateCodeChallengeMethod(codeChallengeMethod);
7102
- }
7103
- }
7104
- /**
7105
- * Utility to validate code_challenge_method
7106
- * @param codeChallengeMethod
7107
- */
7108
- static validateCodeChallengeMethod(codeChallengeMethod) {
7109
- if ([
7110
- CodeChallengeMethodValues.PLAIN,
7111
- CodeChallengeMethodValues.S256,
7112
- ].indexOf(codeChallengeMethod) < 0) {
7113
- throw createClientConfigurationError(invalidCodeChallengeMethod);
7114
- }
7115
- }
7116
- }
7117
-
7118
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7067
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7119
7068
  /*
7120
7069
  * Copyright (c) Microsoft Corporation. All rights reserved.
7121
7070
  * Licensed under the MIT License.
@@ -7133,7 +7082,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
7133
7082
  }
7134
7083
  }
7135
7084
 
7136
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7085
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7137
7086
 
7138
7087
  /*
7139
7088
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7227,7 +7176,9 @@ class AuthorizationCodeClient extends BaseClient {
7227
7176
  */
7228
7177
  if (!this.includeRedirectUri) {
7229
7178
  // Just validate
7230
- RequestValidator.validateRedirectUri(request.redirectUri);
7179
+ if (!request.redirectUri) {
7180
+ throw createClientConfigurationError(redirectUriEmpty);
7181
+ }
7231
7182
  }
7232
7183
  else {
7233
7184
  // Validate and include redirect uri
@@ -7366,7 +7317,7 @@ class AuthorizationCodeClient extends BaseClient {
7366
7317
  }
7367
7318
  }
7368
7319
 
7369
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7320
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7370
7321
 
7371
7322
  /*
7372
7323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7575,7 +7526,7 @@ class RefreshTokenClient extends BaseClient {
7575
7526
  }
7576
7527
  }
7577
7528
 
7578
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7529
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7579
7530
 
7580
7531
  /*
7581
7532
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7673,7 +7624,7 @@ class SilentFlowClient extends BaseClient {
7673
7624
  }
7674
7625
  }
7675
7626
 
7676
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7627
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7677
7628
 
7678
7629
  /*
7679
7630
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7688,7 +7639,7 @@ const StubbedNetworkModule = {
7688
7639
  },
7689
7640
  };
7690
7641
 
7691
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7642
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7692
7643
 
7693
7644
  /*
7694
7645
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7912,7 +7863,7 @@ function extractLoginHint(account) {
7912
7863
  return account.idTokenClaims?.login_hint || null;
7913
7864
  }
7914
7865
 
7915
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7866
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7916
7867
 
7917
7868
  /*
7918
7869
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7970,7 +7921,7 @@ class AuthenticationHeaderParser {
7970
7921
  }
7971
7922
  }
7972
7923
 
7973
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7924
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7974
7925
 
7975
7926
  /*
7976
7927
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8233,7 +8184,7 @@ class ServerTelemetryManager {
8233
8184
  }
8234
8185
  }
8235
8186
 
8236
- /*! @azure/msal-common v15.8.0 2025-07-01 */
8187
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
8237
8188
  /*
8238
8189
  * Copyright (c) Microsoft Corporation. All rights reserved.
8239
8190
  * Licensed under the MIT License.
@@ -8241,7 +8192,7 @@ class ServerTelemetryManager {
8241
8192
  const missingKidError = "missing_kid_error";
8242
8193
  const missingAlgError = "missing_alg_error";
8243
8194
 
8244
- /*! @azure/msal-common v15.8.0 2025-07-01 */
8195
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
8245
8196
 
8246
8197
  /*
8247
8198
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8266,7 +8217,7 @@ function createJoseHeaderError(code) {
8266
8217
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
8267
8218
  }
8268
8219
 
8269
- /*! @azure/msal-common v15.8.0 2025-07-01 */
8220
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
8270
8221
 
8271
8222
  /*
8272
8223
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8306,7 +8257,7 @@ class JoseHeader {
8306
8257
  }
8307
8258
  }
8308
8259
 
8309
- /*! @azure/msal-common v15.8.0 2025-07-01 */
8260
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
8310
8261
 
8311
8262
  /*
8312
8263
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10410,7 +10361,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
10410
10361
 
10411
10362
  /* eslint-disable header/header */
10412
10363
  const name = "@azure/msal-browser";
10413
- const version = "4.14.0";
10364
+ const version = "4.16.0";
10414
10365
 
10415
10366
  /*
10416
10367
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -13141,6 +13092,35 @@ async function initializeSilentRequest(request, account, config, performanceClie
13141
13092
  account: account,
13142
13093
  forceRefresh: request.forceRefresh || false,
13143
13094
  };
13095
+ }
13096
+ /**
13097
+ * Validates that the combination of request method, protocol mode and authorize body parameters is correct.
13098
+ * Returns the validated or defaulted HTTP method or throws if the configured combination is invalid.
13099
+ * @param interactionRequest
13100
+ * @param protocolMode
13101
+ * @returns
13102
+ */
13103
+ function validateRequestMethod(interactionRequest, protocolMode) {
13104
+ let httpMethod;
13105
+ const requestMethod = interactionRequest.httpMethod;
13106
+ if (protocolMode === ProtocolMode.EAR) {
13107
+ // Don't override httpMethod if it is already set, default to POST if not set
13108
+ httpMethod = requestMethod || HttpMethod.POST;
13109
+ // Validate that method is not GET if protocol mode is EAR
13110
+ if (httpMethod !== HttpMethod.POST) {
13111
+ throw createClientConfigurationError(invalidRequestMethodForEAR);
13112
+ }
13113
+ }
13114
+ else {
13115
+ // For non-EAR protocol modes, default to GET if httpMethod is not set
13116
+ httpMethod = requestMethod || HttpMethod.GET;
13117
+ }
13118
+ // Regardless of protocolMode, if there are authorizePostBodyParameters, validate the request method is POST
13119
+ if (interactionRequest.authorizePostBodyParameters &&
13120
+ httpMethod !== HttpMethod.POST) {
13121
+ throw createClientConfigurationError(invalidAuthorizePostBodyParameters);
13122
+ }
13123
+ return httpMethod;
13144
13124
  }
13145
13125
 
13146
13126
  /*
@@ -13317,7 +13297,7 @@ class StandardInteractionClient extends BaseInteractionClient {
13317
13297
  };
13318
13298
  const state = ProtocolUtils.setRequestState(this.browserCrypto, (request && request.state) || Constants.EMPTY_STRING, browserState);
13319
13299
  const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, this.logger, this.performanceClient, this.correlationId)({ ...request, correlationId: this.correlationId }, this.config, this.performanceClient, this.logger);
13320
- const validatedRequest = {
13300
+ const interactionRequest = {
13321
13301
  ...baseRequest,
13322
13302
  redirectUri: redirectUri,
13323
13303
  state: state,
@@ -13325,6 +13305,10 @@ class StandardInteractionClient extends BaseInteractionClient {
13325
13305
  responseMode: this.config.auth.OIDCOptions
13326
13306
  .serverResponseType,
13327
13307
  };
13308
+ const validatedRequest = {
13309
+ ...interactionRequest,
13310
+ httpMethod: validateRequestMethod(interactionRequest, this.config.auth.protocolMode),
13311
+ };
13328
13312
  // Skip active account lookup if either login hint or session id is set
13329
13313
  if (request.loginHint || request.sid) {
13330
13314
  return validatedRequest;
@@ -14319,6 +14303,19 @@ async function getEARForm(frame, config, authority, request, logger, performance
14319
14303
  const url = getAuthorizeUrl(authority, queryParams, config.auth.encodeExtraQueryParams, request.extraQueryParameters);
14320
14304
  return createForm(frame, url, parameters);
14321
14305
  }
14306
+ /**
14307
+ * Gets the form that will be posted to /authorize with request parameters when using POST method
14308
+ */
14309
+ async function getCodeForm(frame, config, authority, request, logger, performanceClient) {
14310
+ const parameters = await getStandardParameters(config, authority, request, logger, performanceClient);
14311
+ addResponseType(parameters, OAuthResponseType.CODE);
14312
+ addCodeChallengeParams(parameters, request.codeChallenge, request.codeChallengeMethod || Constants.S256_CODE_CHALLENGE_METHOD);
14313
+ addPostBodyParameters(parameters, request.authorizePostBodyParameters || {});
14314
+ const queryParams = new Map();
14315
+ addExtraQueryParameters(queryParams, request.extraQueryParameters || {});
14316
+ const url = getAuthorizeUrl(authority, queryParams, config.auth.encodeExtraQueryParams, request.extraQueryParameters);
14317
+ return createForm(frame, url, parameters);
14318
+ }
14322
14319
  /**
14323
14320
  * Creates form element in the provided document with auth parameters in the post body
14324
14321
  * @param frame
@@ -15010,9 +15007,10 @@ class PopupClient extends StandardInteractionClient {
15010
15007
  * @param pkceCodes
15011
15008
  */
15012
15009
  acquireToken(request, pkceCodes) {
15010
+ let popupParams = undefined;
15013
15011
  try {
15014
15012
  const popupName = this.generatePopupName(request.scopes || OIDC_DEFAULT_SCOPES, request.authority || this.config.auth.authority);
15015
- const popupParams = {
15013
+ popupParams = {
15016
15014
  popupName,
15017
15015
  popupWindowAttributes: request.popupWindowAttributes || {},
15018
15016
  popupWindowParent: request.popupWindowParent ?? window,
@@ -15025,10 +15023,15 @@ class PopupClient extends StandardInteractionClient {
15025
15023
  return this.acquireTokenPopupAsync(request, popupParams, pkceCodes);
15026
15024
  }
15027
15025
  else {
15026
+ // Pre-validate request method to avoid opening popup if the request is invalid
15027
+ const validatedRequest = {
15028
+ ...request,
15029
+ httpMethod: validateRequestMethod(request, this.config.auth.protocolMode),
15030
+ };
15028
15031
  // asyncPopups flag is set to false. Opens popup before acquiring token.
15029
15032
  this.logger.verbose("asyncPopup set to false, opening popup before acquiring token");
15030
15033
  popupParams.popup = this.openSizedPopup("about:blank", popupParams);
15031
- return this.acquireTokenPopupAsync(request, popupParams, pkceCodes);
15034
+ return this.acquireTokenPopupAsync(validatedRequest, popupParams, pkceCodes);
15032
15035
  }
15033
15036
  }
15034
15037
  catch (e) {
@@ -15120,15 +15123,20 @@ class PopupClient extends StandardInteractionClient {
15120
15123
  requestExtraQueryParameters: popupRequest.extraQueryParameters,
15121
15124
  account: popupRequest.account,
15122
15125
  });
15123
- // Create acquire token url.
15124
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, popupRequest, this.logger, this.performanceClient);
15125
- // Show the UI once the url has been created. Get the window handle for the popup.
15126
- const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
15127
- this.eventHandler.emitEvent(EventType.POPUP_OPENED, exports.InteractionType.Popup, { popupWindow }, null);
15128
- // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
15129
- const responseString = await this.monitorPopupForHash(popupWindow, popupParams.popupWindowParent);
15130
- const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
15131
- return await invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15126
+ if (popupRequest.httpMethod === HttpMethod.POST) {
15127
+ return await this.executeCodeFlowWithPost(popupRequest, popupParams, authClient, pkce.verifier);
15128
+ }
15129
+ else {
15130
+ // Create acquire token url.
15131
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, popupRequest, this.logger, this.performanceClient);
15132
+ // Show the UI once the url has been created. Get the window handle for the popup.
15133
+ const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
15134
+ this.eventHandler.emitEvent(EventType.POPUP_OPENED, exports.InteractionType.Popup, { popupWindow }, null);
15135
+ // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
15136
+ const responseString = await this.monitorPopupForHash(popupWindow, popupParams.popupWindowParent);
15137
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
15138
+ return await invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15139
+ }
15132
15140
  }
15133
15141
  catch (e) {
15134
15142
  // Close the synchronous popup if an error is thrown before the window unload event is registered
@@ -15166,6 +15174,23 @@ class PopupClient extends StandardInteractionClient {
15166
15174
  const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
15167
15175
  return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(popupRequest, serverParams, ApiId.acquireTokenPopup, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15168
15176
  }
15177
+ async executeCodeFlowWithPost(request, popupParams, authClient, pkceVerifier) {
15178
+ const correlationId = request.correlationId;
15179
+ // Get the frame handle for the silent request
15180
+ const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, correlationId)({
15181
+ requestAuthority: request.authority,
15182
+ requestAzureCloudOptions: request.azureCloudOptions,
15183
+ requestExtraQueryParameters: request.extraQueryParameters,
15184
+ account: request.account,
15185
+ });
15186
+ const popupWindow = popupParams.popup || this.openPopup("about:blank", popupParams);
15187
+ const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
15188
+ form.submit();
15189
+ // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
15190
+ const responseString = await invokeAsync(this.monitorPopupForHash.bind(this), PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupWindow, popupParams.popupWindowParent);
15191
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
15192
+ return invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15193
+ }
15169
15194
  /**
15170
15195
  *
15171
15196
  * @param validRequest
@@ -15517,18 +15542,23 @@ class RedirectClient extends StandardInteractionClient {
15517
15542
  };
15518
15543
  this.browserStorage.cacheAuthorizeRequest(redirectRequest, pkceCodes.verifier);
15519
15544
  try {
15520
- // Initialize the client
15521
- const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15522
- serverTelemetryManager,
15523
- requestAuthority: redirectRequest.authority,
15524
- requestAzureCloudOptions: redirectRequest.azureCloudOptions,
15525
- requestExtraQueryParameters: redirectRequest.extraQueryParameters,
15526
- account: redirectRequest.account,
15527
- });
15528
- // Create acquire token url.
15529
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, request.correlationId)(this.config, authClient.authority, redirectRequest, this.logger, this.performanceClient);
15530
- // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.
15531
- return await this.initiateAuthRequest(navigateUrl, onRedirectNavigate);
15545
+ if (redirectRequest.httpMethod === HttpMethod.POST) {
15546
+ return await this.executeCodeFlowWithPost(redirectRequest);
15547
+ }
15548
+ else {
15549
+ // Initialize the client
15550
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15551
+ serverTelemetryManager,
15552
+ requestAuthority: redirectRequest.authority,
15553
+ requestAzureCloudOptions: redirectRequest.azureCloudOptions,
15554
+ requestExtraQueryParameters: redirectRequest.extraQueryParameters,
15555
+ account: redirectRequest.account,
15556
+ });
15557
+ // Create acquire token url.
15558
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, request.correlationId)(this.config, authClient.authority, redirectRequest, this.logger, this.performanceClient);
15559
+ // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.
15560
+ return await this.initiateAuthRequest(navigateUrl, onRedirectNavigate);
15561
+ }
15532
15562
  }
15533
15563
  catch (e) {
15534
15564
  if (e instanceof AuthError) {
@@ -15565,6 +15595,28 @@ class RedirectClient extends StandardInteractionClient {
15565
15595
  }, this.config.system.redirectNavigationTimeout);
15566
15596
  });
15567
15597
  }
15598
+ /**
15599
+ * Executes classic Authorization Code flow with a POST request.
15600
+ * @param request
15601
+ */
15602
+ async executeCodeFlowWithPost(request) {
15603
+ const correlationId = request.correlationId;
15604
+ // Get the frame handle for the silent request
15605
+ const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, correlationId)({
15606
+ requestAuthority: request.authority,
15607
+ requestAzureCloudOptions: request.azureCloudOptions,
15608
+ requestExtraQueryParameters: request.extraQueryParameters,
15609
+ account: request.account,
15610
+ });
15611
+ this.browserStorage.cacheAuthorizeRequest(request);
15612
+ const form = await getCodeForm(document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
15613
+ form.submit();
15614
+ return new Promise((resolve, reject) => {
15615
+ setTimeout(() => {
15616
+ reject(createBrowserAuthError(timedOut, "failed_to_redirect"));
15617
+ }, this.config.system.redirectNavigationTimeout);
15618
+ });
15619
+ }
15568
15620
  /**
15569
15621
  * Checks if navigateToLoginRequestUrl is set, and:
15570
15622
  * - if true, performs logic to cache and navigate
@@ -15875,6 +15927,15 @@ async function initiateCodeRequest(requestUrl, performanceClient, logger, correl
15875
15927
  }
15876
15928
  return invoke(loadFrameSync, PerformanceEvents.SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl);
15877
15929
  }
15930
+ async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
15931
+ const frame = createHiddenIframe();
15932
+ if (!frame.contentDocument) {
15933
+ throw "No document associated with iframe!";
15934
+ }
15935
+ const form = await getCodeForm(frame.contentDocument, config, authority, request, logger, performanceClient);
15936
+ form.submit();
15937
+ return frame;
15938
+ }
15878
15939
  async function initiateEarRequest(config, authority, request, logger, performanceClient) {
15879
15940
  const frame = createHiddenIframe();
15880
15941
  if (!frame.contentDocument) {
@@ -16123,10 +16184,16 @@ class SilentIframeClient extends StandardInteractionClient {
16123
16184
  ...request,
16124
16185
  codeChallenge: pkceCodes.challenge,
16125
16186
  };
16126
- // Create authorize request url
16127
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
16128
- // Get the frame handle for the silent request
16129
- const msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
16187
+ let msalFrame;
16188
+ if (request.httpMethod === HttpMethod.POST) {
16189
+ msalFrame = await invokeAsync(initiateCodeFlowWithPost, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
16190
+ }
16191
+ else {
16192
+ // Create authorize request url
16193
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
16194
+ // Get the frame handle for the silent request
16195
+ msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
16196
+ }
16130
16197
  const responseType = this.config.auth.OIDCOptions.serverResponseType;
16131
16198
  // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
16132
16199
  const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType);
@@ -18225,7 +18292,13 @@ class NestedAppAuthController {
18225
18292
  ...this.nestedAppAuthAdapter.fromNaaTokenResponse(naaRequest, response, reqTimestamp),
18226
18293
  };
18227
18294
  // cache the tokens in the response
18228
- await this.hydrateCache(result, request);
18295
+ try {
18296
+ // cache hydration can fail in JS Runtime scenario that doesn't support full crypto API
18297
+ await this.hydrateCache(result, request);
18298
+ }
18299
+ catch (error) {
18300
+ this.logger.warningPii(`Failed to hydrate cache. Error: ${error}`, validRequest.correlationId);
18301
+ }
18229
18302
  // cache the account context in memory after successful token fetch
18230
18303
  this.currentAccountContext = {
18231
18304
  homeAccountId: result.account.homeAccountId,
@@ -18282,7 +18355,13 @@ class NestedAppAuthController {
18282
18355
  const response = await this.bridgeProxy.getTokenSilent(naaRequest);
18283
18356
  const result = this.nestedAppAuthAdapter.fromNaaTokenResponse(naaRequest, response, reqTimestamp);
18284
18357
  // cache the tokens in the response
18285
- await this.hydrateCache(result, request);
18358
+ try {
18359
+ // cache hydration can fail in JS Runtime scenario that doesn't support full crypto API
18360
+ await this.hydrateCache(result, request);
18361
+ }
18362
+ catch (error) {
18363
+ this.logger.warningPii(`Failed to hydrate cache. Error: ${error}`, validRequest.correlationId);
18364
+ }
18286
18365
  // cache the account context in memory after successful token fetch
18287
18366
  this.currentAccountContext = {
18288
18367
  homeAccountId: result.account.homeAccountId,