@azure/msal-browser 4.14.0 → 4.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (307) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/LocalStorage.mjs +1 -1
  15. package/dist/cache/MemoryStorage.mjs +1 -1
  16. package/dist/cache/SessionStorage.mjs +1 -1
  17. package/dist/cache/TokenCache.mjs +1 -1
  18. package/dist/config/Configuration.mjs +1 -1
  19. package/dist/controllers/ControllerFactory.mjs +1 -1
  20. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  21. package/dist/controllers/NestedAppAuthController.mjs +15 -3
  22. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  23. package/dist/controllers/StandardController.mjs +1 -1
  24. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  25. package/dist/crypto/BrowserCrypto.mjs +1 -1
  26. package/dist/crypto/CryptoOps.mjs +1 -1
  27. package/dist/crypto/PkceGenerator.mjs +1 -1
  28. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  29. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  30. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  31. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  32. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  33. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  34. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  35. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  36. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  37. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  38. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  39. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  40. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  41. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  42. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  43. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  44. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  45. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  46. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  47. package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
  48. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  49. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  50. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  51. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  52. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  53. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  54. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  55. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  56. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  57. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  58. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  59. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  60. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  61. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  62. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  63. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCredentialResult.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  141. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  142. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  143. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  144. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  145. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  146. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  147. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  148. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  149. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  150. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  151. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  152. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  153. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  154. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts +2 -1
  155. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  156. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +43 -14
  157. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  158. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts +5 -0
  159. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  160. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +42 -15
  161. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  162. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  163. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  164. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  165. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +13 -7
  166. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  167. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  168. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  169. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +7 -3
  170. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  171. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  172. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts +1 -0
  173. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
  174. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +12 -3
  175. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  176. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  177. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  178. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  180. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  181. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  182. package/dist/custom-auth-path/protocol/Authorize.d.ts +4 -0
  183. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  184. package/dist/custom-auth-path/protocol/Authorize.mjs +15 -2
  185. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  186. package/dist/custom-auth-path/request/RequestHelpers.d.ts +11 -1
  187. package/dist/custom-auth-path/request/RequestHelpers.d.ts.map +1 -1
  188. package/dist/custom-auth-path/request/RequestHelpers.mjs +32 -3
  189. package/dist/custom-auth-path/request/RequestHelpers.mjs.map +1 -1
  190. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  191. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  192. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  193. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  194. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  195. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  196. package/dist/encode/Base64Decode.mjs +1 -1
  197. package/dist/encode/Base64Encode.mjs +1 -1
  198. package/dist/error/BrowserAuthError.mjs +1 -1
  199. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  200. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  201. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  202. package/dist/error/NativeAuthError.mjs +1 -1
  203. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  204. package/dist/error/NestedAppAuthError.mjs +1 -1
  205. package/dist/event/EventHandler.mjs +1 -1
  206. package/dist/event/EventMessage.mjs +1 -1
  207. package/dist/event/EventType.mjs +1 -1
  208. package/dist/index.mjs +1 -1
  209. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  210. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  211. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  212. package/dist/interaction_client/PopupClient.d.ts +2 -1
  213. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  214. package/dist/interaction_client/PopupClient.mjs +43 -14
  215. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  216. package/dist/interaction_client/RedirectClient.d.ts +5 -0
  217. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  218. package/dist/interaction_client/RedirectClient.mjs +42 -15
  219. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  220. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  221. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  222. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  223. package/dist/interaction_client/SilentIframeClient.mjs +13 -7
  224. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  225. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  226. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  227. package/dist/interaction_client/StandardInteractionClient.mjs +7 -3
  228. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  229. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  230. package/dist/interaction_handler/SilentHandler.d.ts +1 -0
  231. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  232. package/dist/interaction_handler/SilentHandler.mjs +12 -3
  233. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  234. package/dist/naa/BridgeError.mjs +1 -1
  235. package/dist/naa/BridgeProxy.mjs +1 -1
  236. package/dist/naa/BridgeStatusCode.mjs +1 -1
  237. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  238. package/dist/navigation/NavigationClient.mjs +1 -1
  239. package/dist/network/FetchClient.mjs +1 -1
  240. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  241. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  242. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  243. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  244. package/dist/packageMetadata.d.ts +1 -1
  245. package/dist/packageMetadata.mjs +2 -2
  246. package/dist/protocol/Authorize.d.ts +4 -0
  247. package/dist/protocol/Authorize.d.ts.map +1 -1
  248. package/dist/protocol/Authorize.mjs +15 -2
  249. package/dist/protocol/Authorize.mjs.map +1 -1
  250. package/dist/request/RequestHelpers.d.ts +11 -1
  251. package/dist/request/RequestHelpers.d.ts.map +1 -1
  252. package/dist/request/RequestHelpers.mjs +32 -3
  253. package/dist/request/RequestHelpers.mjs.map +1 -1
  254. package/dist/response/ResponseHandler.mjs +1 -1
  255. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  256. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  257. package/dist/utils/BrowserConstants.mjs +1 -1
  258. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  259. package/dist/utils/BrowserUtils.mjs +1 -1
  260. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  261. package/lib/custom-auth-path/msal-custom-auth.cjs +233 -172
  262. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  263. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  264. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  265. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts +2 -1
  266. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  267. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts +5 -0
  268. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  269. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  270. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  271. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts +1 -0
  272. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  273. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  274. package/lib/custom-auth-path/types/protocol/Authorize.d.ts +4 -0
  275. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  276. package/lib/custom-auth-path/types/request/RequestHelpers.d.ts +11 -1
  277. package/lib/custom-auth-path/types/request/RequestHelpers.d.ts.map +1 -1
  278. package/lib/msal-browser.cjs +259 -180
  279. package/lib/msal-browser.cjs.map +1 -1
  280. package/lib/msal-browser.js +259 -180
  281. package/lib/msal-browser.js.map +1 -1
  282. package/lib/msal-browser.min.js +68 -69
  283. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  284. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  285. package/lib/types/interaction_client/PopupClient.d.ts +2 -1
  286. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  287. package/lib/types/interaction_client/RedirectClient.d.ts +5 -0
  288. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  289. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  290. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  291. package/lib/types/interaction_handler/SilentHandler.d.ts +1 -0
  292. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  293. package/lib/types/packageMetadata.d.ts +1 -1
  294. package/lib/types/protocol/Authorize.d.ts +4 -0
  295. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  296. package/lib/types/request/RequestHelpers.d.ts +11 -1
  297. package/lib/types/request/RequestHelpers.d.ts.map +1 -1
  298. package/package.json +2 -2
  299. package/src/controllers/NestedAppAuthController.ts +18 -2
  300. package/src/interaction_client/PopupClient.ts +161 -63
  301. package/src/interaction_client/RedirectClient.ts +86 -35
  302. package/src/interaction_client/SilentIframeClient.ts +49 -28
  303. package/src/interaction_client/StandardInteractionClient.ts +13 -2
  304. package/src/interaction_handler/SilentHandler.ts +24 -1
  305. package/src/packageMetadata.ts +1 -1
  306. package/src/protocol/Authorize.ts +48 -0
  307. package/src/request/RequestHelpers.ts +45 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v4.14.0 2025-07-01 */
1
+ /*! @azure/msal-browser v4.16.0 2025-07-23 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v15.8.0 2025-07-01 */
9
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -86,6 +86,10 @@
86
86
  SERVER_ERROR_RANGE_END: 599,
87
87
  MULTI_SIDED_ERROR: 600,
88
88
  };
89
+ const HttpMethod = {
90
+ GET: "GET",
91
+ POST: "POST",
92
+ };
89
93
  const OIDC_DEFAULT_SCOPES = [
90
94
  Constants.OPENID_SCOPE,
91
95
  Constants.PROFILE_SCOPE,
@@ -139,13 +143,6 @@
139
143
  CREATE: "create",
140
144
  NO_SESSION: "no_session",
141
145
  };
142
- /**
143
- * allowed values for codeVerifier
144
- */
145
- const CodeChallengeMethodValues = {
146
- PLAIN: "plain",
147
- S256: "S256",
148
- };
149
146
  /**
150
147
  * Allowed values for response_type
151
148
  */
@@ -288,7 +285,7 @@
288
285
  // Token renewal offset default in seconds
289
286
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
290
287
 
291
- /*! @azure/msal-common v15.8.0 2025-07-01 */
288
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
292
289
  /*
293
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
294
291
  * Licensed under the MIT License.
@@ -305,7 +302,7 @@
305
302
  unexpectedError: unexpectedError
306
303
  });
307
304
 
308
- /*! @azure/msal-common v15.8.0 2025-07-01 */
305
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
309
306
 
310
307
  /*
311
308
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -354,7 +351,7 @@
354
351
  : AuthErrorMessages[code]);
355
352
  }
356
353
 
357
- /*! @azure/msal-common v15.8.0 2025-07-01 */
354
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
358
355
  /*
359
356
  * Copyright (c) Microsoft Corporation. All rights reserved.
360
357
  * Licensed under the MIT License.
@@ -452,7 +449,7 @@
452
449
  userTimeoutReached: userTimeoutReached
453
450
  });
454
451
 
455
- /*! @azure/msal-common v15.8.0 2025-07-01 */
452
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
456
453
 
457
454
  /*
458
455
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -704,7 +701,7 @@
704
701
  return new ClientAuthError(errorCode, additionalMessage);
705
702
  }
706
703
 
707
- /*! @azure/msal-common v15.8.0 2025-07-01 */
704
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
708
705
 
709
706
  /*
710
707
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -743,7 +740,7 @@
743
740
  },
744
741
  };
745
742
 
746
- /*! @azure/msal-common v15.8.0 2025-07-01 */
743
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
747
744
 
748
745
  /*
749
746
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -934,12 +931,12 @@
934
931
  }
935
932
  }
936
933
 
937
- /*! @azure/msal-common v15.8.0 2025-07-01 */
934
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
938
935
  /* eslint-disable header/header */
939
936
  const name$1 = "@azure/msal-common";
940
- const version$1 = "15.8.0";
937
+ const version$1 = "15.9.0";
941
938
 
942
- /*! @azure/msal-common v15.8.0 2025-07-01 */
939
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
943
940
  /*
944
941
  * Copyright (c) Microsoft Corporation. All rights reserved.
945
942
  * Licensed under the MIT License.
@@ -959,7 +956,7 @@
959
956
  AzureUsGovernment: "https://login.microsoftonline.us",
960
957
  };
961
958
 
962
- /*! @azure/msal-common v15.8.0 2025-07-01 */
959
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
963
960
 
964
961
  /*
965
962
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1020,7 +1017,7 @@
1020
1017
  }
1021
1018
  }
1022
1019
 
1023
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1020
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1024
1021
  /*
1025
1022
  * Copyright (c) Microsoft Corporation. All rights reserved.
1026
1023
  * Licensed under the MIT License.
@@ -1075,7 +1072,7 @@
1075
1072
  return cachedAtSec > nowSeconds();
1076
1073
  }
1077
1074
 
1078
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1075
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1079
1076
 
1080
1077
  /*
1081
1078
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1402,7 +1399,7 @@
1402
1399
  return metadata.expiresAt <= nowSeconds();
1403
1400
  }
1404
1401
 
1405
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1402
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1406
1403
  /*
1407
1404
  * Copyright (c) Microsoft Corporation. All rights reserved.
1408
1405
  * Licensed under the MIT License.
@@ -1413,7 +1410,6 @@
1413
1410
  const urlParseError = "url_parse_error";
1414
1411
  const urlEmptyError = "empty_url_error";
1415
1412
  const emptyInputScopesError = "empty_input_scopes_error";
1416
- const invalidPromptValue = "invalid_prompt_value";
1417
1413
  const invalidClaims = "invalid_claims";
1418
1414
  const tokenRequestEmpty = "token_request_empty";
1419
1415
  const logoutRequestEmpty = "logout_request_empty";
@@ -1428,7 +1424,9 @@
1428
1424
  const invalidAuthenticationHeader = "invalid_authentication_header";
1429
1425
  const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
1430
1426
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
1431
- const authorityMismatch = "authority_mismatch";
1427
+ const authorityMismatch = "authority_mismatch";
1428
+ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
1429
+ const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
1432
1430
 
1433
1431
  var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
1434
1432
  __proto__: null,
@@ -1440,10 +1438,11 @@
1440
1438
  emptyInputScopesError: emptyInputScopesError,
1441
1439
  invalidAuthenticationHeader: invalidAuthenticationHeader,
1442
1440
  invalidAuthorityMetadata: invalidAuthorityMetadata,
1441
+ invalidAuthorizePostBodyParameters: invalidAuthorizePostBodyParameters,
1443
1442
  invalidClaims: invalidClaims,
1444
1443
  invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
1445
1444
  invalidCodeChallengeMethod: invalidCodeChallengeMethod,
1446
- invalidPromptValue: invalidPromptValue,
1445
+ invalidRequestMethodForEAR: invalidRequestMethodForEAR,
1447
1446
  logoutRequestEmpty: logoutRequestEmpty,
1448
1447
  missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
1449
1448
  missingSshJwk: missingSshJwk,
@@ -1456,7 +1455,7 @@
1456
1455
  urlParseError: urlParseError
1457
1456
  });
1458
1457
 
1459
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1458
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1460
1459
 
1461
1460
  /*
1462
1461
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1469,7 +1468,6 @@
1469
1468
  [urlParseError]: "URL could not be parsed into appropriate segments.",
1470
1469
  [urlEmptyError]: "URL was empty or null.",
1471
1470
  [emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
1472
- [invalidPromptValue]: "Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",
1473
1471
  [invalidClaims]: "Given claims parameter must be a stringified JSON object.",
1474
1472
  [tokenRequestEmpty]: "Token request was empty and not found in cache.",
1475
1473
  [logoutRequestEmpty]: "The logout request was null or undefined.",
@@ -1485,6 +1483,8 @@
1485
1483
  [cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
1486
1484
  [cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
1487
1485
  [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
1486
+ [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
1487
+ [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
1488
1488
  };
1489
1489
  /**
1490
1490
  * ClientConfigurationErrorMessage class containing string constants used by error codes and messages.
@@ -1515,10 +1515,6 @@
1515
1515
  code: emptyInputScopesError,
1516
1516
  desc: ClientConfigurationErrorMessages[emptyInputScopesError],
1517
1517
  },
1518
- invalidPrompt: {
1519
- code: invalidPromptValue,
1520
- desc: ClientConfigurationErrorMessages[invalidPromptValue],
1521
- },
1522
1518
  invalidClaimsRequest: {
1523
1519
  code: invalidClaims,
1524
1520
  desc: ClientConfigurationErrorMessages[invalidClaims],
@@ -1579,6 +1575,14 @@
1579
1575
  code: authorityMismatch,
1580
1576
  desc: ClientConfigurationErrorMessages[authorityMismatch],
1581
1577
  },
1578
+ invalidAuthorizePostBodyParameters: {
1579
+ code: invalidAuthorizePostBodyParameters,
1580
+ desc: ClientConfigurationErrorMessages[invalidAuthorizePostBodyParameters],
1581
+ },
1582
+ invalidRequestMethodForEAR: {
1583
+ code: invalidRequestMethodForEAR,
1584
+ desc: ClientConfigurationErrorMessages[invalidRequestMethodForEAR],
1585
+ },
1582
1586
  };
1583
1587
  /**
1584
1588
  * Error thrown when there is an error in configuration of the MSAL.js library.
@@ -1594,7 +1598,7 @@
1594
1598
  return new ClientConfigurationError(errorCode);
1595
1599
  }
1596
1600
 
1597
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1601
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1598
1602
  /*
1599
1603
  * Copyright (c) Microsoft Corporation. All rights reserved.
1600
1604
  * Licensed under the MIT License.
@@ -1691,7 +1695,7 @@
1691
1695
  }
1692
1696
  }
1693
1697
 
1694
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1698
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1695
1699
 
1696
1700
  /*
1697
1701
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1882,7 +1886,7 @@
1882
1886
  }
1883
1887
  }
1884
1888
 
1885
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1889
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1886
1890
 
1887
1891
  /*
1888
1892
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1922,7 +1926,7 @@
1922
1926
  };
1923
1927
  }
1924
1928
 
1925
- /*! @azure/msal-common v15.8.0 2025-07-01 */
1929
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
1926
1930
  /*
1927
1931
  * Copyright (c) Microsoft Corporation. All rights reserved.
1928
1932
  * Licensed under the MIT License.
@@ -2001,7 +2005,7 @@
2001
2005
  return updatedAccountInfo;
2002
2006
  }
2003
2007
 
2004
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2008
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2005
2009
  /*
2006
2010
  * Copyright (c) Microsoft Corporation. All rights reserved.
2007
2011
  * Licensed under the MIT License.
@@ -2016,7 +2020,7 @@
2016
2020
  Ciam: 3,
2017
2021
  };
2018
2022
 
2019
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2023
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2020
2024
  /*
2021
2025
  * Copyright (c) Microsoft Corporation. All rights reserved.
2022
2026
  * Licensed under the MIT License.
@@ -2038,7 +2042,7 @@
2038
2042
  return null;
2039
2043
  }
2040
2044
 
2041
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2045
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2042
2046
  /*
2043
2047
  * Copyright (c) Microsoft Corporation. All rights reserved.
2044
2048
  * Licensed under the MIT License.
@@ -2062,7 +2066,7 @@
2062
2066
  EAR: "EAR",
2063
2067
  };
2064
2068
 
2065
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2069
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2066
2070
 
2067
2071
  /*
2068
2072
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2305,7 +2309,7 @@
2305
2309
  }
2306
2310
  }
2307
2311
 
2308
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2312
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2309
2313
 
2310
2314
  /*
2311
2315
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2370,7 +2374,7 @@
2370
2374
  return queryParameterArray.join("&");
2371
2375
  }
2372
2376
 
2373
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2377
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2374
2378
 
2375
2379
  /*
2376
2380
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2534,7 +2538,7 @@
2534
2538
  }
2535
2539
  }
2536
2540
 
2537
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2541
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2538
2542
 
2539
2543
  /*
2540
2544
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2673,7 +2677,7 @@
2673
2677
  return null;
2674
2678
  }
2675
2679
 
2676
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2680
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2677
2681
  /*
2678
2682
  * Copyright (c) Microsoft Corporation. All rights reserved.
2679
2683
  * Licensed under the MIT License.
@@ -2681,7 +2685,7 @@
2681
2685
  const cacheQuotaExceeded = "cache_quota_exceeded";
2682
2686
  const cacheErrorUnknown = "cache_error_unknown";
2683
2687
 
2684
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2688
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2685
2689
 
2686
2690
  /*
2687
2691
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2726,7 +2730,7 @@
2726
2730
  }
2727
2731
  }
2728
2732
 
2729
- /*! @azure/msal-common v15.8.0 2025-07-01 */
2733
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
2730
2734
 
2731
2735
  /*
2732
2736
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3893,7 +3897,7 @@
3893
3897
  }
3894
3898
  }
3895
3899
 
3896
- /*! @azure/msal-common v15.8.0 2025-07-01 */
3900
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
3897
3901
  /*
3898
3902
  * Copyright (c) Microsoft Corporation. All rights reserved.
3899
3903
  * Licensed under the MIT License.
@@ -4405,7 +4409,7 @@
4405
4409
  "encryptedCacheExpiredCount",
4406
4410
  ]);
4407
4411
 
4408
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4412
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4409
4413
 
4410
4414
  /*
4411
4415
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4484,7 +4488,7 @@
4484
4488
  }
4485
4489
  }
4486
4490
 
4487
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4491
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4488
4492
 
4489
4493
  /*
4490
4494
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4584,7 +4588,7 @@
4584
4588
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4585
4589
  }
4586
4590
 
4587
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4591
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4588
4592
  /*
4589
4593
  * Copyright (c) Microsoft Corporation. All rights reserved.
4590
4594
  * Licensed under the MIT License.
@@ -4594,7 +4598,7 @@
4594
4598
  UPN: "UPN",
4595
4599
  };
4596
4600
 
4597
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4601
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4598
4602
  /*
4599
4603
  * Copyright (c) Microsoft Corporation. All rights reserved.
4600
4604
  * Licensed under the MIT License.
@@ -4644,7 +4648,7 @@
4644
4648
  const EAR_JWK = "ear_jwk";
4645
4649
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4646
4650
 
4647
- /*! @azure/msal-common v15.8.0 2025-07-01 */
4651
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
4648
4652
 
4649
4653
  /*
4650
4654
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5010,9 +5014,21 @@
5010
5014
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
5011
5015
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
5012
5016
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
5017
+ }
5018
+ /**
5019
+ * Adds authorize body parameters to the request parameters
5020
+ * @param parameters
5021
+ * @param bodyParameters
5022
+ */
5023
+ function addPostBodyParameters(parameters, bodyParameters) {
5024
+ Object.entries(bodyParameters).forEach(([key, value]) => {
5025
+ if (value) {
5026
+ parameters.set(key, value);
5027
+ }
5028
+ });
5013
5029
  }
5014
5030
 
5015
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5031
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5016
5032
  /*
5017
5033
  * Copyright (c) Microsoft Corporation. All rights reserved.
5018
5034
  * Licensed under the MIT License.
@@ -5024,7 +5040,7 @@
5024
5040
  response.hasOwnProperty("jwks_uri"));
5025
5041
  }
5026
5042
 
5027
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5043
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5028
5044
  /*
5029
5045
  * Copyright (c) Microsoft Corporation. All rights reserved.
5030
5046
  * Licensed under the MIT License.
@@ -5034,7 +5050,7 @@
5034
5050
  response.hasOwnProperty("metadata"));
5035
5051
  }
5036
5052
 
5037
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5053
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5038
5054
  /*
5039
5055
  * Copyright (c) Microsoft Corporation. All rights reserved.
5040
5056
  * Licensed under the MIT License.
@@ -5044,7 +5060,7 @@
5044
5060
  response.hasOwnProperty("error_description"));
5045
5061
  }
5046
5062
 
5047
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5063
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5048
5064
  /*
5049
5065
  * Copyright (c) Microsoft Corporation. All rights reserved.
5050
5066
  * Licensed under the MIT License.
@@ -5140,7 +5156,7 @@
5140
5156
  };
5141
5157
  };
5142
5158
 
5143
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5159
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5144
5160
 
5145
5161
  /*
5146
5162
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5246,7 +5262,7 @@
5246
5262
  },
5247
5263
  };
5248
5264
 
5249
- /*! @azure/msal-common v15.8.0 2025-07-01 */
5265
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
5250
5266
 
5251
5267
  /*
5252
5268
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6085,7 +6101,7 @@
6085
6101
  };
6086
6102
  }
6087
6103
 
6088
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6104
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6089
6105
 
6090
6106
  /*
6091
6107
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6116,7 +6132,7 @@
6116
6132
  }
6117
6133
  }
6118
6134
 
6119
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6135
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6120
6136
 
6121
6137
  /*
6122
6138
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6135,7 +6151,7 @@
6135
6151
  }
6136
6152
  }
6137
6153
 
6138
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6154
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6139
6155
  /*
6140
6156
  * Copyright (c) Microsoft Corporation. All rights reserved.
6141
6157
  * Licensed under the MIT License.
@@ -6156,7 +6172,7 @@
6156
6172
  };
6157
6173
  }
6158
6174
 
6159
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6175
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6160
6176
 
6161
6177
  /*
6162
6178
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6243,7 +6259,7 @@
6243
6259
  }
6244
6260
  }
6245
6261
 
6246
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6262
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6247
6263
 
6248
6264
  /*
6249
6265
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6274,7 +6290,7 @@
6274
6290
  return new NetworkError(error, httpStatus, responseHeaders);
6275
6291
  }
6276
6292
 
6277
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6293
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6278
6294
 
6279
6295
  /*
6280
6296
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6422,7 +6438,7 @@
6422
6438
  }
6423
6439
  }
6424
6440
 
6425
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6441
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6426
6442
  /*
6427
6443
  * Copyright (c) Microsoft Corporation. All rights reserved.
6428
6444
  * Licensed under the MIT License.
@@ -6450,7 +6466,7 @@
6450
6466
  uxNotAllowed: uxNotAllowed
6451
6467
  });
6452
6468
 
6453
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6469
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6454
6470
 
6455
6471
  /*
6456
6472
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6540,7 +6556,7 @@
6540
6556
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
6541
6557
  }
6542
6558
 
6543
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6559
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6544
6560
 
6545
6561
  /*
6546
6562
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6612,7 +6628,7 @@
6612
6628
  }
6613
6629
  }
6614
6630
 
6615
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6631
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6616
6632
 
6617
6633
  /*
6618
6634
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6694,7 +6710,7 @@
6694
6710
  }
6695
6711
  }
6696
6712
 
6697
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6713
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6698
6714
  /*
6699
6715
  * Copyright (c) Microsoft Corporation. All rights reserved.
6700
6716
  * Licensed under the MIT License.
@@ -6721,7 +6737,7 @@
6721
6737
  }
6722
6738
  }
6723
6739
 
6724
- /*! @azure/msal-common v15.8.0 2025-07-01 */
6740
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
6725
6741
 
6726
6742
  /*
6727
6743
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7052,74 +7068,7 @@
7052
7068
  return baseAccount;
7053
7069
  }
7054
7070
 
7055
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7056
-
7057
- /*
7058
- * Copyright (c) Microsoft Corporation. All rights reserved.
7059
- * Licensed under the MIT License.
7060
- */
7061
- /**
7062
- * Validates server consumable params from the "request" objects
7063
- */
7064
- class RequestValidator {
7065
- /**
7066
- * Utility to check if the `redirectUri` in the request is a non-null value
7067
- * @param redirectUri
7068
- */
7069
- static validateRedirectUri(redirectUri) {
7070
- if (!redirectUri) {
7071
- throw createClientConfigurationError(redirectUriEmpty);
7072
- }
7073
- }
7074
- /**
7075
- * Utility to validate prompt sent by the user in the request
7076
- * @param prompt
7077
- */
7078
- static validatePrompt(prompt) {
7079
- const promptValues = [];
7080
- for (const value in PromptValue) {
7081
- promptValues.push(PromptValue[value]);
7082
- }
7083
- if (promptValues.indexOf(prompt) < 0) {
7084
- throw createClientConfigurationError(invalidPromptValue);
7085
- }
7086
- }
7087
- static validateClaims(claims) {
7088
- try {
7089
- JSON.parse(claims);
7090
- }
7091
- catch (e) {
7092
- throw createClientConfigurationError(invalidClaims);
7093
- }
7094
- }
7095
- /**
7096
- * Utility to validate code_challenge and code_challenge_method
7097
- * @param codeChallenge
7098
- * @param codeChallengeMethod
7099
- */
7100
- static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) {
7101
- if (!codeChallenge || !codeChallengeMethod) {
7102
- throw createClientConfigurationError(pkceParamsMissing);
7103
- }
7104
- else {
7105
- this.validateCodeChallengeMethod(codeChallengeMethod);
7106
- }
7107
- }
7108
- /**
7109
- * Utility to validate code_challenge_method
7110
- * @param codeChallengeMethod
7111
- */
7112
- static validateCodeChallengeMethod(codeChallengeMethod) {
7113
- if ([
7114
- CodeChallengeMethodValues.PLAIN,
7115
- CodeChallengeMethodValues.S256,
7116
- ].indexOf(codeChallengeMethod) < 0) {
7117
- throw createClientConfigurationError(invalidCodeChallengeMethod);
7118
- }
7119
- }
7120
- }
7121
-
7122
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7071
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7123
7072
  /*
7124
7073
  * Copyright (c) Microsoft Corporation. All rights reserved.
7125
7074
  * Licensed under the MIT License.
@@ -7137,7 +7086,7 @@
7137
7086
  }
7138
7087
  }
7139
7088
 
7140
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7089
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7141
7090
 
7142
7091
  /*
7143
7092
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7231,7 +7180,9 @@
7231
7180
  */
7232
7181
  if (!this.includeRedirectUri) {
7233
7182
  // Just validate
7234
- RequestValidator.validateRedirectUri(request.redirectUri);
7183
+ if (!request.redirectUri) {
7184
+ throw createClientConfigurationError(redirectUriEmpty);
7185
+ }
7235
7186
  }
7236
7187
  else {
7237
7188
  // Validate and include redirect uri
@@ -7370,7 +7321,7 @@
7370
7321
  }
7371
7322
  }
7372
7323
 
7373
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7324
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7374
7325
 
7375
7326
  /*
7376
7327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7579,7 +7530,7 @@
7579
7530
  }
7580
7531
  }
7581
7532
 
7582
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7533
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7583
7534
 
7584
7535
  /*
7585
7536
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7677,7 +7628,7 @@
7677
7628
  }
7678
7629
  }
7679
7630
 
7680
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7631
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7681
7632
 
7682
7633
  /*
7683
7634
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7692,7 +7643,7 @@
7692
7643
  },
7693
7644
  };
7694
7645
 
7695
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7646
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7696
7647
 
7697
7648
  /*
7698
7649
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7916,7 +7867,7 @@
7916
7867
  return account.idTokenClaims?.login_hint || null;
7917
7868
  }
7918
7869
 
7919
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7870
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7920
7871
 
7921
7872
  /*
7922
7873
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7974,7 +7925,7 @@
7974
7925
  }
7975
7926
  }
7976
7927
 
7977
- /*! @azure/msal-common v15.8.0 2025-07-01 */
7928
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
7978
7929
 
7979
7930
  /*
7980
7931
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8237,7 +8188,7 @@
8237
8188
  }
8238
8189
  }
8239
8190
 
8240
- /*! @azure/msal-common v15.8.0 2025-07-01 */
8191
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
8241
8192
  /*
8242
8193
  * Copyright (c) Microsoft Corporation. All rights reserved.
8243
8194
  * Licensed under the MIT License.
@@ -8245,7 +8196,7 @@
8245
8196
  const missingKidError = "missing_kid_error";
8246
8197
  const missingAlgError = "missing_alg_error";
8247
8198
 
8248
- /*! @azure/msal-common v15.8.0 2025-07-01 */
8199
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
8249
8200
 
8250
8201
  /*
8251
8202
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8270,7 +8221,7 @@
8270
8221
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
8271
8222
  }
8272
8223
 
8273
- /*! @azure/msal-common v15.8.0 2025-07-01 */
8224
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
8274
8225
 
8275
8226
  /*
8276
8227
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8310,7 +8261,7 @@
8310
8261
  }
8311
8262
  }
8312
8263
 
8313
- /*! @azure/msal-common v15.8.0 2025-07-01 */
8264
+ /*! @azure/msal-common v15.9.0 2025-07-23 */
8314
8265
 
8315
8266
  /*
8316
8267
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10414,7 +10365,7 @@
10414
10365
 
10415
10366
  /* eslint-disable header/header */
10416
10367
  const name = "@azure/msal-browser";
10417
- const version = "4.14.0";
10368
+ const version = "4.16.0";
10418
10369
 
10419
10370
  /*
10420
10371
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -13145,6 +13096,35 @@
13145
13096
  account: account,
13146
13097
  forceRefresh: request.forceRefresh || false,
13147
13098
  };
13099
+ }
13100
+ /**
13101
+ * Validates that the combination of request method, protocol mode and authorize body parameters is correct.
13102
+ * Returns the validated or defaulted HTTP method or throws if the configured combination is invalid.
13103
+ * @param interactionRequest
13104
+ * @param protocolMode
13105
+ * @returns
13106
+ */
13107
+ function validateRequestMethod(interactionRequest, protocolMode) {
13108
+ let httpMethod;
13109
+ const requestMethod = interactionRequest.httpMethod;
13110
+ if (protocolMode === ProtocolMode.EAR) {
13111
+ // Don't override httpMethod if it is already set, default to POST if not set
13112
+ httpMethod = requestMethod || HttpMethod.POST;
13113
+ // Validate that method is not GET if protocol mode is EAR
13114
+ if (httpMethod !== HttpMethod.POST) {
13115
+ throw createClientConfigurationError(invalidRequestMethodForEAR);
13116
+ }
13117
+ }
13118
+ else {
13119
+ // For non-EAR protocol modes, default to GET if httpMethod is not set
13120
+ httpMethod = requestMethod || HttpMethod.GET;
13121
+ }
13122
+ // Regardless of protocolMode, if there are authorizePostBodyParameters, validate the request method is POST
13123
+ if (interactionRequest.authorizePostBodyParameters &&
13124
+ httpMethod !== HttpMethod.POST) {
13125
+ throw createClientConfigurationError(invalidAuthorizePostBodyParameters);
13126
+ }
13127
+ return httpMethod;
13148
13128
  }
13149
13129
 
13150
13130
  /*
@@ -13321,7 +13301,7 @@
13321
13301
  };
13322
13302
  const state = ProtocolUtils.setRequestState(this.browserCrypto, (request && request.state) || Constants.EMPTY_STRING, browserState);
13323
13303
  const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, this.logger, this.performanceClient, this.correlationId)({ ...request, correlationId: this.correlationId }, this.config, this.performanceClient, this.logger);
13324
- const validatedRequest = {
13304
+ const interactionRequest = {
13325
13305
  ...baseRequest,
13326
13306
  redirectUri: redirectUri,
13327
13307
  state: state,
@@ -13329,6 +13309,10 @@
13329
13309
  responseMode: this.config.auth.OIDCOptions
13330
13310
  .serverResponseType,
13331
13311
  };
13312
+ const validatedRequest = {
13313
+ ...interactionRequest,
13314
+ httpMethod: validateRequestMethod(interactionRequest, this.config.auth.protocolMode),
13315
+ };
13332
13316
  // Skip active account lookup if either login hint or session id is set
13333
13317
  if (request.loginHint || request.sid) {
13334
13318
  return validatedRequest;
@@ -14323,6 +14307,19 @@
14323
14307
  const url = getAuthorizeUrl(authority, queryParams, config.auth.encodeExtraQueryParams, request.extraQueryParameters);
14324
14308
  return createForm(frame, url, parameters);
14325
14309
  }
14310
+ /**
14311
+ * Gets the form that will be posted to /authorize with request parameters when using POST method
14312
+ */
14313
+ async function getCodeForm(frame, config, authority, request, logger, performanceClient) {
14314
+ const parameters = await getStandardParameters(config, authority, request, logger, performanceClient);
14315
+ addResponseType(parameters, OAuthResponseType.CODE);
14316
+ addCodeChallengeParams(parameters, request.codeChallenge, request.codeChallengeMethod || Constants.S256_CODE_CHALLENGE_METHOD);
14317
+ addPostBodyParameters(parameters, request.authorizePostBodyParameters || {});
14318
+ const queryParams = new Map();
14319
+ addExtraQueryParameters(queryParams, request.extraQueryParameters || {});
14320
+ const url = getAuthorizeUrl(authority, queryParams, config.auth.encodeExtraQueryParams, request.extraQueryParameters);
14321
+ return createForm(frame, url, parameters);
14322
+ }
14326
14323
  /**
14327
14324
  * Creates form element in the provided document with auth parameters in the post body
14328
14325
  * @param frame
@@ -15014,9 +15011,10 @@
15014
15011
  * @param pkceCodes
15015
15012
  */
15016
15013
  acquireToken(request, pkceCodes) {
15014
+ let popupParams = undefined;
15017
15015
  try {
15018
15016
  const popupName = this.generatePopupName(request.scopes || OIDC_DEFAULT_SCOPES, request.authority || this.config.auth.authority);
15019
- const popupParams = {
15017
+ popupParams = {
15020
15018
  popupName,
15021
15019
  popupWindowAttributes: request.popupWindowAttributes || {},
15022
15020
  popupWindowParent: request.popupWindowParent ?? window,
@@ -15029,10 +15027,15 @@
15029
15027
  return this.acquireTokenPopupAsync(request, popupParams, pkceCodes);
15030
15028
  }
15031
15029
  else {
15030
+ // Pre-validate request method to avoid opening popup if the request is invalid
15031
+ const validatedRequest = {
15032
+ ...request,
15033
+ httpMethod: validateRequestMethod(request, this.config.auth.protocolMode),
15034
+ };
15032
15035
  // asyncPopups flag is set to false. Opens popup before acquiring token.
15033
15036
  this.logger.verbose("asyncPopup set to false, opening popup before acquiring token");
15034
15037
  popupParams.popup = this.openSizedPopup("about:blank", popupParams);
15035
- return this.acquireTokenPopupAsync(request, popupParams, pkceCodes);
15038
+ return this.acquireTokenPopupAsync(validatedRequest, popupParams, pkceCodes);
15036
15039
  }
15037
15040
  }
15038
15041
  catch (e) {
@@ -15124,15 +15127,20 @@
15124
15127
  requestExtraQueryParameters: popupRequest.extraQueryParameters,
15125
15128
  account: popupRequest.account,
15126
15129
  });
15127
- // Create acquire token url.
15128
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, popupRequest, this.logger, this.performanceClient);
15129
- // Show the UI once the url has been created. Get the window handle for the popup.
15130
- const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
15131
- this.eventHandler.emitEvent(EventType.POPUP_OPENED, exports.InteractionType.Popup, { popupWindow }, null);
15132
- // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
15133
- const responseString = await this.monitorPopupForHash(popupWindow, popupParams.popupWindowParent);
15134
- const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
15135
- return await invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15130
+ if (popupRequest.httpMethod === HttpMethod.POST) {
15131
+ return await this.executeCodeFlowWithPost(popupRequest, popupParams, authClient, pkce.verifier);
15132
+ }
15133
+ else {
15134
+ // Create acquire token url.
15135
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, popupRequest, this.logger, this.performanceClient);
15136
+ // Show the UI once the url has been created. Get the window handle for the popup.
15137
+ const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
15138
+ this.eventHandler.emitEvent(EventType.POPUP_OPENED, exports.InteractionType.Popup, { popupWindow }, null);
15139
+ // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
15140
+ const responseString = await this.monitorPopupForHash(popupWindow, popupParams.popupWindowParent);
15141
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
15142
+ return await invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15143
+ }
15136
15144
  }
15137
15145
  catch (e) {
15138
15146
  // Close the synchronous popup if an error is thrown before the window unload event is registered
@@ -15170,6 +15178,23 @@
15170
15178
  const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
15171
15179
  return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(popupRequest, serverParams, ApiId.acquireTokenPopup, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15172
15180
  }
15181
+ async executeCodeFlowWithPost(request, popupParams, authClient, pkceVerifier) {
15182
+ const correlationId = request.correlationId;
15183
+ // Get the frame handle for the silent request
15184
+ const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, correlationId)({
15185
+ requestAuthority: request.authority,
15186
+ requestAzureCloudOptions: request.azureCloudOptions,
15187
+ requestExtraQueryParameters: request.extraQueryParameters,
15188
+ account: request.account,
15189
+ });
15190
+ const popupWindow = popupParams.popup || this.openPopup("about:blank", popupParams);
15191
+ const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
15192
+ form.submit();
15193
+ // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
15194
+ const responseString = await invokeAsync(this.monitorPopupForHash.bind(this), PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupWindow, popupParams.popupWindowParent);
15195
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
15196
+ return invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15197
+ }
15173
15198
  /**
15174
15199
  *
15175
15200
  * @param validRequest
@@ -15521,18 +15546,23 @@
15521
15546
  };
15522
15547
  this.browserStorage.cacheAuthorizeRequest(redirectRequest, pkceCodes.verifier);
15523
15548
  try {
15524
- // Initialize the client
15525
- const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15526
- serverTelemetryManager,
15527
- requestAuthority: redirectRequest.authority,
15528
- requestAzureCloudOptions: redirectRequest.azureCloudOptions,
15529
- requestExtraQueryParameters: redirectRequest.extraQueryParameters,
15530
- account: redirectRequest.account,
15531
- });
15532
- // Create acquire token url.
15533
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, request.correlationId)(this.config, authClient.authority, redirectRequest, this.logger, this.performanceClient);
15534
- // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.
15535
- return await this.initiateAuthRequest(navigateUrl, onRedirectNavigate);
15549
+ if (redirectRequest.httpMethod === HttpMethod.POST) {
15550
+ return await this.executeCodeFlowWithPost(redirectRequest);
15551
+ }
15552
+ else {
15553
+ // Initialize the client
15554
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15555
+ serverTelemetryManager,
15556
+ requestAuthority: redirectRequest.authority,
15557
+ requestAzureCloudOptions: redirectRequest.azureCloudOptions,
15558
+ requestExtraQueryParameters: redirectRequest.extraQueryParameters,
15559
+ account: redirectRequest.account,
15560
+ });
15561
+ // Create acquire token url.
15562
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, request.correlationId)(this.config, authClient.authority, redirectRequest, this.logger, this.performanceClient);
15563
+ // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.
15564
+ return await this.initiateAuthRequest(navigateUrl, onRedirectNavigate);
15565
+ }
15536
15566
  }
15537
15567
  catch (e) {
15538
15568
  if (e instanceof AuthError) {
@@ -15569,6 +15599,28 @@
15569
15599
  }, this.config.system.redirectNavigationTimeout);
15570
15600
  });
15571
15601
  }
15602
+ /**
15603
+ * Executes classic Authorization Code flow with a POST request.
15604
+ * @param request
15605
+ */
15606
+ async executeCodeFlowWithPost(request) {
15607
+ const correlationId = request.correlationId;
15608
+ // Get the frame handle for the silent request
15609
+ const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, correlationId)({
15610
+ requestAuthority: request.authority,
15611
+ requestAzureCloudOptions: request.azureCloudOptions,
15612
+ requestExtraQueryParameters: request.extraQueryParameters,
15613
+ account: request.account,
15614
+ });
15615
+ this.browserStorage.cacheAuthorizeRequest(request);
15616
+ const form = await getCodeForm(document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
15617
+ form.submit();
15618
+ return new Promise((resolve, reject) => {
15619
+ setTimeout(() => {
15620
+ reject(createBrowserAuthError(timedOut, "failed_to_redirect"));
15621
+ }, this.config.system.redirectNavigationTimeout);
15622
+ });
15623
+ }
15572
15624
  /**
15573
15625
  * Checks if navigateToLoginRequestUrl is set, and:
15574
15626
  * - if true, performs logic to cache and navigate
@@ -15879,6 +15931,15 @@
15879
15931
  }
15880
15932
  return invoke(loadFrameSync, PerformanceEvents.SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl);
15881
15933
  }
15934
+ async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
15935
+ const frame = createHiddenIframe();
15936
+ if (!frame.contentDocument) {
15937
+ throw "No document associated with iframe!";
15938
+ }
15939
+ const form = await getCodeForm(frame.contentDocument, config, authority, request, logger, performanceClient);
15940
+ form.submit();
15941
+ return frame;
15942
+ }
15882
15943
  async function initiateEarRequest(config, authority, request, logger, performanceClient) {
15883
15944
  const frame = createHiddenIframe();
15884
15945
  if (!frame.contentDocument) {
@@ -16127,10 +16188,16 @@
16127
16188
  ...request,
16128
16189
  codeChallenge: pkceCodes.challenge,
16129
16190
  };
16130
- // Create authorize request url
16131
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
16132
- // Get the frame handle for the silent request
16133
- const msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
16191
+ let msalFrame;
16192
+ if (request.httpMethod === HttpMethod.POST) {
16193
+ msalFrame = await invokeAsync(initiateCodeFlowWithPost, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
16194
+ }
16195
+ else {
16196
+ // Create authorize request url
16197
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
16198
+ // Get the frame handle for the silent request
16199
+ msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
16200
+ }
16134
16201
  const responseType = this.config.auth.OIDCOptions.serverResponseType;
16135
16202
  // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
16136
16203
  const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType);
@@ -18229,7 +18296,13 @@
18229
18296
  ...this.nestedAppAuthAdapter.fromNaaTokenResponse(naaRequest, response, reqTimestamp),
18230
18297
  };
18231
18298
  // cache the tokens in the response
18232
- await this.hydrateCache(result, request);
18299
+ try {
18300
+ // cache hydration can fail in JS Runtime scenario that doesn't support full crypto API
18301
+ await this.hydrateCache(result, request);
18302
+ }
18303
+ catch (error) {
18304
+ this.logger.warningPii(`Failed to hydrate cache. Error: ${error}`, validRequest.correlationId);
18305
+ }
18233
18306
  // cache the account context in memory after successful token fetch
18234
18307
  this.currentAccountContext = {
18235
18308
  homeAccountId: result.account.homeAccountId,
@@ -18286,7 +18359,13 @@
18286
18359
  const response = await this.bridgeProxy.getTokenSilent(naaRequest);
18287
18360
  const result = this.nestedAppAuthAdapter.fromNaaTokenResponse(naaRequest, response, reqTimestamp);
18288
18361
  // cache the tokens in the response
18289
- await this.hydrateCache(result, request);
18362
+ try {
18363
+ // cache hydration can fail in JS Runtime scenario that doesn't support full crypto API
18364
+ await this.hydrateCache(result, request);
18365
+ }
18366
+ catch (error) {
18367
+ this.logger.warningPii(`Failed to hydrate cache. Error: ${error}`, validRequest.correlationId);
18368
+ }
18290
18369
  // cache the account context in memory after successful token fetch
18291
18370
  this.currentAccountContext = {
18292
18371
  homeAccountId: result.account.homeAccountId,