@azure/msal-browser 4.15.0 → 4.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (415) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/LocalStorage.mjs +1 -1
  15. package/dist/cache/MemoryStorage.mjs +1 -1
  16. package/dist/cache/SessionStorage.mjs +1 -1
  17. package/dist/cache/TokenCache.mjs +1 -1
  18. package/dist/config/Configuration.mjs +1 -1
  19. package/dist/controllers/ControllerFactory.mjs +1 -1
  20. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  21. package/dist/controllers/NestedAppAuthController.mjs +15 -3
  22. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  23. package/dist/controllers/StandardController.mjs +1 -1
  24. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  25. package/dist/crypto/BrowserCrypto.mjs +1 -1
  26. package/dist/crypto/CryptoOps.mjs +1 -1
  27. package/dist/crypto/PkceGenerator.mjs +1 -1
  28. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  29. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  30. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  31. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  32. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  33. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  34. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  35. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  36. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  37. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  38. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  39. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  40. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  41. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  42. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  43. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  44. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  45. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  46. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  47. package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
  48. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  49. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  50. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  51. package/dist/custom-auth-path/custom_auth/CustomAuthActionInputs.d.ts +3 -0
  52. package/dist/custom-auth-path/custom_auth/CustomAuthActionInputs.d.ts.map +1 -1
  53. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  54. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  55. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  56. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  57. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +8 -2
  58. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  59. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  60. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts +5 -0
  61. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts.map +1 -1
  62. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +10 -1
  63. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs.map +1 -1
  64. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +4 -1
  90. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.d.ts +1 -0
  94. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.d.ts.map +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.d.ts +1 -0
  100. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.d.ts.map +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +18 -2
  102. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs.map +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.d.ts.map +1 -1
  105. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +8 -4
  106. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs.map +1 -1
  107. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.d.ts +5 -0
  130. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.d.ts.map +1 -1
  131. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +8 -1
  132. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs.map +1 -1
  133. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCredentialResult.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
  139. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +2 -1
  140. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs.map +1 -1
  141. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
  143. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +6 -1
  144. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs.map +1 -1
  145. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
  147. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +2 -1
  148. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs.map +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts +1 -0
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts.map +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +10 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/parameter/SignInParams.d.ts +3 -0
  156. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/parameter/SignInParams.d.ts.map +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  172. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  173. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  174. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  175. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  176. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  177. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  178. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  179. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  180. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  181. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  182. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  183. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  184. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  185. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts +2 -1
  186. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  187. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +43 -14
  188. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  189. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts +5 -0
  190. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  191. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +42 -15
  192. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  193. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  194. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  195. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  196. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +13 -7
  197. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  199. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  200. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +7 -3
  201. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  202. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  203. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts +1 -0
  204. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
  205. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +12 -3
  206. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  207. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  208. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  209. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  210. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  211. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  212. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  213. package/dist/custom-auth-path/protocol/Authorize.d.ts +4 -0
  214. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  215. package/dist/custom-auth-path/protocol/Authorize.mjs +15 -2
  216. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  217. package/dist/custom-auth-path/request/RequestHelpers.d.ts +11 -1
  218. package/dist/custom-auth-path/request/RequestHelpers.d.ts.map +1 -1
  219. package/dist/custom-auth-path/request/RequestHelpers.mjs +32 -3
  220. package/dist/custom-auth-path/request/RequestHelpers.mjs.map +1 -1
  221. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  222. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  223. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  224. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  225. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  226. package/dist/custom_auth/CustomAuthActionInputs.d.ts +3 -0
  227. package/dist/custom_auth/CustomAuthActionInputs.d.ts.map +1 -1
  228. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  229. package/dist/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  230. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts +5 -0
  231. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts.map +1 -1
  232. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  233. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.d.ts +1 -0
  234. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.d.ts.map +1 -1
  235. package/dist/custom_auth/core/utils/ArgumentValidator.d.ts +1 -0
  236. package/dist/custom_auth/core/utils/ArgumentValidator.d.ts.map +1 -1
  237. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.d.ts.map +1 -1
  238. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.d.ts +5 -0
  239. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.d.ts.map +1 -1
  240. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
  241. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
  242. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
  243. package/dist/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts +1 -0
  244. package/dist/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts.map +1 -1
  245. package/dist/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  246. package/dist/custom_auth/sign_in/interaction_client/parameter/SignInParams.d.ts +3 -0
  247. package/dist/custom_auth/sign_in/interaction_client/parameter/SignInParams.d.ts.map +1 -1
  248. package/dist/encode/Base64Decode.mjs +1 -1
  249. package/dist/encode/Base64Encode.mjs +1 -1
  250. package/dist/error/BrowserAuthError.mjs +1 -1
  251. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  252. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  253. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  254. package/dist/error/NativeAuthError.mjs +1 -1
  255. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  256. package/dist/error/NestedAppAuthError.mjs +1 -1
  257. package/dist/event/EventHandler.mjs +1 -1
  258. package/dist/event/EventMessage.mjs +1 -1
  259. package/dist/event/EventType.mjs +1 -1
  260. package/dist/index.mjs +1 -1
  261. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  262. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  263. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  264. package/dist/interaction_client/PopupClient.d.ts +2 -1
  265. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  266. package/dist/interaction_client/PopupClient.mjs +43 -14
  267. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  268. package/dist/interaction_client/RedirectClient.d.ts +5 -0
  269. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  270. package/dist/interaction_client/RedirectClient.mjs +42 -15
  271. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  272. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  273. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  274. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  275. package/dist/interaction_client/SilentIframeClient.mjs +13 -7
  276. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  277. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  278. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  279. package/dist/interaction_client/StandardInteractionClient.mjs +7 -3
  280. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  281. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  282. package/dist/interaction_handler/SilentHandler.d.ts +1 -0
  283. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  284. package/dist/interaction_handler/SilentHandler.mjs +12 -3
  285. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  286. package/dist/naa/BridgeError.mjs +1 -1
  287. package/dist/naa/BridgeProxy.mjs +1 -1
  288. package/dist/naa/BridgeStatusCode.mjs +1 -1
  289. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  290. package/dist/navigation/NavigationClient.mjs +1 -1
  291. package/dist/network/FetchClient.mjs +1 -1
  292. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  293. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  294. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  295. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  296. package/dist/packageMetadata.d.ts +1 -1
  297. package/dist/packageMetadata.mjs +2 -2
  298. package/dist/protocol/Authorize.d.ts +4 -0
  299. package/dist/protocol/Authorize.d.ts.map +1 -1
  300. package/dist/protocol/Authorize.mjs +15 -2
  301. package/dist/protocol/Authorize.mjs.map +1 -1
  302. package/dist/request/RequestHelpers.d.ts +11 -1
  303. package/dist/request/RequestHelpers.d.ts.map +1 -1
  304. package/dist/request/RequestHelpers.mjs +32 -3
  305. package/dist/request/RequestHelpers.mjs.map +1 -1
  306. package/dist/response/ResponseHandler.mjs +1 -1
  307. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  308. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  309. package/dist/utils/BrowserConstants.mjs +1 -1
  310. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  311. package/dist/utils/BrowserUtils.mjs +1 -1
  312. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  313. package/lib/custom-auth-path/msal-custom-auth.cjs +292 -96
  314. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  315. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  316. package/lib/custom-auth-path/types/custom_auth/CustomAuthActionInputs.d.ts +3 -0
  317. package/lib/custom-auth-path/types/custom_auth/CustomAuthActionInputs.d.ts.map +1 -1
  318. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  319. package/lib/custom-auth-path/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  320. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts +5 -0
  321. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts.map +1 -1
  322. package/lib/custom-auth-path/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  323. package/lib/custom-auth-path/types/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.d.ts +1 -0
  324. package/lib/custom-auth-path/types/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.d.ts.map +1 -1
  325. package/lib/custom-auth-path/types/custom_auth/core/utils/ArgumentValidator.d.ts +1 -0
  326. package/lib/custom-auth-path/types/custom_auth/core/utils/ArgumentValidator.d.ts.map +1 -1
  327. package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/CustomAuthAccountData.d.ts.map +1 -1
  328. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/error_type/SignInError.d.ts +5 -0
  329. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/error_type/SignInError.d.ts.map +1 -1
  330. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
  331. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
  332. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
  333. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts +1 -0
  334. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts.map +1 -1
  335. package/lib/custom-auth-path/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  336. package/lib/custom-auth-path/types/custom_auth/sign_in/interaction_client/parameter/SignInParams.d.ts +3 -0
  337. package/lib/custom-auth-path/types/custom_auth/sign_in/interaction_client/parameter/SignInParams.d.ts.map +1 -1
  338. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts +2 -1
  339. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  340. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts +5 -0
  341. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  342. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  343. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  344. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts +1 -0
  345. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  346. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  347. package/lib/custom-auth-path/types/protocol/Authorize.d.ts +4 -0
  348. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/request/RequestHelpers.d.ts +11 -1
  350. package/lib/custom-auth-path/types/request/RequestHelpers.d.ts.map +1 -1
  351. package/lib/msal-browser.cjs +256 -98
  352. package/lib/msal-browser.cjs.map +1 -1
  353. package/lib/msal-browser.js +256 -98
  354. package/lib/msal-browser.js.map +1 -1
  355. package/lib/msal-browser.min.js +68 -68
  356. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  357. package/lib/types/custom_auth/CustomAuthActionInputs.d.ts +3 -0
  358. package/lib/types/custom_auth/CustomAuthActionInputs.d.ts.map +1 -1
  359. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  360. package/lib/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  361. package/lib/types/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts +5 -0
  362. package/lib/types/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts.map +1 -1
  363. package/lib/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  364. package/lib/types/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.d.ts +1 -0
  365. package/lib/types/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.d.ts.map +1 -1
  366. package/lib/types/custom_auth/core/utils/ArgumentValidator.d.ts +1 -0
  367. package/lib/types/custom_auth/core/utils/ArgumentValidator.d.ts.map +1 -1
  368. package/lib/types/custom_auth/get_account/auth_flow/CustomAuthAccountData.d.ts.map +1 -1
  369. package/lib/types/custom_auth/sign_in/auth_flow/error_type/SignInError.d.ts +5 -0
  370. package/lib/types/custom_auth/sign_in/auth_flow/error_type/SignInError.d.ts.map +1 -1
  371. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
  372. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
  373. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
  374. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts +1 -0
  375. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts.map +1 -1
  376. package/lib/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  377. package/lib/types/custom_auth/sign_in/interaction_client/parameter/SignInParams.d.ts +3 -0
  378. package/lib/types/custom_auth/sign_in/interaction_client/parameter/SignInParams.d.ts.map +1 -1
  379. package/lib/types/interaction_client/PopupClient.d.ts +2 -1
  380. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  381. package/lib/types/interaction_client/RedirectClient.d.ts +5 -0
  382. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  383. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  384. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  385. package/lib/types/interaction_handler/SilentHandler.d.ts +1 -0
  386. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  387. package/lib/types/packageMetadata.d.ts +1 -1
  388. package/lib/types/protocol/Authorize.d.ts +4 -0
  389. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  390. package/lib/types/request/RequestHelpers.d.ts +11 -1
  391. package/lib/types/request/RequestHelpers.d.ts.map +1 -1
  392. package/package.json +2 -2
  393. package/src/controllers/NestedAppAuthController.ts +18 -2
  394. package/src/custom_auth/CustomAuthActionInputs.ts +3 -0
  395. package/src/custom_auth/controller/CustomAuthStandardController.ts +18 -10
  396. package/src/custom_auth/core/auth_flow/AuthFlowErrorBase.ts +12 -0
  397. package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +3 -0
  398. package/src/custom_auth/core/network_client/custom_auth_api/types/ApiRequestTypes.ts +1 -0
  399. package/src/custom_auth/core/utils/ArgumentValidator.ts +22 -0
  400. package/src/custom_auth/get_account/auth_flow/CustomAuthAccountData.ts +24 -9
  401. package/src/custom_auth/sign_in/auth_flow/error_type/SignInError.ts +8 -0
  402. package/src/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.ts +1 -0
  403. package/src/custom_auth/sign_in/auth_flow/state/SignInContinuationState.ts +10 -0
  404. package/src/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.ts +1 -0
  405. package/src/custom_auth/sign_in/auth_flow/state/SignInStateParameters.ts +1 -0
  406. package/src/custom_auth/sign_in/interaction_client/SignInClient.ts +9 -0
  407. package/src/custom_auth/sign_in/interaction_client/parameter/SignInParams.ts +3 -0
  408. package/src/interaction_client/PopupClient.ts +161 -63
  409. package/src/interaction_client/RedirectClient.ts +86 -35
  410. package/src/interaction_client/SilentIframeClient.ts +49 -28
  411. package/src/interaction_client/StandardInteractionClient.ts +13 -2
  412. package/src/interaction_handler/SilentHandler.ts +24 -1
  413. package/src/packageMetadata.ts +1 -1
  414. package/src/protocol/Authorize.ts +48 -0
  415. package/src/request/RequestHelpers.ts +45 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.15.0 2025-07-08 */
1
+ /*! @azure/msal-browser v4.18.0 2025-07-30 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -82,6 +82,10 @@ const HttpStatus = {
82
82
  SERVER_ERROR_RANGE_END: 599,
83
83
  MULTI_SIDED_ERROR: 600,
84
84
  };
85
+ const HttpMethod$1 = {
86
+ GET: "GET",
87
+ POST: "POST",
88
+ };
85
89
  const OIDC_DEFAULT_SCOPES = [
86
90
  Constants.OPENID_SCOPE,
87
91
  Constants.PROFILE_SCOPE,
@@ -274,7 +278,7 @@ const JsonWebTokenTypes = {
274
278
  // Token renewal offset default in seconds
275
279
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
276
280
 
277
- /*! @azure/msal-common v15.8.1 2025-07-08 */
281
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
278
282
  /*
279
283
  * Copyright (c) Microsoft Corporation. All rights reserved.
280
284
  * Licensed under the MIT License.
@@ -285,7 +289,7 @@ const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
285
289
  const unexpectedError = "unexpected_error";
286
290
  const postRequestFailed$1 = "post_request_failed";
287
291
 
288
- /*! @azure/msal-common v15.8.1 2025-07-08 */
292
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
289
293
 
290
294
  /*
291
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -320,7 +324,7 @@ function createAuthError(code, additionalMessage) {
320
324
  : AuthErrorMessages[code]);
321
325
  }
322
326
 
323
- /*! @azure/msal-common v15.8.1 2025-07-08 */
327
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
324
328
  /*
325
329
  * Copyright (c) Microsoft Corporation. All rights reserved.
326
330
  * Licensed under the MIT License.
@@ -370,7 +374,7 @@ const missingTenantIdError = "missing_tenant_id_error";
370
374
  const methodNotImplemented = "method_not_implemented";
371
375
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
372
376
 
373
- /*! @azure/msal-common v15.8.1 2025-07-08 */
377
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
374
378
 
375
379
  /*
376
380
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -444,7 +448,7 @@ function createClientAuthError(errorCode, additionalMessage) {
444
448
  return new ClientAuthError(errorCode, additionalMessage);
445
449
  }
446
450
 
447
- /*! @azure/msal-common v15.8.1 2025-07-08 */
451
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
448
452
 
449
453
  /*
450
454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -483,7 +487,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
483
487
  },
484
488
  };
485
489
 
486
- /*! @azure/msal-common v15.8.1 2025-07-08 */
490
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
487
491
 
488
492
  /*
489
493
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -674,12 +678,12 @@ class Logger {
674
678
  }
675
679
  }
676
680
 
677
- /*! @azure/msal-common v15.8.1 2025-07-08 */
681
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
678
682
  /* eslint-disable header/header */
679
683
  const name$1 = "@azure/msal-common";
680
- const version$1 = "15.8.1";
684
+ const version$1 = "15.9.0";
681
685
 
682
- /*! @azure/msal-common v15.8.1 2025-07-08 */
686
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
683
687
  /*
684
688
  * Copyright (c) Microsoft Corporation. All rights reserved.
685
689
  * Licensed under the MIT License.
@@ -688,7 +692,7 @@ const AzureCloudInstance = {
688
692
  // AzureCloudInstance is not specified.
689
693
  None: "none"};
690
694
 
691
- /*! @azure/msal-common v15.8.1 2025-07-08 */
695
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
692
696
 
693
697
  /*
694
698
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -749,7 +753,7 @@ function checkMaxAge(authTime, maxAge) {
749
753
  }
750
754
  }
751
755
 
752
- /*! @azure/msal-common v15.8.1 2025-07-08 */
756
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
753
757
  /*
754
758
  * Copyright (c) Microsoft Corporation. All rights reserved.
755
759
  * Licensed under the MIT License.
@@ -804,7 +808,7 @@ function wasClockTurnedBack(cachedAt) {
804
808
  return cachedAtSec > nowSeconds();
805
809
  }
806
810
 
807
- /*! @azure/msal-common v15.8.1 2025-07-08 */
811
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
808
812
 
809
813
  /*
810
814
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1131,7 +1135,7 @@ function isAuthorityMetadataExpired(metadata) {
1131
1135
  return metadata.expiresAt <= nowSeconds();
1132
1136
  }
1133
1137
 
1134
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1138
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1135
1139
  /*
1136
1140
  * Copyright (c) Microsoft Corporation. All rights reserved.
1137
1141
  * Licensed under the MIT License.
@@ -1156,9 +1160,11 @@ const missingNonceAuthenticationHeader = "missing_nonce_authentication_header";
1156
1160
  const invalidAuthenticationHeader = "invalid_authentication_header";
1157
1161
  const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
1158
1162
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
1159
- const authorityMismatch = "authority_mismatch";
1163
+ const authorityMismatch = "authority_mismatch";
1164
+ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
1165
+ const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
1160
1166
 
1161
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1167
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1162
1168
 
1163
1169
  /*
1164
1170
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1186,6 +1192,8 @@ const ClientConfigurationErrorMessages = {
1186
1192
  [cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
1187
1193
  [cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
1188
1194
  [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
1195
+ [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
1196
+ [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
1189
1197
  };
1190
1198
  /**
1191
1199
  * Error thrown when there is an error in configuration of the MSAL.js library.
@@ -1201,7 +1209,7 @@ function createClientConfigurationError(errorCode) {
1201
1209
  return new ClientConfigurationError(errorCode);
1202
1210
  }
1203
1211
 
1204
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1212
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1205
1213
  /*
1206
1214
  * Copyright (c) Microsoft Corporation. All rights reserved.
1207
1215
  * Licensed under the MIT License.
@@ -1298,7 +1306,7 @@ class StringUtils {
1298
1306
  }
1299
1307
  }
1300
1308
 
1301
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1309
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1302
1310
 
1303
1311
  /*
1304
1312
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1489,7 +1497,7 @@ class ScopeSet {
1489
1497
  }
1490
1498
  }
1491
1499
 
1492
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1500
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1493
1501
 
1494
1502
  /*
1495
1503
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1529,7 +1537,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1529
1537
  };
1530
1538
  }
1531
1539
 
1532
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1540
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1533
1541
  /*
1534
1542
  * Copyright (c) Microsoft Corporation. All rights reserved.
1535
1543
  * Licensed under the MIT License.
@@ -1608,7 +1616,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1608
1616
  return updatedAccountInfo;
1609
1617
  }
1610
1618
 
1611
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1619
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1612
1620
  /*
1613
1621
  * Copyright (c) Microsoft Corporation. All rights reserved.
1614
1622
  * Licensed under the MIT License.
@@ -1623,7 +1631,7 @@ const AuthorityType = {
1623
1631
  Ciam: 3,
1624
1632
  };
1625
1633
 
1626
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1634
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1627
1635
  /*
1628
1636
  * Copyright (c) Microsoft Corporation. All rights reserved.
1629
1637
  * Licensed under the MIT License.
@@ -1645,7 +1653,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
1645
1653
  return null;
1646
1654
  }
1647
1655
 
1648
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1656
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1649
1657
  /*
1650
1658
  * Copyright (c) Microsoft Corporation. All rights reserved.
1651
1659
  * Licensed under the MIT License.
@@ -1669,7 +1677,7 @@ const ProtocolMode = {
1669
1677
  EAR: "EAR",
1670
1678
  };
1671
1679
 
1672
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1680
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1673
1681
 
1674
1682
  /*
1675
1683
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1912,7 +1920,7 @@ class AccountEntity {
1912
1920
  }
1913
1921
  }
1914
1922
 
1915
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1923
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1916
1924
 
1917
1925
  /*
1918
1926
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1977,7 +1985,7 @@ function mapToQueryString(parameters, encodeExtraParams = true, extraQueryParame
1977
1985
  return queryParameterArray.join("&");
1978
1986
  }
1979
1987
 
1980
- /*! @azure/msal-common v15.8.1 2025-07-08 */
1988
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
1981
1989
 
1982
1990
  /*
1983
1991
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2141,7 +2149,7 @@ class UrlString {
2141
2149
  }
2142
2150
  }
2143
2151
 
2144
- /*! @azure/msal-common v15.8.1 2025-07-08 */
2152
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
2145
2153
 
2146
2154
  /*
2147
2155
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2280,7 +2288,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2280
2288
  return null;
2281
2289
  }
2282
2290
 
2283
- /*! @azure/msal-common v15.8.1 2025-07-08 */
2291
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
2284
2292
  /*
2285
2293
  * Copyright (c) Microsoft Corporation. All rights reserved.
2286
2294
  * Licensed under the MIT License.
@@ -2288,7 +2296,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2288
2296
  const cacheQuotaExceeded = "cache_quota_exceeded";
2289
2297
  const cacheErrorUnknown = "cache_error_unknown";
2290
2298
 
2291
- /*! @azure/msal-common v15.8.1 2025-07-08 */
2299
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
2292
2300
 
2293
2301
  /*
2294
2302
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2333,7 +2341,7 @@ function createCacheError(e) {
2333
2341
  }
2334
2342
  }
2335
2343
 
2336
- /*! @azure/msal-common v15.8.1 2025-07-08 */
2344
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
2337
2345
 
2338
2346
  /*
2339
2347
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3499,7 +3507,7 @@ class DefaultStorageClass extends CacheManager {
3499
3507
  }
3500
3508
  }
3501
3509
 
3502
- /*! @azure/msal-common v15.8.1 2025-07-08 */
3510
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
3503
3511
  /*
3504
3512
  * Copyright (c) Microsoft Corporation. All rights reserved.
3505
3513
  * Licensed under the MIT License.
@@ -3766,7 +3774,7 @@ const PerformanceEvents = {
3766
3774
  const PerformanceEventStatus = {
3767
3775
  InProgress: 1};
3768
3776
 
3769
- /*! @azure/msal-common v15.8.1 2025-07-08 */
3777
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
3770
3778
 
3771
3779
  /*
3772
3780
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3845,7 +3853,7 @@ class StubPerformanceClient {
3845
3853
  }
3846
3854
  }
3847
3855
 
3848
- /*! @azure/msal-common v15.8.1 2025-07-08 */
3856
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
3849
3857
 
3850
3858
  /*
3851
3859
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3945,7 +3953,7 @@ function isOidcProtocolMode(config) {
3945
3953
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3946
3954
  }
3947
3955
 
3948
- /*! @azure/msal-common v15.8.1 2025-07-08 */
3956
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
3949
3957
  /*
3950
3958
  * Copyright (c) Microsoft Corporation. All rights reserved.
3951
3959
  * Licensed under the MIT License.
@@ -3955,7 +3963,7 @@ const CcsCredentialType = {
3955
3963
  UPN: "UPN",
3956
3964
  };
3957
3965
 
3958
- /*! @azure/msal-common v15.8.1 2025-07-08 */
3966
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
3959
3967
  /*
3960
3968
  * Copyright (c) Microsoft Corporation. All rights reserved.
3961
3969
  * Licensed under the MIT License.
@@ -4005,7 +4013,7 @@ const INSTANCE_AWARE = "instance_aware";
4005
4013
  const EAR_JWK = "ear_jwk";
4006
4014
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4007
4015
 
4008
- /*! @azure/msal-common v15.8.1 2025-07-08 */
4016
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
4009
4017
 
4010
4018
  /*
4011
4019
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4371,9 +4379,21 @@ function addEARParameters(parameters, jwk) {
4371
4379
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
4372
4380
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
4373
4381
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
4382
+ }
4383
+ /**
4384
+ * Adds authorize body parameters to the request parameters
4385
+ * @param parameters
4386
+ * @param bodyParameters
4387
+ */
4388
+ function addPostBodyParameters(parameters, bodyParameters) {
4389
+ Object.entries(bodyParameters).forEach(([key, value]) => {
4390
+ if (value) {
4391
+ parameters.set(key, value);
4392
+ }
4393
+ });
4374
4394
  }
4375
4395
 
4376
- /*! @azure/msal-common v15.8.1 2025-07-08 */
4396
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
4377
4397
  /*
4378
4398
  * Copyright (c) Microsoft Corporation. All rights reserved.
4379
4399
  * Licensed under the MIT License.
@@ -4385,7 +4405,7 @@ function isOpenIdConfigResponse(response) {
4385
4405
  response.hasOwnProperty("jwks_uri"));
4386
4406
  }
4387
4407
 
4388
- /*! @azure/msal-common v15.8.1 2025-07-08 */
4408
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
4389
4409
  /*
4390
4410
  * Copyright (c) Microsoft Corporation. All rights reserved.
4391
4411
  * Licensed under the MIT License.
@@ -4395,7 +4415,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4395
4415
  response.hasOwnProperty("metadata"));
4396
4416
  }
4397
4417
 
4398
- /*! @azure/msal-common v15.8.1 2025-07-08 */
4418
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
4399
4419
  /*
4400
4420
  * Copyright (c) Microsoft Corporation. All rights reserved.
4401
4421
  * Licensed under the MIT License.
@@ -4405,7 +4425,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4405
4425
  response.hasOwnProperty("error_description"));
4406
4426
  }
4407
4427
 
4408
- /*! @azure/msal-common v15.8.1 2025-07-08 */
4428
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
4409
4429
  /*
4410
4430
  * Copyright (c) Microsoft Corporation. All rights reserved.
4411
4431
  * Licensed under the MIT License.
@@ -4501,7 +4521,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4501
4521
  };
4502
4522
  };
4503
4523
 
4504
- /*! @azure/msal-common v15.8.1 2025-07-08 */
4524
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
4505
4525
 
4506
4526
  /*
4507
4527
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4607,7 +4627,7 @@ RegionDiscovery.IMDS_OPTIONS = {
4607
4627
  },
4608
4628
  };
4609
4629
 
4610
- /*! @azure/msal-common v15.8.1 2025-07-08 */
4630
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
4611
4631
 
4612
4632
  /*
4613
4633
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5446,7 +5466,7 @@ function buildStaticAuthorityOptions(authOptions) {
5446
5466
  };
5447
5467
  }
5448
5468
 
5449
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5469
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5450
5470
 
5451
5471
  /*
5452
5472
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5477,7 +5497,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5477
5497
  }
5478
5498
  }
5479
5499
 
5480
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5500
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5481
5501
 
5482
5502
  /*
5483
5503
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5496,7 +5516,7 @@ class ServerError extends AuthError {
5496
5516
  }
5497
5517
  }
5498
5518
 
5499
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5519
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5500
5520
  /*
5501
5521
  * Copyright (c) Microsoft Corporation. All rights reserved.
5502
5522
  * Licensed under the MIT License.
@@ -5517,7 +5537,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
5517
5537
  };
5518
5538
  }
5519
5539
 
5520
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5540
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5521
5541
 
5522
5542
  /*
5523
5543
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5604,7 +5624,7 @@ class ThrottlingUtils {
5604
5624
  }
5605
5625
  }
5606
5626
 
5607
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5627
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5608
5628
 
5609
5629
  /*
5610
5630
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5635,7 +5655,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5635
5655
  return new NetworkError(error, httpStatus, responseHeaders);
5636
5656
  }
5637
5657
 
5638
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5658
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5639
5659
 
5640
5660
  /*
5641
5661
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5783,7 +5803,7 @@ class BaseClient {
5783
5803
  }
5784
5804
  }
5785
5805
 
5786
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5806
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5787
5807
  /*
5788
5808
  * Copyright (c) Microsoft Corporation. All rights reserved.
5789
5809
  * Licensed under the MIT License.
@@ -5799,7 +5819,7 @@ const consentRequired = "consent_required";
5799
5819
  const loginRequired = "login_required";
5800
5820
  const badToken = "bad_token";
5801
5821
 
5802
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5822
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5803
5823
 
5804
5824
  /*
5805
5825
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5871,7 +5891,7 @@ function createInteractionRequiredAuthError(errorCode) {
5871
5891
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
5872
5892
  }
5873
5893
 
5874
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5894
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5875
5895
 
5876
5896
  /*
5877
5897
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5943,7 +5963,7 @@ class ProtocolUtils {
5943
5963
  }
5944
5964
  }
5945
5965
 
5946
- /*! @azure/msal-common v15.8.1 2025-07-08 */
5966
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
5947
5967
 
5948
5968
  /*
5949
5969
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6025,7 +6045,7 @@ class PopTokenGenerator {
6025
6045
  }
6026
6046
  }
6027
6047
 
6028
- /*! @azure/msal-common v15.8.1 2025-07-08 */
6048
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6029
6049
  /*
6030
6050
  * Copyright (c) Microsoft Corporation. All rights reserved.
6031
6051
  * Licensed under the MIT License.
@@ -6052,7 +6072,7 @@ class PopTokenGenerator {
6052
6072
  }
6053
6073
  }
6054
6074
 
6055
- /*! @azure/msal-common v15.8.1 2025-07-08 */
6075
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6056
6076
 
6057
6077
  /*
6058
6078
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6383,7 +6403,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6383
6403
  return baseAccount;
6384
6404
  }
6385
6405
 
6386
- /*! @azure/msal-common v15.8.1 2025-07-08 */
6406
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6387
6407
  /*
6388
6408
  * Copyright (c) Microsoft Corporation. All rights reserved.
6389
6409
  * Licensed under the MIT License.
@@ -6401,7 +6421,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
6401
6421
  }
6402
6422
  }
6403
6423
 
6404
- /*! @azure/msal-common v15.8.1 2025-07-08 */
6424
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6405
6425
 
6406
6426
  /*
6407
6427
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6636,7 +6656,7 @@ class AuthorizationCodeClient extends BaseClient {
6636
6656
  }
6637
6657
  }
6638
6658
 
6639
- /*! @azure/msal-common v15.8.1 2025-07-08 */
6659
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6640
6660
 
6641
6661
  /*
6642
6662
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6845,7 +6865,7 @@ class RefreshTokenClient extends BaseClient {
6845
6865
  }
6846
6866
  }
6847
6867
 
6848
- /*! @azure/msal-common v15.8.1 2025-07-08 */
6868
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6849
6869
 
6850
6870
  /*
6851
6871
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6943,7 +6963,7 @@ class SilentFlowClient extends BaseClient {
6943
6963
  }
6944
6964
  }
6945
6965
 
6946
- /*! @azure/msal-common v15.8.1 2025-07-08 */
6966
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6947
6967
 
6948
6968
  /*
6949
6969
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6958,7 +6978,7 @@ const StubbedNetworkModule = {
6958
6978
  },
6959
6979
  };
6960
6980
 
6961
- /*! @azure/msal-common v15.8.1 2025-07-08 */
6981
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
6962
6982
 
6963
6983
  /*
6964
6984
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7182,7 +7202,7 @@ function extractLoginHint(account) {
7182
7202
  return account.idTokenClaims?.login_hint || null;
7183
7203
  }
7184
7204
 
7185
- /*! @azure/msal-common v15.8.1 2025-07-08 */
7205
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
7186
7206
 
7187
7207
  /*
7188
7208
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7445,7 +7465,7 @@ class ServerTelemetryManager {
7445
7465
  }
7446
7466
  }
7447
7467
 
7448
- /*! @azure/msal-common v15.8.1 2025-07-08 */
7468
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
7449
7469
  /*
7450
7470
  * Copyright (c) Microsoft Corporation. All rights reserved.
7451
7471
  * Licensed under the MIT License.
@@ -7453,7 +7473,7 @@ class ServerTelemetryManager {
7453
7473
  const missingKidError = "missing_kid_error";
7454
7474
  const missingAlgError = "missing_alg_error";
7455
7475
 
7456
- /*! @azure/msal-common v15.8.1 2025-07-08 */
7476
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
7457
7477
 
7458
7478
  /*
7459
7479
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7478,7 +7498,7 @@ function createJoseHeaderError(code) {
7478
7498
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
7479
7499
  }
7480
7500
 
7481
- /*! @azure/msal-common v15.8.1 2025-07-08 */
7501
+ /*! @azure/msal-common v15.9.0 2025-07-30 */
7482
7502
 
7483
7503
  /*
7484
7504
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7782,6 +7802,15 @@ class AuthFlowErrorBase {
7782
7802
  return (this.errorData instanceof CustomAuthApiError &&
7783
7803
  this.errorData.error === EXPIRED_TOKEN);
7784
7804
  }
7805
+ /**
7806
+ * @todo verify the password change required error can be detected once the MFA is in place.
7807
+ * This error will be raised during signin and refresh tokens when calling /token endpoint.
7808
+ */
7809
+ isPasswordResetRequiredError() {
7810
+ return (this.errorData instanceof CustomAuthApiError &&
7811
+ this.errorData.error === INVALID_REQUEST &&
7812
+ this.errorData.errorCodes?.includes(50142) === true);
7813
+ }
7785
7814
  }
7786
7815
  class AuthActionErrorBase extends AuthFlowErrorBase {
7787
7816
  /**
@@ -7847,11 +7876,27 @@ function ensureArgumentIsNotEmptyString(argName, argValue, correlationId) {
7847
7876
  if (!argValue || argValue.trim() === "") {
7848
7877
  throw new InvalidArgumentError(argName, correlationId);
7849
7878
  }
7879
+ }
7880
+ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7881
+ try {
7882
+ const parsed = JSON.parse(argValue);
7883
+ if (typeof parsed !== "object" ||
7884
+ parsed === null ||
7885
+ Array.isArray(parsed)) {
7886
+ throw new InvalidArgumentError(argName, correlationId);
7887
+ }
7888
+ }
7889
+ catch (e) {
7890
+ if (e instanceof SyntaxError) {
7891
+ throw new InvalidArgumentError(argName, correlationId);
7892
+ }
7893
+ throw e; // Rethrow unexpected errors
7894
+ }
7850
7895
  }
7851
7896
 
7852
7897
  /* eslint-disable header/header */
7853
7898
  const name = "@azure/msal-browser";
7854
- const version = "4.15.0";
7899
+ const version = "4.18.0";
7855
7900
 
7856
7901
  /*
7857
7902
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8010,6 +8055,13 @@ class SignInError extends AuthActionErrorBase {
8010
8055
  isPasswordIncorrect() {
8011
8056
  return this.isPasswordIncorrectError();
8012
8057
  }
8058
+ /**
8059
+ * Checks if the error is due to password reset being required.
8060
+ * @returns true if the error is due to password reset being required, false otherwise.
8061
+ */
8062
+ isPasswordResetRequired() {
8063
+ return this.isPasswordResetRequiredError();
8064
+ }
8013
8065
  /**
8014
8066
  * Checks if the error is due to the provided challenge type is not supported.
8015
8067
  * @returns {boolean} True if the error is due to the provided challenge type is not supported, false otherwise.
@@ -8233,6 +8285,9 @@ class CustomAuthAccountData {
8233
8285
  async getAccessToken(accessTokenRetrievalInputs) {
8234
8286
  try {
8235
8287
  ensureArgumentIsNotNullOrUndefined("accessTokenRetrievalInputs", accessTokenRetrievalInputs, this.correlationId);
8288
+ if (accessTokenRetrievalInputs.claims) {
8289
+ ensureArgumentIsJSONString("accessTokenRetrievalInputs.claims", accessTokenRetrievalInputs.claims, this.correlationId);
8290
+ }
8236
8291
  this.logger.verbose("Getting current account.", this.correlationId);
8237
8292
  const currentAccount = this.cacheClient.getCurrentAccount(this.account.username);
8238
8293
  if (!currentAccount) {
@@ -8243,7 +8298,7 @@ class CustomAuthAccountData {
8243
8298
  accessTokenRetrievalInputs.scopes.length > 0
8244
8299
  ? accessTokenRetrievalInputs.scopes
8245
8300
  : [...DefaultScopes];
8246
- const commonSilentFlowRequest = this.createCommonSilentFlowRequest(currentAccount, accessTokenRetrievalInputs.forceRefresh, newScopes);
8301
+ const commonSilentFlowRequest = this.createCommonSilentFlowRequest(currentAccount, accessTokenRetrievalInputs.forceRefresh, newScopes, accessTokenRetrievalInputs.claims);
8247
8302
  const result = await this.cacheClient.acquireToken(commonSilentFlowRequest);
8248
8303
  this.logger.verbose("Successfully got access token from cache.", this.correlationId);
8249
8304
  return new GetAccessTokenResult(result);
@@ -8253,7 +8308,7 @@ class CustomAuthAccountData {
8253
8308
  return GetAccessTokenResult.createWithError(error);
8254
8309
  }
8255
8310
  }
8256
- createCommonSilentFlowRequest(accountInfo, forceRefresh = false, requestScopes) {
8311
+ createCommonSilentFlowRequest(accountInfo, forceRefresh = false, requestScopes, claims) {
8257
8312
  const silentRequest = {
8258
8313
  authority: this.config.auth.authority,
8259
8314
  correlationId: this.correlationId,
@@ -8265,6 +8320,7 @@ class CustomAuthAccountData {
8265
8320
  accessToken: true,
8266
8321
  refreshToken: true,
8267
8322
  },
8323
+ ...(claims && { claims: claims }),
8268
8324
  };
8269
8325
  return {
8270
8326
  ...silentRequest,
@@ -8428,6 +8484,7 @@ class SignInCodeRequiredState extends SignInState {
8428
8484
  continuationToken: this.stateParameters.continuationToken ?? "",
8429
8485
  code: code,
8430
8486
  username: this.stateParameters.username,
8487
+ claims: this.stateParameters.claims,
8431
8488
  };
8432
8489
  this.stateParameters.logger.verbose("Submitting code for sign-in.", this.stateParameters.correlationId);
8433
8490
  const completedResult = await this.stateParameters.signInClient.submitCode(submitCodeParams);
@@ -8539,6 +8596,7 @@ class SignInPasswordRequiredState extends SignInState {
8539
8596
  continuationToken: this.stateParameters.continuationToken ?? "",
8540
8597
  password: password,
8541
8598
  username: this.stateParameters.username,
8599
+ claims: this.stateParameters.claims,
8542
8600
  };
8543
8601
  this.stateParameters.logger.verbose("Submitting password for sign-in.", this.stateParameters.correlationId);
8544
8602
  const completedResult = await this.stateParameters.signInClient.submitPassword(submitPasswordParams);
@@ -8779,6 +8837,9 @@ class SignInContinuationState extends SignInState {
8779
8837
  */
8780
8838
  async signIn(signInWithContinuationTokenInputs) {
8781
8839
  try {
8840
+ if (signInWithContinuationTokenInputs?.claims) {
8841
+ ensureArgumentIsJSONString("signInWithContinuationTokenInputs.claims", signInWithContinuationTokenInputs.claims, this.stateParameters.correlationId);
8842
+ }
8782
8843
  const continuationTokenParams = {
8783
8844
  clientId: this.stateParameters.config.auth.clientId,
8784
8845
  correlationId: this.stateParameters.correlationId,
@@ -8787,6 +8848,7 @@ class SignInContinuationState extends SignInState {
8787
8848
  continuationToken: this.stateParameters.continuationToken ?? "",
8788
8849
  username: this.stateParameters.username,
8789
8850
  signInScenario: this.stateParameters.signInScenario,
8851
+ claims: signInWithContinuationTokenInputs?.claims,
8790
8852
  };
8791
8853
  this.stateParameters.logger.verbose("Signing in with continuation token.", this.stateParameters.correlationId);
8792
8854
  const completedResult = await this.stateParameters.signInClient.signInWithContinuationToken(continuationTokenParams);
@@ -10398,6 +10460,35 @@ async function initializeSilentRequest(request, account, config, performanceClie
10398
10460
  account: account,
10399
10461
  forceRefresh: request.forceRefresh || false,
10400
10462
  };
10463
+ }
10464
+ /**
10465
+ * Validates that the combination of request method, protocol mode and authorize body parameters is correct.
10466
+ * Returns the validated or defaulted HTTP method or throws if the configured combination is invalid.
10467
+ * @param interactionRequest
10468
+ * @param protocolMode
10469
+ * @returns
10470
+ */
10471
+ function validateRequestMethod(interactionRequest, protocolMode) {
10472
+ let httpMethod;
10473
+ const requestMethod = interactionRequest.httpMethod;
10474
+ if (protocolMode === ProtocolMode.EAR) {
10475
+ // Don't override httpMethod if it is already set, default to POST if not set
10476
+ httpMethod = requestMethod || HttpMethod$1.POST;
10477
+ // Validate that method is not GET if protocol mode is EAR
10478
+ if (httpMethod !== HttpMethod$1.POST) {
10479
+ throw createClientConfigurationError(invalidRequestMethodForEAR);
10480
+ }
10481
+ }
10482
+ else {
10483
+ // For non-EAR protocol modes, default to GET if httpMethod is not set
10484
+ httpMethod = requestMethod || HttpMethod$1.GET;
10485
+ }
10486
+ // Regardless of protocolMode, if there are authorizePostBodyParameters, validate the request method is POST
10487
+ if (interactionRequest.authorizePostBodyParameters &&
10488
+ httpMethod !== HttpMethod$1.POST) {
10489
+ throw createClientConfigurationError(invalidAuthorizePostBodyParameters);
10490
+ }
10491
+ return httpMethod;
10401
10492
  }
10402
10493
 
10403
10494
  /*
@@ -10574,7 +10665,7 @@ class StandardInteractionClient extends BaseInteractionClient {
10574
10665
  };
10575
10666
  const state = ProtocolUtils.setRequestState(this.browserCrypto, (request && request.state) || Constants.EMPTY_STRING, browserState);
10576
10667
  const baseRequest = await invokeAsync(initializeBaseRequest, PerformanceEvents.InitializeBaseRequest, this.logger, this.performanceClient, this.correlationId)({ ...request, correlationId: this.correlationId }, this.config, this.performanceClient, this.logger);
10577
- const validatedRequest = {
10668
+ const interactionRequest = {
10578
10669
  ...baseRequest,
10579
10670
  redirectUri: redirectUri,
10580
10671
  state: state,
@@ -10582,6 +10673,10 @@ class StandardInteractionClient extends BaseInteractionClient {
10582
10673
  responseMode: this.config.auth.OIDCOptions
10583
10674
  .serverResponseType,
10584
10675
  };
10676
+ const validatedRequest = {
10677
+ ...interactionRequest,
10678
+ httpMethod: validateRequestMethod(interactionRequest, this.config.auth.protocolMode),
10679
+ };
10585
10680
  // Skip active account lookup if either login hint or session id is set
10586
10681
  if (request.loginHint || request.sid) {
10587
10682
  return validatedRequest;
@@ -10765,6 +10860,9 @@ class SignInClient extends CustomAuthInteractionClientBase {
10765
10860
  scope: scopes.join(" "),
10766
10861
  correlationId: parameters.correlationId,
10767
10862
  telemetryManager: telemetryManager,
10863
+ ...(parameters.claims && {
10864
+ claims: parameters.claims,
10865
+ }),
10768
10866
  };
10769
10867
  return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithOob(request), scopes);
10770
10868
  }
@@ -10784,6 +10882,9 @@ class SignInClient extends CustomAuthInteractionClientBase {
10784
10882
  scope: scopes.join(" "),
10785
10883
  correlationId: parameters.correlationId,
10786
10884
  telemetryManager: telemetryManager,
10885
+ ...(parameters.claims && {
10886
+ claims: parameters.claims,
10887
+ }),
10787
10888
  };
10788
10889
  return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithPassword(request), scopes);
10789
10890
  }
@@ -10803,6 +10904,9 @@ class SignInClient extends CustomAuthInteractionClientBase {
10803
10904
  correlationId: parameters.correlationId,
10804
10905
  telemetryManager: telemetryManager,
10805
10906
  scope: scopes.join(" "),
10907
+ ...(parameters.claims && {
10908
+ claims: parameters.claims,
10909
+ }),
10806
10910
  };
10807
10911
  // Call token endpoint.
10808
10912
  return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokenWithContinuationToken(request), scopes);
@@ -11907,6 +12011,7 @@ class SignInApiClient extends BaseApiClient {
11907
12011
  grant_type: GrantType.PASSWORD,
11908
12012
  scope: params.scope,
11909
12013
  password: params.password,
12014
+ ...(params.claims && { claims: params.claims }),
11910
12015
  }, params.telemetryManager, params.correlationId);
11911
12016
  }
11912
12017
  async requestTokensWithOob(params) {
@@ -11915,6 +12020,7 @@ class SignInApiClient extends BaseApiClient {
11915
12020
  scope: params.scope,
11916
12021
  oob: params.oob,
11917
12022
  grant_type: GrantType.OOB,
12023
+ ...(params.claims && { claims: params.claims }),
11918
12024
  }, params.telemetryManager, params.correlationId);
11919
12025
  }
11920
12026
  async requestTokenWithContinuationToken(params) {
@@ -11924,6 +12030,7 @@ class SignInApiClient extends BaseApiClient {
11924
12030
  scope: params.scope,
11925
12031
  grant_type: GrantType.CONTINUATION_TOKEN,
11926
12032
  client_info: true,
12033
+ ...(params.claims && { claims: params.claims }),
11927
12034
  }, params.telemetryManager, params.correlationId);
11928
12035
  }
11929
12036
  async requestTokens(requestData, telemetryManager, correlationId) {
@@ -15494,6 +15601,19 @@ async function getEARForm(frame, config, authority, request, logger, performance
15494
15601
  const url = getAuthorizeUrl(authority, queryParams, config.auth.encodeExtraQueryParams, request.extraQueryParameters);
15495
15602
  return createForm(frame, url, parameters);
15496
15603
  }
15604
+ /**
15605
+ * Gets the form that will be posted to /authorize with request parameters when using POST method
15606
+ */
15607
+ async function getCodeForm(frame, config, authority, request, logger, performanceClient) {
15608
+ const parameters = await getStandardParameters(config, authority, request, logger, performanceClient);
15609
+ addResponseType(parameters, OAuthResponseType.CODE);
15610
+ addCodeChallengeParams(parameters, request.codeChallenge, request.codeChallengeMethod || Constants.S256_CODE_CHALLENGE_METHOD);
15611
+ addPostBodyParameters(parameters, request.authorizePostBodyParameters || {});
15612
+ const queryParams = new Map();
15613
+ addExtraQueryParameters(queryParams, request.extraQueryParameters || {});
15614
+ const url = getAuthorizeUrl(authority, queryParams, config.auth.encodeExtraQueryParams, request.extraQueryParameters);
15615
+ return createForm(frame, url, parameters);
15616
+ }
15497
15617
  /**
15498
15618
  * Creates form element in the provided document with auth parameters in the post body
15499
15619
  * @param frame
@@ -16460,9 +16580,10 @@ class PopupClient extends StandardInteractionClient {
16460
16580
  * @param pkceCodes
16461
16581
  */
16462
16582
  acquireToken(request, pkceCodes) {
16583
+ let popupParams = undefined;
16463
16584
  try {
16464
16585
  const popupName = this.generatePopupName(request.scopes || OIDC_DEFAULT_SCOPES, request.authority || this.config.auth.authority);
16465
- const popupParams = {
16586
+ popupParams = {
16466
16587
  popupName,
16467
16588
  popupWindowAttributes: request.popupWindowAttributes || {},
16468
16589
  popupWindowParent: request.popupWindowParent ?? window,
@@ -16475,10 +16596,15 @@ class PopupClient extends StandardInteractionClient {
16475
16596
  return this.acquireTokenPopupAsync(request, popupParams, pkceCodes);
16476
16597
  }
16477
16598
  else {
16599
+ // Pre-validate request method to avoid opening popup if the request is invalid
16600
+ const validatedRequest = {
16601
+ ...request,
16602
+ httpMethod: validateRequestMethod(request, this.config.auth.protocolMode),
16603
+ };
16478
16604
  // asyncPopups flag is set to false. Opens popup before acquiring token.
16479
16605
  this.logger.verbose("asyncPopup set to false, opening popup before acquiring token");
16480
16606
  popupParams.popup = this.openSizedPopup("about:blank", popupParams);
16481
- return this.acquireTokenPopupAsync(request, popupParams, pkceCodes);
16607
+ return this.acquireTokenPopupAsync(validatedRequest, popupParams, pkceCodes);
16482
16608
  }
16483
16609
  }
16484
16610
  catch (e) {
@@ -16570,15 +16696,20 @@ class PopupClient extends StandardInteractionClient {
16570
16696
  requestExtraQueryParameters: popupRequest.extraQueryParameters,
16571
16697
  account: popupRequest.account,
16572
16698
  });
16573
- // Create acquire token url.
16574
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, popupRequest, this.logger, this.performanceClient);
16575
- // Show the UI once the url has been created. Get the window handle for the popup.
16576
- const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
16577
- this.eventHandler.emitEvent(EventType.POPUP_OPENED, InteractionType.Popup, { popupWindow }, null);
16578
- // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
16579
- const responseString = await this.monitorPopupForHash(popupWindow, popupParams.popupWindowParent);
16580
- const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
16581
- return await invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
16699
+ if (popupRequest.httpMethod === HttpMethod$1.POST) {
16700
+ return await this.executeCodeFlowWithPost(popupRequest, popupParams, authClient, pkce.verifier);
16701
+ }
16702
+ else {
16703
+ // Create acquire token url.
16704
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, popupRequest, this.logger, this.performanceClient);
16705
+ // Show the UI once the url has been created. Get the window handle for the popup.
16706
+ const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
16707
+ this.eventHandler.emitEvent(EventType.POPUP_OPENED, InteractionType.Popup, { popupWindow }, null);
16708
+ // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
16709
+ const responseString = await this.monitorPopupForHash(popupWindow, popupParams.popupWindowParent);
16710
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
16711
+ return await invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
16712
+ }
16582
16713
  }
16583
16714
  catch (e) {
16584
16715
  // Close the synchronous popup if an error is thrown before the window unload event is registered
@@ -16616,6 +16747,23 @@ class PopupClient extends StandardInteractionClient {
16616
16747
  const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
16617
16748
  return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(popupRequest, serverParams, ApiId.acquireTokenPopup, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
16618
16749
  }
16750
+ async executeCodeFlowWithPost(request, popupParams, authClient, pkceVerifier) {
16751
+ const correlationId = request.correlationId;
16752
+ // Get the frame handle for the silent request
16753
+ const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, correlationId)({
16754
+ requestAuthority: request.authority,
16755
+ requestAzureCloudOptions: request.azureCloudOptions,
16756
+ requestExtraQueryParameters: request.extraQueryParameters,
16757
+ account: request.account,
16758
+ });
16759
+ const popupWindow = popupParams.popup || this.openPopup("about:blank", popupParams);
16760
+ const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
16761
+ form.submit();
16762
+ // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
16763
+ const responseString = await invokeAsync(this.monitorPopupForHash.bind(this), PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupWindow, popupParams.popupWindowParent);
16764
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
16765
+ return invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
16766
+ }
16619
16767
  /**
16620
16768
  *
16621
16769
  * @param validRequest
@@ -16967,18 +17115,23 @@ class RedirectClient extends StandardInteractionClient {
16967
17115
  };
16968
17116
  this.browserStorage.cacheAuthorizeRequest(redirectRequest, pkceCodes.verifier);
16969
17117
  try {
16970
- // Initialize the client
16971
- const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
16972
- serverTelemetryManager,
16973
- requestAuthority: redirectRequest.authority,
16974
- requestAzureCloudOptions: redirectRequest.azureCloudOptions,
16975
- requestExtraQueryParameters: redirectRequest.extraQueryParameters,
16976
- account: redirectRequest.account,
16977
- });
16978
- // Create acquire token url.
16979
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, request.correlationId)(this.config, authClient.authority, redirectRequest, this.logger, this.performanceClient);
16980
- // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.
16981
- return await this.initiateAuthRequest(navigateUrl, onRedirectNavigate);
17118
+ if (redirectRequest.httpMethod === HttpMethod$1.POST) {
17119
+ return await this.executeCodeFlowWithPost(redirectRequest);
17120
+ }
17121
+ else {
17122
+ // Initialize the client
17123
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
17124
+ serverTelemetryManager,
17125
+ requestAuthority: redirectRequest.authority,
17126
+ requestAzureCloudOptions: redirectRequest.azureCloudOptions,
17127
+ requestExtraQueryParameters: redirectRequest.extraQueryParameters,
17128
+ account: redirectRequest.account,
17129
+ });
17130
+ // Create acquire token url.
17131
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, request.correlationId)(this.config, authClient.authority, redirectRequest, this.logger, this.performanceClient);
17132
+ // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.
17133
+ return await this.initiateAuthRequest(navigateUrl, onRedirectNavigate);
17134
+ }
16982
17135
  }
16983
17136
  catch (e) {
16984
17137
  if (e instanceof AuthError) {
@@ -17015,6 +17168,28 @@ class RedirectClient extends StandardInteractionClient {
17015
17168
  }, this.config.system.redirectNavigationTimeout);
17016
17169
  });
17017
17170
  }
17171
+ /**
17172
+ * Executes classic Authorization Code flow with a POST request.
17173
+ * @param request
17174
+ */
17175
+ async executeCodeFlowWithPost(request) {
17176
+ const correlationId = request.correlationId;
17177
+ // Get the frame handle for the silent request
17178
+ const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, correlationId)({
17179
+ requestAuthority: request.authority,
17180
+ requestAzureCloudOptions: request.azureCloudOptions,
17181
+ requestExtraQueryParameters: request.extraQueryParameters,
17182
+ account: request.account,
17183
+ });
17184
+ this.browserStorage.cacheAuthorizeRequest(request);
17185
+ const form = await getCodeForm(document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
17186
+ form.submit();
17187
+ return new Promise((resolve, reject) => {
17188
+ setTimeout(() => {
17189
+ reject(createBrowserAuthError(timedOut, "failed_to_redirect"));
17190
+ }, this.config.system.redirectNavigationTimeout);
17191
+ });
17192
+ }
17018
17193
  /**
17019
17194
  * Checks if navigateToLoginRequestUrl is set, and:
17020
17195
  * - if true, performs logic to cache and navigate
@@ -17325,6 +17500,15 @@ async function initiateCodeRequest(requestUrl, performanceClient, logger, correl
17325
17500
  }
17326
17501
  return invoke(loadFrameSync, PerformanceEvents.SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl);
17327
17502
  }
17503
+ async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
17504
+ const frame = createHiddenIframe();
17505
+ if (!frame.contentDocument) {
17506
+ throw "No document associated with iframe!";
17507
+ }
17508
+ const form = await getCodeForm(frame.contentDocument, config, authority, request, logger, performanceClient);
17509
+ form.submit();
17510
+ return frame;
17511
+ }
17328
17512
  async function initiateEarRequest(config, authority, request, logger, performanceClient) {
17329
17513
  const frame = createHiddenIframe();
17330
17514
  if (!frame.contentDocument) {
@@ -17573,10 +17757,16 @@ class SilentIframeClient extends StandardInteractionClient {
17573
17757
  ...request,
17574
17758
  codeChallenge: pkceCodes.challenge,
17575
17759
  };
17576
- // Create authorize request url
17577
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
17578
- // Get the frame handle for the silent request
17579
- const msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
17760
+ let msalFrame;
17761
+ if (request.httpMethod === HttpMethod$1.POST) {
17762
+ msalFrame = await invokeAsync(initiateCodeFlowWithPost, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
17763
+ }
17764
+ else {
17765
+ // Create authorize request url
17766
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
17767
+ // Get the frame handle for the silent request
17768
+ msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
17769
+ }
17580
17770
  const responseType = this.config.auth.OIDCOptions.serverResponseType;
17581
17771
  // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
17582
17772
  const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType);
@@ -19440,6 +19630,9 @@ class CustomAuthStandardController extends StandardController {
19440
19630
  ensureArgumentIsNotNullOrUndefined("signInInputs", signInInputs, correlationId);
19441
19631
  ensureArgumentIsNotEmptyString("signInInputs.username", signInInputs.username, correlationId);
19442
19632
  this.ensureUserNotSignedIn(correlationId);
19633
+ if (signInInputs.claims) {
19634
+ ensureArgumentIsJSONString("signInInputs.claims", signInInputs.claims, correlationId);
19635
+ }
19443
19636
  // start the signin flow
19444
19637
  const signInStartParams = {
19445
19638
  clientId: this.customAuthConfig.auth.clientId,
@@ -19464,6 +19657,7 @@ class CustomAuthStandardController extends StandardController {
19464
19657
  username: signInInputs.username,
19465
19658
  codeLength: startResult.codeLength,
19466
19659
  scopes: signInInputs.scopes ?? [],
19660
+ claims: signInInputs.claims,
19467
19661
  }));
19468
19662
  }
19469
19663
  else if (startResult.type === SIGN_IN_PASSWORD_REQUIRED_RESULT_TYPE) {
@@ -19480,6 +19674,7 @@ class CustomAuthStandardController extends StandardController {
19480
19674
  cacheClient: this.cacheClient,
19481
19675
  username: signInInputs.username,
19482
19676
  scopes: signInInputs.scopes ?? [],
19677
+ claims: signInInputs.claims,
19483
19678
  }));
19484
19679
  }
19485
19680
  this.logger.verbose("Submitting password for sign-in.", correlationId);
@@ -19492,6 +19687,7 @@ class CustomAuthStandardController extends StandardController {
19492
19687
  continuationToken: startResult.continuationToken,
19493
19688
  password: signInInputs.password,
19494
19689
  username: signInInputs.username,
19690
+ claims: signInInputs.claims,
19495
19691
  };
19496
19692
  const completedResult = await this.signInClient.submitPassword(submitPasswordParams);
19497
19693
  this.logger.verbose("Sign-in flow completed.", correlationId);