@azure/msal-browser 4.24.1 → 4.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (445) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CacheKeys.mjs +1 -1
  13. package/dist/cache/CookieStorage.mjs +1 -1
  14. package/dist/cache/DatabaseStorage.mjs +1 -1
  15. package/dist/cache/EncryptedData.mjs +1 -1
  16. package/dist/cache/LocalStorage.mjs +1 -1
  17. package/dist/cache/MemoryStorage.mjs +1 -1
  18. package/dist/cache/SessionStorage.mjs +1 -1
  19. package/dist/cache/TokenCache.mjs +1 -1
  20. package/dist/config/Configuration.mjs +1 -1
  21. package/dist/controllers/ControllerFactory.mjs +1 -1
  22. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  23. package/dist/controllers/StandardController.mjs +1 -1
  24. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  25. package/dist/crypto/BrowserCrypto.mjs +1 -1
  26. package/dist/crypto/CryptoOps.mjs +1 -1
  27. package/dist/crypto/PkceGenerator.mjs +1 -1
  28. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  29. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  30. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  31. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  32. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  33. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  34. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  35. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  36. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  37. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  38. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  39. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  40. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  41. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  42. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  43. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  44. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  45. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  46. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  47. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  48. package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
  49. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  50. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  51. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  52. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  53. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  54. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  55. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.d.ts +1 -0
  56. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  57. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +25 -2
  58. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  59. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  60. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts.map +1 -1
  61. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +6 -6
  62. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs.map +1 -1
  63. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.d.ts +5 -0
  72. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.d.ts.map +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +42 -0
  74. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs.map +1 -0
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +45 -0
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs.map +1 -0
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +45 -0
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs.map +1 -0
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +16 -0
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs.map +1 -0
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +16 -0
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs.map +1 -0
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +125 -0
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs.map +1 -0
  85. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +85 -0
  106. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -0
  107. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +24 -0
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs.map +1 -0
  109. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +2 -2
  112. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.d.ts +1 -0
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.d.ts.map +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +4 -3
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs.map +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.d.ts +1 -0
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.d.ts.map +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +4 -3
  125. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs.map +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +6 -3
  129. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs.map +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  141. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +15 -13
  142. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
  143. package/dist/custom-auth-path/custom_auth/index.d.ts +7 -0
  144. package/dist/custom-auth-path/custom_auth/index.d.ts.map +1 -1
  145. package/dist/custom-auth-path/custom_auth/index.mjs +7 -1
  146. package/dist/custom-auth-path/custom_auth/index.mjs.map +1 -1
  147. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts.map +1 -1
  154. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +3 -1
  155. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs.map +1 -1
  156. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts.map +1 -1
  159. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +2 -1
  160. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs.map +1 -1
  161. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.d.ts +2 -0
  163. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.d.ts.map +1 -1
  164. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +10 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +9 -1
  171. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs.map +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +19 -1
  173. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +17 -1
  175. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs.map +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +10 -1
  177. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +9 -1
  179. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs.map +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +6 -13
  182. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs.map +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  184. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
  185. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +5 -33
  186. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs.map +1 -1
  187. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  188. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
  189. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +5 -30
  190. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs.map +1 -1
  191. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.d.ts +16 -0
  192. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.d.ts.map +1 -1
  193. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +68 -1
  194. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs.map +1 -1
  195. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts +2 -0
  196. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts.map +1 -1
  197. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  198. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  199. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  200. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  201. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  202. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  203. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  204. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  205. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts.map +1 -1
  206. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +2 -1
  207. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs.map +1 -1
  208. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts.map +1 -1
  209. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +5 -1
  210. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs.map +1 -1
  211. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  212. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  213. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts.map +1 -1
  214. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +3 -1
  215. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs.map +1 -1
  216. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  217. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.d.ts +2 -0
  218. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.d.ts.map +1 -1
  219. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  220. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  221. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  222. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  223. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  224. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  225. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  226. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  227. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  228. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  229. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  230. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  231. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  232. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  233. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  234. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  235. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  236. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  237. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  238. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  239. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  240. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  241. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  242. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  243. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  244. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  245. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  246. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  247. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  248. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  249. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  250. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  251. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  252. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  253. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  254. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  255. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  256. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  257. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  258. package/dist/custom_auth/controller/CustomAuthStandardController.d.ts +1 -0
  259. package/dist/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  260. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts.map +1 -1
  261. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.d.ts +5 -0
  262. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.d.ts.map +1 -1
  263. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  264. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.d.ts +1 -0
  265. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.d.ts.map +1 -1
  266. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.d.ts +1 -0
  267. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.d.ts.map +1 -1
  268. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  269. package/dist/custom_auth/index.d.ts +7 -0
  270. package/dist/custom_auth/index.d.ts.map +1 -1
  271. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts.map +1 -1
  272. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts.map +1 -1
  273. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.d.ts +2 -0
  274. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.d.ts.map +1 -1
  275. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +10 -1
  276. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  277. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +19 -1
  278. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  279. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +10 -1
  280. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  281. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
  282. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
  283. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
  284. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.d.ts +16 -0
  285. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.d.ts.map +1 -1
  286. package/dist/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts +2 -0
  287. package/dist/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts.map +1 -1
  288. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts.map +1 -1
  289. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts.map +1 -1
  290. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts.map +1 -1
  291. package/dist/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.d.ts +2 -0
  292. package/dist/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.d.ts.map +1 -1
  293. package/dist/encode/Base64Decode.mjs +1 -1
  294. package/dist/encode/Base64Encode.mjs +1 -1
  295. package/dist/error/BrowserAuthError.mjs +1 -1
  296. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  297. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  298. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  299. package/dist/error/NativeAuthError.mjs +1 -1
  300. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  301. package/dist/error/NestedAppAuthError.mjs +1 -1
  302. package/dist/event/EventHandler.mjs +1 -1
  303. package/dist/event/EventMessage.mjs +1 -1
  304. package/dist/event/EventType.mjs +1 -1
  305. package/dist/index.mjs +1 -1
  306. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  307. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  308. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  309. package/dist/interaction_client/PopupClient.mjs +1 -1
  310. package/dist/interaction_client/RedirectClient.mjs +1 -1
  311. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  312. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  313. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  314. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  315. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  316. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  317. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  318. package/dist/naa/BridgeError.mjs +1 -1
  319. package/dist/naa/BridgeProxy.mjs +1 -1
  320. package/dist/naa/BridgeStatusCode.mjs +1 -1
  321. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  322. package/dist/navigation/NavigationClient.mjs +1 -1
  323. package/dist/network/FetchClient.mjs +1 -1
  324. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  325. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  326. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  327. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  328. package/dist/packageMetadata.d.ts +1 -1
  329. package/dist/packageMetadata.mjs +2 -2
  330. package/dist/protocol/Authorize.mjs +1 -1
  331. package/dist/request/RequestHelpers.mjs +1 -1
  332. package/dist/response/ResponseHandler.mjs +1 -1
  333. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  334. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  335. package/dist/utils/BrowserConstants.mjs +1 -1
  336. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  337. package/dist/utils/BrowserUtils.mjs +1 -1
  338. package/dist/utils/Helpers.mjs +1 -1
  339. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  340. package/lib/custom-auth-path/msal-custom-auth.cjs +890 -468
  341. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  342. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  343. package/lib/custom-auth-path/types/custom_auth/controller/CustomAuthStandardController.d.ts +1 -0
  344. package/lib/custom-auth-path/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  345. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts.map +1 -1
  346. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/error_type/MfaError.d.ts +5 -0
  347. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/error_type/MfaError.d.ts.map +1 -1
  348. package/lib/custom-auth-path/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.d.ts +1 -0
  350. package/lib/custom-auth-path/types/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.d.ts.map +1 -1
  351. package/lib/custom-auth-path/types/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.d.ts +1 -0
  352. package/lib/custom-auth-path/types/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.d.ts.map +1 -1
  353. package/lib/custom-auth-path/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  354. package/lib/custom-auth-path/types/custom_auth/index.d.ts +7 -0
  355. package/lib/custom-auth-path/types/custom_auth/index.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts.map +1 -1
  357. package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts.map +1 -1
  358. package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.d.ts +2 -0
  359. package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.d.ts.map +1 -1
  360. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +10 -1
  361. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +19 -1
  363. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  364. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +10 -1
  365. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  366. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
  367. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
  368. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
  369. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInState.d.ts +16 -0
  370. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInState.d.ts.map +1 -1
  371. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts +2 -0
  372. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts.map +1 -1
  373. package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts.map +1 -1
  374. package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts.map +1 -1
  375. package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts.map +1 -1
  376. package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.d.ts +2 -0
  377. package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.d.ts.map +1 -1
  378. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  379. package/lib/msal-browser.cjs +66 -66
  380. package/lib/msal-browser.cjs.map +1 -1
  381. package/lib/msal-browser.js +66 -66
  382. package/lib/msal-browser.js.map +1 -1
  383. package/lib/msal-browser.min.js +60 -60
  384. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  385. package/lib/types/custom_auth/controller/CustomAuthStandardController.d.ts +1 -0
  386. package/lib/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  387. package/lib/types/custom_auth/core/auth_flow/AuthFlowErrorBase.d.ts.map +1 -1
  388. package/lib/types/custom_auth/core/auth_flow/mfa/error_type/MfaError.d.ts +5 -0
  389. package/lib/types/custom_auth/core/auth_flow/mfa/error_type/MfaError.d.ts.map +1 -1
  390. package/lib/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  391. package/lib/types/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.d.ts +1 -0
  392. package/lib/types/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.d.ts.map +1 -1
  393. package/lib/types/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.d.ts +1 -0
  394. package/lib/types/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.d.ts.map +1 -1
  395. package/lib/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  396. package/lib/types/custom_auth/index.d.ts +7 -0
  397. package/lib/types/custom_auth/index.d.ts.map +1 -1
  398. package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts.map +1 -1
  399. package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts.map +1 -1
  400. package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.d.ts +2 -0
  401. package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.d.ts.map +1 -1
  402. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +10 -1
  403. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  404. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +19 -1
  405. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  406. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +10 -1
  407. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  408. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
  409. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
  410. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
  411. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInState.d.ts +16 -0
  412. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInState.d.ts.map +1 -1
  413. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts +2 -0
  414. package/lib/types/custom_auth/sign_in/auth_flow/state/SignInStateParameters.d.ts.map +1 -1
  415. package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts.map +1 -1
  416. package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts.map +1 -1
  417. package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts.map +1 -1
  418. package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.d.ts +2 -0
  419. package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.d.ts.map +1 -1
  420. package/lib/types/packageMetadata.d.ts +1 -1
  421. package/package.json +1 -1
  422. package/src/custom_auth/controller/CustomAuthStandardController.ts +33 -0
  423. package/src/custom_auth/core/auth_flow/AuthFlowErrorBase.ts +3 -5
  424. package/src/custom_auth/core/auth_flow/mfa/error_type/MfaError.ts +8 -0
  425. package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +2 -1
  426. package/src/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.ts +1 -0
  427. package/src/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.ts +1 -0
  428. package/src/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.ts +17 -15
  429. package/src/custom_auth/index.ts +22 -0
  430. package/src/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.ts +2 -0
  431. package/src/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.ts +1 -0
  432. package/src/custom_auth/reset_password/auth_flow/state/ResetPasswordStateParameters.ts +2 -0
  433. package/src/custom_auth/sign_in/auth_flow/result/SignInResult.ts +12 -1
  434. package/src/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.ts +27 -1
  435. package/src/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.ts +14 -1
  436. package/src/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.ts +12 -22
  437. package/src/custom_auth/sign_in/auth_flow/state/SignInContinuationState.ts +8 -50
  438. package/src/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.ts +12 -49
  439. package/src/custom_auth/sign_in/auth_flow/state/SignInState.ts +108 -0
  440. package/src/custom_auth/sign_in/auth_flow/state/SignInStateParameters.ts +2 -0
  441. package/src/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.ts +1 -0
  442. package/src/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.ts +4 -0
  443. package/src/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.ts +2 -0
  444. package/src/custom_auth/sign_up/auth_flow/state/SignUpStateParameters.ts +2 -0
  445. package/src/packageMetadata.ts +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.24.1 2025-09-30 */
1
+ /*! @azure/msal-browser v4.25.0 2025-10-09 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -276,7 +276,7 @@ const JsonWebTokenTypes = {
276
276
  // Token renewal offset default in seconds
277
277
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
278
278
 
279
- /*! @azure/msal-common v15.13.0 2025-09-30 */
279
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
280
280
  /*
281
281
  * Copyright (c) Microsoft Corporation. All rights reserved.
282
282
  * Licensed under the MIT License.
@@ -287,7 +287,7 @@ const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
287
287
  const unexpectedError = "unexpected_error";
288
288
  const postRequestFailed$1 = "post_request_failed";
289
289
 
290
- /*! @azure/msal-common v15.13.0 2025-09-30 */
290
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
291
291
 
292
292
  /*
293
293
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -322,7 +322,7 @@ function createAuthError(code, additionalMessage) {
322
322
  : AuthErrorMessages[code]);
323
323
  }
324
324
 
325
- /*! @azure/msal-common v15.13.0 2025-09-30 */
325
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
328
328
  * Licensed under the MIT License.
@@ -372,7 +372,7 @@ const missingTenantIdError = "missing_tenant_id_error";
372
372
  const methodNotImplemented = "method_not_implemented";
373
373
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
374
374
 
375
- /*! @azure/msal-common v15.13.0 2025-09-30 */
375
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
376
376
 
377
377
  /*
378
378
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -446,7 +446,7 @@ function createClientAuthError(errorCode, additionalMessage) {
446
446
  return new ClientAuthError(errorCode, additionalMessage);
447
447
  }
448
448
 
449
- /*! @azure/msal-common v15.13.0 2025-09-30 */
449
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
450
450
 
451
451
  /*
452
452
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -485,7 +485,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
485
485
  },
486
486
  };
487
487
 
488
- /*! @azure/msal-common v15.13.0 2025-09-30 */
488
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
489
489
 
490
490
  /*
491
491
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -676,12 +676,12 @@ class Logger {
676
676
  }
677
677
  }
678
678
 
679
- /*! @azure/msal-common v15.13.0 2025-09-30 */
679
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
680
680
  /* eslint-disable header/header */
681
681
  const name$1 = "@azure/msal-common";
682
682
  const version$1 = "15.13.0";
683
683
 
684
- /*! @azure/msal-common v15.13.0 2025-09-30 */
684
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
685
685
  /*
686
686
  * Copyright (c) Microsoft Corporation. All rights reserved.
687
687
  * Licensed under the MIT License.
@@ -690,7 +690,7 @@ const AzureCloudInstance = {
690
690
  // AzureCloudInstance is not specified.
691
691
  None: "none"};
692
692
 
693
- /*! @azure/msal-common v15.13.0 2025-09-30 */
693
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
694
694
  /*
695
695
  * Copyright (c) Microsoft Corporation. All rights reserved.
696
696
  * Licensed under the MIT License.
@@ -719,7 +719,7 @@ const authorityMismatch = "authority_mismatch";
719
719
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
720
720
  const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
721
721
 
722
- /*! @azure/msal-common v15.13.0 2025-09-30 */
722
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
723
723
 
724
724
  /*
725
725
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -764,7 +764,7 @@ function createClientConfigurationError(errorCode) {
764
764
  return new ClientConfigurationError(errorCode);
765
765
  }
766
766
 
767
- /*! @azure/msal-common v15.13.0 2025-09-30 */
767
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
768
768
  /*
769
769
  * Copyright (c) Microsoft Corporation. All rights reserved.
770
770
  * Licensed under the MIT License.
@@ -861,7 +861,7 @@ class StringUtils {
861
861
  }
862
862
  }
863
863
 
864
- /*! @azure/msal-common v15.13.0 2025-09-30 */
864
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
865
865
 
866
866
  /*
867
867
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1056,7 +1056,7 @@ class ScopeSet {
1056
1056
  }
1057
1057
  }
1058
1058
 
1059
- /*! @azure/msal-common v15.13.0 2025-09-30 */
1059
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
1060
1060
  /*
1061
1061
  * Copyright (c) Microsoft Corporation. All rights reserved.
1062
1062
  * Licensed under the MIT License.
@@ -1138,7 +1138,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1138
1138
  return updatedAccountInfo;
1139
1139
  }
1140
1140
 
1141
- /*! @azure/msal-common v15.13.0 2025-09-30 */
1141
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
1142
1142
 
1143
1143
  /*
1144
1144
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1199,7 +1199,7 @@ function checkMaxAge(authTime, maxAge) {
1199
1199
  }
1200
1200
  }
1201
1201
 
1202
- /*! @azure/msal-common v15.13.0 2025-09-30 */
1202
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
1203
1203
 
1204
1204
  /*
1205
1205
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1315,7 +1315,7 @@ function normalizeUrlForComparison(url) {
1315
1315
  }
1316
1316
  }
1317
1317
 
1318
- /*! @azure/msal-common v15.13.0 2025-09-30 */
1318
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
1319
1319
 
1320
1320
  /*
1321
1321
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1479,7 +1479,7 @@ class UrlString {
1479
1479
  }
1480
1480
  }
1481
1481
 
1482
- /*! @azure/msal-common v15.13.0 2025-09-30 */
1482
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
1483
1483
 
1484
1484
  /*
1485
1485
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1618,7 +1618,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1618
1618
  return null;
1619
1619
  }
1620
1620
 
1621
- /*! @azure/msal-common v15.13.0 2025-09-30 */
1621
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
1622
1622
  /*
1623
1623
  * Copyright (c) Microsoft Corporation. All rights reserved.
1624
1624
  * Licensed under the MIT License.
@@ -1626,7 +1626,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1626
1626
  const cacheQuotaExceeded = "cache_quota_exceeded";
1627
1627
  const cacheErrorUnknown = "cache_error_unknown";
1628
1628
 
1629
- /*! @azure/msal-common v15.13.0 2025-09-30 */
1629
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
1630
1630
 
1631
1631
  /*
1632
1632
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1671,7 +1671,7 @@ function createCacheError(e) {
1671
1671
  }
1672
1672
  }
1673
1673
 
1674
- /*! @azure/msal-common v15.13.0 2025-09-30 */
1674
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
1675
1675
 
1676
1676
  /*
1677
1677
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2779,7 +2779,7 @@ class DefaultStorageClass extends CacheManager {
2779
2779
  }
2780
2780
  }
2781
2781
 
2782
- /*! @azure/msal-common v15.13.0 2025-09-30 */
2782
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
2783
2783
  /*
2784
2784
  * Copyright (c) Microsoft Corporation. All rights reserved.
2785
2785
  * Licensed under the MIT License.
@@ -2803,7 +2803,7 @@ const ProtocolMode = {
2803
2803
  EAR: "EAR",
2804
2804
  };
2805
2805
 
2806
- /*! @azure/msal-common v15.13.0 2025-09-30 */
2806
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
2807
2807
  /*
2808
2808
  * Copyright (c) Microsoft Corporation. All rights reserved.
2809
2809
  * Licensed under the MIT License.
@@ -3070,7 +3070,7 @@ const PerformanceEvents = {
3070
3070
  const PerformanceEventStatus = {
3071
3071
  InProgress: 1};
3072
3072
 
3073
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3073
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3074
3074
 
3075
3075
  /*
3076
3076
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3149,7 +3149,7 @@ class StubPerformanceClient {
3149
3149
  }
3150
3150
  }
3151
3151
 
3152
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3152
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3153
3153
 
3154
3154
  /*
3155
3155
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3249,7 +3249,7 @@ function isOidcProtocolMode(config) {
3249
3249
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3250
3250
  }
3251
3251
 
3252
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3252
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3253
3253
  /*
3254
3254
  * Copyright (c) Microsoft Corporation. All rights reserved.
3255
3255
  * Licensed under the MIT License.
@@ -3259,7 +3259,7 @@ const CcsCredentialType = {
3259
3259
  UPN: "UPN",
3260
3260
  };
3261
3261
 
3262
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3262
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3263
3263
 
3264
3264
  /*
3265
3265
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3299,7 +3299,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
3299
3299
  };
3300
3300
  }
3301
3301
 
3302
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3302
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3303
3303
  /*
3304
3304
  * Copyright (c) Microsoft Corporation. All rights reserved.
3305
3305
  * Licensed under the MIT License.
@@ -3349,7 +3349,7 @@ const INSTANCE_AWARE = "instance_aware";
3349
3349
  const EAR_JWK = "ear_jwk";
3350
3350
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
3351
3351
 
3352
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3352
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3353
3353
 
3354
3354
  /*
3355
3355
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3729,7 +3729,7 @@ function addPostBodyParameters(parameters, bodyParameters) {
3729
3729
  });
3730
3730
  }
3731
3731
 
3732
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3732
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3733
3733
  /*
3734
3734
  * Copyright (c) Microsoft Corporation. All rights reserved.
3735
3735
  * Licensed under the MIT License.
@@ -3744,7 +3744,7 @@ const AuthorityType = {
3744
3744
  Ciam: 3,
3745
3745
  };
3746
3746
 
3747
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3747
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3748
3748
  /*
3749
3749
  * Copyright (c) Microsoft Corporation. All rights reserved.
3750
3750
  * Licensed under the MIT License.
@@ -3756,7 +3756,7 @@ function isOpenIdConfigResponse(response) {
3756
3756
  response.hasOwnProperty("jwks_uri"));
3757
3757
  }
3758
3758
 
3759
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3759
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3760
3760
  /*
3761
3761
  * Copyright (c) Microsoft Corporation. All rights reserved.
3762
3762
  * Licensed under the MIT License.
@@ -3766,7 +3766,7 @@ function isCloudInstanceDiscoveryResponse(response) {
3766
3766
  response.hasOwnProperty("metadata"));
3767
3767
  }
3768
3768
 
3769
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3769
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3770
3770
  /*
3771
3771
  * Copyright (c) Microsoft Corporation. All rights reserved.
3772
3772
  * Licensed under the MIT License.
@@ -3776,7 +3776,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
3776
3776
  response.hasOwnProperty("error_description"));
3777
3777
  }
3778
3778
 
3779
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3779
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3780
3780
  /*
3781
3781
  * Copyright (c) Microsoft Corporation. All rights reserved.
3782
3782
  * Licensed under the MIT License.
@@ -3872,7 +3872,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
3872
3872
  };
3873
3873
  };
3874
3874
 
3875
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3875
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3876
3876
 
3877
3877
  /*
3878
3878
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3978,7 +3978,7 @@ RegionDiscovery.IMDS_OPTIONS = {
3978
3978
  },
3979
3979
  };
3980
3980
 
3981
- /*! @azure/msal-common v15.13.0 2025-09-30 */
3981
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
3982
3982
  /*
3983
3983
  * Copyright (c) Microsoft Corporation. All rights reserved.
3984
3984
  * Licensed under the MIT License.
@@ -4043,7 +4043,7 @@ function wasClockTurnedBack(cachedAt) {
4043
4043
  return cachedAtSec > nowSeconds();
4044
4044
  }
4045
4045
 
4046
- /*! @azure/msal-common v15.13.0 2025-09-30 */
4046
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
4047
4047
 
4048
4048
  /*
4049
4049
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4305,7 +4305,7 @@ function isAuthorityMetadataExpired(metadata) {
4305
4305
  return metadata.expiresAt <= nowSeconds();
4306
4306
  }
4307
4307
 
4308
- /*! @azure/msal-common v15.13.0 2025-09-30 */
4308
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
4309
4309
 
4310
4310
  /*
4311
4311
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5144,7 +5144,7 @@ function buildStaticAuthorityOptions(authOptions) {
5144
5144
  };
5145
5145
  }
5146
5146
 
5147
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5147
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5148
5148
 
5149
5149
  /*
5150
5150
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5175,7 +5175,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5175
5175
  }
5176
5176
  }
5177
5177
 
5178
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5178
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5179
5179
 
5180
5180
  /*
5181
5181
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5194,7 +5194,7 @@ class ServerError extends AuthError {
5194
5194
  }
5195
5195
  }
5196
5196
 
5197
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5197
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5198
5198
  /*
5199
5199
  * Copyright (c) Microsoft Corporation. All rights reserved.
5200
5200
  * Licensed under the MIT License.
@@ -5215,7 +5215,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
5215
5215
  };
5216
5216
  }
5217
5217
 
5218
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5218
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5219
5219
 
5220
5220
  /*
5221
5221
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5302,7 +5302,7 @@ class ThrottlingUtils {
5302
5302
  }
5303
5303
  }
5304
5304
 
5305
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5305
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5306
5306
 
5307
5307
  /*
5308
5308
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5333,7 +5333,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5333
5333
  return new NetworkError(error, httpStatus, responseHeaders);
5334
5334
  }
5335
5335
 
5336
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5336
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5337
5337
 
5338
5338
  /*
5339
5339
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5481,7 +5481,7 @@ class BaseClient {
5481
5481
  }
5482
5482
  }
5483
5483
 
5484
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5484
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5485
5485
  /*
5486
5486
  * Copyright (c) Microsoft Corporation. All rights reserved.
5487
5487
  * Licensed under the MIT License.
@@ -5503,7 +5503,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
5503
5503
  return null;
5504
5504
  }
5505
5505
 
5506
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5506
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5507
5507
 
5508
5508
  /*
5509
5509
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5724,7 +5724,7 @@ class AccountEntity {
5724
5724
  }
5725
5725
  }
5726
5726
 
5727
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5727
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5728
5728
  /*
5729
5729
  * Copyright (c) Microsoft Corporation. All rights reserved.
5730
5730
  * Licensed under the MIT License.
@@ -5740,7 +5740,7 @@ const consentRequired = "consent_required";
5740
5740
  const loginRequired = "login_required";
5741
5741
  const badToken = "bad_token";
5742
5742
 
5743
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5743
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5744
5744
 
5745
5745
  /*
5746
5746
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5812,7 +5812,7 @@ function createInteractionRequiredAuthError(errorCode) {
5812
5812
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
5813
5813
  }
5814
5814
 
5815
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5815
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5816
5816
 
5817
5817
  /*
5818
5818
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5884,7 +5884,7 @@ class ProtocolUtils {
5884
5884
  }
5885
5885
  }
5886
5886
 
5887
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5887
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5888
5888
 
5889
5889
  /*
5890
5890
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5966,7 +5966,7 @@ class PopTokenGenerator {
5966
5966
  }
5967
5967
  }
5968
5968
 
5969
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5969
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5970
5970
  /*
5971
5971
  * Copyright (c) Microsoft Corporation. All rights reserved.
5972
5972
  * Licensed under the MIT License.
@@ -5993,7 +5993,7 @@ class PopTokenGenerator {
5993
5993
  }
5994
5994
  }
5995
5995
 
5996
- /*! @azure/msal-common v15.13.0 2025-09-30 */
5996
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
5997
5997
 
5998
5998
  /*
5999
5999
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6324,7 +6324,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6324
6324
  return baseAccount;
6325
6325
  }
6326
6326
 
6327
- /*! @azure/msal-common v15.13.0 2025-09-30 */
6327
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
6328
6328
  /*
6329
6329
  * Copyright (c) Microsoft Corporation. All rights reserved.
6330
6330
  * Licensed under the MIT License.
@@ -6342,7 +6342,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
6342
6342
  }
6343
6343
  }
6344
6344
 
6345
- /*! @azure/msal-common v15.13.0 2025-09-30 */
6345
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
6346
6346
 
6347
6347
  /*
6348
6348
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6577,7 +6577,7 @@ class AuthorizationCodeClient extends BaseClient {
6577
6577
  }
6578
6578
  }
6579
6579
 
6580
- /*! @azure/msal-common v15.13.0 2025-09-30 */
6580
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
6581
6581
 
6582
6582
  /*
6583
6583
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6786,7 +6786,7 @@ class RefreshTokenClient extends BaseClient {
6786
6786
  }
6787
6787
  }
6788
6788
 
6789
- /*! @azure/msal-common v15.13.0 2025-09-30 */
6789
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
6790
6790
 
6791
6791
  /*
6792
6792
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6884,7 +6884,7 @@ class SilentFlowClient extends BaseClient {
6884
6884
  }
6885
6885
  }
6886
6886
 
6887
- /*! @azure/msal-common v15.13.0 2025-09-30 */
6887
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
6888
6888
 
6889
6889
  /*
6890
6890
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6899,7 +6899,7 @@ const StubbedNetworkModule = {
6899
6899
  },
6900
6900
  };
6901
6901
 
6902
- /*! @azure/msal-common v15.13.0 2025-09-30 */
6902
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
6903
6903
 
6904
6904
  /*
6905
6905
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7123,7 +7123,7 @@ function extractLoginHint(account) {
7123
7123
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7124
7124
  }
7125
7125
 
7126
- /*! @azure/msal-common v15.13.0 2025-09-30 */
7126
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
7127
7127
 
7128
7128
  /*
7129
7129
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7386,7 +7386,7 @@ class ServerTelemetryManager {
7386
7386
  }
7387
7387
  }
7388
7388
 
7389
- /*! @azure/msal-common v15.13.0 2025-09-30 */
7389
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
7390
7390
  /*
7391
7391
  * Copyright (c) Microsoft Corporation. All rights reserved.
7392
7392
  * Licensed under the MIT License.
@@ -7394,7 +7394,7 @@ class ServerTelemetryManager {
7394
7394
  const missingKidError = "missing_kid_error";
7395
7395
  const missingAlgError = "missing_alg_error";
7396
7396
 
7397
- /*! @azure/msal-common v15.13.0 2025-09-30 */
7397
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
7398
7398
 
7399
7399
  /*
7400
7400
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7419,7 +7419,7 @@ function createJoseHeaderError(code) {
7419
7419
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
7420
7420
  }
7421
7421
 
7422
- /*! @azure/msal-common v15.13.0 2025-09-30 */
7422
+ /*! @azure/msal-common v15.13.0 2025-10-09 */
7423
7423
 
7424
7424
  /*
7425
7425
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7637,7 +7637,8 @@ const INVALID_POLL_STATUS = "invalid_poll_status";
7637
7637
  const PASSWORD_CHANGE_FAILED = "password_change_failed";
7638
7638
  const PASSWORD_RESET_TIMEOUT = "password_reset_timeout";
7639
7639
  const CLIENT_INFO_MISSING = "client_info_missing";
7640
- const EXPIRED_TOKEN = "expired_token";
7640
+ const EXPIRED_TOKEN = "expired_token";
7641
+ const ACCESS_DENIED = "access_denied";
7641
7642
 
7642
7643
  /*
7643
7644
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7652,7 +7653,8 @@ const PASSWORD_IS_INVALID = "password_is_invalid";
7652
7653
  const INVALID_OOB_VALUE = "invalid_oob_value";
7653
7654
  const ATTRIBUTE_VALIATION_FAILED = "attribute_validation_failed";
7654
7655
  const REGISTRATION_REQUIRED = "registration_required";
7655
- const MFA_REQUIRED = "mfa_required";
7656
+ const MFA_REQUIRED = "mfa_required";
7657
+ const PROVIDER_BLOCKED_BY_REPUTATION = "provider_blocked_by_rep";
7656
7658
 
7657
7659
  /*
7658
7660
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7756,9 +7758,9 @@ class AuthFlowErrorBase {
7756
7758
  }
7757
7759
  isVerificationContactBlockedError() {
7758
7760
  return (this.errorData instanceof CustomAuthApiError &&
7759
- this.errorData.error === INVALID_REQUEST &&
7760
- this.errorData.errorCodes?.includes(550024) === true &&
7761
- this.errorData.errorDescription?.includes("multi-factor authentication method is blocked") === true);
7761
+ this.errorData.error === ACCESS_DENIED &&
7762
+ this.errorData.subError ===
7763
+ PROVIDER_BLOCKED_BY_REPUTATION);
7762
7764
  }
7763
7765
  }
7764
7766
  class AuthActionErrorBase extends AuthFlowErrorBase {
@@ -7852,7 +7854,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7852
7854
 
7853
7855
  /* eslint-disable header/header */
7854
7856
  const name = "@azure/msal-browser";
7855
- const version = "4.24.1";
7857
+ const version = "4.25.0";
7856
7858
 
7857
7859
  /*
7858
7860
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8050,6 +8052,67 @@ class SignInSubmitCodeError extends AuthActionErrorBase {
8050
8052
  class SignInResendCodeError extends AuthActionErrorBase {
8051
8053
  }
8052
8054
 
8055
+ /*
8056
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8057
+ * Licensed under the MIT License.
8058
+ */
8059
+ /**
8060
+ * Represents the state of a sign-in operation that has been failed.
8061
+ */
8062
+ class SignInFailedState extends AuthFlowStateBase {
8063
+ }
8064
+
8065
+ /*
8066
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8067
+ * Licensed under the MIT License.
8068
+ */
8069
+ class SignInResendCodeResult extends AuthFlowResultBase {
8070
+ /**
8071
+ * Creates a new instance of SignInResendCodeResult.
8072
+ * @param state The state of the result.
8073
+ */
8074
+ constructor(state) {
8075
+ super(state);
8076
+ }
8077
+ /**
8078
+ * Creates a new instance of SignInResendCodeResult with an error.
8079
+ * @param error The error that occurred.
8080
+ * @returns {SignInResendCodeResult} A new instance of SignInResendCodeResult with the error set.
8081
+ */
8082
+ static createWithError(error) {
8083
+ const result = new SignInResendCodeResult(new SignInFailedState());
8084
+ result.error = new SignInResendCodeError(SignInResendCodeResult.createErrorData(error));
8085
+ return result;
8086
+ }
8087
+ /**
8088
+ * Checks if the result is in a failed state.
8089
+ */
8090
+ isFailed() {
8091
+ return this.state instanceof SignInFailedState;
8092
+ }
8093
+ /**
8094
+ * Checks if the result is in a code required state.
8095
+ */
8096
+ isCodeRequired() {
8097
+ /*
8098
+ * The instanceof operator couldn't be used here to check the state type since the circular dependency issue.
8099
+ * So we are using the constructor name to check the state type.
8100
+ */
8101
+ return this.state.constructor?.name === "SignInCodeRequiredState";
8102
+ }
8103
+ }
8104
+
8105
+ /*
8106
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8107
+ * Licensed under the MIT License.
8108
+ */
8109
+ /**
8110
+ * Represents the completed state of the sign-in operation.
8111
+ * This state indicates that the sign-in process has finished successfully.
8112
+ */
8113
+ class SignInCompletedState extends AuthFlowStateBase {
8114
+ }
8115
+
8053
8116
  /*
8054
8117
  * Copyright (c) Microsoft Corporation. All rights reserved.
8055
8118
  * Licensed under the MIT License.
@@ -8278,49 +8341,55 @@ class CustomAuthAccountData {
8278
8341
  * Copyright (c) Microsoft Corporation. All rights reserved.
8279
8342
  * Licensed under the MIT License.
8280
8343
  */
8281
- /**
8282
- * Represents the state of a sign-in operation that has been failed.
8283
- */
8284
- class SignInFailedState extends AuthFlowStateBase {
8344
+ // Result type constants
8345
+ const JIT_VERIFICATION_REQUIRED_RESULT_TYPE = "JitVerificationRequiredResult";
8346
+ const JIT_COMPLETED_RESULT_TYPE = "JitCompletedResult";
8347
+ function createJitVerificationRequiredResult(input) {
8348
+ return {
8349
+ type: JIT_VERIFICATION_REQUIRED_RESULT_TYPE,
8350
+ ...input,
8351
+ };
8352
+ }
8353
+ function createJitCompletedResult(input) {
8354
+ return {
8355
+ type: JIT_COMPLETED_RESULT_TYPE,
8356
+ ...input,
8357
+ };
8285
8358
  }
8286
8359
 
8287
8360
  /*
8288
8361
  * Copyright (c) Microsoft Corporation. All rights reserved.
8289
8362
  * Licensed under the MIT License.
8290
8363
  */
8291
- class SignInResendCodeResult extends AuthFlowResultBase {
8292
- /**
8293
- * Creates a new instance of SignInResendCodeResult.
8294
- * @param state The state of the result.
8295
- */
8296
- constructor(state) {
8297
- super(state);
8298
- }
8364
+ /**
8365
+ * Error that occurred during authentication method challenge request.
8366
+ */
8367
+ class AuthMethodRegistrationChallengeMethodError extends AuthActionErrorBase {
8299
8368
  /**
8300
- * Creates a new instance of SignInResendCodeResult with an error.
8301
- * @param error The error that occurred.
8302
- * @returns {SignInResendCodeResult} A new instance of SignInResendCodeResult with the error set.
8369
+ * Checks if the input for auth method registration is incorrect.
8370
+ * @returns true if the input is incorrect, false otherwise.
8303
8371
  */
8304
- static createWithError(error) {
8305
- const result = new SignInResendCodeResult(new SignInFailedState());
8306
- result.error = new SignInResendCodeError(SignInResendCodeResult.createErrorData(error));
8307
- return result;
8372
+ isInvalidInput() {
8373
+ return this.isInvalidInputError();
8308
8374
  }
8309
8375
  /**
8310
- * Checks if the result is in a failed state.
8376
+ * Checks if the error is due to the verification contact (e.g., phone number or email) being blocked. Consider using a different email/phone number or a different authentication method.
8377
+ * @returns true if the error is due to the verification contact being blocked, false otherwise.
8311
8378
  */
8312
- isFailed() {
8313
- return this.state instanceof SignInFailedState;
8379
+ isVerificationContactBlocked() {
8380
+ return this.isVerificationContactBlockedError();
8314
8381
  }
8382
+ }
8383
+ /**
8384
+ * Error that occurred during authentication method challenge submission.
8385
+ */
8386
+ class AuthMethodRegistrationSubmitChallengeError extends AuthActionErrorBase {
8315
8387
  /**
8316
- * Checks if the result is in a code required state.
8388
+ * Checks if the submitted challenge code is incorrect.
8389
+ * @returns true if the challenge code is incorrect, false otherwise.
8317
8390
  */
8318
- isCodeRequired() {
8319
- /*
8320
- * The instanceof operator couldn't be used here to check the state type since the circular dependency issue.
8321
- * So we are using the constructor name to check the state type.
8322
- */
8323
- return this.state.constructor?.name === "SignInCodeRequiredState";
8391
+ isIncorrectChallenge() {
8392
+ return this.isInvalidCodeError();
8324
8393
  }
8325
8394
  }
8326
8395
 
@@ -8328,42 +8397,53 @@ class SignInResendCodeResult extends AuthFlowResultBase {
8328
8397
  * Copyright (c) Microsoft Corporation. All rights reserved.
8329
8398
  * Licensed under the MIT License.
8330
8399
  */
8331
- /**
8332
- * Represents the completed state of the sign-in operation.
8333
- * This state indicates that the sign-in process has finished successfully.
8334
- */
8335
- class SignInCompletedState extends AuthFlowStateBase {
8400
+ class AuthMethodRegistrationFailedState extends AuthFlowStateBase {
8336
8401
  }
8337
8402
 
8338
8403
  /*
8339
8404
  * Copyright (c) Microsoft Corporation. All rights reserved.
8340
8405
  * Licensed under the MIT License.
8341
8406
  */
8342
- /*
8343
- * Result of a sign-in submit code operation.
8407
+ /**
8408
+ * Result of challenging an authentication method for registration.
8409
+ * Uses base state type to avoid circular dependencies.
8344
8410
  */
8345
- class SignInSubmitCodeResult extends AuthFlowResultBase {
8411
+ class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultBase {
8346
8412
  /**
8347
- * Creates a new instance of SignInSubmitCodeResult with error data.
8413
+ * Creates an AuthMethodRegistrationChallengeMethodResult with an error.
8348
8414
  * @param error The error that occurred.
8349
- * @returns {SignInSubmitCodeResult} A new instance of SignInSubmitCodeResult with the error set.
8415
+ * @returns The AuthMethodRegistrationChallengeMethodResult with error.
8350
8416
  */
8351
8417
  static createWithError(error) {
8352
- const result = new SignInSubmitCodeResult(new SignInFailedState());
8353
- result.error = new SignInSubmitCodeError(SignInSubmitCodeResult.createErrorData(error));
8418
+ const result = new AuthMethodRegistrationChallengeMethodResult(new AuthMethodRegistrationFailedState());
8419
+ result.error = new AuthMethodRegistrationChallengeMethodError(AuthMethodRegistrationChallengeMethodResult.createErrorData(error));
8354
8420
  return result;
8355
8421
  }
8356
8422
  /**
8357
- * Checks if the result is in a failed state.
8423
+ * Checks if the result indicates that verification is required.
8424
+ * @returns true if verification is required, false otherwise.
8425
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8358
8426
  */
8359
- isFailed() {
8360
- return this.state instanceof SignInFailedState;
8427
+ isVerificationRequired() {
8428
+ return (this.state.constructor?.name ===
8429
+ "AuthMethodVerificationRequiredState");
8361
8430
  }
8362
8431
  /**
8363
- * Checks if the result is in a completed state.
8432
+ * Checks if the result indicates that registration is completed (fast-pass scenario).
8433
+ * @returns true if registration is completed, false otherwise.
8434
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8364
8435
  */
8365
8436
  isCompleted() {
8366
- return this.state instanceof SignInCompletedState;
8437
+ return (this.state.constructor?.name ===
8438
+ "AuthMethodRegistrationCompletedState");
8439
+ }
8440
+ /**
8441
+ * Checks if the result is in a failed state.
8442
+ * @returns true if the result is failed, false otherwise.
8443
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8444
+ */
8445
+ isFailed() {
8446
+ return this.state instanceof AuthMethodRegistrationFailedState;
8367
8447
  }
8368
8448
  }
8369
8449
 
@@ -8371,18 +8451,36 @@ class SignInSubmitCodeResult extends AuthFlowResultBase {
8371
8451
  * Copyright (c) Microsoft Corporation. All rights reserved.
8372
8452
  * Licensed under the MIT License.
8373
8453
  */
8374
- /*
8375
- * Base state handler for sign-in flow.
8454
+ /**
8455
+ * Result of submitting a challenge for authentication method registration.
8376
8456
  */
8377
- class SignInState extends AuthFlowActionRequiredStateBase {
8378
- /*
8379
- * Creates a new SignInState.
8380
- * @param stateParameters - The state parameters for sign-in.
8457
+ class AuthMethodRegistrationSubmitChallengeResult extends AuthFlowResultBase {
8458
+ /**
8459
+ * Creates an AuthMethodRegistrationSubmitChallengeResult with an error.
8460
+ * @param error The error that occurred.
8461
+ * @returns The AuthMethodRegistrationSubmitChallengeResult with error.
8381
8462
  */
8382
- constructor(stateParameters) {
8383
- super(stateParameters);
8384
- ensureArgumentIsNotEmptyString("username", stateParameters.username, stateParameters.correlationId);
8385
- ensureArgumentIsNotEmptyString("continuationToken", stateParameters.continuationToken, stateParameters.correlationId);
8463
+ static createWithError(error) {
8464
+ const result = new AuthMethodRegistrationSubmitChallengeResult(new AuthMethodRegistrationFailedState());
8465
+ result.error = new AuthMethodRegistrationSubmitChallengeError(AuthMethodRegistrationSubmitChallengeResult.createErrorData(error));
8466
+ return result;
8467
+ }
8468
+ /**
8469
+ * Checks if the result indicates that registration is completed.
8470
+ * @returns true if registration is completed, false otherwise.
8471
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8472
+ */
8473
+ isCompleted() {
8474
+ return (this.state.constructor?.name ===
8475
+ "AuthMethodRegistrationCompletedState");
8476
+ }
8477
+ /**
8478
+ * Checks if the result is in a failed state.
8479
+ * @returns true if the result is failed, false otherwise.
8480
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8481
+ */
8482
+ isFailed() {
8483
+ return this.state instanceof AuthMethodRegistrationFailedState;
8386
8484
  }
8387
8485
  }
8388
8486
 
@@ -8390,174 +8488,179 @@ class SignInState extends AuthFlowActionRequiredStateBase {
8390
8488
  * Copyright (c) Microsoft Corporation. All rights reserved.
8391
8489
  * Licensed under the MIT License.
8392
8490
  */
8393
- const SIGN_IN_CODE_SEND_RESULT_TYPE = "SignInCodeSendResult";
8394
- const SIGN_IN_PASSWORD_REQUIRED_RESULT_TYPE = "SignInPasswordRequiredResult";
8395
- const SIGN_IN_COMPLETED_RESULT_TYPE = "SignInCompletedResult";
8396
- const SIGN_IN_JIT_REQUIRED_RESULT_TYPE = "SignInJitRequiredResult";
8397
- const SIGN_IN_MFA_REQUIRED_RESULT_TYPE = "SignInMfaRequiredResult";
8398
- function createSignInCompleteResult(input) {
8399
- return {
8400
- type: SIGN_IN_COMPLETED_RESULT_TYPE,
8401
- ...input,
8402
- };
8403
- }
8404
- function createSignInPasswordRequiredResult(input) {
8405
- return {
8406
- type: SIGN_IN_PASSWORD_REQUIRED_RESULT_TYPE,
8407
- ...input,
8408
- };
8409
- }
8410
- function createSignInCodeSendResult(input) {
8411
- return {
8412
- type: SIGN_IN_CODE_SEND_RESULT_TYPE,
8413
- ...input,
8414
- };
8415
- }
8416
- function createSignInJitRequiredResult(input) {
8417
- return {
8418
- type: SIGN_IN_JIT_REQUIRED_RESULT_TYPE,
8419
- ...input,
8420
- };
8421
- }
8422
- function createSignInMfaRequiredResult(input) {
8423
- return {
8424
- type: SIGN_IN_MFA_REQUIRED_RESULT_TYPE,
8425
- ...input,
8426
- };
8491
+ class AuthMethodRegistrationCompletedState extends AuthFlowStateBase {
8427
8492
  }
8428
8493
 
8429
8494
  /*
8430
8495
  * Copyright (c) Microsoft Corporation. All rights reserved.
8431
8496
  * Licensed under the MIT License.
8432
8497
  */
8433
- /*
8434
- * Sign-in code required state.
8498
+ /**
8499
+ * Abstract base class for authentication method registration states.
8435
8500
  */
8436
- class SignInCodeRequiredState extends SignInState {
8501
+ class AuthMethodRegistrationState extends AuthFlowActionRequiredStateBase {
8437
8502
  /**
8438
- * Once user configures email one-time passcode as a authentication method in Microsoft Entra, a one-time passcode will be sent to the user’s email.
8439
- * Submit this one-time passcode to continue sign-in flow.
8440
- * @param {string} code - The code to submit.
8441
- * @returns {Promise<SignInSubmitCodeResult>} The result of the operation.
8442
- */
8443
- async submitCode(code) {
8503
+ * Internal method to challenge an authentication method.
8504
+ * @param authMethodDetails The authentication method details to challenge.
8505
+ * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
8506
+ */
8507
+ async challengeAuthMethodInternal(authMethodDetails) {
8444
8508
  try {
8445
- this.ensureCodeIsValid(code, this.stateParameters.codeLength);
8446
- const submitCodeParams = {
8447
- clientId: this.stateParameters.config.auth.clientId,
8509
+ this.stateParameters.logger.verbose(`Challenging authentication method - '${authMethodDetails.authMethodType.id}' for auth method registration.`, this.stateParameters.correlationId);
8510
+ const challengeParams = {
8448
8511
  correlationId: this.stateParameters.correlationId,
8449
- challengeType: this.stateParameters.config.customAuth.challengeTypes ?? [],
8450
- scopes: this.stateParameters.scopes ?? [],
8451
8512
  continuationToken: this.stateParameters.continuationToken ?? "",
8452
- code: code,
8513
+ authMethod: authMethodDetails.authMethodType,
8514
+ verificationContact: authMethodDetails.verificationContact,
8515
+ scopes: this.stateParameters.scopes ?? [],
8453
8516
  username: this.stateParameters.username,
8454
8517
  claims: this.stateParameters.claims,
8455
8518
  };
8456
- this.stateParameters.logger.verbose("Submitting code for sign-in.", this.stateParameters.correlationId);
8457
- const submitCodeResult = await this.stateParameters.signInClient.submitCode(submitCodeParams);
8458
- this.stateParameters.logger.verbose("Code submitted for sign-in.", this.stateParameters.correlationId);
8459
- if (submitCodeResult.type === SIGN_IN_COMPLETED_RESULT_TYPE) {
8460
- const accountInfo = new CustomAuthAccountData(submitCodeResult.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, this.stateParameters.correlationId);
8461
- return new SignInSubmitCodeResult(new SignInCompletedState(), accountInfo);
8519
+ const result = await this.stateParameters.jitClient.challengeAuthMethod(challengeParams);
8520
+ this.stateParameters.logger.verbose("Authentication method challenged successfully for auth method registration.", this.stateParameters.correlationId);
8521
+ if (result.type === JIT_VERIFICATION_REQUIRED_RESULT_TYPE) {
8522
+ // Verification required
8523
+ this.stateParameters.logger.verbose("Auth method verification required.", this.stateParameters.correlationId);
8524
+ return new AuthMethodRegistrationChallengeMethodResult(new AuthMethodVerificationRequiredState({
8525
+ correlationId: result.correlationId,
8526
+ continuationToken: result.continuationToken,
8527
+ config: this.stateParameters.config,
8528
+ logger: this.stateParameters.logger,
8529
+ jitClient: this.stateParameters.jitClient,
8530
+ cacheClient: this.stateParameters.cacheClient,
8531
+ challengeChannel: result.challengeChannel,
8532
+ challengeTargetLabel: result.challengeTargetLabel,
8533
+ codeLength: result.codeLength,
8534
+ scopes: this.stateParameters.scopes ?? [],
8535
+ username: this.stateParameters.username,
8536
+ claims: this.stateParameters.claims,
8537
+ }));
8538
+ }
8539
+ else if (result.type === JIT_COMPLETED_RESULT_TYPE) {
8540
+ // Registration completed (fast-pass scenario)
8541
+ this.stateParameters.logger.verbose("Auth method registration completed via fast-pass.", this.stateParameters.correlationId);
8542
+ const accountInfo = new CustomAuthAccountData(result.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, this.stateParameters.correlationId);
8543
+ return new AuthMethodRegistrationChallengeMethodResult(new AuthMethodRegistrationCompletedState(), accountInfo);
8462
8544
  }
8463
8545
  else {
8464
- // Unexpected result type
8465
- const result = submitCodeResult;
8466
- const error = new Error(`Unexpected result type: ${result.type}`);
8467
- return SignInSubmitCodeResult.createWithError(error);
8546
+ // Handle unexpected result type with proper typing
8547
+ this.stateParameters.logger.error("Unexpected result type from auth challenge method", this.stateParameters.correlationId);
8548
+ throw new UnexpectedError("Unexpected result type from auth challenge method");
8468
8549
  }
8469
8550
  }
8470
8551
  catch (error) {
8471
- this.stateParameters.logger.errorPii(`Failed to submit code for sign-in. Error: ${error}.`, this.stateParameters.correlationId);
8472
- return SignInSubmitCodeResult.createWithError(error);
8552
+ this.stateParameters.logger.error("Failed to challenge authentication method for auth method registration.", this.stateParameters.correlationId);
8553
+ return AuthMethodRegistrationChallengeMethodResult.createWithError(error);
8473
8554
  }
8474
8555
  }
8556
+ }
8557
+ /**
8558
+ * State indicating that authentication method registration is required.
8559
+ */
8560
+ class AuthMethodRegistrationRequiredState extends AuthMethodRegistrationState {
8475
8561
  /**
8476
- * Resends the another one-time passcode for sign-in flow if the previous one hasn't been verified.
8477
- * @returns {Promise<SignInResendCodeResult>} The result of the operation.
8562
+ * Gets the available authentication methods for registration.
8563
+ * @returns Array of available authentication methods.
8564
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8478
8565
  */
8479
- async resendCode() {
8566
+ getAuthMethods() {
8567
+ return this.stateParameters.authMethods;
8568
+ }
8569
+ /**
8570
+ * Challenges an authentication method for registration.
8571
+ * @param authMethodDetails The authentication method details to challenge.
8572
+ * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
8573
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8574
+ */
8575
+ async challengeAuthMethod(authMethodDetails) {
8576
+ return this.challengeAuthMethodInternal(authMethodDetails);
8577
+ }
8578
+ }
8579
+ /**
8580
+ * State indicating that verification is required for the challenged authentication method.
8581
+ */
8582
+ class AuthMethodVerificationRequiredState extends AuthMethodRegistrationState {
8583
+ /**
8584
+ * Gets the length of the expected verification code.
8585
+ * @returns The code length.
8586
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8587
+ */
8588
+ getCodeLength() {
8589
+ return this.stateParameters.codeLength;
8590
+ }
8591
+ /**
8592
+ * Gets the channel through which the challenge was sent.
8593
+ * @returns The challenge channel (e.g., "email").
8594
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8595
+ */
8596
+ getChannel() {
8597
+ return this.stateParameters.challengeChannel;
8598
+ }
8599
+ /**
8600
+ * Gets the target label indicating where the challenge was sent.
8601
+ * @returns The challenge target label (e.g., masked email address).
8602
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8603
+ */
8604
+ getSentTo() {
8605
+ return this.stateParameters.challengeTargetLabel;
8606
+ }
8607
+ /**
8608
+ * Submits the verification challenge to complete the authentication method registration.
8609
+ * @param code The verification code entered by the user.
8610
+ * @returns Promise that resolves to AuthMethodRegistrationSubmitChallengeResult.
8611
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8612
+ */
8613
+ async submitChallenge(code) {
8480
8614
  try {
8481
- const submitCodeParams = {
8482
- clientId: this.stateParameters.config.auth.clientId,
8615
+ this.ensureCodeIsValid(code, this.getCodeLength());
8616
+ this.stateParameters.logger.verbose("Submitting auth method challenge.", this.stateParameters.correlationId);
8617
+ const submitParams = {
8483
8618
  correlationId: this.stateParameters.correlationId,
8484
- challengeType: this.stateParameters.config.customAuth.challengeTypes ?? [],
8485
8619
  continuationToken: this.stateParameters.continuationToken ?? "",
8620
+ scopes: this.stateParameters.scopes ?? [],
8621
+ grantType: GrantType.OOB,
8622
+ challenge: code,
8486
8623
  username: this.stateParameters.username,
8624
+ claims: this.stateParameters.claims,
8487
8625
  };
8488
- this.stateParameters.logger.verbose("Resending code for sign-in.", this.stateParameters.correlationId);
8489
- const result = await this.stateParameters.signInClient.resendCode(submitCodeParams);
8490
- this.stateParameters.logger.verbose("Code resent for sign-in.", this.stateParameters.correlationId);
8491
- return new SignInResendCodeResult(new SignInCodeRequiredState({
8492
- correlationId: result.correlationId,
8493
- continuationToken: result.continuationToken,
8494
- logger: this.stateParameters.logger,
8495
- config: this.stateParameters.config,
8496
- signInClient: this.stateParameters.signInClient,
8497
- cacheClient: this.stateParameters.cacheClient,
8498
- jitClient: this.stateParameters.jitClient,
8499
- username: this.stateParameters.username,
8500
- codeLength: result.codeLength,
8501
- scopes: this.stateParameters.scopes,
8502
- }));
8626
+ const result = await this.stateParameters.jitClient.submitChallenge(submitParams);
8627
+ this.stateParameters.logger.verbose("Auth method challenge submitted successfully.", this.stateParameters.correlationId);
8628
+ const accountInfo = new CustomAuthAccountData(result.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, this.stateParameters.correlationId);
8629
+ return new AuthMethodRegistrationSubmitChallengeResult(new AuthMethodRegistrationCompletedState(), accountInfo);
8503
8630
  }
8504
8631
  catch (error) {
8505
- return SignInResendCodeResult.createWithError(error);
8632
+ this.stateParameters.logger.error("Failed to submit auth method challenge.", this.stateParameters.correlationId);
8633
+ return AuthMethodRegistrationSubmitChallengeResult.createWithError(error);
8506
8634
  }
8507
8635
  }
8508
8636
  /**
8509
- * Gets the sent code length.
8510
- * @returns {number} The length of the code.
8511
- */
8512
- getCodeLength() {
8513
- return this.stateParameters.codeLength;
8514
- }
8515
- /**
8516
- * Gets the scopes to request.
8517
- * @returns {string[] | undefined} The scopes to request.
8637
+ * Challenges a different authentication method for registration.
8638
+ * @param authMethodDetails The authentication method details to challenge.
8639
+ * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
8640
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8518
8641
  */
8519
- getScopes() {
8520
- return this.stateParameters.scopes;
8642
+ async challengeAuthMethod(authMethodDetails) {
8643
+ return this.challengeAuthMethodInternal(authMethodDetails);
8521
8644
  }
8522
8645
  }
8523
8646
 
8524
- /*
8525
- * Copyright (c) Microsoft Corporation. All rights reserved.
8526
- * Licensed under the MIT License.
8527
- */
8528
- // Result type constants
8529
- const JIT_VERIFICATION_REQUIRED_RESULT_TYPE = "JitVerificationRequiredResult";
8530
- const JIT_COMPLETED_RESULT_TYPE = "JitCompletedResult";
8531
- function createJitVerificationRequiredResult(input) {
8532
- return {
8533
- type: JIT_VERIFICATION_REQUIRED_RESULT_TYPE,
8534
- ...input,
8535
- };
8536
- }
8537
- function createJitCompletedResult(input) {
8538
- return {
8539
- type: JIT_COMPLETED_RESULT_TYPE,
8540
- ...input,
8541
- };
8542
- }
8543
-
8544
8647
  /*
8545
8648
  * Copyright (c) Microsoft Corporation. All rights reserved.
8546
8649
  * Licensed under the MIT License.
8547
8650
  */
8548
8651
  /**
8549
- * Error that occurred during authentication method challenge request.
8652
+ * Error that occurred during MFA challenge request.
8550
8653
  */
8551
- class AuthMethodRegistrationChallengeMethodError extends AuthActionErrorBase {
8654
+ class MfaRequestChallengeError extends AuthActionErrorBase {
8552
8655
  /**
8553
- * Checks if the input for auth method registration is incorrect.
8656
+ * Checks if the input for MFA challenge is incorrect.
8554
8657
  * @returns true if the input is incorrect, false otherwise.
8555
8658
  */
8556
8659
  isInvalidInput() {
8557
8660
  return this.isInvalidInputError();
8558
8661
  }
8559
8662
  /**
8560
- * Checks if the error is due to the verification contact (e.g., phone number or email) being blocked. Consider using a different email/phone number or a different authentication method.
8663
+ * Checks if the error is due to the verification contact (e.g., phone number or email) being blocked. Consider contacting customer support for assistance.
8561
8664
  * @returns true if the error is due to the verification contact being blocked, false otherwise.
8562
8665
  */
8563
8666
  isVerificationContactBlocked() {
@@ -8565,12 +8668,12 @@ class AuthMethodRegistrationChallengeMethodError extends AuthActionErrorBase {
8565
8668
  }
8566
8669
  }
8567
8670
  /**
8568
- * Error that occurred during authentication method challenge submission.
8671
+ * Error that occurred during MFA challenge submission.
8569
8672
  */
8570
- class AuthMethodRegistrationSubmitChallengeError extends AuthActionErrorBase {
8673
+ class MfaSubmitChallengeError extends AuthActionErrorBase {
8571
8674
  /**
8572
- * Checks if the submitted challenge code is incorrect.
8573
- * @returns true if the challenge code is incorrect, false otherwise.
8675
+ * Checks if the submitted challenge code (e.g., OTP code) is incorrect.
8676
+ * @returns true if the challenge code is invalid, false otherwise.
8574
8677
  */
8575
8678
  isIncorrectChallenge() {
8576
8679
  return this.isInvalidCodeError();
@@ -8581,7 +8684,10 @@ class AuthMethodRegistrationSubmitChallengeError extends AuthActionErrorBase {
8581
8684
  * Copyright (c) Microsoft Corporation. All rights reserved.
8582
8685
  * Licensed under the MIT License.
8583
8686
  */
8584
- class AuthMethodRegistrationFailedState extends AuthFlowStateBase {
8687
+ /**
8688
+ * State indicating that the MFA flow has completed successfully.
8689
+ */
8690
+ class MfaCompletedState extends AuthFlowStateBase {
8585
8691
  }
8586
8692
 
8587
8693
  /*
@@ -8589,37 +8695,36 @@ class AuthMethodRegistrationFailedState extends AuthFlowStateBase {
8589
8695
  * Licensed under the MIT License.
8590
8696
  */
8591
8697
  /**
8592
- * Result of challenging an authentication method for registration.
8593
- * Uses base state type to avoid circular dependencies.
8698
+ * State indicating that the MFA flow has failed.
8594
8699
  */
8595
- class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultBase {
8700
+ class MfaFailedState extends AuthFlowStateBase {
8701
+ }
8702
+
8703
+ /*
8704
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8705
+ * Licensed under the MIT License.
8706
+ */
8707
+ /**
8708
+ * Result of submitting an MFA challenge.
8709
+ */
8710
+ class MfaSubmitChallengeResult extends AuthFlowResultBase {
8596
8711
  /**
8597
- * Creates an AuthMethodRegistrationChallengeMethodResult with an error.
8712
+ * Creates an MfaSubmitChallengeResult with an error.
8598
8713
  * @param error The error that occurred.
8599
- * @returns The AuthMethodRegistrationChallengeMethodResult with error.
8714
+ * @returns The MfaSubmitChallengeResult with error.
8600
8715
  */
8601
8716
  static createWithError(error) {
8602
- const result = new AuthMethodRegistrationChallengeMethodResult(new AuthMethodRegistrationFailedState());
8603
- result.error = new AuthMethodRegistrationChallengeMethodError(AuthMethodRegistrationChallengeMethodResult.createErrorData(error));
8717
+ const result = new MfaSubmitChallengeResult(new MfaFailedState());
8718
+ result.error = new MfaSubmitChallengeError(MfaSubmitChallengeResult.createErrorData(error));
8604
8719
  return result;
8605
8720
  }
8606
8721
  /**
8607
- * Checks if the result indicates that verification is required.
8608
- * @returns true if verification is required, false otherwise.
8609
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8610
- */
8611
- isVerificationRequired() {
8612
- return (this.state.constructor?.name ===
8613
- "AuthMethodVerificationRequiredState");
8614
- }
8615
- /**
8616
- * Checks if the result indicates that registration is completed (fast-pass scenario).
8617
- * @returns true if registration is completed, false otherwise.
8722
+ * Checks if the MFA flow is completed successfully.
8723
+ * @returns true if completed, false otherwise.
8618
8724
  * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8619
8725
  */
8620
8726
  isCompleted() {
8621
- return (this.state.constructor?.name ===
8622
- "AuthMethodRegistrationCompletedState");
8727
+ return this.state instanceof MfaCompletedState;
8623
8728
  }
8624
8729
  /**
8625
8730
  * Checks if the result is in a failed state.
@@ -8627,7 +8732,7 @@ class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultBase {
8627
8732
  * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8628
8733
  */
8629
8734
  isFailed() {
8630
- return this.state instanceof AuthMethodRegistrationFailedState;
8735
+ return this.state instanceof MfaFailedState;
8631
8736
  }
8632
8737
  }
8633
8738
 
@@ -8636,27 +8741,27 @@ class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultBase {
8636
8741
  * Licensed under the MIT License.
8637
8742
  */
8638
8743
  /**
8639
- * Result of submitting a challenge for authentication method registration.
8744
+ * Result of requesting an MFA challenge.
8745
+ * Uses base state type to avoid circular dependencies.
8640
8746
  */
8641
- class AuthMethodRegistrationSubmitChallengeResult extends AuthFlowResultBase {
8747
+ class MfaRequestChallengeResult extends AuthFlowResultBase {
8642
8748
  /**
8643
- * Creates an AuthMethodRegistrationSubmitChallengeResult with an error.
8749
+ * Creates an MfaRequestChallengeResult with an error.
8644
8750
  * @param error The error that occurred.
8645
- * @returns The AuthMethodRegistrationSubmitChallengeResult with error.
8751
+ * @returns The MfaRequestChallengeResult with error.
8646
8752
  */
8647
8753
  static createWithError(error) {
8648
- const result = new AuthMethodRegistrationSubmitChallengeResult(new AuthMethodRegistrationFailedState());
8649
- result.error = new AuthMethodRegistrationSubmitChallengeError(AuthMethodRegistrationSubmitChallengeResult.createErrorData(error));
8754
+ const result = new MfaRequestChallengeResult(new MfaFailedState());
8755
+ result.error = new MfaRequestChallengeError(MfaRequestChallengeResult.createErrorData(error));
8650
8756
  return result;
8651
8757
  }
8652
8758
  /**
8653
- * Checks if the result indicates that registration is completed.
8654
- * @returns true if registration is completed, false otherwise.
8759
+ * Checks if the result indicates that verification is required.
8760
+ * @returns true if verification is required, false otherwise.
8655
8761
  * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8656
8762
  */
8657
- isCompleted() {
8658
- return (this.state.constructor?.name ===
8659
- "AuthMethodRegistrationCompletedState");
8763
+ isVerificationRequired() {
8764
+ return this.state.constructor?.name === "MfaVerificationRequiredState";
8660
8765
  }
8661
8766
  /**
8662
8767
  * Checks if the result is in a failed state.
@@ -8664,7 +8769,7 @@ class AuthMethodRegistrationSubmitChallengeResult extends AuthFlowResultBase {
8664
8769
  * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8665
8770
  */
8666
8771
  isFailed() {
8667
- return this.state instanceof AuthMethodRegistrationFailedState;
8772
+ return this.state instanceof MfaFailedState;
8668
8773
  }
8669
8774
  }
8670
8775
 
@@ -8672,159 +8777,370 @@ class AuthMethodRegistrationSubmitChallengeResult extends AuthFlowResultBase {
8672
8777
  * Copyright (c) Microsoft Corporation. All rights reserved.
8673
8778
  * Licensed under the MIT License.
8674
8779
  */
8675
- class AuthMethodRegistrationCompletedState extends AuthFlowStateBase {
8780
+ class MfaState extends AuthFlowActionRequiredStateBase {
8781
+ /**
8782
+ * Requests an MFA challenge for a specific authentication method.
8783
+ * @param authMethodId The authentication method ID to use for the challenge.
8784
+ * @returns Promise that resolves to MfaRequestChallengeResult.
8785
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8786
+ */
8787
+ async requestChallenge(authMethodId) {
8788
+ try {
8789
+ ensureArgumentIsNotEmptyString("authMethodId", authMethodId);
8790
+ this.stateParameters.logger.verbose(`Requesting MFA challenge with authentication method - '${authMethodId}'.`, this.stateParameters.correlationId);
8791
+ const requestParams = {
8792
+ correlationId: this.stateParameters.correlationId,
8793
+ continuationToken: this.stateParameters.continuationToken ?? "",
8794
+ challengeType: this.stateParameters.config.customAuth.challengeTypes ?? [],
8795
+ authMethodId: authMethodId,
8796
+ };
8797
+ const result = await this.stateParameters.mfaClient.requestChallenge(requestParams);
8798
+ this.stateParameters.logger.verbose("MFA challenge requested successfully.", this.stateParameters.correlationId);
8799
+ return new MfaRequestChallengeResult(new MfaVerificationRequiredState({
8800
+ correlationId: result.correlationId,
8801
+ continuationToken: result.continuationToken,
8802
+ config: this.stateParameters.config,
8803
+ logger: this.stateParameters.logger,
8804
+ mfaClient: this.stateParameters.mfaClient,
8805
+ cacheClient: this.stateParameters.cacheClient,
8806
+ challengeChannel: result.challengeChannel,
8807
+ challengeTargetLabel: result.challengeTargetLabel,
8808
+ codeLength: result.codeLength,
8809
+ selectedAuthMethodId: authMethodId,
8810
+ scopes: this.stateParameters.scopes ?? [],
8811
+ }));
8812
+ }
8813
+ catch (error) {
8814
+ this.stateParameters.logger.errorPii(`Failed to request MFA challenge. Error: ${error}.`, this.stateParameters.correlationId);
8815
+ return MfaRequestChallengeResult.createWithError(error);
8816
+ }
8817
+ }
8818
+ }
8819
+ /**
8820
+ * State indicating that MFA is required and awaiting user action.
8821
+ * This state allows the developer to pause execution before sending the code to the user's email.
8822
+ */
8823
+ class MfaAwaitingState extends MfaState {
8824
+ /**
8825
+ * Gets the available authentication methods for MFA.
8826
+ * @returns Array of available authentication methods.
8827
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8828
+ */
8829
+ getAuthMethods() {
8830
+ return this.stateParameters.authMethods;
8831
+ }
8832
+ }
8833
+ /**
8834
+ * State indicating that MFA verification is required.
8835
+ * The challenge has been sent and the user needs to provide the code.
8836
+ */
8837
+ class MfaVerificationRequiredState extends MfaState {
8838
+ /**
8839
+ * Gets the length of the code that the user needs to provide.
8840
+ * @returns The expected code length.
8841
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8842
+ */
8843
+ getCodeLength() {
8844
+ return this.stateParameters.codeLength;
8845
+ }
8846
+ /**
8847
+ * Gets the channel through which the challenge was sent.
8848
+ * @returns The challenge channel (e.g., "email").
8849
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8850
+ */
8851
+ getChannel() {
8852
+ return this.stateParameters.challengeChannel;
8853
+ }
8854
+ /**
8855
+ * Gets the target label indicating where the challenge was sent.
8856
+ * @returns The challenge target label (e.g., masked email address).
8857
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8858
+ */
8859
+ getSentTo() {
8860
+ return this.stateParameters.challengeTargetLabel;
8861
+ }
8862
+ /**
8863
+ * Submits the MFA challenge (e.g., OTP code) to complete the authentication.
8864
+ * @param challenge The challenge code (e.g., OTP code) entered by the user.
8865
+ * @returns Promise that resolves to MfaSubmitChallengeResult.
8866
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8867
+ */
8868
+ async submitChallenge(challenge) {
8869
+ try {
8870
+ this.ensureCodeIsValid(challenge, this.getCodeLength());
8871
+ this.stateParameters.logger.verbose("Submitting MFA challenge.", this.stateParameters.correlationId);
8872
+ const submitParams = {
8873
+ correlationId: this.stateParameters.correlationId,
8874
+ continuationToken: this.stateParameters.continuationToken ?? "",
8875
+ scopes: this.stateParameters.scopes ?? [],
8876
+ challenge: challenge,
8877
+ };
8878
+ const result = await this.stateParameters.mfaClient.submitChallenge(submitParams);
8879
+ this.stateParameters.logger.verbose("MFA challenge submitted successfully.", this.stateParameters.correlationId);
8880
+ const accountInfo = new CustomAuthAccountData(result.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, this.stateParameters.correlationId);
8881
+ return new MfaSubmitChallengeResult(new MfaCompletedState(), accountInfo);
8882
+ }
8883
+ catch (error) {
8884
+ this.stateParameters.logger.errorPii(`Failed to submit MFA challenge. Error: ${error}.`, this.stateParameters.correlationId);
8885
+ return MfaSubmitChallengeResult.createWithError(error);
8886
+ }
8887
+ }
8676
8888
  }
8677
8889
 
8678
8890
  /*
8679
8891
  * Copyright (c) Microsoft Corporation. All rights reserved.
8680
8892
  * Licensed under the MIT License.
8681
8893
  */
8682
- /**
8683
- * Abstract base class for authentication method registration states.
8894
+ /*
8895
+ * Result of a sign-in submit code operation.
8684
8896
  */
8685
- class AuthMethodRegistrationState extends AuthFlowActionRequiredStateBase {
8897
+ class SignInSubmitCodeResult extends AuthFlowResultBase {
8686
8898
  /**
8687
- * Internal method to challenge an authentication method.
8688
- * @param authMethodDetails The authentication method details to challenge.
8689
- * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
8899
+ * Creates a new instance of SignInSubmitCodeResult with error data.
8900
+ * @param error The error that occurred.
8901
+ * @returns {SignInSubmitCodeResult} A new instance of SignInSubmitCodeResult with the error set.
8690
8902
  */
8691
- async challengeAuthMethodInternal(authMethodDetails) {
8903
+ static createWithError(error) {
8904
+ const result = new SignInSubmitCodeResult(new SignInFailedState());
8905
+ result.error = new SignInSubmitCodeError(SignInSubmitCodeResult.createErrorData(error));
8906
+ return result;
8907
+ }
8908
+ /**
8909
+ * Checks if the result is in a failed state.
8910
+ */
8911
+ isFailed() {
8912
+ return this.state instanceof SignInFailedState;
8913
+ }
8914
+ /**
8915
+ * Checks if the result is in a completed state.
8916
+ */
8917
+ isCompleted() {
8918
+ return this.state instanceof SignInCompletedState;
8919
+ }
8920
+ /**
8921
+ * Checks if the result requires authentication method registration.
8922
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8923
+ */
8924
+ isAuthMethodRegistrationRequired() {
8925
+ return this.state instanceof AuthMethodRegistrationRequiredState;
8926
+ }
8927
+ /**
8928
+ * Checks if the result requires MFA.
8929
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8930
+ */
8931
+ isMfaRequired() {
8932
+ return this.state instanceof MfaAwaitingState;
8933
+ }
8934
+ }
8935
+
8936
+ /*
8937
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8938
+ * Licensed under the MIT License.
8939
+ */
8940
+ const SIGN_IN_CODE_SEND_RESULT_TYPE = "SignInCodeSendResult";
8941
+ const SIGN_IN_PASSWORD_REQUIRED_RESULT_TYPE = "SignInPasswordRequiredResult";
8942
+ const SIGN_IN_COMPLETED_RESULT_TYPE = "SignInCompletedResult";
8943
+ const SIGN_IN_JIT_REQUIRED_RESULT_TYPE = "SignInJitRequiredResult";
8944
+ const SIGN_IN_MFA_REQUIRED_RESULT_TYPE = "SignInMfaRequiredResult";
8945
+ function createSignInCompleteResult(input) {
8946
+ return {
8947
+ type: SIGN_IN_COMPLETED_RESULT_TYPE,
8948
+ ...input,
8949
+ };
8950
+ }
8951
+ function createSignInPasswordRequiredResult(input) {
8952
+ return {
8953
+ type: SIGN_IN_PASSWORD_REQUIRED_RESULT_TYPE,
8954
+ ...input,
8955
+ };
8956
+ }
8957
+ function createSignInCodeSendResult(input) {
8958
+ return {
8959
+ type: SIGN_IN_CODE_SEND_RESULT_TYPE,
8960
+ ...input,
8961
+ };
8962
+ }
8963
+ function createSignInJitRequiredResult(input) {
8964
+ return {
8965
+ type: SIGN_IN_JIT_REQUIRED_RESULT_TYPE,
8966
+ ...input,
8967
+ };
8968
+ }
8969
+ function createSignInMfaRequiredResult(input) {
8970
+ return {
8971
+ type: SIGN_IN_MFA_REQUIRED_RESULT_TYPE,
8972
+ ...input,
8973
+ };
8974
+ }
8975
+
8976
+ /*
8977
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8978
+ * Licensed under the MIT License.
8979
+ */
8980
+ /*
8981
+ * Base state handler for sign-in flow.
8982
+ */
8983
+ class SignInState extends AuthFlowActionRequiredStateBase {
8984
+ /*
8985
+ * Creates a new SignInState.
8986
+ * @param stateParameters - The state parameters for sign-in.
8987
+ */
8988
+ constructor(stateParameters) {
8989
+ super(stateParameters);
8990
+ ensureArgumentIsNotEmptyString("username", stateParameters.username, stateParameters.correlationId);
8991
+ ensureArgumentIsNotEmptyString("continuationToken", stateParameters.continuationToken, stateParameters.correlationId);
8992
+ }
8993
+ /**
8994
+ * Handles the result of a sign-in attempt.
8995
+ * @param result - The result of the sign-in attempt.
8996
+ * @param scopes - The scopes requested for the sign-in.
8997
+ * @returns An object containing the next state and account information, if applicable.
8998
+ */
8999
+ handleSignInResult(result, scopes) {
9000
+ const correlationId = result.correlationId || this.stateParameters.correlationId;
9001
+ if (result.type === SIGN_IN_COMPLETED_RESULT_TYPE) {
9002
+ // Sign-in completed - return SignInCompletedState
9003
+ this.stateParameters.logger.verbose("Sign-in completed successfully.", correlationId);
9004
+ const accountInfo = new CustomAuthAccountData(result.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, correlationId);
9005
+ return {
9006
+ state: new SignInCompletedState(),
9007
+ accountInfo: accountInfo,
9008
+ };
9009
+ }
9010
+ else if (result.type === SIGN_IN_JIT_REQUIRED_RESULT_TYPE) {
9011
+ // JIT is required - return AuthMethodRegistrationRequiredState
9012
+ this.stateParameters.logger.verbose("Authentication method registration is required during sign-in.", correlationId);
9013
+ return {
9014
+ state: new AuthMethodRegistrationRequiredState({
9015
+ correlationId: correlationId,
9016
+ continuationToken: result.continuationToken,
9017
+ logger: this.stateParameters.logger,
9018
+ config: this.stateParameters.config,
9019
+ jitClient: this.stateParameters.jitClient,
9020
+ cacheClient: this.stateParameters.cacheClient,
9021
+ authMethods: result.authMethods,
9022
+ username: this.stateParameters.username,
9023
+ scopes: scopes ?? [],
9024
+ claims: this.stateParameters.claims,
9025
+ }),
9026
+ };
9027
+ }
9028
+ else if (result.type === SIGN_IN_MFA_REQUIRED_RESULT_TYPE) {
9029
+ // MFA is required - return MfaAwaitingState
9030
+ this.stateParameters.logger.verbose("MFA is required during the sign-in.", correlationId);
9031
+ return {
9032
+ state: new MfaAwaitingState({
9033
+ correlationId: correlationId,
9034
+ continuationToken: result.continuationToken,
9035
+ logger: this.stateParameters.logger,
9036
+ config: this.stateParameters.config,
9037
+ mfaClient: this.stateParameters.mfaClient,
9038
+ cacheClient: this.stateParameters.cacheClient,
9039
+ scopes: scopes ?? [],
9040
+ authMethods: result.authMethods ?? [],
9041
+ }),
9042
+ };
9043
+ }
9044
+ else {
9045
+ // Unexpected result type
9046
+ const unexpectedResult = result;
9047
+ const error = new Error(`Unexpected result type: ${unexpectedResult.type}`);
9048
+ return {
9049
+ state: new SignInFailedState(),
9050
+ error: error,
9051
+ };
9052
+ }
9053
+ }
9054
+ }
9055
+
9056
+ /*
9057
+ * Copyright (c) Microsoft Corporation. All rights reserved.
9058
+ * Licensed under the MIT License.
9059
+ */
9060
+ /*
9061
+ * Sign-in code required state.
9062
+ */
9063
+ class SignInCodeRequiredState extends SignInState {
9064
+ /**
9065
+ * Once user configures email one-time passcode as a authentication method in Microsoft Entra, a one-time passcode will be sent to the user’s email.
9066
+ * Submit this one-time passcode to continue sign-in flow.
9067
+ * @param {string} code - The code to submit.
9068
+ * @returns {Promise<SignInSubmitCodeResult>} The result of the operation.
9069
+ */
9070
+ async submitCode(code) {
8692
9071
  try {
8693
- this.stateParameters.logger.verbose(`Challenging authentication method - '${authMethodDetails.authMethodType.id}' for auth method registration.`, this.stateParameters.correlationId);
8694
- const challengeParams = {
9072
+ this.ensureCodeIsValid(code, this.stateParameters.codeLength);
9073
+ const submitCodeParams = {
9074
+ clientId: this.stateParameters.config.auth.clientId,
8695
9075
  correlationId: this.stateParameters.correlationId,
8696
- continuationToken: this.stateParameters.continuationToken ?? "",
8697
- authMethod: authMethodDetails.authMethodType,
8698
- verificationContact: authMethodDetails.verificationContact,
9076
+ challengeType: this.stateParameters.config.customAuth.challengeTypes ?? [],
8699
9077
  scopes: this.stateParameters.scopes ?? [],
9078
+ continuationToken: this.stateParameters.continuationToken ?? "",
9079
+ code: code,
8700
9080
  username: this.stateParameters.username,
8701
9081
  claims: this.stateParameters.claims,
8702
9082
  };
8703
- const result = await this.stateParameters.jitClient.challengeAuthMethod(challengeParams);
8704
- this.stateParameters.logger.verbose("Authentication method challenged successfully for auth method registration.", this.stateParameters.correlationId);
8705
- if (result.type === JIT_VERIFICATION_REQUIRED_RESULT_TYPE) {
8706
- // Verification required
8707
- this.stateParameters.logger.verbose("Auth method verification required.", this.stateParameters.correlationId);
8708
- return new AuthMethodRegistrationChallengeMethodResult(new AuthMethodVerificationRequiredState({
8709
- correlationId: result.correlationId,
8710
- continuationToken: result.continuationToken,
8711
- config: this.stateParameters.config,
8712
- logger: this.stateParameters.logger,
8713
- jitClient: this.stateParameters.jitClient,
8714
- cacheClient: this.stateParameters.cacheClient,
8715
- challengeChannel: result.challengeChannel,
8716
- challengeTargetLabel: result.challengeTargetLabel,
8717
- codeLength: result.codeLength,
8718
- scopes: this.stateParameters.scopes ?? [],
8719
- username: this.stateParameters.username,
8720
- claims: this.stateParameters.claims,
8721
- }));
8722
- }
8723
- else if (result.type === JIT_COMPLETED_RESULT_TYPE) {
8724
- // Registration completed (fast-pass scenario)
8725
- this.stateParameters.logger.verbose("Auth method registration completed via fast-pass.", this.stateParameters.correlationId);
8726
- const accountInfo = new CustomAuthAccountData(result.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, this.stateParameters.correlationId);
8727
- return new AuthMethodRegistrationChallengeMethodResult(new AuthMethodRegistrationCompletedState(), accountInfo);
8728
- }
8729
- else {
8730
- // Handle unexpected result type with proper typing
8731
- this.stateParameters.logger.error("Unexpected result type from auth challenge method", this.stateParameters.correlationId);
8732
- throw new UnexpectedError("Unexpected result type from auth challenge method");
9083
+ this.stateParameters.logger.verbose("Submitting code for sign-in.", this.stateParameters.correlationId);
9084
+ const submitCodeResult = await this.stateParameters.signInClient.submitCode(submitCodeParams);
9085
+ this.stateParameters.logger.verbose("Code submitted for sign-in.", this.stateParameters.correlationId);
9086
+ const nextState = this.handleSignInResult(submitCodeResult, this.stateParameters.scopes);
9087
+ if (nextState.error) {
9088
+ return SignInSubmitCodeResult.createWithError(nextState.error);
8733
9089
  }
9090
+ return new SignInSubmitCodeResult(nextState.state, nextState.accountInfo);
8734
9091
  }
8735
9092
  catch (error) {
8736
- this.stateParameters.logger.error("Failed to challenge authentication method for auth method registration.", this.stateParameters.correlationId);
8737
- return AuthMethodRegistrationChallengeMethodResult.createWithError(error);
9093
+ this.stateParameters.logger.errorPii(`Failed to submit code for sign-in. Error: ${error}.`, this.stateParameters.correlationId);
9094
+ return SignInSubmitCodeResult.createWithError(error);
8738
9095
  }
8739
9096
  }
8740
- }
8741
- /**
8742
- * State indicating that authentication method registration is required.
8743
- */
8744
- class AuthMethodRegistrationRequiredState extends AuthMethodRegistrationState {
8745
- /**
8746
- * Gets the available authentication methods for registration.
8747
- * @returns Array of available authentication methods.
8748
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8749
- */
8750
- getAuthMethods() {
8751
- return this.stateParameters.authMethods;
8752
- }
8753
- /**
8754
- * Challenges an authentication method for registration.
8755
- * @param authMethodDetails The authentication method details to challenge.
8756
- * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
8757
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8758
- */
8759
- async challengeAuthMethod(authMethodDetails) {
8760
- return this.challengeAuthMethodInternal(authMethodDetails);
8761
- }
8762
- }
8763
- /**
8764
- * State indicating that verification is required for the challenged authentication method.
8765
- */
8766
- class AuthMethodVerificationRequiredState extends AuthMethodRegistrationState {
8767
- /**
8768
- * Gets the length of the expected verification code.
8769
- * @returns The code length.
8770
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8771
- */
8772
- getCodeLength() {
8773
- return this.stateParameters.codeLength;
8774
- }
8775
- /**
8776
- * Gets the channel through which the challenge was sent.
8777
- * @returns The challenge channel (e.g., "email").
8778
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8779
- */
8780
- getChannel() {
8781
- return this.stateParameters.challengeChannel;
8782
- }
8783
- /**
8784
- * Gets the target label indicating where the challenge was sent.
8785
- * @returns The challenge target label (e.g., masked email address).
8786
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8787
- */
8788
- getSentTo() {
8789
- return this.stateParameters.challengeTargetLabel;
8790
- }
8791
9097
  /**
8792
- * Submits the verification challenge to complete the authentication method registration.
8793
- * @param code The verification code entered by the user.
8794
- * @returns Promise that resolves to AuthMethodRegistrationSubmitChallengeResult.
8795
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
9098
+ * Resends the another one-time passcode for sign-in flow if the previous one hasn't been verified.
9099
+ * @returns {Promise<SignInResendCodeResult>} The result of the operation.
8796
9100
  */
8797
- async submitChallenge(code) {
9101
+ async resendCode() {
8798
9102
  try {
8799
- this.ensureCodeIsValid(code, this.getCodeLength());
8800
- this.stateParameters.logger.verbose("Submitting auth method challenge.", this.stateParameters.correlationId);
8801
- const submitParams = {
9103
+ const submitCodeParams = {
9104
+ clientId: this.stateParameters.config.auth.clientId,
8802
9105
  correlationId: this.stateParameters.correlationId,
9106
+ challengeType: this.stateParameters.config.customAuth.challengeTypes ?? [],
8803
9107
  continuationToken: this.stateParameters.continuationToken ?? "",
8804
- scopes: this.stateParameters.scopes ?? [],
8805
- grantType: GrantType.OOB,
8806
- challenge: code,
8807
9108
  username: this.stateParameters.username,
8808
- claims: this.stateParameters.claims,
8809
9109
  };
8810
- const result = await this.stateParameters.jitClient.submitChallenge(submitParams);
8811
- this.stateParameters.logger.verbose("Auth method challenge submitted successfully.", this.stateParameters.correlationId);
8812
- const accountInfo = new CustomAuthAccountData(result.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, this.stateParameters.correlationId);
8813
- return new AuthMethodRegistrationSubmitChallengeResult(new AuthMethodRegistrationCompletedState(), accountInfo);
9110
+ this.stateParameters.logger.verbose("Resending code for sign-in.", this.stateParameters.correlationId);
9111
+ const result = await this.stateParameters.signInClient.resendCode(submitCodeParams);
9112
+ this.stateParameters.logger.verbose("Code resent for sign-in.", this.stateParameters.correlationId);
9113
+ return new SignInResendCodeResult(new SignInCodeRequiredState({
9114
+ correlationId: result.correlationId,
9115
+ continuationToken: result.continuationToken,
9116
+ logger: this.stateParameters.logger,
9117
+ config: this.stateParameters.config,
9118
+ signInClient: this.stateParameters.signInClient,
9119
+ cacheClient: this.stateParameters.cacheClient,
9120
+ jitClient: this.stateParameters.jitClient,
9121
+ mfaClient: this.stateParameters.mfaClient,
9122
+ username: this.stateParameters.username,
9123
+ codeLength: result.codeLength,
9124
+ scopes: this.stateParameters.scopes,
9125
+ }));
8814
9126
  }
8815
9127
  catch (error) {
8816
- this.stateParameters.logger.error("Failed to submit auth method challenge.", this.stateParameters.correlationId);
8817
- return AuthMethodRegistrationSubmitChallengeResult.createWithError(error);
9128
+ return SignInResendCodeResult.createWithError(error);
8818
9129
  }
8819
9130
  }
8820
9131
  /**
8821
- * Challenges a different authentication method for registration.
8822
- * @param authMethodDetails The authentication method details to challenge.
8823
- * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
8824
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
9132
+ * Gets the sent code length.
9133
+ * @returns {number} The length of the code.
8825
9134
  */
8826
- async challengeAuthMethod(authMethodDetails) {
8827
- return this.challengeAuthMethodInternal(authMethodDetails);
9135
+ getCodeLength() {
9136
+ return this.stateParameters.codeLength;
9137
+ }
9138
+ /**
9139
+ * Gets the scopes to request.
9140
+ * @returns {string[] | undefined} The scopes to request.
9141
+ */
9142
+ getScopes() {
9143
+ return this.stateParameters.scopes;
8828
9144
  }
8829
9145
  }
8830
9146
 
@@ -8860,6 +9176,13 @@ class SignInSubmitPasswordResult extends AuthFlowResultBase {
8860
9176
  isAuthMethodRegistrationRequired() {
8861
9177
  return this.state instanceof AuthMethodRegistrationRequiredState;
8862
9178
  }
9179
+ /**
9180
+ * Checks if the result requires MFA.
9181
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
9182
+ */
9183
+ isMfaRequired() {
9184
+ return this.state instanceof MfaAwaitingState;
9185
+ }
8863
9186
  }
8864
9187
 
8865
9188
  /*
@@ -8891,32 +9214,11 @@ class SignInPasswordRequiredState extends SignInState {
8891
9214
  this.stateParameters.logger.verbose("Submitting password for sign-in.", this.stateParameters.correlationId);
8892
9215
  const submitPasswordResult = await this.stateParameters.signInClient.submitPassword(submitPasswordParams);
8893
9216
  this.stateParameters.logger.verbose("Password submitted for sign-in.", this.stateParameters.correlationId);
8894
- if (submitPasswordResult.type === SIGN_IN_COMPLETED_RESULT_TYPE) {
8895
- const accountInfo = new CustomAuthAccountData(submitPasswordResult.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, this.stateParameters.correlationId);
8896
- return new SignInSubmitPasswordResult(new SignInCompletedState(), accountInfo);
8897
- }
8898
- else if (submitPasswordResult.type === SIGN_IN_JIT_REQUIRED_RESULT_TYPE) {
8899
- // JIT is required - return AuthMethodRegistrationRequiredState
8900
- this.stateParameters.logger.verbose("Authentication method registration required after password submission.", this.stateParameters.correlationId);
8901
- return new SignInSubmitPasswordResult(new AuthMethodRegistrationRequiredState({
8902
- correlationId: this.stateParameters.correlationId,
8903
- continuationToken: submitPasswordResult.continuationToken,
8904
- logger: this.stateParameters.logger,
8905
- config: this.stateParameters.config,
8906
- jitClient: this.stateParameters.jitClient,
8907
- cacheClient: this.stateParameters.cacheClient,
8908
- authMethods: submitPasswordResult.authMethods,
8909
- username: this.stateParameters.username,
8910
- scopes: this.stateParameters.scopes ?? [],
8911
- claims: this.stateParameters.claims,
8912
- }));
8913
- }
8914
- else {
8915
- // Unexpected result type
8916
- const result = submitPasswordResult;
8917
- const error = new Error(`Unexpected result type: ${result.type}`);
8918
- return SignInSubmitPasswordResult.createWithError(error);
9217
+ const nextState = this.handleSignInResult(submitPasswordResult, this.stateParameters.scopes);
9218
+ if (nextState.error) {
9219
+ return SignInSubmitPasswordResult.createWithError(nextState.error);
8919
9220
  }
9221
+ return new SignInSubmitPasswordResult(nextState.state, nextState.accountInfo);
8920
9222
  }
8921
9223
  catch (error) {
8922
9224
  this.stateParameters.logger.errorPii(`Failed to sign in after submitting password. Error: ${error}.`, this.stateParameters.correlationId);
@@ -8988,6 +9290,13 @@ class SignInResult extends AuthFlowResultBase {
8988
9290
  isAuthMethodRegistrationRequired() {
8989
9291
  return this.state instanceof AuthMethodRegistrationRequiredState;
8990
9292
  }
9293
+ /**
9294
+ * Checks if the result requires MFA.
9295
+ * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
9296
+ */
9297
+ isMfaRequired() {
9298
+ return this.state instanceof MfaAwaitingState;
9299
+ }
8991
9300
  }
8992
9301
 
8993
9302
  /*
@@ -9139,35 +9448,11 @@ class SignInContinuationState extends SignInState {
9139
9448
  this.stateParameters.logger.verbose("Signing in with continuation token.", this.stateParameters.correlationId);
9140
9449
  const signInResult = await this.stateParameters.signInClient.signInWithContinuationToken(continuationTokenParams);
9141
9450
  this.stateParameters.logger.verbose("Signed in with continuation token.", this.stateParameters.correlationId);
9142
- if (signInResult.type === SIGN_IN_COMPLETED_RESULT_TYPE) {
9143
- // Sign-in completed successfully
9144
- const accountInfo = new CustomAuthAccountData(signInResult.authenticationResult.account, this.stateParameters.config, this.stateParameters.cacheClient, this.stateParameters.logger, this.stateParameters.correlationId);
9145
- return new SignInResult(new SignInCompletedState(), accountInfo);
9146
- }
9147
- else if (signInResult.type === SIGN_IN_JIT_REQUIRED_RESULT_TYPE) {
9148
- // JIT is required
9149
- this.stateParameters.logger.warning("Auth method registration required during continuation token sign-in.", this.stateParameters.correlationId);
9150
- // Return AuthMethodRegistrationRequiredState to handle JIT scenario
9151
- const authMethodRegistrationState = new AuthMethodRegistrationRequiredState({
9152
- correlationId: this.stateParameters.correlationId,
9153
- continuationToken: signInResult.continuationToken,
9154
- logger: this.stateParameters.logger,
9155
- config: this.stateParameters.config,
9156
- jitClient: this.stateParameters.jitClient,
9157
- cacheClient: this.stateParameters.cacheClient,
9158
- authMethods: signInResult.authMethods,
9159
- username: this.stateParameters.username,
9160
- scopes: signInWithContinuationTokenInputs?.scopes ?? [],
9161
- claims: this.stateParameters.claims,
9162
- });
9163
- return new SignInResult(authMethodRegistrationState);
9164
- }
9165
- else {
9166
- // Unexpected result type
9167
- const result = signInResult;
9168
- const error = new Error(`Unexpected result type: ${result.type}`);
9169
- return SignInResult.createWithError(error);
9451
+ const nextState = this.handleSignInResult(signInResult, signInWithContinuationTokenInputs?.scopes);
9452
+ if (nextState.error) {
9453
+ return SignInResult.createWithError(nextState.error);
9170
9454
  }
9455
+ return new SignInResult(nextState.state, nextState.accountInfo);
9171
9456
  }
9172
9457
  catch (error) {
9173
9458
  this.stateParameters.logger.errorPii(`Failed to sign in with continuation token. Error: ${error}.`, this.stateParameters.correlationId);
@@ -9306,6 +9591,7 @@ class SignUpAttributesRequiredState extends SignUpState {
9306
9591
  signInClient: this.stateParameters.signInClient,
9307
9592
  cacheClient: this.stateParameters.cacheClient,
9308
9593
  jitClient: this.stateParameters.jitClient,
9594
+ mfaClient: this.stateParameters.mfaClient,
9309
9595
  username: this.stateParameters.username,
9310
9596
  signInScenario: SignInScenario.SignInAfterSignUp,
9311
9597
  }));
@@ -9453,6 +9739,7 @@ class SignUpPasswordRequiredState extends SignUpState {
9453
9739
  signUpClient: this.stateParameters.signUpClient,
9454
9740
  cacheClient: this.stateParameters.cacheClient,
9455
9741
  jitClient: this.stateParameters.jitClient,
9742
+ mfaClient: this.stateParameters.mfaClient,
9456
9743
  username: this.stateParameters.username,
9457
9744
  requiredAttributes: result.requiredAttributes,
9458
9745
  }));
@@ -9468,6 +9755,7 @@ class SignUpPasswordRequiredState extends SignUpState {
9468
9755
  signInClient: this.stateParameters.signInClient,
9469
9756
  cacheClient: this.stateParameters.cacheClient,
9470
9757
  jitClient: this.stateParameters.jitClient,
9758
+ mfaClient: this.stateParameters.mfaClient,
9471
9759
  username: this.stateParameters.username,
9472
9760
  signInScenario: SignInScenario.SignInAfterSignUp,
9473
9761
  }));
@@ -9570,6 +9858,7 @@ class SignUpCodeRequiredState extends SignUpState {
9570
9858
  signUpClient: this.stateParameters.signUpClient,
9571
9859
  cacheClient: this.stateParameters.cacheClient,
9572
9860
  jitClient: this.stateParameters.jitClient,
9861
+ mfaClient: this.stateParameters.mfaClient,
9573
9862
  username: this.stateParameters.username,
9574
9863
  }));
9575
9864
  }
@@ -9585,6 +9874,7 @@ class SignUpCodeRequiredState extends SignUpState {
9585
9874
  signUpClient: this.stateParameters.signUpClient,
9586
9875
  cacheClient: this.stateParameters.cacheClient,
9587
9876
  jitClient: this.stateParameters.jitClient,
9877
+ mfaClient: this.stateParameters.mfaClient,
9588
9878
  username: this.stateParameters.username,
9589
9879
  requiredAttributes: result.requiredAttributes,
9590
9880
  }));
@@ -9600,6 +9890,7 @@ class SignUpCodeRequiredState extends SignUpState {
9600
9890
  signInClient: this.stateParameters.signInClient,
9601
9891
  cacheClient: this.stateParameters.cacheClient,
9602
9892
  jitClient: this.stateParameters.jitClient,
9893
+ mfaClient: this.stateParameters.mfaClient,
9603
9894
  username: this.stateParameters.username,
9604
9895
  signInScenario: SignInScenario.SignInAfterSignUp,
9605
9896
  }));
@@ -9635,6 +9926,7 @@ class SignUpCodeRequiredState extends SignUpState {
9635
9926
  signUpClient: this.stateParameters.signUpClient,
9636
9927
  cacheClient: this.stateParameters.cacheClient,
9637
9928
  jitClient: this.stateParameters.jitClient,
9929
+ mfaClient: this.stateParameters.mfaClient,
9638
9930
  username: this.stateParameters.username,
9639
9931
  codeLength: result.codeLength,
9640
9932
  codeResendInterval: result.interval,
@@ -11091,7 +11383,10 @@ const PASSWORD_RESET_RESEND_CODE = 100044;
11091
11383
  const ACCOUNT_GET_ACCESS_TOKEN = 100063;
11092
11384
  // JIT (Just-In-Time) Auth Method Registration
11093
11385
  const JIT_CHALLENGE_AUTH_METHOD = 100081;
11094
- const JIT_SUBMIT_CHALLENGE = 100082;
11386
+ const JIT_SUBMIT_CHALLENGE = 100082;
11387
+ // MFA
11388
+ const MFA_REQUEST_CHALLENGE = 100101;
11389
+ const MFA_SUBMIT_CHALLENGE = 100102;
11095
11390
 
11096
11391
  /*
11097
11392
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -11530,6 +11825,7 @@ class ResetPasswordPasswordRequiredState extends ResetPasswordState {
11530
11825
  signInClient: this.stateParameters.signInClient,
11531
11826
  cacheClient: this.stateParameters.cacheClient,
11532
11827
  jitClient: this.stateParameters.jitClient,
11828
+ mfaClient: this.stateParameters.mfaClient,
11533
11829
  signInScenario: SignInScenario.SignInAfterPasswordReset,
11534
11830
  }));
11535
11831
  }
@@ -11615,6 +11911,7 @@ class ResetPasswordCodeRequiredState extends ResetPasswordState {
11615
11911
  signInClient: this.stateParameters.signInClient,
11616
11912
  cacheClient: this.stateParameters.cacheClient,
11617
11913
  jitClient: this.stateParameters.jitClient,
11914
+ mfaClient: this.stateParameters.mfaClient,
11618
11915
  username: this.stateParameters.username,
11619
11916
  }));
11620
11917
  }
@@ -11648,6 +11945,7 @@ class ResetPasswordCodeRequiredState extends ResetPasswordState {
11648
11945
  signInClient: this.stateParameters.signInClient,
11649
11946
  cacheClient: this.stateParameters.cacheClient,
11650
11947
  jitClient: this.stateParameters.jitClient,
11948
+ mfaClient: this.stateParameters.mfaClient,
11651
11949
  username: this.stateParameters.username,
11652
11950
  codeLength: result.codeLength,
11653
11951
  }));
@@ -12503,7 +12801,7 @@ class CustomAuthApiClient {
12503
12801
  this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
12504
12802
  this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
12505
12803
  this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
12506
- this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient);
12804
+ this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
12507
12805
  }
12508
12806
  }
12509
12807
 
@@ -12821,6 +13119,99 @@ class JitClient extends CustomAuthInteractionClientBase {
12821
13119
  }
12822
13120
  }
12823
13121
 
13122
+ /*
13123
+ * Copyright (c) Microsoft Corporation. All rights reserved.
13124
+ * Licensed under the MIT License.
13125
+ */
13126
+ // Result type constants
13127
+ const MFA_VERIFICATION_REQUIRED_RESULT_TYPE = "MfaVerificationRequiredResult";
13128
+ const MFA_COMPLETED_RESULT_TYPE = "MfaCompletedResult";
13129
+ function createMfaVerificationRequiredResult(input) {
13130
+ return {
13131
+ type: MFA_VERIFICATION_REQUIRED_RESULT_TYPE,
13132
+ ...input,
13133
+ };
13134
+ }
13135
+ function createMfaCompletedResult(input) {
13136
+ return {
13137
+ type: MFA_COMPLETED_RESULT_TYPE,
13138
+ ...input,
13139
+ };
13140
+ }
13141
+
13142
+ /*
13143
+ * Copyright (c) Microsoft Corporation. All rights reserved.
13144
+ * Licensed under the MIT License.
13145
+ */
13146
+ /**
13147
+ * MFA client for handling multi-factor authentication flows.
13148
+ */
13149
+ class MfaClient extends CustomAuthInteractionClientBase {
13150
+ /**
13151
+ * Requests an MFA challenge to be sent to the user.
13152
+ * @param parameters The parameters for requesting the challenge.
13153
+ * @returns Promise that resolves to either MfaVerificationRequiredResult.
13154
+ */
13155
+ async requestChallenge(parameters) {
13156
+ const apiId = MFA_REQUEST_CHALLENGE;
13157
+ const telemetryManager = this.initializeServerTelemetryManager(apiId);
13158
+ this.logger.verbose("Calling challenge endpoint for MFA.", parameters.correlationId);
13159
+ const challengeReq = {
13160
+ challenge_type: this.getChallengeTypes(parameters.challengeType),
13161
+ continuation_token: parameters.continuationToken,
13162
+ id: parameters.authMethodId,
13163
+ correlationId: parameters.correlationId,
13164
+ telemetryManager: telemetryManager,
13165
+ };
13166
+ const challengeResponse = await this.customAuthApiClient.signInApi.requestChallenge(challengeReq);
13167
+ this.logger.verbose("Challenge endpoint called for MFA.", parameters.correlationId);
13168
+ if (challengeResponse.challenge_type === ChallengeType.OOB) {
13169
+ // Verification required - code will be sent
13170
+ return createMfaVerificationRequiredResult({
13171
+ correlationId: challengeResponse.correlation_id,
13172
+ continuationToken: challengeResponse.continuation_token ?? "",
13173
+ challengeChannel: challengeResponse.challenge_channel ?? "",
13174
+ challengeTargetLabel: challengeResponse.challenge_target_label ?? "",
13175
+ codeLength: challengeResponse.code_length ??
13176
+ DefaultCustomAuthApiCodeLength,
13177
+ bindingMethod: challengeResponse.binding_method ?? "",
13178
+ });
13179
+ }
13180
+ this.logger.error(`Unsupported challenge type '${challengeResponse.challenge_type}' for MFA.`, parameters.correlationId);
13181
+ throw new CustomAuthApiError(UNSUPPORTED_CHALLENGE_TYPE, `Unsupported challenge type '${challengeResponse.challenge_type}'.`, challengeResponse.correlation_id);
13182
+ }
13183
+ /**
13184
+ * Submits the MFA challenge response (e.g., OTP code).
13185
+ * @param parameters The parameters for submitting the challenge.
13186
+ * @returns Promise that resolves to MfaCompletedResult.
13187
+ */
13188
+ async submitChallenge(parameters) {
13189
+ ensureArgumentIsNotEmptyString("parameters.challenge", parameters.challenge, parameters.correlationId);
13190
+ const apiId = MFA_SUBMIT_CHALLENGE;
13191
+ const telemetryManager = this.initializeServerTelemetryManager(apiId);
13192
+ const scopes = this.getScopes(parameters.scopes);
13193
+ const request = {
13194
+ continuation_token: parameters.continuationToken,
13195
+ oob: parameters.challenge,
13196
+ grant_type: GrantType.MFA_OOB,
13197
+ scope: scopes.join(" "),
13198
+ correlationId: parameters.correlationId,
13199
+ telemetryManager: telemetryManager,
13200
+ ...(parameters.claims && {
13201
+ claims: parameters.claims,
13202
+ }),
13203
+ };
13204
+ this.logger.verbose("Calling token endpoint for MFA challenge submission.", parameters.correlationId);
13205
+ const tokenResponse = await this.customAuthApiClient.signInApi.requestTokensWithOob(request);
13206
+ // Save tokens and create authentication result
13207
+ const result = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id ?? parameters.correlationId);
13208
+ return createMfaCompletedResult({
13209
+ correlationId: parameters.correlationId,
13210
+ authenticationResult: result,
13211
+ });
13212
+ }
13213
+ }
13214
+
12824
13215
  /*
12825
13216
  * Copyright (c) Microsoft Corporation. All rights reserved.
12826
13217
  * Licensed under the MIT License.
@@ -12848,38 +13239,40 @@ class CustomAuthSilentCacheClient extends CustomAuthInteractionClientBase {
12848
13239
  * @returns {Promise<AuthenticationResult>} The promise that resolves to an AuthenticationResult.
12849
13240
  */
12850
13241
  async acquireToken(silentRequest) {
13242
+ const correlationId = silentRequest.correlationId || this.correlationId;
12851
13243
  const telemetryManager = this.initializeServerTelemetryManager(ACCOUNT_GET_ACCESS_TOKEN);
12852
- const clientConfig = this.getCustomAuthClientConfiguration(telemetryManager, this.customAuthAuthority);
13244
+ const clientConfig = this.getCustomAuthClientConfiguration(telemetryManager, this.customAuthAuthority, correlationId);
12853
13245
  const silentFlowClient = new SilentFlowClient(clientConfig, this.performanceClient);
12854
13246
  try {
12855
- this.logger.verbose("Starting silent flow to acquire token from cache", this.correlationId);
13247
+ this.logger.verbose("Starting silent flow to acquire token from cache", correlationId);
12856
13248
  const result = await silentFlowClient.acquireCachedToken(silentRequest);
12857
- this.logger.verbose("Silent flow to acquire token from cache is completed and token is found", this.correlationId);
13249
+ this.logger.verbose("Silent flow to acquire token from cache is completed and token is found", correlationId);
12858
13250
  return result[0];
12859
13251
  }
12860
13252
  catch (error) {
12861
13253
  if (error instanceof ClientAuthError &&
12862
13254
  error.errorCode === tokenRefreshRequired) {
12863
- this.logger.verbose("Token refresh is required to acquire token silently", this.correlationId);
13255
+ this.logger.verbose("Token refresh is required to acquire token silently", correlationId);
12864
13256
  const refreshTokenClient = new RefreshTokenClient(clientConfig, this.performanceClient);
12865
- this.logger.verbose("Starting refresh flow to refresh token", this.correlationId);
13257
+ this.logger.verbose("Starting refresh flow to refresh token", correlationId);
12866
13258
  const refreshTokenResult = await refreshTokenClient.acquireTokenByRefreshToken(silentRequest);
12867
- this.logger.verbose("Refresh flow to refresh token is completed", this.correlationId);
13259
+ this.logger.verbose("Refresh flow to refresh token is completed", correlationId);
12868
13260
  return refreshTokenResult;
12869
13261
  }
12870
13262
  throw error;
12871
13263
  }
12872
13264
  }
12873
13265
  async logout(logoutRequest) {
13266
+ const correlationId = logoutRequest?.correlationId || this.correlationId;
12874
13267
  const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
12875
13268
  // Clear the cache
12876
- this.logger.verbose("Start to clear the cache", logoutRequest?.correlationId);
12877
- await this.clearCacheOnLogout(validLogoutRequest.correlationId, validLogoutRequest?.account);
12878
- this.logger.verbose("Cache cleared", logoutRequest?.correlationId);
13269
+ this.logger.verbose("Start to clear the cache", correlationId);
13270
+ await this.clearCacheOnLogout(correlationId, validLogoutRequest?.account);
13271
+ this.logger.verbose("Cache cleared", correlationId);
12879
13272
  const postLogoutRedirectUri = this.config.auth.postLogoutRedirectUri;
12880
13273
  if (postLogoutRedirectUri) {
12881
13274
  const absoluteRedirectUri = UrlString.getAbsoluteUrl(postLogoutRedirectUri, getCurrentUri());
12882
- this.logger.verbose("Post logout redirect uri is set, redirecting to uri", logoutRequest?.correlationId);
13275
+ this.logger.verbose("Post logout redirect uri is set, redirecting to uri", correlationId);
12883
13276
  // Redirect to post logout redirect uri
12884
13277
  await this.navigationClient.navigateExternal(absoluteRedirectUri, {
12885
13278
  apiId: ApiId.logout,
@@ -12906,7 +13299,7 @@ class CustomAuthSilentCacheClient extends CustomAuthInteractionClientBase {
12906
13299
  }
12907
13300
  return account;
12908
13301
  }
12909
- getCustomAuthClientConfiguration(serverTelemetryManager, customAuthAuthority) {
13302
+ getCustomAuthClientConfiguration(serverTelemetryManager, customAuthAuthority, correlationId) {
12910
13303
  const logger = this.config.system.loggerOptions;
12911
13304
  return {
12912
13305
  authOptions: {
@@ -12923,7 +13316,7 @@ class CustomAuthSilentCacheClient extends CustomAuthInteractionClientBase {
12923
13316
  loggerCallback: logger.loggerCallback,
12924
13317
  piiLoggingEnabled: logger.piiLoggingEnabled,
12925
13318
  logLevel: logger.logLevel,
12926
- correlationId: this.correlationId,
13319
+ correlationId: correlationId,
12927
13320
  },
12928
13321
  cacheOptions: {
12929
13322
  claimsBasedCachingEnabled: this.config.cache.claimsBasedCachingEnabled,
@@ -20413,6 +20806,7 @@ class CustomAuthStandardController extends StandardController {
20413
20806
  this.resetPasswordClient =
20414
20807
  interactionClientFactory.create(ResetPasswordClient);
20415
20808
  this.jitClient = interactionClientFactory.create(JitClient);
20809
+ this.mfaClient = interactionClientFactory.create(MfaClient);
20416
20810
  this.cacheClient = interactionClientFactory.create(CustomAuthSilentCacheClient);
20417
20811
  }
20418
20812
  /*
@@ -20472,6 +20866,7 @@ class CustomAuthStandardController extends StandardController {
20472
20866
  signInClient: this.signInClient,
20473
20867
  cacheClient: this.cacheClient,
20474
20868
  jitClient: this.jitClient,
20869
+ mfaClient: this.mfaClient,
20475
20870
  username: signInInputs.username,
20476
20871
  codeLength: startResult.codeLength,
20477
20872
  scopes: signInInputs.scopes ?? [],
@@ -20491,6 +20886,7 @@ class CustomAuthStandardController extends StandardController {
20491
20886
  signInClient: this.signInClient,
20492
20887
  cacheClient: this.cacheClient,
20493
20888
  jitClient: this.jitClient,
20889
+ mfaClient: this.mfaClient,
20494
20890
  username: signInInputs.username,
20495
20891
  scopes: signInInputs.scopes ?? [],
20496
20892
  claims: signInInputs.claims,
@@ -20531,6 +20927,21 @@ class CustomAuthStandardController extends StandardController {
20531
20927
  claims: signInInputs.claims,
20532
20928
  }));
20533
20929
  }
20930
+ else if (submitPasswordResult.type ===
20931
+ SIGN_IN_MFA_REQUIRED_RESULT_TYPE) {
20932
+ // MFA is required - create MfaAwaitingState
20933
+ this.logger.verbose("MFA required for sign-in.", correlationId);
20934
+ return new SignInResult(new MfaAwaitingState({
20935
+ correlationId: correlationId,
20936
+ continuationToken: submitPasswordResult.continuationToken,
20937
+ logger: this.logger,
20938
+ config: this.customAuthConfig,
20939
+ mfaClient: this.mfaClient,
20940
+ cacheClient: this.cacheClient,
20941
+ scopes: signInInputs.scopes ?? [],
20942
+ authMethods: submitPasswordResult.authMethods ?? [],
20943
+ }));
20944
+ }
20534
20945
  else {
20535
20946
  // Unexpected result type
20536
20947
  const result = submitPasswordResult;
@@ -20583,6 +20994,7 @@ class CustomAuthStandardController extends StandardController {
20583
20994
  signUpClient: this.signUpClient,
20584
20995
  cacheClient: this.cacheClient,
20585
20996
  jitClient: this.jitClient,
20997
+ mfaClient: this.mfaClient,
20586
20998
  username: signUpInputs.username,
20587
20999
  codeLength: startResult.codeLength,
20588
21000
  codeResendInterval: startResult.interval,
@@ -20600,6 +21012,7 @@ class CustomAuthStandardController extends StandardController {
20600
21012
  signUpClient: this.signUpClient,
20601
21013
  cacheClient: this.cacheClient,
20602
21014
  jitClient: this.jitClient,
21015
+ mfaClient: this.mfaClient,
20603
21016
  username: signUpInputs.username,
20604
21017
  }));
20605
21018
  }
@@ -20639,6 +21052,7 @@ class CustomAuthStandardController extends StandardController {
20639
21052
  resetPasswordClient: this.resetPasswordClient,
20640
21053
  cacheClient: this.cacheClient,
20641
21054
  jitClient: this.jitClient,
21055
+ mfaClient: this.mfaClient,
20642
21056
  username: resetPasswordInputs.username,
20643
21057
  codeLength: startResult.codeLength,
20644
21058
  }));
@@ -21545,6 +21959,14 @@ exports.HttpError = HttpError;
21545
21959
  exports.InvalidArgumentError = InvalidArgumentError;
21546
21960
  exports.InvalidConfigurationError = InvalidConfigurationError;
21547
21961
  exports.MethodNotImplementedError = MethodNotImplementedError;
21962
+ exports.MfaAwaitingState = MfaAwaitingState;
21963
+ exports.MfaCompletedState = MfaCompletedState;
21964
+ exports.MfaFailedState = MfaFailedState;
21965
+ exports.MfaRequestChallengeError = MfaRequestChallengeError;
21966
+ exports.MfaRequestChallengeResult = MfaRequestChallengeResult;
21967
+ exports.MfaSubmitChallengeError = MfaSubmitChallengeError;
21968
+ exports.MfaSubmitChallengeResult = MfaSubmitChallengeResult;
21969
+ exports.MfaVerificationRequiredState = MfaVerificationRequiredState;
21548
21970
  exports.MsalCustomAuthError = MsalCustomAuthError;
21549
21971
  exports.NoCachedAccountFoundError = NoCachedAccountFoundError;
21550
21972
  exports.ParsedUrlError = ParsedUrlError;