@azure/msal-browser 4.25.1 → 4.26.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (325) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.d.ts +64 -7
  11. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  12. package/dist/cache/BrowserCacheManager.mjs +400 -141
  13. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  14. package/dist/cache/CacheHelpers.mjs +1 -1
  15. package/dist/cache/CacheKeys.d.ts +3 -3
  16. package/dist/cache/CacheKeys.mjs +4 -4
  17. package/dist/cache/CookieStorage.mjs +1 -1
  18. package/dist/cache/DatabaseStorage.mjs +1 -1
  19. package/dist/cache/EncryptedData.mjs +1 -1
  20. package/dist/cache/IWindowStorage.d.ts +1 -1
  21. package/dist/cache/IWindowStorage.d.ts.map +1 -1
  22. package/dist/cache/LocalStorage.d.ts +1 -1
  23. package/dist/cache/LocalStorage.d.ts.map +1 -1
  24. package/dist/cache/LocalStorage.mjs +21 -12
  25. package/dist/cache/LocalStorage.mjs.map +1 -1
  26. package/dist/cache/MemoryStorage.mjs +1 -1
  27. package/dist/cache/SessionStorage.mjs +1 -1
  28. package/dist/cache/TokenCache.d.ts.map +1 -1
  29. package/dist/cache/TokenCache.mjs +14 -13
  30. package/dist/cache/TokenCache.mjs.map +1 -1
  31. package/dist/config/Configuration.mjs +1 -1
  32. package/dist/controllers/ControllerFactory.mjs +1 -1
  33. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  34. package/dist/controllers/NestedAppAuthController.mjs +3 -3
  35. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  36. package/dist/controllers/StandardController.d.ts.map +1 -1
  37. package/dist/controllers/StandardController.mjs +3 -3
  38. package/dist/controllers/StandardController.mjs.map +1 -1
  39. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  40. package/dist/crypto/BrowserCrypto.mjs +1 -1
  41. package/dist/crypto/CryptoOps.mjs +1 -1
  42. package/dist/crypto/PkceGenerator.mjs +1 -1
  43. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  44. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  49. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  50. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  51. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts +64 -7
  52. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  53. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +400 -141
  54. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  55. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  56. package/dist/custom-auth-path/cache/CacheKeys.d.ts +3 -3
  57. package/dist/custom-auth-path/cache/CacheKeys.mjs +4 -4
  58. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  59. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  60. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  61. package/dist/custom-auth-path/cache/IWindowStorage.d.ts +1 -1
  62. package/dist/custom-auth-path/cache/IWindowStorage.d.ts.map +1 -1
  63. package/dist/custom-auth-path/cache/LocalStorage.d.ts +1 -1
  64. package/dist/custom-auth-path/cache/LocalStorage.d.ts.map +1 -1
  65. package/dist/custom-auth-path/cache/LocalStorage.mjs +21 -12
  66. package/dist/custom-auth-path/cache/LocalStorage.mjs.map +1 -1
  67. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  68. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  69. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  70. package/dist/custom-auth-path/cache/TokenCache.mjs +14 -13
  71. package/dist/custom-auth-path/cache/TokenCache.mjs.map +1 -1
  72. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  73. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  74. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  75. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  76. package/dist/custom-auth-path/controllers/StandardController.mjs +3 -3
  77. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  78. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  79. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  80. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  82. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  184. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  185. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  186. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  187. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  188. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  189. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  190. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  191. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  192. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  193. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  194. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  195. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  196. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  197. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  198. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  199. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  200. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
  201. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  202. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +7 -7
  203. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  205. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  208. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  209. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  210. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  212. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +2 -1
  213. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  214. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  215. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  216. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  217. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  218. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  219. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  220. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  221. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  222. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  223. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  224. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  225. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  226. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  227. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  228. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  229. package/dist/encode/Base64Decode.mjs +1 -1
  230. package/dist/encode/Base64Encode.mjs +1 -1
  231. package/dist/error/BrowserAuthError.mjs +1 -1
  232. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  233. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  234. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  235. package/dist/error/NativeAuthError.mjs +1 -1
  236. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  237. package/dist/error/NestedAppAuthError.mjs +1 -1
  238. package/dist/event/EventHandler.mjs +1 -1
  239. package/dist/event/EventMessage.mjs +1 -1
  240. package/dist/event/EventType.mjs +1 -1
  241. package/dist/index.mjs +1 -1
  242. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  243. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  244. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
  245. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  246. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +7 -7
  247. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  248. package/dist/interaction_client/PopupClient.mjs +1 -1
  249. package/dist/interaction_client/RedirectClient.mjs +1 -1
  250. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  251. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  252. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  253. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  254. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  255. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  256. package/dist/interaction_handler/SilentHandler.mjs +2 -1
  257. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  258. package/dist/naa/BridgeError.mjs +1 -1
  259. package/dist/naa/BridgeProxy.mjs +1 -1
  260. package/dist/naa/BridgeStatusCode.mjs +1 -1
  261. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  262. package/dist/navigation/NavigationClient.mjs +1 -1
  263. package/dist/network/FetchClient.mjs +1 -1
  264. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  265. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  266. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  267. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  268. package/dist/packageMetadata.d.ts +1 -1
  269. package/dist/packageMetadata.mjs +2 -2
  270. package/dist/protocol/Authorize.mjs +1 -1
  271. package/dist/request/RequestHelpers.mjs +1 -1
  272. package/dist/response/ResponseHandler.mjs +1 -1
  273. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  274. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  275. package/dist/utils/BrowserConstants.mjs +1 -1
  276. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  277. package/dist/utils/BrowserUtils.mjs +1 -1
  278. package/dist/utils/Helpers.mjs +1 -1
  279. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  280. package/lib/custom-auth-path/msal-custom-auth.cjs +1238 -947
  281. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  282. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts +64 -7
  283. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  284. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +3 -3
  285. package/lib/custom-auth-path/types/cache/IWindowStorage.d.ts +1 -1
  286. package/lib/custom-auth-path/types/cache/IWindowStorage.d.ts.map +1 -1
  287. package/lib/custom-auth-path/types/cache/LocalStorage.d.ts +1 -1
  288. package/lib/custom-auth-path/types/cache/LocalStorage.d.ts.map +1 -1
  289. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  290. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  291. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  292. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  293. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
  294. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  295. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  296. package/lib/msal-browser.cjs +947 -656
  297. package/lib/msal-browser.cjs.map +1 -1
  298. package/lib/msal-browser.js +947 -656
  299. package/lib/msal-browser.js.map +1 -1
  300. package/lib/msal-browser.min.js +67 -67
  301. package/lib/types/cache/BrowserCacheManager.d.ts +64 -7
  302. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  303. package/lib/types/cache/CacheKeys.d.ts +3 -3
  304. package/lib/types/cache/IWindowStorage.d.ts +1 -1
  305. package/lib/types/cache/IWindowStorage.d.ts.map +1 -1
  306. package/lib/types/cache/LocalStorage.d.ts +1 -1
  307. package/lib/types/cache/LocalStorage.d.ts.map +1 -1
  308. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  309. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  310. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  311. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  312. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
  313. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  314. package/lib/types/packageMetadata.d.ts +1 -1
  315. package/package.json +2 -2
  316. package/src/cache/BrowserCacheManager.ts +738 -225
  317. package/src/cache/CacheKeys.ts +3 -3
  318. package/src/cache/IWindowStorage.ts +2 -1
  319. package/src/cache/LocalStorage.ts +30 -17
  320. package/src/cache/TokenCache.ts +33 -12
  321. package/src/controllers/NestedAppAuthController.ts +3 -1
  322. package/src/controllers/StandardController.ts +3 -1
  323. package/src/interaction_client/PlatformAuthInteractionClient.ts +15 -5
  324. package/src/interaction_handler/SilentHandler.ts +1 -0
  325. package/src/packageMetadata.ts +1 -1
@@ -38,6 +38,9 @@ import {
38
38
  CredentialEntity,
39
39
  CredentialType,
40
40
  DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
41
+ AuthToken,
42
+ getTenantIdFromIdTokenClaims,
43
+ buildTenantProfile,
41
44
  } from "@azure/msal-common/browser";
42
45
  import { CacheOptions } from "../config/Configuration.js";
43
46
  import {
@@ -72,6 +75,8 @@ import { version } from "../packageMetadata.js";
72
75
  import { removeElementFromArray } from "../utils/Helpers.js";
73
76
  import { EncryptedData, isEncrypted } from "./EncryptedData.js";
74
77
 
78
+ type KmsiMap = { [homeAccountId: string]: boolean };
79
+
75
80
  /**
76
81
  * This class implements the cache storage interface for MSAL through browser local or session storage.
77
82
  * Cookies are only used if storeAuthStateInCookie is true, and are only used for
@@ -145,200 +150,637 @@ export class BrowserCacheManager extends CacheManager {
145
150
  * Migrates any existing cache data from previous versions of MSAL.js into the current cache structure.
146
151
  */
147
152
  async migrateExistingCache(correlationId: string): Promise<void> {
148
- const accountKeys0 = getAccountKeys(this.browserStorage, 0);
149
- const tokenKeys0 = getTokenKeys(this.clientId, this.browserStorage, 0);
153
+ let accountKeys = getAccountKeys(this.browserStorage);
154
+ let tokenKeys = getTokenKeys(this.clientId, this.browserStorage);
150
155
  this.performanceClient.addFields(
151
156
  {
152
- oldAccountCount: accountKeys0.length,
153
- oldAccessCount: tokenKeys0.accessToken.length,
154
- oldIdCount: tokenKeys0.idToken.length,
155
- oldRefreshCount: tokenKeys0.refreshToken.length,
157
+ preMigrateAcntCount: accountKeys.length,
158
+ preMigrateATCount: tokenKeys.accessToken.length,
159
+ preMigrateITCount: tokenKeys.idToken.length,
160
+ preMigrateRTCount: tokenKeys.refreshToken.length,
156
161
  },
157
162
  correlationId
158
163
  );
159
164
 
160
- const accountKeys1 = getAccountKeys(this.browserStorage, 1);
161
- const tokenKeys1 = getTokenKeys(this.clientId, this.browserStorage, 1);
165
+ for (let i = 0; i < CacheKeys.ACCOUNT_SCHEMA_VERSION; i++) {
166
+ const credentialSchema = i; // For now account and credential schemas are the same, but may diverge in future
167
+ await this.removeStaleAccounts(i, credentialSchema, correlationId);
168
+ }
169
+ // Must migrate idTokens first to ensure we have KMSI info for the rest
170
+ for (let i = 0; i < CacheKeys.CREDENTIAL_SCHEMA_VERSION; i++) {
171
+ const accountSchema = i; // For now account and credential schemas are the same, but may diverge in future
172
+ await this.migrateIdTokens(i, accountSchema, correlationId);
173
+ }
174
+ const kmsiMap = this.getKMSIValues();
175
+ for (let i = 0; i < CacheKeys.CREDENTIAL_SCHEMA_VERSION; i++) {
176
+ await this.migrateAccessTokens(i, kmsiMap, correlationId);
177
+ await this.migrateRefreshTokens(i, kmsiMap, correlationId);
178
+ }
179
+
180
+ accountKeys = getAccountKeys(this.browserStorage);
181
+ tokenKeys = getTokenKeys(this.clientId, this.browserStorage);
162
182
  this.performanceClient.addFields(
163
183
  {
164
- currAccountCount: accountKeys1.length,
165
- currAccessCount: tokenKeys1.accessToken.length,
166
- currIdCount: tokenKeys1.idToken.length,
167
- currRefreshCount: tokenKeys1.refreshToken.length,
184
+ postMigrateAcntCount: accountKeys.length,
185
+ postMigrateATCount: tokenKeys.accessToken.length,
186
+ postMigrateITCount: tokenKeys.idToken.length,
187
+ postMigrateRTCount: tokenKeys.refreshToken.length,
168
188
  },
169
189
  correlationId
170
190
  );
191
+ }
171
192
 
172
- await Promise.all([
173
- this.updateV0ToCurrent(
174
- CacheKeys.ACCOUNT_SCHEMA_VERSION,
175
- accountKeys0,
176
- accountKeys1,
177
- correlationId
178
- ),
179
- this.updateV0ToCurrent(
180
- CacheKeys.CREDENTIAL_SCHEMA_VERSION,
181
- tokenKeys0.idToken,
182
- tokenKeys1.idToken,
183
- correlationId
184
- ),
185
- this.updateV0ToCurrent(
186
- CacheKeys.CREDENTIAL_SCHEMA_VERSION,
187
- tokenKeys0.accessToken,
188
- tokenKeys1.accessToken,
189
- correlationId
190
- ),
191
- this.updateV0ToCurrent(
192
- CacheKeys.CREDENTIAL_SCHEMA_VERSION,
193
- tokenKeys0.refreshToken,
194
- tokenKeys1.refreshToken,
193
+ /**
194
+ * Parses entry, adds lastUpdatedAt if it doesn't exist, removes entry if expired or invalid
195
+ * @param key
196
+ * @param correlationId
197
+ * @returns
198
+ */
199
+ async updateOldEntry(
200
+ key: string,
201
+ correlationId: string
202
+ ): Promise<CredentialEntity | null> {
203
+ const rawValue = this.browserStorage.getItem(key);
204
+ const parsedValue = this.validateAndParseJson(rawValue || "") as
205
+ | CredentialEntity
206
+ | EncryptedData
207
+ | null;
208
+
209
+ if (!parsedValue) {
210
+ this.browserStorage.removeItem(key);
211
+ return null;
212
+ }
213
+
214
+ if (!parsedValue.lastUpdatedAt) {
215
+ // Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
216
+ parsedValue.lastUpdatedAt = Date.now().toString();
217
+ this.setItem(key, JSON.stringify(parsedValue), correlationId);
218
+ } else if (
219
+ TimeUtils.isCacheExpired(
220
+ parsedValue.lastUpdatedAt,
221
+ this.cacheConfig.cacheRetentionDays
222
+ )
223
+ ) {
224
+ this.browserStorage.removeItem(key);
225
+ this.performanceClient.incrementFields(
226
+ { expiredCacheRemovedCount: 1 },
195
227
  correlationId
196
- ),
197
- ]);
228
+ );
229
+ return null;
230
+ }
198
231
 
199
- if (accountKeys0.length > 0) {
200
- this.browserStorage.setItem(
201
- CacheKeys.getAccountKeysCacheKey(0),
202
- JSON.stringify(accountKeys0)
232
+ const decryptedData = isEncrypted(parsedValue)
233
+ ? await this.browserStorage.decryptData(
234
+ key,
235
+ parsedValue,
236
+ correlationId
237
+ )
238
+ : parsedValue;
239
+ if (!decryptedData || !CacheHelpers.isCredentialEntity(decryptedData)) {
240
+ this.performanceClient.incrementFields(
241
+ { invalidCacheCount: 1 },
242
+ correlationId
203
243
  );
204
- } else {
205
- this.browserStorage.removeItem(CacheKeys.getAccountKeysCacheKey(0));
244
+ return null;
206
245
  }
207
246
 
208
- if (accountKeys1.length > 0) {
209
- this.browserStorage.setItem(
210
- CacheKeys.getAccountKeysCacheKey(1),
211
- JSON.stringify(accountKeys1)
247
+ if (
248
+ (CacheHelpers.isAccessTokenEntity(decryptedData) ||
249
+ CacheHelpers.isRefreshTokenEntity(decryptedData)) &&
250
+ decryptedData.expiresOn &&
251
+ TimeUtils.isTokenExpired(
252
+ decryptedData.expiresOn,
253
+ DEFAULT_TOKEN_RENEWAL_OFFSET_SEC
254
+ )
255
+ ) {
256
+ this.browserStorage.removeItem(key);
257
+ this.performanceClient.incrementFields(
258
+ { expiredCacheRemovedCount: 1 },
259
+ correlationId
212
260
  );
213
- } else {
214
- this.browserStorage.removeItem(CacheKeys.getAccountKeysCacheKey(1));
261
+ return null;
215
262
  }
216
263
 
217
- this.setTokenKeys(tokenKeys0, correlationId, 0);
218
- this.setTokenKeys(tokenKeys1, correlationId, 1);
264
+ return decryptedData;
219
265
  }
220
266
 
221
- async updateV0ToCurrent(
222
- currentSchema: number,
223
- v0Keys: Array<string>,
224
- v1Keys: Array<string>,
267
+ /**
268
+ * Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
269
+ * @param accountSchema
270
+ * @param credentialSchema
271
+ * @param correlationId
272
+ * @returns
273
+ */
274
+ async removeStaleAccounts(
275
+ accountSchema: number,
276
+ credentialSchema: number,
225
277
  correlationId: string
226
- ): Promise<void[]> {
227
- const upgradePromises: Array<Promise<void>> = [];
228
-
229
- for (const v0Key of [...v0Keys]) {
230
- const rawV0Value = this.browserStorage.getItem(v0Key);
231
- const parsedV0Value = this.validateAndParseJson(
232
- rawV0Value || ""
233
- ) as CredentialEntity | AccountEntity | EncryptedData | null;
278
+ ): Promise<void> {
279
+ const accountKeysToCheck = getAccountKeys(
280
+ this.browserStorage,
281
+ accountSchema
282
+ );
283
+ if (accountKeysToCheck.length === 0) {
284
+ return;
285
+ }
234
286
 
235
- if (!parsedV0Value) {
236
- removeElementFromArray(v0Keys, v0Key);
287
+ for (const accountKey of [...accountKeysToCheck]) {
288
+ this.performanceClient.incrementFields(
289
+ { oldAcntCount: 1 },
290
+ correlationId
291
+ );
292
+ const rawValue = this.browserStorage.getItem(accountKey);
293
+ const parsedValue = this.validateAndParseJson(rawValue || "") as
294
+ | AccountEntity
295
+ | EncryptedData
296
+ | null;
297
+
298
+ if (!parsedValue) {
299
+ removeElementFromArray(accountKeysToCheck, accountKey);
237
300
  continue;
238
301
  }
239
302
 
240
- if (!parsedV0Value.lastUpdatedAt) {
241
- // Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
242
- parsedV0Value.lastUpdatedAt = Date.now().toString();
303
+ if (!parsedValue.lastUpdatedAt) {
304
+ // Add lastUpdatedAt to the existing entry if it doesnt exist so we know when it's safe to remove it
305
+ parsedValue.lastUpdatedAt = Date.now().toString();
243
306
  this.setItem(
244
- v0Key,
245
- JSON.stringify(parsedV0Value),
307
+ accountKey,
308
+ JSON.stringify(parsedValue),
246
309
  correlationId
247
310
  );
311
+ continue;
312
+ } else if (
313
+ TimeUtils.isCacheExpired(
314
+ parsedValue.lastUpdatedAt,
315
+ this.cacheConfig.cacheRetentionDays
316
+ )
317
+ ) {
318
+ // Cache expired remove account and associated tokens
319
+ await this.removeAccountOldSchema(
320
+ accountKey,
321
+ parsedValue,
322
+ credentialSchema,
323
+ correlationId
324
+ );
325
+ removeElementFromArray(accountKeysToCheck, accountKey);
248
326
  }
327
+ }
328
+
329
+ this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
330
+ }
331
+
332
+ /**
333
+ * Remove the given account and all associated tokens from the cache
334
+ * @param accountKey
335
+ * @param rawObject
336
+ * @param credentialSchema
337
+ * @param correlationId
338
+ */
339
+ async removeAccountOldSchema(
340
+ accountKey: string,
341
+ rawObject: AccountEntity | EncryptedData,
342
+ credentialSchema: number,
343
+ correlationId: string
344
+ ): Promise<void> {
345
+ const decryptedData = isEncrypted(rawObject)
346
+ ? ((await this.browserStorage.decryptData(
347
+ accountKey,
348
+ rawObject,
349
+ correlationId
350
+ )) as AccountEntity | null)
351
+ : rawObject;
352
+
353
+ const homeAccountId = decryptedData?.homeAccountId;
354
+ if (homeAccountId) {
355
+ const tokenKeys = this.getTokenKeys(credentialSchema);
356
+ [...tokenKeys.idToken]
357
+ .filter((key) => key.includes(homeAccountId))
358
+ .forEach((key) => {
359
+ this.browserStorage.removeItem(key);
360
+ removeElementFromArray(tokenKeys.idToken, key);
361
+ });
362
+ [...tokenKeys.accessToken]
363
+ .filter((key) => key.includes(homeAccountId))
364
+ .forEach((key) => {
365
+ this.browserStorage.removeItem(key);
366
+ removeElementFromArray(tokenKeys.accessToken, key);
367
+ });
368
+ [...tokenKeys.refreshToken]
369
+ .filter((key) => key.includes(homeAccountId))
370
+ .forEach((key) => {
371
+ this.browserStorage.removeItem(key);
372
+ removeElementFromArray(tokenKeys.refreshToken, key);
373
+ });
374
+ this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
375
+ }
376
+
377
+ this.performanceClient.incrementFields(
378
+ { expiredAcntRemovedCount: 1 },
379
+ correlationId
380
+ );
249
381
 
250
- const decryptedData = isEncrypted(parsedV0Value)
251
- ? await this.browserStorage.decryptData(
252
- v0Key,
253
- parsedV0Value,
254
- correlationId
255
- )
256
- : parsedV0Value;
257
- let expirationTime;
258
- if (decryptedData) {
259
- if (CacheHelpers.isAccessTokenEntity(decryptedData)) {
260
- expirationTime = decryptedData.expiresOn;
261
- } else if (CacheHelpers.isRefreshTokenEntity(decryptedData)) {
262
- expirationTime = decryptedData.expiresOn;
382
+ this.browserStorage.removeItem(accountKey);
383
+ }
384
+
385
+ /**
386
+ * Gets key value pair mapping homeAccountId to KMSI value
387
+ * @returns
388
+ */
389
+ getKMSIValues(): KmsiMap {
390
+ const kmsiMap: KmsiMap = {};
391
+ const tokenKeys = this.getTokenKeys().idToken;
392
+ for (const key of tokenKeys) {
393
+ const rawValue = this.browserStorage.getUserData(key);
394
+ if (rawValue) {
395
+ const idToken = JSON.parse(rawValue) as IdTokenEntity;
396
+ const claims = AuthToken.extractTokenClaims(
397
+ idToken.secret,
398
+ base64Decode
399
+ );
400
+ if (claims) {
401
+ kmsiMap[idToken.homeAccountId] = AuthToken.isKmsi(claims);
263
402
  }
264
403
  }
265
- if (
266
- !decryptedData ||
267
- TimeUtils.isCacheExpired(
268
- parsedV0Value.lastUpdatedAt,
269
- this.cacheConfig.cacheRetentionDays
270
- ) ||
271
- (expirationTime &&
272
- TimeUtils.isTokenExpired(
273
- expirationTime,
274
- DEFAULT_TOKEN_RENEWAL_OFFSET_SEC
275
- ))
276
- ) {
277
- this.browserStorage.removeItem(v0Key);
278
- removeElementFromArray(v0Keys, v0Key);
404
+ }
405
+ return kmsiMap;
406
+ }
407
+
408
+ /**
409
+ * Migrates id tokens from the old schema to the new schema, also migrates associated account object if it doesn't already exist in the new schema
410
+ * @param credentialSchema
411
+ * @param accountSchema
412
+ * @param correlationId
413
+ * @returns
414
+ */
415
+ async migrateIdTokens(
416
+ credentialSchema: number,
417
+ accountSchema: number,
418
+ correlationId: string
419
+ ): Promise<void> {
420
+ const credentialKeysToMigrate = getTokenKeys(
421
+ this.clientId,
422
+ this.browserStorage,
423
+ credentialSchema
424
+ );
425
+ if (credentialKeysToMigrate.idToken.length === 0) {
426
+ return;
427
+ }
428
+
429
+ const currentCredentialKeys = getTokenKeys(
430
+ this.clientId,
431
+ this.browserStorage,
432
+ CacheKeys.CREDENTIAL_SCHEMA_VERSION
433
+ );
434
+ const currentAccountKeys = getAccountKeys(this.browserStorage);
435
+ const previousAccountKeys = getAccountKeys(
436
+ this.browserStorage,
437
+ accountSchema
438
+ );
439
+
440
+ for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
441
+ this.performanceClient.incrementFields(
442
+ { oldITCount: 1 },
443
+ correlationId
444
+ );
445
+
446
+ const oldSchemaData = (await this.updateOldEntry(
447
+ idTokenKey,
448
+ correlationId
449
+ )) as IdTokenEntity | null;
450
+ if (!oldSchemaData) {
451
+ removeElementFromArray(
452
+ credentialKeysToMigrate.idToken,
453
+ idTokenKey
454
+ );
455
+ continue;
456
+ }
457
+
458
+ const currentAccountKey = currentAccountKeys.find((key) =>
459
+ key.includes(oldSchemaData.homeAccountId)
460
+ );
461
+ const previousAccountKey = previousAccountKeys.find((key) =>
462
+ key.includes(oldSchemaData.homeAccountId)
463
+ );
464
+
465
+ let account: AccountEntity | null = null;
466
+ if (currentAccountKey) {
467
+ account = this.getAccount(currentAccountKey, correlationId);
468
+ } else if (previousAccountKey) {
469
+ const rawValue =
470
+ this.browserStorage.getItem(previousAccountKey);
471
+ const parsedValue = this.validateAndParseJson(
472
+ rawValue || ""
473
+ ) as AccountEntity | EncryptedData | null;
474
+ account =
475
+ parsedValue && isEncrypted(parsedValue)
476
+ ? ((await this.browserStorage.decryptData(
477
+ previousAccountKey,
478
+ parsedValue,
479
+ correlationId
480
+ )) as AccountEntity | null)
481
+ : parsedValue;
482
+ }
483
+
484
+ if (!account) {
485
+ // Don't migrate idToken if we don't have an account for it
279
486
  this.performanceClient.incrementFields(
280
- { expiredCacheRemovedCount: 1 },
487
+ { skipITMigrateCount: 1 },
281
488
  correlationId
282
489
  );
283
490
  continue;
284
491
  }
285
492
 
493
+ const claims = AuthToken.extractTokenClaims(
494
+ oldSchemaData.secret,
495
+ base64Decode
496
+ );
497
+
498
+ const newIdTokenKey = this.generateCredentialKey(oldSchemaData);
499
+ const currentIdToken = this.getIdTokenCredential(
500
+ newIdTokenKey,
501
+ correlationId
502
+ );
503
+ const oldTokenHasSignInState =
504
+ Object.keys(claims).includes("signin_state");
505
+ const currentTokenHasSignInState =
506
+ currentIdToken &&
507
+ Object.keys(
508
+ AuthToken.extractTokenClaims(
509
+ currentIdToken.secret,
510
+ base64Decode
511
+ ) || {}
512
+ ).includes("signin_state");
513
+
514
+ /**
515
+ * Only migrate if:
516
+ * 1. Token doesn't yet exist in current schema
517
+ * 2. Old schema token has been updated more recently than the current one AND migrating it won't result in loss of KMSI state
518
+ */
286
519
  if (
287
- this.cacheConfig.cacheLocation !==
288
- BrowserCacheLocation.LocalStorage ||
289
- isEncrypted(parsedV0Value)
520
+ !currentIdToken ||
521
+ (oldSchemaData.lastUpdatedAt > currentIdToken.lastUpdatedAt &&
522
+ (oldTokenHasSignInState || !currentTokenHasSignInState))
290
523
  ) {
291
- const v1Key = `${CacheKeys.PREFIX}.${currentSchema}${CacheKeys.CACHE_KEY_SEPARATOR}${v0Key}`;
292
- const rawV1Entry = this.browserStorage.getItem(v1Key);
293
- if (!rawV1Entry) {
294
- upgradePromises.push(
295
- this.setUserData(
296
- v1Key,
297
- JSON.stringify(decryptedData),
298
- correlationId,
299
- parsedV0Value.lastUpdatedAt
300
- ).then(() => {
301
- v1Keys.push(v1Key);
302
- this.performanceClient.incrementFields(
303
- { upgradedCacheCount: 1 },
304
- correlationId
305
- );
306
- })
524
+ const tenantProfiles = account.tenantProfiles || [];
525
+ const tenantId =
526
+ getTenantIdFromIdTokenClaims(claims) || account.realm;
527
+ if (
528
+ tenantId &&
529
+ !tenantProfiles.find((tenantProfile) => {
530
+ return tenantProfile.tenantId === tenantId;
531
+ })
532
+ ) {
533
+ const newTenantProfile = buildTenantProfile(
534
+ account.homeAccountId,
535
+ account.localAccountId,
536
+ tenantId,
537
+ claims
538
+ );
539
+ tenantProfiles.push(newTenantProfile);
540
+ }
541
+ account.tenantProfiles = tenantProfiles;
542
+ const newAccountKey = this.generateAccountKey(
543
+ AccountEntity.getAccountInfo(account)
544
+ );
545
+ const kmsi = AuthToken.isKmsi(claims);
546
+ await this.setUserData(
547
+ newAccountKey,
548
+ JSON.stringify(account),
549
+ correlationId,
550
+ account.lastUpdatedAt,
551
+ kmsi
552
+ );
553
+ if (!currentAccountKeys.includes(newAccountKey)) {
554
+ currentAccountKeys.push(newAccountKey);
555
+ }
556
+ await this.setUserData(
557
+ newIdTokenKey,
558
+ JSON.stringify(oldSchemaData),
559
+ correlationId,
560
+ oldSchemaData.lastUpdatedAt,
561
+ kmsi
562
+ );
563
+ this.performanceClient.incrementFields(
564
+ { migratedITCount: 1 },
565
+ correlationId
566
+ );
567
+ currentCredentialKeys.idToken.push(newIdTokenKey);
568
+ }
569
+ }
570
+
571
+ this.setTokenKeys(
572
+ credentialKeysToMigrate,
573
+ correlationId,
574
+ credentialSchema
575
+ );
576
+ this.setTokenKeys(currentCredentialKeys, correlationId);
577
+ this.setAccountKeys(currentAccountKeys, correlationId);
578
+ }
579
+
580
+ /**
581
+ * Migrates access tokens from old cache schema to current schema
582
+ * @param credentialSchema
583
+ * @param kmsiMap
584
+ * @param correlationId
585
+ * @returns
586
+ */
587
+ async migrateAccessTokens(
588
+ credentialSchema: number,
589
+ kmsiMap: KmsiMap,
590
+ correlationId: string
591
+ ): Promise<void> {
592
+ const credentialKeysToMigrate = getTokenKeys(
593
+ this.clientId,
594
+ this.browserStorage,
595
+ credentialSchema
596
+ );
597
+ if (credentialKeysToMigrate.accessToken.length === 0) {
598
+ return;
599
+ }
600
+
601
+ const currentCredentialKeys = getTokenKeys(
602
+ this.clientId,
603
+ this.browserStorage,
604
+ CacheKeys.CREDENTIAL_SCHEMA_VERSION
605
+ );
606
+
607
+ for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
608
+ this.performanceClient.incrementFields(
609
+ { oldATCount: 1 },
610
+ correlationId
611
+ );
612
+
613
+ const oldSchemaData = (await this.updateOldEntry(
614
+ accessTokenKey,
615
+ correlationId
616
+ )) as AccessTokenEntity | null;
617
+ if (!oldSchemaData) {
618
+ removeElementFromArray(
619
+ credentialKeysToMigrate.accessToken,
620
+ accessTokenKey
621
+ );
622
+ continue;
623
+ }
624
+
625
+ if (!Object.keys(kmsiMap).includes(oldSchemaData.homeAccountId)) {
626
+ // Don't migrate tokens if we don't have an idToken for them
627
+ this.performanceClient.incrementFields(
628
+ { skipATMigrateCount: 1 },
629
+ correlationId
630
+ );
631
+ continue;
632
+ }
633
+
634
+ const newKey = this.generateCredentialKey(oldSchemaData);
635
+ const kmsi = kmsiMap[oldSchemaData.homeAccountId];
636
+ if (!currentCredentialKeys.accessToken.includes(newKey)) {
637
+ await this.setUserData(
638
+ newKey,
639
+ JSON.stringify(oldSchemaData),
640
+ correlationId,
641
+ oldSchemaData.lastUpdatedAt,
642
+ kmsi
643
+ );
644
+ this.performanceClient.incrementFields(
645
+ { migratedATCount: 1 },
646
+ correlationId
647
+ );
648
+ currentCredentialKeys.accessToken.push(newKey);
649
+ } else {
650
+ const currentToken = this.getAccessTokenCredential(
651
+ newKey,
652
+ correlationId
653
+ );
654
+ if (
655
+ !currentToken ||
656
+ oldSchemaData.lastUpdatedAt > currentToken.lastUpdatedAt
657
+ ) {
658
+ // If the token already exists, only overwrite it if the old token has a more recent lastUpdatedAt
659
+ await this.setUserData(
660
+ newKey,
661
+ JSON.stringify(oldSchemaData),
662
+ correlationId,
663
+ oldSchemaData.lastUpdatedAt,
664
+ kmsi
665
+ );
666
+ this.performanceClient.incrementFields(
667
+ { migratedATCount: 1 },
668
+ correlationId
307
669
  );
308
- continue;
309
- } else {
310
- const parsedV1Entry = this.validateAndParseJson(
311
- rawV1Entry
312
- ) as CredentialEntity | AccountEntity | EncryptedData;
313
- // If the entry already exists but is older than the v0 entry, replace it
314
- if (
315
- Number(parsedV0Value.lastUpdatedAt) >
316
- Number(parsedV1Entry.lastUpdatedAt)
317
- ) {
318
- upgradePromises.push(
319
- this.setUserData(
320
- v1Key,
321
- JSON.stringify(decryptedData),
322
- correlationId,
323
- parsedV0Value.lastUpdatedAt
324
- ).then(() => {
325
- this.performanceClient.incrementFields(
326
- { updatedCacheFromV0Count: 1 },
327
- correlationId
328
- );
329
- })
330
- );
331
- continue;
332
- }
333
670
  }
334
671
  }
335
- /*
336
- * Note: If we reach here for unencrypted localStorage data, we continue without migrating
337
- * as we can't migrate unencrypted localStorage data right now since we can't guarantee KMSI=no
338
- */
339
672
  }
340
673
 
341
- return Promise.all(upgradePromises);
674
+ this.setTokenKeys(
675
+ credentialKeysToMigrate,
676
+ correlationId,
677
+ credentialSchema
678
+ );
679
+ this.setTokenKeys(currentCredentialKeys, correlationId);
680
+ }
681
+
682
+ /**
683
+ * Migrates refresh tokens from old cache schema to current schema
684
+ * @param credentialSchema
685
+ * @param kmsiMap
686
+ * @param correlationId
687
+ * @returns
688
+ */
689
+ async migrateRefreshTokens(
690
+ credentialSchema: number,
691
+ kmsiMap: KmsiMap,
692
+ correlationId: string
693
+ ): Promise<void> {
694
+ const credentialKeysToMigrate = getTokenKeys(
695
+ this.clientId,
696
+ this.browserStorage,
697
+ credentialSchema
698
+ );
699
+ if (credentialKeysToMigrate.refreshToken.length === 0) {
700
+ return;
701
+ }
702
+
703
+ const currentCredentialKeys = getTokenKeys(
704
+ this.clientId,
705
+ this.browserStorage,
706
+ CacheKeys.CREDENTIAL_SCHEMA_VERSION
707
+ );
708
+
709
+ for (const refreshTokenKey of [
710
+ ...credentialKeysToMigrate.refreshToken,
711
+ ]) {
712
+ this.performanceClient.incrementFields(
713
+ { oldRTCount: 1 },
714
+ correlationId
715
+ );
716
+
717
+ const oldSchemaData = (await this.updateOldEntry(
718
+ refreshTokenKey,
719
+ correlationId
720
+ )) as RefreshTokenEntity | null;
721
+ if (!oldSchemaData) {
722
+ removeElementFromArray(
723
+ credentialKeysToMigrate.refreshToken,
724
+ refreshTokenKey
725
+ );
726
+ continue;
727
+ }
728
+
729
+ if (!Object.keys(kmsiMap).includes(oldSchemaData.homeAccountId)) {
730
+ // Don't migrate tokens if we don't have an idToken for them
731
+ this.performanceClient.incrementFields(
732
+ { skipRTMigrateCount: 1 },
733
+ correlationId
734
+ );
735
+ continue;
736
+ }
737
+
738
+ const newKey = this.generateCredentialKey(oldSchemaData);
739
+ const kmsi = kmsiMap[oldSchemaData.homeAccountId];
740
+ if (!currentCredentialKeys.refreshToken.includes(newKey)) {
741
+ await this.setUserData(
742
+ newKey,
743
+ JSON.stringify(oldSchemaData),
744
+ correlationId,
745
+ oldSchemaData.lastUpdatedAt,
746
+ kmsi
747
+ );
748
+ this.performanceClient.incrementFields(
749
+ { migratedRTCount: 1 },
750
+ correlationId
751
+ );
752
+ currentCredentialKeys.refreshToken.push(newKey);
753
+ } else {
754
+ const currentToken = this.getRefreshTokenCredential(
755
+ newKey,
756
+ correlationId
757
+ );
758
+ if (
759
+ !currentToken ||
760
+ oldSchemaData.lastUpdatedAt > currentToken.lastUpdatedAt
761
+ ) {
762
+ // If the token already exists, only overwrite it if the old token has a more recent lastUpdatedAt
763
+ await this.setUserData(
764
+ newKey,
765
+ JSON.stringify(oldSchemaData),
766
+ correlationId,
767
+ oldSchemaData.lastUpdatedAt,
768
+ kmsi
769
+ );
770
+ this.performanceClient.incrementFields(
771
+ { migratedRTCount: 1 },
772
+ correlationId
773
+ );
774
+ }
775
+ }
776
+ }
777
+
778
+ this.setTokenKeys(
779
+ credentialKeysToMigrate,
780
+ correlationId,
781
+ credentialSchema
782
+ );
783
+ this.setTokenKeys(currentCredentialKeys, correlationId);
342
784
  }
343
785
 
344
786
  /**
@@ -393,30 +835,45 @@ export class BrowserCacheManager extends CacheManager {
393
835
  * @param value
394
836
  */
395
837
  setItem(key: string, value: string, correlationId: string): void {
396
- let tokenKeysV0Count = 0;
397
- let accessTokenKeys: Array<string> = [];
838
+ const tokenKeysCount = new Array(
839
+ CacheKeys.CREDENTIAL_SCHEMA_VERSION + 1
840
+ ).fill(0); // Array mapping schema version to number of token keys stored for that version
841
+ const accessTokenKeys: Array<string> = []; // Flat map of all access token keys stored, ordered by schema version
398
842
  const maxRetries = 20;
399
843
  for (let i = 0; i <= maxRetries; i++) {
844
+ // Attempt to store item in cache, if cache is full this call will throw and we'll attempt to clear space by removing access tokens from the cache one by one, starting with tokens stored by previous versions of MSAL.js
400
845
  try {
401
846
  this.browserStorage.setItem(key, value);
402
847
  if (i > 0) {
403
- // Finally update the token keys array with the tokens removed
404
- if (i <= tokenKeysV0Count) {
405
- this.removeAccessTokenKeys(
406
- accessTokenKeys.slice(0, i),
407
- correlationId,
408
- 0
409
- );
410
- } else {
411
- this.removeAccessTokenKeys(
412
- accessTokenKeys.slice(0, tokenKeysV0Count),
413
- correlationId,
414
- 0
415
- );
416
- this.removeAccessTokenKeys(
417
- accessTokenKeys.slice(tokenKeysV0Count, i),
418
- correlationId
419
- );
848
+ // If any tokens were removed in order to store this item update the token keys array with the tokens removed
849
+ for (
850
+ let schemaVersion = 0;
851
+ schemaVersion <= CacheKeys.CREDENTIAL_SCHEMA_VERSION;
852
+ schemaVersion++
853
+ ) {
854
+ // Get the sum of all previous token counts to use as start index for this schema version
855
+ const startIndex = tokenKeysCount
856
+ .slice(0, schemaVersion)
857
+ .reduce((sum, count) => sum + count, 0);
858
+ if (startIndex >= i) {
859
+ // Done removing tokens
860
+ break;
861
+ }
862
+ const endIndex =
863
+ i > startIndex + tokenKeysCount[schemaVersion]
864
+ ? startIndex + tokenKeysCount[schemaVersion]
865
+ : i;
866
+
867
+ if (
868
+ i > startIndex &&
869
+ tokenKeysCount[schemaVersion] > 0
870
+ ) {
871
+ this.removeAccessTokenKeys(
872
+ accessTokenKeys.slice(startIndex, endIndex),
873
+ correlationId,
874
+ schemaVersion
875
+ );
876
+ }
420
877
  }
421
878
  }
422
879
  break; // If setItem succeeds, exit the loop
@@ -429,18 +886,27 @@ export class BrowserCacheManager extends CacheManager {
429
886
  ) {
430
887
  if (!accessTokenKeys.length) {
431
888
  // If we are currently trying to set the token keys, use the value we're trying to set
432
- const tokenKeys0 =
433
- key ===
434
- CacheKeys.getTokenKeysCacheKey(this.clientId, 0)
435
- ? (JSON.parse(value) as TokenKeys).accessToken
436
- : this.getTokenKeys(0).accessToken;
437
- const tokenKeys1 =
438
- key ===
439
- CacheKeys.getTokenKeysCacheKey(this.clientId)
440
- ? (JSON.parse(value) as TokenKeys).accessToken
441
- : this.getTokenKeys().accessToken;
442
- accessTokenKeys = [...tokenKeys0, ...tokenKeys1];
443
- tokenKeysV0Count = tokenKeys0.length;
889
+ for (
890
+ let i = 0;
891
+ i <= CacheKeys.CREDENTIAL_SCHEMA_VERSION;
892
+ i++
893
+ ) {
894
+ if (
895
+ key ===
896
+ CacheKeys.getTokenKeysCacheKey(this.clientId, i)
897
+ ) {
898
+ const tokenKeys = (
899
+ JSON.parse(value) as TokenKeys
900
+ ).accessToken;
901
+ accessTokenKeys.push(...tokenKeys);
902
+ tokenKeysCount[i] = tokenKeys.length;
903
+ } else {
904
+ const tokenKeys =
905
+ this.getTokenKeys(i).accessToken;
906
+ accessTokenKeys.push(...tokenKeys);
907
+ tokenKeysCount[i] = tokenKeys.length;
908
+ }
909
+ }
444
910
  }
445
911
  if (accessTokenKeys.length <= i) {
446
912
  // Nothing to remove, rethrow the error
@@ -470,37 +936,53 @@ export class BrowserCacheManager extends CacheManager {
470
936
  key: string,
471
937
  value: string,
472
938
  correlationId: string,
473
- timestamp: string
939
+ timestamp: string,
940
+ kmsi: boolean
474
941
  ): Promise<void> {
475
- let tokenKeysV0Count = 0;
476
- let accessTokenKeys: Array<string> = [];
942
+ const tokenKeysCount = new Array(
943
+ CacheKeys.CREDENTIAL_SCHEMA_VERSION + 1
944
+ ).fill(0); // Array mapping schema version to number of token keys stored for that version
945
+ const accessTokenKeys: Array<string> = []; // Flat map of all access token keys stored, ordered by schema version
477
946
  const maxRetries = 20;
478
947
  for (let i = 0; i <= maxRetries; i++) {
479
948
  try {
949
+ // Attempt to store item in cache, if cache is full this call will throw and we'll attempt to clear space by removing access tokens from the cache one by one, starting with tokens stored by previous versions of MSAL.js
480
950
  await invokeAsync(
481
951
  this.browserStorage.setUserData.bind(this.browserStorage),
482
952
  PerformanceEvents.SetUserData,
483
953
  this.logger,
484
954
  this.performanceClient
485
- )(key, value, correlationId, timestamp);
955
+ )(key, value, correlationId, timestamp, kmsi);
486
956
  if (i > 0) {
487
- // Finally update the token keys array with the tokens removed
488
- if (i <= tokenKeysV0Count) {
489
- this.removeAccessTokenKeys(
490
- accessTokenKeys.slice(0, i),
491
- correlationId,
492
- 0
493
- );
494
- } else {
495
- this.removeAccessTokenKeys(
496
- accessTokenKeys.slice(0, tokenKeysV0Count),
497
- correlationId,
498
- 0
499
- );
500
- this.removeAccessTokenKeys(
501
- accessTokenKeys.slice(tokenKeysV0Count, i),
502
- correlationId
503
- );
957
+ // If any tokens were removed in order to store this item update the token keys array with the tokens removed
958
+ for (
959
+ let schemaVersion = 0;
960
+ schemaVersion <= CacheKeys.CREDENTIAL_SCHEMA_VERSION;
961
+ schemaVersion++
962
+ ) {
963
+ // Get the sum of all previous token counts to use as start index for this schema version
964
+ const startIndex = tokenKeysCount
965
+ .slice(0, schemaVersion)
966
+ .reduce((sum, count) => sum + count, 0);
967
+ if (startIndex >= i) {
968
+ // Done removing tokens
969
+ break;
970
+ }
971
+ const endIndex =
972
+ i > startIndex + tokenKeysCount[schemaVersion]
973
+ ? startIndex + tokenKeysCount[schemaVersion]
974
+ : i;
975
+
976
+ if (
977
+ i > startIndex &&
978
+ tokenKeysCount[schemaVersion] > 0
979
+ ) {
980
+ this.removeAccessTokenKeys(
981
+ accessTokenKeys.slice(startIndex, endIndex),
982
+ correlationId,
983
+ schemaVersion
984
+ );
985
+ }
504
986
  }
505
987
  }
506
988
  break; // If setItem succeeds, exit the loop
@@ -512,10 +994,16 @@ export class BrowserCacheManager extends CacheManager {
512
994
  i < maxRetries
513
995
  ) {
514
996
  if (!accessTokenKeys.length) {
515
- const tokenKeys0 = this.getTokenKeys(0).accessToken;
516
- const tokenKeys1 = this.getTokenKeys().accessToken;
517
- accessTokenKeys = [...tokenKeys0, ...tokenKeys1];
518
- tokenKeysV0Count = tokenKeys0.length;
997
+ // If we are currently trying to set the token keys, use the value we're trying to set
998
+ for (
999
+ let i = 0;
1000
+ i <= CacheKeys.CREDENTIAL_SCHEMA_VERSION;
1001
+ i++
1002
+ ) {
1003
+ const tokenKeys = this.getTokenKeys(i).accessToken;
1004
+ accessTokenKeys.push(...tokenKeys);
1005
+ tokenKeysCount[i] = tokenKeys.length;
1006
+ }
519
1007
  }
520
1008
  if (accessTokenKeys.length <= i) {
521
1009
  // Nothing left to remove, rethrow the error
@@ -569,19 +1057,24 @@ export class BrowserCacheManager extends CacheManager {
569
1057
  */
570
1058
  async setAccount(
571
1059
  account: AccountEntity,
572
- correlationId: string
1060
+ correlationId: string,
1061
+ kmsi: boolean
573
1062
  ): Promise<void> {
574
1063
  this.logger.trace("BrowserCacheManager.setAccount called");
575
- const key = this.generateAccountKey(account.getAccountInfo());
1064
+ const key = this.generateAccountKey(
1065
+ AccountEntity.getAccountInfo(account)
1066
+ );
576
1067
  const timestamp = Date.now().toString();
577
1068
  account.lastUpdatedAt = timestamp;
578
1069
  await this.setUserData(
579
1070
  key,
580
1071
  JSON.stringify(account),
581
1072
  correlationId,
582
- timestamp
1073
+ timestamp,
1074
+ kmsi
583
1075
  );
584
1076
  const wasAdded = this.addAccountKeyToMap(key, correlationId);
1077
+ this.performanceClient.addFields({ kmsi: kmsi }, correlationId);
585
1078
 
586
1079
  /**
587
1080
  * @deprecated - Remove this in next major version in favor of more consistent LOGIN event
@@ -594,7 +1087,7 @@ export class BrowserCacheManager extends CacheManager {
594
1087
  this.eventHandler.emitEvent(
595
1088
  EventType.ACCOUNT_ADDED,
596
1089
  undefined,
597
- account.getAccountInfo()
1090
+ AccountEntity.getAccountInfo(account)
598
1091
  );
599
1092
  }
600
1093
  }
@@ -607,6 +1100,22 @@ export class BrowserCacheManager extends CacheManager {
607
1100
  return getAccountKeys(this.browserStorage);
608
1101
  }
609
1102
 
1103
+ setAccountKeys(
1104
+ accountKeys: Array<string>,
1105
+ correlationId: string,
1106
+ schemaVersion: number = CacheKeys.ACCOUNT_SCHEMA_VERSION
1107
+ ): void {
1108
+ if (accountKeys.length === 0) {
1109
+ this.removeItem(CacheKeys.getAccountKeysCacheKey(schemaVersion));
1110
+ } else {
1111
+ this.setItem(
1112
+ CacheKeys.getAccountKeysCacheKey(schemaVersion),
1113
+ JSON.stringify(accountKeys),
1114
+ correlationId
1115
+ );
1116
+ }
1117
+ }
1118
+
610
1119
  /**
611
1120
  * Add a new account to the key map
612
1121
  * @param key
@@ -650,17 +1159,7 @@ export class BrowserCacheManager extends CacheManager {
650
1159
  const removalIndex = accountKeys.indexOf(key);
651
1160
  if (removalIndex > -1) {
652
1161
  accountKeys.splice(removalIndex, 1);
653
- if (accountKeys.length === 0) {
654
- // If no keys left, remove the map
655
- this.removeItem(CacheKeys.getAccountKeysCacheKey());
656
- return;
657
- } else {
658
- this.setItem(
659
- CacheKeys.getAccountKeysCacheKey(),
660
- JSON.stringify(accountKeys),
661
- correlationId
662
- );
663
- }
1162
+ this.setAccountKeys(accountKeys, correlationId);
664
1163
  this.logger.trace(
665
1164
  "BrowserCacheManager.removeAccountKeyFromMap account key removed"
666
1165
  );
@@ -865,7 +1364,8 @@ export class BrowserCacheManager extends CacheManager {
865
1364
  */
866
1365
  async setIdTokenCredential(
867
1366
  idToken: IdTokenEntity,
868
- correlationId: string
1367
+ correlationId: string,
1368
+ kmsi: boolean
869
1369
  ): Promise<void> {
870
1370
  this.logger.trace("BrowserCacheManager.setIdTokenCredential called");
871
1371
  const idTokenKey = this.generateCredentialKey(idToken);
@@ -876,7 +1376,8 @@ export class BrowserCacheManager extends CacheManager {
876
1376
  idTokenKey,
877
1377
  JSON.stringify(idToken),
878
1378
  correlationId,
879
- timestamp
1379
+ timestamp,
1380
+ kmsi
880
1381
  );
881
1382
 
882
1383
  const tokenKeys = this.getTokenKeys();
@@ -928,7 +1429,8 @@ export class BrowserCacheManager extends CacheManager {
928
1429
  */
929
1430
  async setAccessTokenCredential(
930
1431
  accessToken: AccessTokenEntity,
931
- correlationId: string
1432
+ correlationId: string,
1433
+ kmsi: boolean
932
1434
  ): Promise<void> {
933
1435
  this.logger.trace(
934
1436
  "BrowserCacheManager.setAccessTokenCredential called"
@@ -941,7 +1443,8 @@ export class BrowserCacheManager extends CacheManager {
941
1443
  accessTokenKey,
942
1444
  JSON.stringify(accessToken),
943
1445
  correlationId,
944
- timestamp
1446
+ timestamp,
1447
+ kmsi
945
1448
  );
946
1449
 
947
1450
  const tokenKeys = this.getTokenKeys();
@@ -995,7 +1498,8 @@ export class BrowserCacheManager extends CacheManager {
995
1498
  */
996
1499
  async setRefreshTokenCredential(
997
1500
  refreshToken: RefreshTokenEntity,
998
- correlationId: string
1501
+ correlationId: string,
1502
+ kmsi: boolean
999
1503
  ): Promise<void> {
1000
1504
  this.logger.trace(
1001
1505
  "BrowserCacheManager.setRefreshTokenCredential called"
@@ -1008,7 +1512,8 @@ export class BrowserCacheManager extends CacheManager {
1008
1512
  refreshTokenKey,
1009
1513
  JSON.stringify(refreshToken),
1010
1514
  correlationId,
1011
- timestamp
1515
+ timestamp,
1516
+ kmsi
1012
1517
  );
1013
1518
 
1014
1519
  const tokenKeys = this.getTokenKeys();
@@ -1769,7 +2274,13 @@ export class BrowserCacheManager extends CacheManager {
1769
2274
  idToken: idTokenEntity,
1770
2275
  accessToken: accessTokenEntity,
1771
2276
  };
1772
- return this.saveCacheRecord(cacheRecord, result.correlationId);
2277
+ return this.saveCacheRecord(
2278
+ cacheRecord,
2279
+ result.correlationId,
2280
+ AuthToken.isKmsi(
2281
+ AuthToken.extractTokenClaims(result.idToken, base64Decode)
2282
+ )
2283
+ );
1773
2284
  }
1774
2285
 
1775
2286
  /**
@@ -1781,12 +2292,14 @@ export class BrowserCacheManager extends CacheManager {
1781
2292
  async saveCacheRecord(
1782
2293
  cacheRecord: CacheRecord,
1783
2294
  correlationId: string,
2295
+ kmsi: boolean,
1784
2296
  storeInCache?: StoreInCache
1785
2297
  ): Promise<void> {
1786
2298
  try {
1787
2299
  await super.saveCacheRecord(
1788
2300
  cacheRecord,
1789
2301
  correlationId,
2302
+ kmsi,
1790
2303
  storeInCache
1791
2304
  );
1792
2305
  } catch (e) {