@azure/msal-browser 4.26.1 → 4.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (419) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +11 -25
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  11. package/dist/cache/AccountManager.mjs +1 -1
  12. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  13. package/dist/cache/BrowserCacheManager.mjs +1 -1
  14. package/dist/cache/CacheHelpers.mjs +1 -1
  15. package/dist/cache/CacheKeys.mjs +2 -3
  16. package/dist/cache/CacheKeys.mjs.map +1 -1
  17. package/dist/cache/CookieStorage.mjs +1 -1
  18. package/dist/cache/DatabaseStorage.mjs +1 -1
  19. package/dist/cache/EncryptedData.mjs +1 -1
  20. package/dist/cache/LocalStorage.mjs +1 -1
  21. package/dist/cache/MemoryStorage.mjs +1 -1
  22. package/dist/cache/SessionStorage.mjs +1 -1
  23. package/dist/cache/TokenCache.mjs +1 -1
  24. package/dist/config/Configuration.d.ts +4 -0
  25. package/dist/config/Configuration.d.ts.map +1 -1
  26. package/dist/config/Configuration.mjs +2 -1
  27. package/dist/config/Configuration.mjs.map +1 -1
  28. package/dist/controllers/ControllerFactory.mjs +1 -1
  29. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  30. package/dist/controllers/StandardController.d.ts.map +1 -1
  31. package/dist/controllers/StandardController.mjs +2 -2
  32. package/dist/controllers/StandardController.mjs.map +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.mjs +1 -1
  36. package/dist/crypto/PkceGenerator.mjs +1 -1
  37. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  38. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  39. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  40. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +9 -23
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  46. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  47. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  48. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  49. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  50. package/dist/custom-auth-path/cache/CacheKeys.mjs +2 -3
  51. package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
  52. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  53. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  55. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  59. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  60. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  61. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  62. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  63. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  64. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  65. package/dist/custom-auth-path/controllers/StandardController.mjs +2 -2
  66. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  67. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  68. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  69. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +0 -3
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -4
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs.map +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +0 -2
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -3
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs.map +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +0 -7
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +3 -10
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs.map +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +0 -2
  96. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -3
  98. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs.map +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +0 -2
  100. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -3
  102. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs.map +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +0 -6
  106. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -7
  108. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs.map +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +0 -2
  171. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -3
  173. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs.map +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +0 -2
  175. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -3
  177. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs.map +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +0 -2
  179. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -3
  181. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs.map +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  184. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  185. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  186. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  187. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  188. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  189. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  190. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  191. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  192. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  193. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  194. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  195. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  196. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  197. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  198. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  199. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  200. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  201. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  202. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  203. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  204. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  205. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  206. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  207. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  208. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  209. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  210. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  211. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  212. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  213. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  214. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  216. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  217. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts +1 -1
  218. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  219. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +20 -4
  220. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  221. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  222. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +4 -2
  223. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  224. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  225. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  226. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  227. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +19 -3
  228. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  229. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  230. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts +3 -1
  231. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  232. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +8 -7
  233. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  234. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  235. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  236. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  237. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  238. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  239. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  240. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  241. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  242. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  243. package/dist/custom-auth-path/protocol/Authorize.mjs +3 -1
  244. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  245. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  246. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  247. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  248. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  249. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  250. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  251. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  252. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  253. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +0 -3
  254. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
  255. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +0 -2
  256. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
  257. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +0 -7
  258. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
  259. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +0 -2
  260. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
  261. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +0 -2
  262. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
  263. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +0 -6
  264. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
  265. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +0 -2
  266. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  267. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +0 -2
  268. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  269. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +0 -2
  270. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  271. package/dist/encode/Base64Decode.mjs +1 -1
  272. package/dist/encode/Base64Encode.mjs +1 -1
  273. package/dist/error/BrowserAuthError.mjs +1 -1
  274. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  275. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  276. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  277. package/dist/error/NativeAuthError.mjs +1 -1
  278. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  279. package/dist/error/NestedAppAuthError.mjs +1 -1
  280. package/dist/event/EventHandler.mjs +1 -1
  281. package/dist/event/EventMessage.mjs +1 -1
  282. package/dist/event/EventType.mjs +1 -1
  283. package/dist/index.mjs +1 -1
  284. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  285. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  286. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  287. package/dist/interaction_client/PopupClient.d.ts +1 -1
  288. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  289. package/dist/interaction_client/PopupClient.mjs +20 -4
  290. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  291. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  292. package/dist/interaction_client/RedirectClient.mjs +4 -2
  293. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  294. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  295. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  296. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  297. package/dist/interaction_client/SilentIframeClient.mjs +19 -3
  298. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  299. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  300. package/dist/interaction_client/StandardInteractionClient.d.ts +3 -1
  301. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  302. package/dist/interaction_client/StandardInteractionClient.mjs +8 -7
  303. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  304. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  305. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  306. package/dist/naa/BridgeError.mjs +1 -1
  307. package/dist/naa/BridgeProxy.mjs +1 -1
  308. package/dist/naa/BridgeStatusCode.mjs +1 -1
  309. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  310. package/dist/navigation/NavigationClient.mjs +1 -1
  311. package/dist/network/FetchClient.mjs +1 -1
  312. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  313. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  314. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  315. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  316. package/dist/packageMetadata.d.ts +1 -1
  317. package/dist/packageMetadata.mjs +2 -2
  318. package/dist/protocol/Authorize.d.ts.map +1 -1
  319. package/dist/protocol/Authorize.mjs +3 -1
  320. package/dist/protocol/Authorize.mjs.map +1 -1
  321. package/dist/request/RequestHelpers.mjs +1 -1
  322. package/dist/response/ResponseHandler.mjs +1 -1
  323. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  324. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  325. package/dist/utils/BrowserConstants.mjs +1 -1
  326. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  327. package/dist/utils/BrowserUtils.mjs +1 -1
  328. package/dist/utils/Helpers.mjs +1 -1
  329. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  330. package/lib/custom-auth-path/msal-custom-auth.cjs +129 -128
  331. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  332. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  333. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  334. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  335. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  336. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  337. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  338. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +0 -3
  339. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
  340. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +0 -2
  341. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
  342. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +0 -7
  343. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
  344. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +0 -2
  345. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
  346. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +0 -2
  347. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
  348. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +0 -6
  349. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
  350. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +0 -2
  351. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  352. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +0 -2
  353. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  354. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +0 -2
  355. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts +1 -1
  357. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  358. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  360. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts +3 -1
  361. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  363. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  364. package/lib/msal-browser.cjs +141 -102
  365. package/lib/msal-browser.cjs.map +1 -1
  366. package/lib/msal-browser.js +141 -102
  367. package/lib/msal-browser.js.map +1 -1
  368. package/lib/msal-browser.min.js +66 -66
  369. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  370. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  371. package/lib/types/config/Configuration.d.ts +4 -0
  372. package/lib/types/config/Configuration.d.ts.map +1 -1
  373. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  374. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  375. package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +0 -3
  376. package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
  377. package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +0 -2
  378. package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
  379. package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +0 -7
  380. package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
  381. package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +0 -2
  382. package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
  383. package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +0 -2
  384. package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
  385. package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +0 -6
  386. package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
  387. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +0 -2
  388. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  389. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +0 -2
  390. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  391. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +0 -2
  392. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  393. package/lib/types/interaction_client/PopupClient.d.ts +1 -1
  394. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  395. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  396. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  397. package/lib/types/interaction_client/StandardInteractionClient.d.ts +3 -1
  398. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  399. package/lib/types/packageMetadata.d.ts +1 -1
  400. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  401. package/package.json +2 -2
  402. package/src/broker/nativeBroker/PlatformAuthProvider.ts +21 -23
  403. package/src/config/Configuration.ts +5 -0
  404. package/src/controllers/StandardController.ts +2 -1
  405. package/src/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.ts +0 -3
  406. package/src/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.ts +0 -2
  407. package/src/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.ts +4 -11
  408. package/src/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.ts +0 -2
  409. package/src/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.ts +0 -2
  410. package/src/custom_auth/core/auth_flow/mfa/state/MfaState.ts +0 -6
  411. package/src/custom_auth/sign_in/auth_flow/result/SignInResult.ts +0 -2
  412. package/src/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.ts +0 -2
  413. package/src/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.ts +0 -2
  414. package/src/interaction_client/PopupClient.ts +73 -21
  415. package/src/interaction_client/RedirectClient.ts +14 -1
  416. package/src/interaction_client/SilentIframeClient.ts +68 -19
  417. package/src/interaction_client/StandardInteractionClient.ts +17 -12
  418. package/src/packageMetadata.ts +1 -1
  419. package/src/protocol/Authorize.ts +7 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.26.1 2025-11-06 */
1
+ /*! @azure/msal-browser v4.27.0 2025-12-04 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -276,7 +276,7 @@ const JsonWebTokenTypes = {
276
276
  // Token renewal offset default in seconds
277
277
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
278
278
 
279
- /*! @azure/msal-common v15.13.1 2025-11-06 */
279
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
280
280
  /*
281
281
  * Copyright (c) Microsoft Corporation. All rights reserved.
282
282
  * Licensed under the MIT License.
@@ -287,7 +287,7 @@ const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
287
287
  const unexpectedError = "unexpected_error";
288
288
  const postRequestFailed$1 = "post_request_failed";
289
289
 
290
- /*! @azure/msal-common v15.13.1 2025-11-06 */
290
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
291
291
 
292
292
  /*
293
293
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -322,7 +322,7 @@ function createAuthError(code, additionalMessage) {
322
322
  : AuthErrorMessages[code]);
323
323
  }
324
324
 
325
- /*! @azure/msal-common v15.13.1 2025-11-06 */
325
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
328
328
  * Licensed under the MIT License.
@@ -370,9 +370,10 @@ const noNetworkConnectivity$1 = "no_network_connectivity";
370
370
  const userCanceled = "user_canceled";
371
371
  const missingTenantIdError = "missing_tenant_id_error";
372
372
  const methodNotImplemented = "method_not_implemented";
373
- const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
373
+ const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
374
+ const platformBrokerError = "platform_broker_error";
374
375
 
375
- /*! @azure/msal-common v15.13.1 2025-11-06 */
376
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
376
377
 
377
378
  /*
378
379
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -429,6 +430,7 @@ const ClientAuthErrorMessages = {
429
430
  [missingTenantIdError]: "A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",
430
431
  [methodNotImplemented]: "This method has not been implemented",
431
432
  [nestedAppAuthBridgeDisabled]: "The nested app auth bridge is disabled",
433
+ [platformBrokerError]: "An error occurred in the native broker. See the platformBrokerError property for details.",
432
434
  };
433
435
  /**
434
436
  * Error thrown when there is an error in the client code running on the browser.
@@ -446,7 +448,7 @@ function createClientAuthError(errorCode, additionalMessage) {
446
448
  return new ClientAuthError(errorCode, additionalMessage);
447
449
  }
448
450
 
449
- /*! @azure/msal-common v15.13.1 2025-11-06 */
451
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
450
452
 
451
453
  /*
452
454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -485,7 +487,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
485
487
  },
486
488
  };
487
489
 
488
- /*! @azure/msal-common v15.13.1 2025-11-06 */
490
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
489
491
 
490
492
  /*
491
493
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -676,12 +678,12 @@ class Logger {
676
678
  }
677
679
  }
678
680
 
679
- /*! @azure/msal-common v15.13.1 2025-11-06 */
681
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
680
682
  /* eslint-disable header/header */
681
683
  const name$1 = "@azure/msal-common";
682
- const version$1 = "15.13.1";
684
+ const version$1 = "15.13.3";
683
685
 
684
- /*! @azure/msal-common v15.13.1 2025-11-06 */
686
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
685
687
  /*
686
688
  * Copyright (c) Microsoft Corporation. All rights reserved.
687
689
  * Licensed under the MIT License.
@@ -690,7 +692,7 @@ const AzureCloudInstance = {
690
692
  // AzureCloudInstance is not specified.
691
693
  None: "none"};
692
694
 
693
- /*! @azure/msal-common v15.13.1 2025-11-06 */
695
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
694
696
  /*
695
697
  * Copyright (c) Microsoft Corporation. All rights reserved.
696
698
  * Licensed under the MIT License.
@@ -717,9 +719,10 @@ const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
717
719
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
718
720
  const authorityMismatch = "authority_mismatch";
719
721
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
720
- const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
722
+ const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
723
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
721
724
 
722
- /*! @azure/msal-common v15.13.1 2025-11-06 */
725
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
723
726
 
724
727
  /*
725
728
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -749,6 +752,7 @@ const ClientConfigurationErrorMessages = {
749
752
  [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
750
753
  [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
751
754
  [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
755
+ [invalidPlatformBrokerConfiguration]: "Invalid platform broker configuration. `allowPlatformBrokerWithDOM` can only be enabled when `allowPlatformBroker` is enabled.",
752
756
  };
753
757
  /**
754
758
  * Error thrown when there is an error in configuration of the MSAL.js library.
@@ -764,7 +768,7 @@ function createClientConfigurationError(errorCode) {
764
768
  return new ClientConfigurationError(errorCode);
765
769
  }
766
770
 
767
- /*! @azure/msal-common v15.13.1 2025-11-06 */
771
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
768
772
  /*
769
773
  * Copyright (c) Microsoft Corporation. All rights reserved.
770
774
  * Licensed under the MIT License.
@@ -861,7 +865,7 @@ class StringUtils {
861
865
  }
862
866
  }
863
867
 
864
- /*! @azure/msal-common v15.13.1 2025-11-06 */
868
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
865
869
 
866
870
  /*
867
871
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1056,7 +1060,7 @@ class ScopeSet {
1056
1060
  }
1057
1061
  }
1058
1062
 
1059
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1063
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1060
1064
 
1061
1065
  /*
1062
1066
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1096,7 +1100,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1096
1100
  };
1097
1101
  }
1098
1102
 
1099
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1103
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1100
1104
  /*
1101
1105
  * Copyright (c) Microsoft Corporation. All rights reserved.
1102
1106
  * Licensed under the MIT License.
@@ -1178,7 +1182,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1178
1182
  return updatedAccountInfo;
1179
1183
  }
1180
1184
 
1181
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1185
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1182
1186
  /*
1183
1187
  * Copyright (c) Microsoft Corporation. All rights reserved.
1184
1188
  * Licensed under the MIT License.
@@ -1193,7 +1197,7 @@ const AuthorityType = {
1193
1197
  Ciam: 3,
1194
1198
  };
1195
1199
 
1196
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1200
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1197
1201
  /*
1198
1202
  * Copyright (c) Microsoft Corporation. All rights reserved.
1199
1203
  * Licensed under the MIT License.
@@ -1215,7 +1219,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
1215
1219
  return null;
1216
1220
  }
1217
1221
 
1218
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1222
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1219
1223
  /*
1220
1224
  * Copyright (c) Microsoft Corporation. All rights reserved.
1221
1225
  * Licensed under the MIT License.
@@ -1239,7 +1243,7 @@ const ProtocolMode = {
1239
1243
  EAR: "EAR",
1240
1244
  };
1241
1245
 
1242
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1246
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1243
1247
 
1244
1248
  /*
1245
1249
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1460,7 +1464,7 @@ class AccountEntity {
1460
1464
  }
1461
1465
  }
1462
1466
 
1463
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1467
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1464
1468
 
1465
1469
  /*
1466
1470
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1541,7 +1545,7 @@ function checkMaxAge(authTime, maxAge) {
1541
1545
  }
1542
1546
  }
1543
1547
 
1544
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1548
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1545
1549
 
1546
1550
  /*
1547
1551
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1657,7 +1661,7 @@ function normalizeUrlForComparison(url) {
1657
1661
  }
1658
1662
  }
1659
1663
 
1660
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1664
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1661
1665
 
1662
1666
  /*
1663
1667
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1821,7 +1825,7 @@ class UrlString {
1821
1825
  }
1822
1826
  }
1823
1827
 
1824
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1828
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1825
1829
 
1826
1830
  /*
1827
1831
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1960,7 +1964,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1960
1964
  return null;
1961
1965
  }
1962
1966
 
1963
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1967
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1964
1968
  /*
1965
1969
  * Copyright (c) Microsoft Corporation. All rights reserved.
1966
1970
  * Licensed under the MIT License.
@@ -1968,7 +1972,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1968
1972
  const cacheQuotaExceeded = "cache_quota_exceeded";
1969
1973
  const cacheErrorUnknown = "cache_error_unknown";
1970
1974
 
1971
- /*! @azure/msal-common v15.13.1 2025-11-06 */
1975
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
1972
1976
 
1973
1977
  /*
1974
1978
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2013,7 +2017,7 @@ function createCacheError(e) {
2013
2017
  }
2014
2018
  }
2015
2019
 
2016
- /*! @azure/msal-common v15.13.1 2025-11-06 */
2020
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
2017
2021
 
2018
2022
  /*
2019
2023
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3122,7 +3126,7 @@ class DefaultStorageClass extends CacheManager {
3122
3126
  }
3123
3127
  }
3124
3128
 
3125
- /*! @azure/msal-common v15.13.1 2025-11-06 */
3129
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
3126
3130
  /*
3127
3131
  * Copyright (c) Microsoft Corporation. All rights reserved.
3128
3132
  * Licensed under the MIT License.
@@ -3389,7 +3393,7 @@ const PerformanceEvents = {
3389
3393
  const PerformanceEventStatus = {
3390
3394
  InProgress: 1};
3391
3395
 
3392
- /*! @azure/msal-common v15.13.1 2025-11-06 */
3396
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
3393
3397
 
3394
3398
  /*
3395
3399
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3468,7 +3472,7 @@ class StubPerformanceClient {
3468
3472
  }
3469
3473
  }
3470
3474
 
3471
- /*! @azure/msal-common v15.13.1 2025-11-06 */
3475
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
3472
3476
 
3473
3477
  /*
3474
3478
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3568,7 +3572,7 @@ function isOidcProtocolMode(config) {
3568
3572
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3569
3573
  }
3570
3574
 
3571
- /*! @azure/msal-common v15.13.1 2025-11-06 */
3575
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
3572
3576
  /*
3573
3577
  * Copyright (c) Microsoft Corporation. All rights reserved.
3574
3578
  * Licensed under the MIT License.
@@ -3578,7 +3582,7 @@ const CcsCredentialType = {
3578
3582
  UPN: "UPN",
3579
3583
  };
3580
3584
 
3581
- /*! @azure/msal-common v15.13.1 2025-11-06 */
3585
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
3582
3586
  /*
3583
3587
  * Copyright (c) Microsoft Corporation. All rights reserved.
3584
3588
  * Licensed under the MIT License.
@@ -3628,7 +3632,7 @@ const INSTANCE_AWARE = "instance_aware";
3628
3632
  const EAR_JWK = "ear_jwk";
3629
3633
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
3630
3634
 
3631
- /*! @azure/msal-common v15.13.1 2025-11-06 */
3635
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
3632
3636
 
3633
3637
  /*
3634
3638
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4008,7 +4012,7 @@ function addPostBodyParameters(parameters, bodyParameters) {
4008
4012
  });
4009
4013
  }
4010
4014
 
4011
- /*! @azure/msal-common v15.13.1 2025-11-06 */
4015
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
4012
4016
  /*
4013
4017
  * Copyright (c) Microsoft Corporation. All rights reserved.
4014
4018
  * Licensed under the MIT License.
@@ -4020,7 +4024,7 @@ function isOpenIdConfigResponse(response) {
4020
4024
  response.hasOwnProperty("jwks_uri"));
4021
4025
  }
4022
4026
 
4023
- /*! @azure/msal-common v15.13.1 2025-11-06 */
4027
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
4024
4028
  /*
4025
4029
  * Copyright (c) Microsoft Corporation. All rights reserved.
4026
4030
  * Licensed under the MIT License.
@@ -4030,7 +4034,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4030
4034
  response.hasOwnProperty("metadata"));
4031
4035
  }
4032
4036
 
4033
- /*! @azure/msal-common v15.13.1 2025-11-06 */
4037
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
4034
4038
  /*
4035
4039
  * Copyright (c) Microsoft Corporation. All rights reserved.
4036
4040
  * Licensed under the MIT License.
@@ -4040,7 +4044,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4040
4044
  response.hasOwnProperty("error_description"));
4041
4045
  }
4042
4046
 
4043
- /*! @azure/msal-common v15.13.1 2025-11-06 */
4047
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
4044
4048
  /*
4045
4049
  * Copyright (c) Microsoft Corporation. All rights reserved.
4046
4050
  * Licensed under the MIT License.
@@ -4136,7 +4140,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4136
4140
  };
4137
4141
  };
4138
4142
 
4139
- /*! @azure/msal-common v15.13.1 2025-11-06 */
4143
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
4140
4144
 
4141
4145
  /*
4142
4146
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4242,7 +4246,7 @@ RegionDiscovery.IMDS_OPTIONS = {
4242
4246
  },
4243
4247
  };
4244
4248
 
4245
- /*! @azure/msal-common v15.13.1 2025-11-06 */
4249
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
4246
4250
  /*
4247
4251
  * Copyright (c) Microsoft Corporation. All rights reserved.
4248
4252
  * Licensed under the MIT License.
@@ -4307,7 +4311,7 @@ function wasClockTurnedBack(cachedAt) {
4307
4311
  return cachedAtSec > nowSeconds();
4308
4312
  }
4309
4313
 
4310
- /*! @azure/msal-common v15.13.1 2025-11-06 */
4314
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
4311
4315
 
4312
4316
  /*
4313
4317
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4569,7 +4573,7 @@ function isAuthorityMetadataExpired(metadata) {
4569
4573
  return metadata.expiresAt <= nowSeconds();
4570
4574
  }
4571
4575
 
4572
- /*! @azure/msal-common v15.13.1 2025-11-06 */
4576
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
4573
4577
 
4574
4578
  /*
4575
4579
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5408,7 +5412,7 @@ function buildStaticAuthorityOptions(authOptions) {
5408
5412
  };
5409
5413
  }
5410
5414
 
5411
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5415
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5412
5416
 
5413
5417
  /*
5414
5418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5439,7 +5443,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5439
5443
  }
5440
5444
  }
5441
5445
 
5442
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5446
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5443
5447
 
5444
5448
  /*
5445
5449
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5458,7 +5462,7 @@ class ServerError extends AuthError {
5458
5462
  }
5459
5463
  }
5460
5464
 
5461
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5465
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5462
5466
  /*
5463
5467
  * Copyright (c) Microsoft Corporation. All rights reserved.
5464
5468
  * Licensed under the MIT License.
@@ -5479,7 +5483,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
5479
5483
  };
5480
5484
  }
5481
5485
 
5482
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5486
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5483
5487
 
5484
5488
  /*
5485
5489
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5566,7 +5570,7 @@ class ThrottlingUtils {
5566
5570
  }
5567
5571
  }
5568
5572
 
5569
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5573
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5570
5574
 
5571
5575
  /*
5572
5576
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5597,7 +5601,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5597
5601
  return new NetworkError(error, httpStatus, responseHeaders);
5598
5602
  }
5599
5603
 
5600
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5604
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5601
5605
 
5602
5606
  /*
5603
5607
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5745,7 +5749,7 @@ class BaseClient {
5745
5749
  }
5746
5750
  }
5747
5751
 
5748
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5752
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5749
5753
  /*
5750
5754
  * Copyright (c) Microsoft Corporation. All rights reserved.
5751
5755
  * Licensed under the MIT License.
@@ -5761,7 +5765,7 @@ const consentRequired = "consent_required";
5761
5765
  const loginRequired = "login_required";
5762
5766
  const badToken = "bad_token";
5763
5767
 
5764
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5768
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5765
5769
 
5766
5770
  /*
5767
5771
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5833,7 +5837,7 @@ function createInteractionRequiredAuthError(errorCode) {
5833
5837
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
5834
5838
  }
5835
5839
 
5836
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5840
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5837
5841
 
5838
5842
  /*
5839
5843
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5905,7 +5909,7 @@ class ProtocolUtils {
5905
5909
  }
5906
5910
  }
5907
5911
 
5908
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5912
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5909
5913
 
5910
5914
  /*
5911
5915
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5987,7 +5991,7 @@ class PopTokenGenerator {
5987
5991
  }
5988
5992
  }
5989
5993
 
5990
- /*! @azure/msal-common v15.13.1 2025-11-06 */
5994
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
5991
5995
  /*
5992
5996
  * Copyright (c) Microsoft Corporation. All rights reserved.
5993
5997
  * Licensed under the MIT License.
@@ -6014,7 +6018,7 @@ class PopTokenGenerator {
6014
6018
  }
6015
6019
  }
6016
6020
 
6017
- /*! @azure/msal-common v15.13.1 2025-11-06 */
6021
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
6018
6022
 
6019
6023
  /*
6020
6024
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6345,7 +6349,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6345
6349
  return baseAccount;
6346
6350
  }
6347
6351
 
6348
- /*! @azure/msal-common v15.13.1 2025-11-06 */
6352
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
6349
6353
  /*
6350
6354
  * Copyright (c) Microsoft Corporation. All rights reserved.
6351
6355
  * Licensed under the MIT License.
@@ -6363,7 +6367,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
6363
6367
  }
6364
6368
  }
6365
6369
 
6366
- /*! @azure/msal-common v15.13.1 2025-11-06 */
6370
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
6367
6371
 
6368
6372
  /*
6369
6373
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6598,7 +6602,7 @@ class AuthorizationCodeClient extends BaseClient {
6598
6602
  }
6599
6603
  }
6600
6604
 
6601
- /*! @azure/msal-common v15.13.1 2025-11-06 */
6605
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
6602
6606
 
6603
6607
  /*
6604
6608
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6807,7 +6811,7 @@ class RefreshTokenClient extends BaseClient {
6807
6811
  }
6808
6812
  }
6809
6813
 
6810
- /*! @azure/msal-common v15.13.1 2025-11-06 */
6814
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
6811
6815
 
6812
6816
  /*
6813
6817
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6905,7 +6909,7 @@ class SilentFlowClient extends BaseClient {
6905
6909
  }
6906
6910
  }
6907
6911
 
6908
- /*! @azure/msal-common v15.13.1 2025-11-06 */
6912
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
6909
6913
 
6910
6914
  /*
6911
6915
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6920,7 +6924,7 @@ const StubbedNetworkModule = {
6920
6924
  },
6921
6925
  };
6922
6926
 
6923
- /*! @azure/msal-common v15.13.1 2025-11-06 */
6927
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
6924
6928
 
6925
6929
  /*
6926
6930
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7144,7 +7148,7 @@ function extractLoginHint(account) {
7144
7148
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7145
7149
  }
7146
7150
 
7147
- /*! @azure/msal-common v15.13.1 2025-11-06 */
7151
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
7148
7152
 
7149
7153
  /*
7150
7154
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7407,7 +7411,7 @@ class ServerTelemetryManager {
7407
7411
  }
7408
7412
  }
7409
7413
 
7410
- /*! @azure/msal-common v15.13.1 2025-11-06 */
7414
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
7411
7415
  /*
7412
7416
  * Copyright (c) Microsoft Corporation. All rights reserved.
7413
7417
  * Licensed under the MIT License.
@@ -7415,7 +7419,7 @@ class ServerTelemetryManager {
7415
7419
  const missingKidError = "missing_kid_error";
7416
7420
  const missingAlgError = "missing_alg_error";
7417
7421
 
7418
- /*! @azure/msal-common v15.13.1 2025-11-06 */
7422
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
7419
7423
 
7420
7424
  /*
7421
7425
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7440,7 +7444,7 @@ function createJoseHeaderError(code) {
7440
7444
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
7441
7445
  }
7442
7446
 
7443
- /*! @azure/msal-common v15.13.1 2025-11-06 */
7447
+ /*! @azure/msal-common v15.13.3 2025-12-04 */
7444
7448
 
7445
7449
  /*
7446
7450
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7875,7 +7879,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7875
7879
 
7876
7880
  /* eslint-disable header/header */
7877
7881
  const name = "@azure/msal-browser";
7878
- const version = "4.26.1";
7882
+ const version = "4.27.0";
7879
7883
 
7880
7884
  /*
7881
7885
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8196,7 +8200,6 @@ class SignInResult extends AuthFlowResultBase {
8196
8200
  }
8197
8201
  /**
8198
8202
  * Checks if the result requires authentication method registration.
8199
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8200
8203
  */
8201
8204
  isAuthMethodRegistrationRequired() {
8202
8205
  return (this.state.stateType ===
@@ -8204,7 +8207,6 @@ class SignInResult extends AuthFlowResultBase {
8204
8207
  }
8205
8208
  /**
8206
8209
  * Checks if the result requires MFA.
8207
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
8208
8210
  */
8209
8211
  isMfaRequired() {
8210
8212
  return this.state.stateType === MFA_AWAITING_STATE_TYPE;
@@ -9572,12 +9574,13 @@ class StandardInteractionClient extends BaseInteractionClient {
9572
9574
  async getClientConfiguration(params) {
9573
9575
  const { serverTelemetryManager, requestAuthority, requestAzureCloudOptions, requestExtraQueryParameters, account, } = params;
9574
9576
  this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientGetClientConfiguration, this.correlationId);
9575
- const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, this.correlationId)({
9576
- requestAuthority,
9577
- requestAzureCloudOptions,
9578
- requestExtraQueryParameters,
9579
- account,
9580
- });
9577
+ const discoveredAuthority = params.authority ||
9578
+ (await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, this.correlationId)({
9579
+ requestAuthority,
9580
+ requestAzureCloudOptions,
9581
+ requestExtraQueryParameters,
9582
+ account,
9583
+ }));
9581
9584
  const logger = this.config.system.loggerOptions;
9582
9585
  return {
9583
9586
  authOptions: {
@@ -11860,7 +11863,6 @@ class SignInSubmitCodeResult extends AuthFlowResultBase {
11860
11863
  }
11861
11864
  /**
11862
11865
  * Checks if the result requires authentication method registration.
11863
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
11864
11866
  */
11865
11867
  isAuthMethodRegistrationRequired() {
11866
11868
  return (this.state.stateType ===
@@ -11868,7 +11870,6 @@ class SignInSubmitCodeResult extends AuthFlowResultBase {
11868
11870
  }
11869
11871
  /**
11870
11872
  * Checks if the result requires MFA.
11871
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
11872
11873
  */
11873
11874
  isMfaRequired() {
11874
11875
  return this.state.stateType === MFA_AWAITING_STATE_TYPE;
@@ -11950,7 +11951,6 @@ class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultBase {
11950
11951
  /**
11951
11952
  * Checks if the result indicates that verification is required.
11952
11953
  * @returns true if verification is required, false otherwise.
11953
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
11954
11954
  */
11955
11955
  isVerificationRequired() {
11956
11956
  return (this.state.stateType ===
@@ -11959,7 +11959,6 @@ class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultBase {
11959
11959
  /**
11960
11960
  * Checks if the result indicates that registration is completed (fast-pass scenario).
11961
11961
  * @returns true if registration is completed, false otherwise.
11962
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
11963
11962
  */
11964
11963
  isCompleted() {
11965
11964
  return (this.state.stateType ===
@@ -11968,7 +11967,6 @@ class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultBase {
11968
11967
  /**
11969
11968
  * Checks if the result is in a failed state.
11970
11969
  * @returns true if the result is failed, false otherwise.
11971
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
11972
11970
  */
11973
11971
  isFailed() {
11974
11972
  return (this.state.stateType === AUTH_METHOD_REGISTRATION_FAILED_STATE_TYPE);
@@ -11996,7 +11994,6 @@ class AuthMethodRegistrationSubmitChallengeResult extends AuthFlowResultBase {
11996
11994
  /**
11997
11995
  * Checks if the result indicates that registration is completed.
11998
11996
  * @returns true if registration is completed, false otherwise.
11999
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12000
11997
  */
12001
11998
  isCompleted() {
12002
11999
  return (this.state.stateType ===
@@ -12005,7 +12002,6 @@ class AuthMethodRegistrationSubmitChallengeResult extends AuthFlowResultBase {
12005
12002
  /**
12006
12003
  * Checks if the result is in a failed state.
12007
12004
  * @returns true if the result is failed, false otherwise.
12008
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12009
12005
  */
12010
12006
  isFailed() {
12011
12007
  return (this.state.stateType === AUTH_METHOD_REGISTRATION_FAILED_STATE_TYPE);
@@ -12087,7 +12083,7 @@ class AuthMethodRegistrationState extends AuthFlowActionRequiredStateBase {
12087
12083
  }
12088
12084
  }
12089
12085
  catch (error) {
12090
- this.stateParameters.logger.error("Failed to challenge authentication method for auth method registration.", this.stateParameters.correlationId);
12086
+ this.stateParameters.logger.errorPii(`Failed to challenge authentication method for auth method registration. Error: ${error}.`, this.stateParameters.correlationId);
12091
12087
  return AuthMethodRegistrationChallengeMethodResult.createWithError(error);
12092
12088
  }
12093
12089
  }
@@ -12106,7 +12102,6 @@ class AuthMethodRegistrationRequiredState extends AuthMethodRegistrationState {
12106
12102
  /**
12107
12103
  * Gets the available authentication methods for registration.
12108
12104
  * @returns Array of available authentication methods.
12109
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12110
12105
  */
12111
12106
  getAuthMethods() {
12112
12107
  return this.stateParameters.authMethods;
@@ -12115,7 +12110,6 @@ class AuthMethodRegistrationRequiredState extends AuthMethodRegistrationState {
12115
12110
  * Challenges an authentication method for registration.
12116
12111
  * @param authMethodDetails The authentication method details to challenge.
12117
12112
  * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
12118
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12119
12113
  */
12120
12114
  async challengeAuthMethod(authMethodDetails) {
12121
12115
  return this.challengeAuthMethodInternal(authMethodDetails);
@@ -12135,7 +12129,6 @@ class AuthMethodVerificationRequiredState extends AuthMethodRegistrationState {
12135
12129
  /**
12136
12130
  * Gets the length of the expected verification code.
12137
12131
  * @returns The code length.
12138
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12139
12132
  */
12140
12133
  getCodeLength() {
12141
12134
  return this.stateParameters.codeLength;
@@ -12143,7 +12136,6 @@ class AuthMethodVerificationRequiredState extends AuthMethodRegistrationState {
12143
12136
  /**
12144
12137
  * Gets the channel through which the challenge was sent.
12145
12138
  * @returns The challenge channel (e.g., "email").
12146
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12147
12139
  */
12148
12140
  getChannel() {
12149
12141
  return this.stateParameters.challengeChannel;
@@ -12151,7 +12143,6 @@ class AuthMethodVerificationRequiredState extends AuthMethodRegistrationState {
12151
12143
  /**
12152
12144
  * Gets the target label indicating where the challenge was sent.
12153
12145
  * @returns The challenge target label (e.g., masked email address).
12154
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12155
12146
  */
12156
12147
  getSentTo() {
12157
12148
  return this.stateParameters.challengeTargetLabel;
@@ -12160,7 +12151,6 @@ class AuthMethodVerificationRequiredState extends AuthMethodRegistrationState {
12160
12151
  * Submits the verification challenge to complete the authentication method registration.
12161
12152
  * @param code The verification code entered by the user.
12162
12153
  * @returns Promise that resolves to AuthMethodRegistrationSubmitChallengeResult.
12163
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12164
12154
  */
12165
12155
  async submitChallenge(code) {
12166
12156
  try {
@@ -12181,7 +12171,7 @@ class AuthMethodVerificationRequiredState extends AuthMethodRegistrationState {
12181
12171
  return new AuthMethodRegistrationSubmitChallengeResult(new AuthMethodRegistrationCompletedState(), accountInfo);
12182
12172
  }
12183
12173
  catch (error) {
12184
- this.stateParameters.logger.error("Failed to submit auth method challenge.", this.stateParameters.correlationId);
12174
+ this.stateParameters.logger.errorPii(`Failed to submit auth method challenge. Error: ${error}.`, this.stateParameters.correlationId);
12185
12175
  return AuthMethodRegistrationSubmitChallengeResult.createWithError(error);
12186
12176
  }
12187
12177
  }
@@ -12189,7 +12179,6 @@ class AuthMethodVerificationRequiredState extends AuthMethodRegistrationState {
12189
12179
  * Challenges a different authentication method for registration.
12190
12180
  * @param authMethodDetails The authentication method details to challenge.
12191
12181
  * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
12192
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12193
12182
  */
12194
12183
  async challengeAuthMethod(authMethodDetails) {
12195
12184
  return this.challengeAuthMethodInternal(authMethodDetails);
@@ -12270,7 +12259,6 @@ class MfaSubmitChallengeResult extends AuthFlowResultBase {
12270
12259
  /**
12271
12260
  * Checks if the MFA flow is completed successfully.
12272
12261
  * @returns true if completed, false otherwise.
12273
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12274
12262
  */
12275
12263
  isCompleted() {
12276
12264
  return this.state.stateType === MFA_COMPLETED_STATE_TYPE;
@@ -12278,7 +12266,6 @@ class MfaSubmitChallengeResult extends AuthFlowResultBase {
12278
12266
  /**
12279
12267
  * Checks if the result is in a failed state.
12280
12268
  * @returns true if the result is failed, false otherwise.
12281
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12282
12269
  */
12283
12270
  isFailed() {
12284
12271
  return this.state.stateType === MFA_FAILED_STATE_TYPE;
@@ -12307,7 +12294,6 @@ class MfaRequestChallengeResult extends AuthFlowResultBase {
12307
12294
  /**
12308
12295
  * Checks if the result indicates that verification is required.
12309
12296
  * @returns true if verification is required, false otherwise.
12310
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12311
12297
  */
12312
12298
  isVerificationRequired() {
12313
12299
  return this.state.stateType === MFA_VERIFICATION_REQUIRED_STATE_TYPE;
@@ -12315,7 +12301,6 @@ class MfaRequestChallengeResult extends AuthFlowResultBase {
12315
12301
  /**
12316
12302
  * Checks if the result is in a failed state.
12317
12303
  * @returns true if the result is failed, false otherwise.
12318
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12319
12304
  */
12320
12305
  isFailed() {
12321
12306
  return this.state.stateType === MFA_FAILED_STATE_TYPE;
@@ -12348,7 +12333,6 @@ class MfaState extends AuthFlowActionRequiredStateBase {
12348
12333
  * Requests an MFA challenge for a specific authentication method.
12349
12334
  * @param authMethodId The authentication method ID to use for the challenge.
12350
12335
  * @returns Promise that resolves to MfaRequestChallengeResult.
12351
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12352
12336
  */
12353
12337
  async requestChallenge(authMethodId) {
12354
12338
  try {
@@ -12397,7 +12381,6 @@ class MfaAwaitingState extends MfaState {
12397
12381
  /**
12398
12382
  * Gets the available authentication methods for MFA.
12399
12383
  * @returns Array of available authentication methods.
12400
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12401
12384
  */
12402
12385
  getAuthMethods() {
12403
12386
  return this.stateParameters.authMethods;
@@ -12418,7 +12401,6 @@ class MfaVerificationRequiredState extends MfaState {
12418
12401
  /**
12419
12402
  * Gets the length of the code that the user needs to provide.
12420
12403
  * @returns The expected code length.
12421
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12422
12404
  */
12423
12405
  getCodeLength() {
12424
12406
  return this.stateParameters.codeLength;
@@ -12426,7 +12408,6 @@ class MfaVerificationRequiredState extends MfaState {
12426
12408
  /**
12427
12409
  * Gets the channel through which the challenge was sent.
12428
12410
  * @returns The challenge channel (e.g., "email").
12429
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12430
12411
  */
12431
12412
  getChannel() {
12432
12413
  return this.stateParameters.challengeChannel;
@@ -12434,7 +12415,6 @@ class MfaVerificationRequiredState extends MfaState {
12434
12415
  /**
12435
12416
  * Gets the target label indicating where the challenge was sent.
12436
12417
  * @returns The challenge target label (e.g., masked email address).
12437
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12438
12418
  */
12439
12419
  getSentTo() {
12440
12420
  return this.stateParameters.challengeTargetLabel;
@@ -12443,7 +12423,6 @@ class MfaVerificationRequiredState extends MfaState {
12443
12423
  * Submits the MFA challenge (e.g., OTP code) to complete the authentication.
12444
12424
  * @param challenge The challenge code (e.g., OTP code) entered by the user.
12445
12425
  * @returns Promise that resolves to MfaSubmitChallengeResult.
12446
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12447
12426
  */
12448
12427
  async submitChallenge(challenge) {
12449
12428
  try {
@@ -12690,7 +12669,6 @@ class SignInSubmitPasswordResult extends AuthFlowResultBase {
12690
12669
  }
12691
12670
  /**
12692
12671
  * Checks if the result requires authentication method registration.
12693
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12694
12672
  */
12695
12673
  isAuthMethodRegistrationRequired() {
12696
12674
  return (this.state.stateType ===
@@ -12698,7 +12676,6 @@ class SignInSubmitPasswordResult extends AuthFlowResultBase {
12698
12676
  }
12699
12677
  /**
12700
12678
  * Checks if the result requires MFA.
12701
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
12702
12679
  */
12703
12680
  isMfaRequired() {
12704
12681
  return this.state.stateType === MFA_AWAITING_STATE_TYPE;
@@ -14174,7 +14151,6 @@ const CREDENTIAL_SCHEMA_VERSION = 2;
14174
14151
  const ACCOUNT_SCHEMA_VERSION = 2;
14175
14152
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
14176
14153
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
14177
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
14178
14154
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
14179
14155
  const ACCOUNT_KEYS = "account.keys";
14180
14156
  const TOKEN_KEYS = "token.keys";
@@ -17320,6 +17296,8 @@ async function getEARForm(frame, config, authority, request, logger, performance
17320
17296
  const parameters = await getStandardParameters(config, authority, request, logger, performanceClient);
17321
17297
  addResponseType(parameters, OAuthResponseType.IDTOKEN_TOKEN_REFRESHTOKEN);
17322
17298
  addEARParameters(parameters, request.earJwk);
17299
+ // Also add codeChallenge as backup in case EAR is not supported
17300
+ addCodeChallengeParams(parameters, request.codeChallenge, Constants.S256_CODE_CHALLENGE_METHOD);
17323
17301
  const queryParams = new Map();
17324
17302
  addExtraQueryParameters(queryParams, request.extraQueryParameters || {});
17325
17303
  const url = getAuthorizeUrl(authority, queryParams, config.auth.encodeExtraQueryParams, request.extraQueryParameters);
@@ -17765,6 +17743,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17765
17743
  asyncPopups: false,
17766
17744
  allowRedirectInIframe: false,
17767
17745
  allowPlatformBroker: false,
17746
+ allowPlatformBrokerWithDOM: false,
17768
17747
  nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
17769
17748
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
17770
17749
  pollIntervalMilliseconds: BrowserConstants.DEFAULT_POLL_INTERVAL_MS,
@@ -18211,9 +18190,8 @@ class PlatformAuthDOMHandler {
18211
18190
  * Copyright (c) Microsoft Corporation. All rights reserved.
18212
18191
  * Licensed under the MIT License.
18213
18192
  */
18214
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
18193
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
18215
18194
  logger.trace("getPlatformAuthProvider called", correlationId);
18216
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
18217
18195
  logger.trace("Has client allowed platform auth via DOM API: " +
18218
18196
  enablePlatformBrokerDOMSupport);
18219
18197
  let platformAuthProvider;
@@ -18238,22 +18216,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
18238
18216
  }
18239
18217
  return platformAuthProvider;
18240
18218
  }
18241
- /**
18242
- * Returns true if the DOM API support for platform auth is enabled in session storage
18243
- * @returns boolean
18244
- * @deprecated
18245
- */
18246
- function isDomEnabledForPlatformAuth() {
18247
- let sessionStorage;
18248
- try {
18249
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
18250
- // Mute errors if it's a non-browser environment or cookies are blocked.
18251
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
18252
- }
18253
- catch (e) {
18254
- return false;
18255
- }
18256
- }
18257
18219
  /**
18258
18220
  * Returns boolean indicating whether or not the request should attempt to use native broker
18259
18221
  * @param logger
@@ -18263,6 +18225,11 @@ function isDomEnabledForPlatformAuth() {
18263
18225
  */
18264
18226
  function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticationScheme) {
18265
18227
  logger.trace("isPlatformAuthAllowed called");
18228
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
18229
+ if (!config.system.allowPlatformBroker &&
18230
+ config.system.allowPlatformBrokerWithDOM) {
18231
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
18232
+ }
18266
18233
  if (!config.system.allowPlatformBroker) {
18267
18234
  logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false");
18268
18235
  // Developer disabled WAM
@@ -18390,7 +18357,7 @@ class PopupClient extends StandardInteractionClient {
18390
18357
  const isPlatformBroker = isPlatformAuthAllowed(this.config, this.logger, this.platformAuthProvider, request.authenticationScheme);
18391
18358
  validRequest.platformBroker = isPlatformBroker;
18392
18359
  if (this.config.auth.protocolMode === ProtocolMode.EAR) {
18393
- return this.executeEarFlow(validRequest, popupParams);
18360
+ return this.executeEarFlow(validRequest, popupParams, pkceCodes);
18394
18361
  }
18395
18362
  else {
18396
18363
  return this.executeCodeFlow(validRequest, popupParams, pkceCodes);
@@ -18450,7 +18417,7 @@ class PopupClient extends StandardInteractionClient {
18450
18417
  * Executes EAR flow
18451
18418
  * @param request
18452
18419
  */
18453
- async executeEarFlow(request, popupParams) {
18420
+ async executeEarFlow(request, popupParams, pkceCodes) {
18454
18421
  const correlationId = request.correlationId;
18455
18422
  // Get the frame handle for the silent request
18456
18423
  const discoveredAuthority = await invokeAsync(this.getDiscoveredAuthority.bind(this), PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority, this.logger, this.performanceClient, correlationId)({
@@ -18460,9 +18427,12 @@ class PopupClient extends StandardInteractionClient {
18460
18427
  account: request.account,
18461
18428
  });
18462
18429
  const earJwk = await invokeAsync(generateEarKey, PerformanceEvents.GenerateEarKey, this.logger, this.performanceClient, correlationId)();
18430
+ const pkce = pkceCodes ||
18431
+ (await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
18463
18432
  const popupRequest = {
18464
18433
  ...request,
18465
18434
  earJwk: earJwk,
18435
+ codeChallenge: pkce.challenge,
18466
18436
  };
18467
18437
  const popupWindow = popupParams.popup || this.openPopup("about:blank", popupParams);
18468
18438
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
@@ -18470,7 +18440,20 @@ class PopupClient extends StandardInteractionClient {
18470
18440
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18471
18441
  const responseString = await invokeAsync(this.monitorPopupForHash.bind(this), PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupWindow, popupParams.popupWindowParent);
18472
18442
  const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
18473
- return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(popupRequest, serverParams, ApiId.acquireTokenPopup, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18443
+ if (!serverParams.ear_jwe && serverParams.code) {
18444
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
18445
+ serverTelemetryManager: this.initializeServerTelemetryManager(ApiId.acquireTokenPopup),
18446
+ requestAuthority: request.authority,
18447
+ requestAzureCloudOptions: request.azureCloudOptions,
18448
+ requestExtraQueryParameters: request.extraQueryParameters,
18449
+ account: request.account,
18450
+ authority: discoveredAuthority,
18451
+ });
18452
+ return invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(popupRequest, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18453
+ }
18454
+ else {
18455
+ return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(popupRequest, serverParams, ApiId.acquireTokenPopup, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18456
+ }
18474
18457
  }
18475
18458
  async executeCodeFlowWithPost(request, popupParams, authClient, pkceVerifier) {
18476
18459
  const correlationId = request.correlationId;
@@ -18879,11 +18862,13 @@ class RedirectClient extends StandardInteractionClient {
18879
18862
  account: request.account,
18880
18863
  });
18881
18864
  const earJwk = await invokeAsync(generateEarKey, PerformanceEvents.GenerateEarKey, this.logger, this.performanceClient, correlationId)();
18865
+ const pkceCodes = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
18882
18866
  const redirectRequest = {
18883
18867
  ...request,
18884
18868
  earJwk: earJwk,
18869
+ codeChallenge: pkceCodes.challenge,
18885
18870
  };
18886
- this.browserStorage.cacheAuthorizeRequest(redirectRequest);
18871
+ this.browserStorage.cacheAuthorizeRequest(redirectRequest, pkceCodes.verifier);
18887
18872
  const form = await getEARForm(document, this.config, discoveredAuthority, redirectRequest, this.logger, this.performanceClient);
18888
18873
  form.submit();
18889
18874
  return new Promise((resolve, reject) => {
@@ -19449,16 +19434,32 @@ class SilentIframeClient extends StandardInteractionClient {
19449
19434
  account: request.account,
19450
19435
  });
19451
19436
  const earJwk = await invokeAsync(generateEarKey, PerformanceEvents.GenerateEarKey, this.logger, this.performanceClient, correlationId)();
19437
+ const pkceCodes = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
19452
19438
  const silentRequest = {
19453
19439
  ...request,
19454
19440
  earJwk: earJwk,
19441
+ codeChallenge: pkceCodes.challenge,
19455
19442
  };
19456
19443
  const msalFrame = await invokeAsync(initiateEarRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19457
19444
  const responseType = this.config.auth.OIDCOptions.serverResponseType;
19458
19445
  // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
19459
19446
  const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType);
19460
19447
  const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger);
19461
- return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19448
+ if (!serverParams.ear_jwe && serverParams.code) {
19449
+ // If server doesn't support EAR, they may fallback to auth code flow instead
19450
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
19451
+ serverTelemetryManager: this.initializeServerTelemetryManager(this.apiId),
19452
+ requestAuthority: request.authority,
19453
+ requestAzureCloudOptions: request.azureCloudOptions,
19454
+ requestExtraQueryParameters: request.extraQueryParameters,
19455
+ account: request.account,
19456
+ authority: discoveredAuthority,
19457
+ });
19458
+ return invokeAsync(handleResponseCode, PerformanceEvents.HandleResponseCode, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19459
+ }
19460
+ else {
19461
+ return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19462
+ }
19462
19463
  }
19463
19464
  /**
19464
19465
  * Currently Unsupported
@@ -19981,7 +19982,7 @@ class StandardController {
19981
19982
  if (allowPlatformBroker) {
19982
19983
  try {
19983
19984
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
19984
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, initCorrelationId, this.config.system.nativeBrokerHandshakeTimeout);
19985
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, initCorrelationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.system.allowPlatformBrokerWithDOM);
19985
19986
  }
19986
19987
  catch (e) {
19987
19988
  this.logger.verbose(e);