@azure/msal-browser 4.26.1 → 4.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (419) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +11 -25
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  11. package/dist/cache/AccountManager.mjs +1 -1
  12. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  13. package/dist/cache/BrowserCacheManager.mjs +1 -1
  14. package/dist/cache/CacheHelpers.mjs +1 -1
  15. package/dist/cache/CacheKeys.mjs +2 -3
  16. package/dist/cache/CacheKeys.mjs.map +1 -1
  17. package/dist/cache/CookieStorage.mjs +1 -1
  18. package/dist/cache/DatabaseStorage.mjs +1 -1
  19. package/dist/cache/EncryptedData.mjs +1 -1
  20. package/dist/cache/LocalStorage.mjs +1 -1
  21. package/dist/cache/MemoryStorage.mjs +1 -1
  22. package/dist/cache/SessionStorage.mjs +1 -1
  23. package/dist/cache/TokenCache.mjs +1 -1
  24. package/dist/config/Configuration.d.ts +4 -0
  25. package/dist/config/Configuration.d.ts.map +1 -1
  26. package/dist/config/Configuration.mjs +2 -1
  27. package/dist/config/Configuration.mjs.map +1 -1
  28. package/dist/controllers/ControllerFactory.mjs +1 -1
  29. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  30. package/dist/controllers/StandardController.d.ts.map +1 -1
  31. package/dist/controllers/StandardController.mjs +2 -2
  32. package/dist/controllers/StandardController.mjs.map +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.mjs +1 -1
  36. package/dist/crypto/PkceGenerator.mjs +1 -1
  37. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  38. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  39. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  40. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +9 -23
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  46. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  47. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  48. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  49. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  50. package/dist/custom-auth-path/cache/CacheKeys.mjs +2 -3
  51. package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
  52. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  53. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  55. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  59. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  60. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  61. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  62. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  63. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  64. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  65. package/dist/custom-auth-path/controllers/StandardController.mjs +2 -2
  66. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  67. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  68. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  69. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +0 -3
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -4
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs.map +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +0 -2
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -3
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs.map +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +0 -7
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +3 -10
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs.map +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +0 -2
  96. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -3
  98. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs.map +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +0 -2
  100. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -3
  102. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs.map +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +0 -6
  106. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -7
  108. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs.map +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +0 -2
  171. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -3
  173. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs.map +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +0 -2
  175. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -3
  177. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs.map +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +0 -2
  179. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -3
  181. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs.map +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  184. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  185. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  186. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  187. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  188. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  189. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  190. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  191. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  192. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  193. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  194. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  195. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  196. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  197. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  198. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  199. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  200. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  201. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  202. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  203. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  204. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  205. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  206. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  207. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  208. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  209. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  210. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  211. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  212. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  213. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  214. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  216. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  217. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts +1 -1
  218. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  219. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +20 -4
  220. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  221. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  222. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +4 -2
  223. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  224. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  225. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  226. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  227. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +19 -3
  228. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  229. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  230. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts +3 -1
  231. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  232. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +8 -7
  233. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  234. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  235. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  236. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  237. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  238. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  239. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  240. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  241. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  242. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  243. package/dist/custom-auth-path/protocol/Authorize.mjs +3 -1
  244. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  245. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  246. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  247. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  248. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  249. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  250. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  251. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  252. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  253. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +0 -3
  254. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
  255. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +0 -2
  256. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
  257. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +0 -7
  258. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
  259. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +0 -2
  260. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
  261. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +0 -2
  262. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
  263. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +0 -6
  264. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
  265. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +0 -2
  266. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  267. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +0 -2
  268. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  269. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +0 -2
  270. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  271. package/dist/encode/Base64Decode.mjs +1 -1
  272. package/dist/encode/Base64Encode.mjs +1 -1
  273. package/dist/error/BrowserAuthError.mjs +1 -1
  274. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  275. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  276. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  277. package/dist/error/NativeAuthError.mjs +1 -1
  278. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  279. package/dist/error/NestedAppAuthError.mjs +1 -1
  280. package/dist/event/EventHandler.mjs +1 -1
  281. package/dist/event/EventMessage.mjs +1 -1
  282. package/dist/event/EventType.mjs +1 -1
  283. package/dist/index.mjs +1 -1
  284. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  285. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  286. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  287. package/dist/interaction_client/PopupClient.d.ts +1 -1
  288. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  289. package/dist/interaction_client/PopupClient.mjs +20 -4
  290. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  291. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  292. package/dist/interaction_client/RedirectClient.mjs +4 -2
  293. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  294. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  295. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  296. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  297. package/dist/interaction_client/SilentIframeClient.mjs +19 -3
  298. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  299. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  300. package/dist/interaction_client/StandardInteractionClient.d.ts +3 -1
  301. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  302. package/dist/interaction_client/StandardInteractionClient.mjs +8 -7
  303. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  304. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  305. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  306. package/dist/naa/BridgeError.mjs +1 -1
  307. package/dist/naa/BridgeProxy.mjs +1 -1
  308. package/dist/naa/BridgeStatusCode.mjs +1 -1
  309. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  310. package/dist/navigation/NavigationClient.mjs +1 -1
  311. package/dist/network/FetchClient.mjs +1 -1
  312. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  313. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  314. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  315. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  316. package/dist/packageMetadata.d.ts +1 -1
  317. package/dist/packageMetadata.mjs +2 -2
  318. package/dist/protocol/Authorize.d.ts.map +1 -1
  319. package/dist/protocol/Authorize.mjs +3 -1
  320. package/dist/protocol/Authorize.mjs.map +1 -1
  321. package/dist/request/RequestHelpers.mjs +1 -1
  322. package/dist/response/ResponseHandler.mjs +1 -1
  323. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  324. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  325. package/dist/utils/BrowserConstants.mjs +1 -1
  326. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  327. package/dist/utils/BrowserUtils.mjs +1 -1
  328. package/dist/utils/Helpers.mjs +1 -1
  329. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  330. package/lib/custom-auth-path/msal-custom-auth.cjs +129 -128
  331. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  332. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  333. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  334. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  335. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  336. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  337. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  338. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +0 -3
  339. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
  340. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +0 -2
  341. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
  342. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +0 -7
  343. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
  344. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +0 -2
  345. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
  346. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +0 -2
  347. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
  348. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +0 -6
  349. package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
  350. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +0 -2
  351. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  352. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +0 -2
  353. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  354. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +0 -2
  355. package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts +1 -1
  357. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  358. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  360. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts +3 -1
  361. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  363. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  364. package/lib/msal-browser.cjs +141 -102
  365. package/lib/msal-browser.cjs.map +1 -1
  366. package/lib/msal-browser.js +141 -102
  367. package/lib/msal-browser.js.map +1 -1
  368. package/lib/msal-browser.min.js +66 -66
  369. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  370. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  371. package/lib/types/config/Configuration.d.ts +4 -0
  372. package/lib/types/config/Configuration.d.ts.map +1 -1
  373. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  374. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  375. package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +0 -3
  376. package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
  377. package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +0 -2
  378. package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
  379. package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +0 -7
  380. package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
  381. package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +0 -2
  382. package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
  383. package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +0 -2
  384. package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
  385. package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +0 -6
  386. package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
  387. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts +0 -2
  388. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
  389. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts +0 -2
  390. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
  391. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts +0 -2
  392. package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
  393. package/lib/types/interaction_client/PopupClient.d.ts +1 -1
  394. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  395. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  396. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  397. package/lib/types/interaction_client/StandardInteractionClient.d.ts +3 -1
  398. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  399. package/lib/types/packageMetadata.d.ts +1 -1
  400. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  401. package/package.json +2 -2
  402. package/src/broker/nativeBroker/PlatformAuthProvider.ts +21 -23
  403. package/src/config/Configuration.ts +5 -0
  404. package/src/controllers/StandardController.ts +2 -1
  405. package/src/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.ts +0 -3
  406. package/src/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.ts +0 -2
  407. package/src/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.ts +4 -11
  408. package/src/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.ts +0 -2
  409. package/src/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.ts +0 -2
  410. package/src/custom_auth/core/auth_flow/mfa/state/MfaState.ts +0 -6
  411. package/src/custom_auth/sign_in/auth_flow/result/SignInResult.ts +0 -2
  412. package/src/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.ts +0 -2
  413. package/src/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.ts +0 -2
  414. package/src/interaction_client/PopupClient.ts +73 -21
  415. package/src/interaction_client/RedirectClient.ts +14 -1
  416. package/src/interaction_client/SilentIframeClient.ts +68 -19
  417. package/src/interaction_client/StandardInteractionClient.ts +17 -12
  418. package/src/packageMetadata.ts +1 -1
  419. package/src/protocol/Authorize.ts +7 -0
@@ -9,6 +9,8 @@ import {
9
9
  Logger,
10
10
  AuthenticationScheme,
11
11
  StubPerformanceClient,
12
+ createClientConfigurationError,
13
+ ClientConfigurationErrorCodes,
12
14
  } from "@azure/msal-common/browser";
13
15
  import { name, version } from "../../packageMetadata.js";
14
16
  import {
@@ -19,8 +21,6 @@ import { PlatformAuthExtensionHandler } from "./PlatformAuthExtensionHandler.js"
19
21
  import { IPlatformAuthHandler } from "./IPlatformAuthHandler.js";
20
22
  import { PlatformAuthDOMHandler } from "./PlatformAuthDOMHandler.js";
21
23
  import { createNewGuid } from "../../crypto/BrowserCrypto.js";
22
- import { BrowserCacheLocation } from "../../utils/BrowserConstants.js";
23
- import { PLATFORM_AUTH_DOM_SUPPORT } from "../../cache/CacheKeys.js";
24
24
 
25
25
  /**
26
26
  * Checks if the platform broker is available in the current environment.
@@ -31,7 +31,8 @@ import { PLATFORM_AUTH_DOM_SUPPORT } from "../../cache/CacheKeys.js";
31
31
  export async function isPlatformBrokerAvailable(
32
32
  loggerOptions?: LoggerOptions,
33
33
  perfClient?: IPerformanceClient,
34
- correlationId?: string
34
+ correlationId?: string,
35
+ domConfig?: boolean
35
36
  ): Promise<boolean> {
36
37
  const logger = new Logger(loggerOptions || {}, name, version);
37
38
 
@@ -47,7 +48,9 @@ export async function isPlatformBrokerAvailable(
47
48
  return !!(await getPlatformAuthProvider(
48
49
  logger,
49
50
  performanceClient,
50
- correlationId || createNewGuid()
51
+ correlationId || createNewGuid(),
52
+ undefined,
53
+ domConfig
51
54
  ));
52
55
  }
53
56
 
@@ -55,16 +58,16 @@ export async function getPlatformAuthProvider(
55
58
  logger: Logger,
56
59
  performanceClient: IPerformanceClient,
57
60
  correlationId: string,
58
- nativeBrokerHandshakeTimeout?: number
61
+ nativeBrokerHandshakeTimeout?: number,
62
+ enablePlatformBrokerDOMSupport?: boolean
59
63
  ): Promise<IPlatformAuthHandler | undefined> {
60
64
  logger.trace("getPlatformAuthProvider called", correlationId);
61
65
 
62
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
63
-
64
66
  logger.trace(
65
67
  "Has client allowed platform auth via DOM API: " +
66
68
  enablePlatformBrokerDOMSupport
67
69
  );
70
+
68
71
  let platformAuthProvider: IPlatformAuthHandler | undefined;
69
72
  try {
70
73
  if (enablePlatformBrokerDOMSupport) {
@@ -97,22 +100,6 @@ export async function getPlatformAuthProvider(
97
100
  return platformAuthProvider;
98
101
  }
99
102
 
100
- /**
101
- * Returns true if the DOM API support for platform auth is enabled in session storage
102
- * @returns boolean
103
- * @deprecated
104
- */
105
- export function isDomEnabledForPlatformAuth(): boolean {
106
- let sessionStorage: Storage | undefined;
107
- try {
108
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
109
- // Mute errors if it's a non-browser environment or cookies are blocked.
110
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
111
- } catch (e) {
112
- return false;
113
- }
114
- }
115
-
116
103
  /**
117
104
  * Returns boolean indicating whether or not the request should attempt to use native broker
118
105
  * @param logger
@@ -127,6 +114,17 @@ export function isPlatformAuthAllowed(
127
114
  authenticationScheme?: AuthenticationScheme
128
115
  ): boolean {
129
116
  logger.trace("isPlatformAuthAllowed called");
117
+
118
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
119
+ if (
120
+ !config.system.allowPlatformBroker &&
121
+ config.system.allowPlatformBrokerWithDOM
122
+ ) {
123
+ throw createClientConfigurationError(
124
+ ClientConfigurationErrorCodes.invalidPlatformBrokerConfiguration
125
+ );
126
+ }
127
+
130
128
  if (!config.system.allowPlatformBroker) {
131
129
  logger.trace(
132
130
  "isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false"
@@ -209,6 +209,10 @@ export type BrowserSystemOptions = SystemOptions & {
209
209
  * Flag to enable native broker support (e.g. acquiring tokens from WAM on Windows, MacBroker on Mac)
210
210
  */
211
211
  allowPlatformBroker?: boolean;
212
+ /**
213
+ * Flag to enable native broker support through DOM APIs in Edge
214
+ */
215
+ allowPlatformBrokerWithDOM?: boolean;
212
216
  /**
213
217
  * Sets the timeout for waiting for the native broker handshake to resolve
214
218
  */
@@ -357,6 +361,7 @@ export function buildConfiguration(
357
361
  asyncPopups: false,
358
362
  allowRedirectInIframe: false,
359
363
  allowPlatformBroker: false,
364
+ allowPlatformBrokerWithDOM: false,
360
365
  nativeBrokerHandshakeTimeout:
361
366
  userInputSystem?.nativeBrokerHandshakeTimeout ||
362
367
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
@@ -356,7 +356,8 @@ export class StandardController implements IController {
356
356
  this.logger,
357
357
  this.performanceClient,
358
358
  initCorrelationId,
359
- this.config.system.nativeBrokerHandshakeTimeout
359
+ this.config.system.nativeBrokerHandshakeTimeout,
360
+ this.config.system.allowPlatformBrokerWithDOM
360
361
  );
361
362
  } catch (e) {
362
363
  this.logger.verbose(e as string);
@@ -44,7 +44,6 @@ export class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultB
44
44
  /**
45
45
  * Checks if the result indicates that verification is required.
46
46
  * @returns true if verification is required, false otherwise.
47
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
48
47
  */
49
48
  isVerificationRequired(): this is AuthMethodRegistrationChallengeMethodResult & {
50
49
  state: AuthMethodVerificationRequiredState;
@@ -58,7 +57,6 @@ export class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultB
58
57
  /**
59
58
  * Checks if the result indicates that registration is completed (fast-pass scenario).
60
59
  * @returns true if registration is completed, false otherwise.
61
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
62
60
  */
63
61
  isCompleted(): this is AuthMethodRegistrationChallengeMethodResult & {
64
62
  state: AuthMethodRegistrationCompletedState;
@@ -72,7 +70,6 @@ export class AuthMethodRegistrationChallengeMethodResult extends AuthFlowResultB
72
70
  /**
73
71
  * Checks if the result is in a failed state.
74
72
  * @returns true if the result is failed, false otherwise.
75
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
76
73
  */
77
74
  isFailed(): this is AuthMethodRegistrationChallengeMethodResult & {
78
75
  state: AuthMethodRegistrationFailedState;
@@ -41,7 +41,6 @@ export class AuthMethodRegistrationSubmitChallengeResult extends AuthFlowResultB
41
41
  /**
42
42
  * Checks if the result indicates that registration is completed.
43
43
  * @returns true if registration is completed, false otherwise.
44
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
45
44
  */
46
45
  isCompleted(): this is AuthMethodRegistrationSubmitChallengeResult & {
47
46
  state: AuthMethodRegistrationCompletedState;
@@ -55,7 +54,6 @@ export class AuthMethodRegistrationSubmitChallengeResult extends AuthFlowResultB
55
54
  /**
56
55
  * Checks if the result is in a failed state.
57
56
  * @returns true if the result is failed, false otherwise.
58
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
59
57
  */
60
58
  isFailed(): this is AuthMethodRegistrationSubmitChallengeResult & {
61
59
  state: AuthMethodRegistrationFailedState;
@@ -123,8 +123,8 @@ abstract class AuthMethodRegistrationState<
123
123
  );
124
124
  }
125
125
  } catch (error) {
126
- this.stateParameters.logger.error(
127
- "Failed to challenge authentication method for auth method registration.",
126
+ this.stateParameters.logger.errorPii(
127
+ `Failed to challenge authentication method for auth method registration. Error: ${error}.`,
128
128
  this.stateParameters.correlationId
129
129
  );
130
130
  return AuthMethodRegistrationChallengeMethodResult.createWithError(
@@ -146,7 +146,6 @@ export class AuthMethodRegistrationRequiredState extends AuthMethodRegistrationS
146
146
  /**
147
147
  * Gets the available authentication methods for registration.
148
148
  * @returns Array of available authentication methods.
149
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
150
149
  */
151
150
  getAuthMethods(): AuthenticationMethod[] {
152
151
  return this.stateParameters.authMethods;
@@ -156,7 +155,6 @@ export class AuthMethodRegistrationRequiredState extends AuthMethodRegistrationS
156
155
  * Challenges an authentication method for registration.
157
156
  * @param authMethodDetails The authentication method details to challenge.
158
157
  * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
159
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
160
158
  */
161
159
  async challengeAuthMethod(
162
160
  authMethodDetails: AuthMethodDetails
@@ -177,7 +175,6 @@ export class AuthMethodVerificationRequiredState extends AuthMethodRegistrationS
177
175
  /**
178
176
  * Gets the length of the expected verification code.
179
177
  * @returns The code length.
180
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
181
178
  */
182
179
  getCodeLength(): number {
183
180
  return this.stateParameters.codeLength;
@@ -186,7 +183,6 @@ export class AuthMethodVerificationRequiredState extends AuthMethodRegistrationS
186
183
  /**
187
184
  * Gets the channel through which the challenge was sent.
188
185
  * @returns The challenge channel (e.g., "email").
189
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
190
186
  */
191
187
  getChannel(): string {
192
188
  return this.stateParameters.challengeChannel;
@@ -195,7 +191,6 @@ export class AuthMethodVerificationRequiredState extends AuthMethodRegistrationS
195
191
  /**
196
192
  * Gets the target label indicating where the challenge was sent.
197
193
  * @returns The challenge target label (e.g., masked email address).
198
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
199
194
  */
200
195
  getSentTo(): string {
201
196
  return this.stateParameters.challengeTargetLabel;
@@ -205,7 +200,6 @@ export class AuthMethodVerificationRequiredState extends AuthMethodRegistrationS
205
200
  * Submits the verification challenge to complete the authentication method registration.
206
201
  * @param code The verification code entered by the user.
207
202
  * @returns Promise that resolves to AuthMethodRegistrationSubmitChallengeResult.
208
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
209
203
  */
210
204
  async submitChallenge(
211
205
  code: string
@@ -250,8 +244,8 @@ export class AuthMethodVerificationRequiredState extends AuthMethodRegistrationS
250
244
  accountInfo
251
245
  );
252
246
  } catch (error) {
253
- this.stateParameters.logger.error(
254
- "Failed to submit auth method challenge.",
247
+ this.stateParameters.logger.errorPii(
248
+ `Failed to submit auth method challenge. Error: ${error}.`,
255
249
  this.stateParameters.correlationId
256
250
  );
257
251
  return AuthMethodRegistrationSubmitChallengeResult.createWithError(
@@ -264,7 +258,6 @@ export class AuthMethodVerificationRequiredState extends AuthMethodRegistrationS
264
258
  * Challenges a different authentication method for registration.
265
259
  * @param authMethodDetails The authentication method details to challenge.
266
260
  * @returns Promise that resolves to AuthMethodRegistrationChallengeMethodResult.
267
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
268
261
  */
269
262
  async challengeAuthMethod(
270
263
  authMethodDetails: AuthMethodDetails
@@ -36,7 +36,6 @@ export class MfaRequestChallengeResult extends AuthFlowResultBase<
36
36
  /**
37
37
  * Checks if the result indicates that verification is required.
38
38
  * @returns true if verification is required, false otherwise.
39
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
40
39
  */
41
40
  isVerificationRequired(): this is MfaRequestChallengeResult & {
42
41
  state: MfaVerificationRequiredState;
@@ -47,7 +46,6 @@ export class MfaRequestChallengeResult extends AuthFlowResultBase<
47
46
  /**
48
47
  * Checks if the result is in a failed state.
49
48
  * @returns true if the result is failed, false otherwise.
50
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
51
49
  */
52
50
  isFailed(): this is MfaRequestChallengeResult & {
53
51
  state: MfaFailedState;
@@ -37,7 +37,6 @@ export class MfaSubmitChallengeResult extends AuthFlowResultBase<
37
37
  /**
38
38
  * Checks if the MFA flow is completed successfully.
39
39
  * @returns true if completed, false otherwise.
40
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
41
40
  */
42
41
  isCompleted(): this is MfaSubmitChallengeResult & {
43
42
  state: MfaCompletedState;
@@ -48,7 +47,6 @@ export class MfaSubmitChallengeResult extends AuthFlowResultBase<
48
47
  /**
49
48
  * Checks if the result is in a failed state.
50
49
  * @returns true if the result is failed, false otherwise.
51
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
52
50
  */
53
51
  isFailed(): this is MfaSubmitChallengeResult & {
54
52
  state: MfaFailedState;
@@ -31,7 +31,6 @@ abstract class MfaState<
31
31
  * Requests an MFA challenge for a specific authentication method.
32
32
  * @param authMethodId The authentication method ID to use for the challenge.
33
33
  * @returns Promise that resolves to MfaRequestChallengeResult.
34
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
35
34
  */
36
35
  async requestChallenge(
37
36
  authMethodId: string
@@ -101,7 +100,6 @@ export class MfaAwaitingState extends MfaState<MfaAwaitingStateParameters> {
101
100
  /**
102
101
  * Gets the available authentication methods for MFA.
103
102
  * @returns Array of available authentication methods.
104
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
105
103
  */
106
104
  getAuthMethods(): AuthenticationMethod[] {
107
105
  return this.stateParameters.authMethods;
@@ -121,7 +119,6 @@ export class MfaVerificationRequiredState extends MfaState<MfaVerificationRequir
121
119
  /**
122
120
  * Gets the length of the code that the user needs to provide.
123
121
  * @returns The expected code length.
124
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
125
122
  */
126
123
  getCodeLength(): number {
127
124
  return this.stateParameters.codeLength;
@@ -130,7 +127,6 @@ export class MfaVerificationRequiredState extends MfaState<MfaVerificationRequir
130
127
  /**
131
128
  * Gets the channel through which the challenge was sent.
132
129
  * @returns The challenge channel (e.g., "email").
133
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
134
130
  */
135
131
  getChannel(): string {
136
132
  return this.stateParameters.challengeChannel;
@@ -139,7 +135,6 @@ export class MfaVerificationRequiredState extends MfaState<MfaVerificationRequir
139
135
  /**
140
136
  * Gets the target label indicating where the challenge was sent.
141
137
  * @returns The challenge target label (e.g., masked email address).
142
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
143
138
  */
144
139
  getSentTo(): string {
145
140
  return this.stateParameters.challengeTargetLabel;
@@ -149,7 +144,6 @@ export class MfaVerificationRequiredState extends MfaState<MfaVerificationRequir
149
144
  * Submits the MFA challenge (e.g., OTP code) to complete the authentication.
150
145
  * @param challenge The challenge code (e.g., OTP code) entered by the user.
151
146
  * @returns Promise that resolves to MfaSubmitChallengeResult.
152
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
153
147
  */
154
148
  async submitChallenge(
155
149
  challenge: string
@@ -83,7 +83,6 @@ export class SignInResult extends AuthFlowResultBase<
83
83
 
84
84
  /**
85
85
  * Checks if the result requires authentication method registration.
86
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
87
86
  */
88
87
  isAuthMethodRegistrationRequired(): this is SignInResult & {
89
88
  state: AuthMethodRegistrationRequiredState;
@@ -96,7 +95,6 @@ export class SignInResult extends AuthFlowResultBase<
96
95
 
97
96
  /**
98
97
  * Checks if the result requires MFA.
99
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
100
98
  */
101
99
  isMfaRequired(): this is SignInResult & { state: MfaAwaitingState } {
102
100
  return this.state.stateType === MFA_AWAITING_STATE_TYPE;
@@ -57,7 +57,6 @@ export class SignInSubmitCodeResult extends AuthFlowResultBase<
57
57
 
58
58
  /**
59
59
  * Checks if the result requires authentication method registration.
60
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
61
60
  */
62
61
  isAuthMethodRegistrationRequired(): this is SignInSubmitCodeResult & {
63
62
  state: AuthMethodRegistrationRequiredState;
@@ -70,7 +69,6 @@ export class SignInSubmitCodeResult extends AuthFlowResultBase<
70
69
 
71
70
  /**
72
71
  * Checks if the result requires MFA.
73
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
74
72
  */
75
73
  isMfaRequired(): this is SignInSubmitCodeResult & {
76
74
  state: MfaAwaitingState;
@@ -54,7 +54,6 @@ export class SignInSubmitPasswordResult extends AuthFlowResultBase<
54
54
 
55
55
  /**
56
56
  * Checks if the result requires authentication method registration.
57
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
58
57
  */
59
58
  isAuthMethodRegistrationRequired(): this is SignInSubmitPasswordResult & {
60
59
  state: AuthMethodRegistrationRequiredState;
@@ -67,7 +66,6 @@ export class SignInSubmitPasswordResult extends AuthFlowResultBase<
67
66
 
68
67
  /**
69
68
  * Checks if the result requires MFA.
70
- * @warning This API is experimental. It may be changed in the future without notice. Do not use in production applications.
71
69
  */
72
70
  isMfaRequired(): this is SignInSubmitPasswordResult & {
73
71
  state: MfaAwaitingState;
@@ -243,7 +243,7 @@ export class PopupClient extends StandardInteractionClient {
243
243
  validRequest.platformBroker = isPlatformBroker;
244
244
 
245
245
  if (this.config.auth.protocolMode === ProtocolMode.EAR) {
246
- return this.executeEarFlow(validRequest, popupParams);
246
+ return this.executeEarFlow(validRequest, popupParams, pkceCodes);
247
247
  } else {
248
248
  return this.executeCodeFlow(validRequest, popupParams, pkceCodes);
249
249
  }
@@ -389,7 +389,8 @@ export class PopupClient extends StandardInteractionClient {
389
389
  */
390
390
  async executeEarFlow(
391
391
  request: CommonAuthorizationUrlRequest,
392
- popupParams: PopupParams
392
+ popupParams: PopupParams,
393
+ pkceCodes?: PkceCodes
393
394
  ): Promise<AuthenticationResult> {
394
395
  const correlationId = request.correlationId;
395
396
  // Get the frame handle for the silent request
@@ -413,9 +414,20 @@ export class PopupClient extends StandardInteractionClient {
413
414
  this.performanceClient,
414
415
  correlationId
415
416
  )();
417
+ const pkce =
418
+ pkceCodes ||
419
+ (await invokeAsync(
420
+ generatePkceCodes,
421
+ PerformanceEvents.GeneratePkceCodes,
422
+ this.logger,
423
+ this.performanceClient,
424
+ correlationId
425
+ )(this.performanceClient, this.logger, correlationId));
426
+
416
427
  const popupRequest = {
417
428
  ...request,
418
429
  earJwk: earJwk,
430
+ codeChallenge: pkce.challenge,
419
431
  };
420
432
  const popupWindow =
421
433
  popupParams.popup || this.openPopup("about:blank", popupParams);
@@ -451,25 +463,65 @@ export class PopupClient extends StandardInteractionClient {
451
463
  this.logger
452
464
  );
453
465
 
454
- return invokeAsync(
455
- Authorize.handleResponseEAR,
456
- PerformanceEvents.HandleResponseEar,
457
- this.logger,
458
- this.performanceClient,
459
- correlationId
460
- )(
461
- popupRequest,
462
- serverParams,
463
- ApiId.acquireTokenPopup,
464
- this.config,
465
- discoveredAuthority,
466
- this.browserStorage,
467
- this.nativeStorage,
468
- this.eventHandler,
469
- this.logger,
470
- this.performanceClient,
471
- this.platformAuthProvider
472
- );
466
+ if (!serverParams.ear_jwe && serverParams.code) {
467
+ const authClient = await invokeAsync(
468
+ this.createAuthCodeClient.bind(this),
469
+ PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,
470
+ this.logger,
471
+ this.performanceClient,
472
+ correlationId
473
+ )({
474
+ serverTelemetryManager: this.initializeServerTelemetryManager(
475
+ ApiId.acquireTokenPopup
476
+ ),
477
+ requestAuthority: request.authority,
478
+ requestAzureCloudOptions: request.azureCloudOptions,
479
+ requestExtraQueryParameters: request.extraQueryParameters,
480
+ account: request.account,
481
+ authority: discoveredAuthority,
482
+ });
483
+
484
+ return invokeAsync(
485
+ Authorize.handleResponseCode,
486
+ PerformanceEvents.HandleResponseCode,
487
+ this.logger,
488
+ this.performanceClient,
489
+ correlationId
490
+ )(
491
+ popupRequest,
492
+ serverParams,
493
+ pkce.verifier,
494
+ ApiId.acquireTokenPopup,
495
+ this.config,
496
+ authClient,
497
+ this.browserStorage,
498
+ this.nativeStorage,
499
+ this.eventHandler,
500
+ this.logger,
501
+ this.performanceClient,
502
+ this.platformAuthProvider
503
+ );
504
+ } else {
505
+ return invokeAsync(
506
+ Authorize.handleResponseEAR,
507
+ PerformanceEvents.HandleResponseEar,
508
+ this.logger,
509
+ this.performanceClient,
510
+ correlationId
511
+ )(
512
+ popupRequest,
513
+ serverParams,
514
+ ApiId.acquireTokenPopup,
515
+ this.config,
516
+ discoveredAuthority,
517
+ this.browserStorage,
518
+ this.nativeStorage,
519
+ this.eventHandler,
520
+ this.logger,
521
+ this.performanceClient,
522
+ this.platformAuthProvider
523
+ );
524
+ }
473
525
  }
474
526
 
475
527
  async executeCodeFlowWithPost(
@@ -272,11 +272,24 @@ export class RedirectClient extends StandardInteractionClient {
272
272
  this.performanceClient,
273
273
  correlationId
274
274
  )();
275
+ const pkceCodes = await invokeAsync(
276
+ generatePkceCodes,
277
+ PerformanceEvents.GeneratePkceCodes,
278
+ this.logger,
279
+ this.performanceClient,
280
+ correlationId
281
+ )(this.performanceClient, this.logger, correlationId);
282
+
275
283
  const redirectRequest = {
276
284
  ...request,
277
285
  earJwk: earJwk,
286
+ codeChallenge: pkceCodes.challenge,
278
287
  };
279
- this.browserStorage.cacheAuthorizeRequest(redirectRequest);
288
+
289
+ this.browserStorage.cacheAuthorizeRequest(
290
+ redirectRequest,
291
+ pkceCodes.verifier
292
+ );
280
293
 
281
294
  const form = await Authorize.getEARForm(
282
295
  document,
@@ -235,9 +235,17 @@ export class SilentIframeClient extends StandardInteractionClient {
235
235
  this.performanceClient,
236
236
  correlationId
237
237
  )();
238
+ const pkceCodes = await invokeAsync(
239
+ generatePkceCodes,
240
+ PerformanceEvents.GeneratePkceCodes,
241
+ this.logger,
242
+ this.performanceClient,
243
+ correlationId
244
+ )(this.performanceClient, this.logger, correlationId);
238
245
  const silentRequest = {
239
246
  ...request,
240
247
  earJwk: earJwk,
248
+ codeChallenge: pkceCodes.challenge,
241
249
  };
242
250
  const msalFrame = await invokeAsync(
243
251
  initiateEarRequest,
@@ -279,25 +287,66 @@ export class SilentIframeClient extends StandardInteractionClient {
279
287
  correlationId
280
288
  )(responseString, responseType, this.logger);
281
289
 
282
- return invokeAsync(
283
- Authorize.handleResponseEAR,
284
- PerformanceEvents.HandleResponseEar,
285
- this.logger,
286
- this.performanceClient,
287
- correlationId
288
- )(
289
- silentRequest,
290
- serverParams,
291
- this.apiId,
292
- this.config,
293
- discoveredAuthority,
294
- this.browserStorage,
295
- this.nativeStorage,
296
- this.eventHandler,
297
- this.logger,
298
- this.performanceClient,
299
- this.platformAuthProvider
300
- );
290
+ if (!serverParams.ear_jwe && serverParams.code) {
291
+ // If server doesn't support EAR, they may fallback to auth code flow instead
292
+ const authClient = await invokeAsync(
293
+ this.createAuthCodeClient.bind(this),
294
+ PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,
295
+ this.logger,
296
+ this.performanceClient,
297
+ correlationId
298
+ )({
299
+ serverTelemetryManager: this.initializeServerTelemetryManager(
300
+ this.apiId
301
+ ),
302
+ requestAuthority: request.authority,
303
+ requestAzureCloudOptions: request.azureCloudOptions,
304
+ requestExtraQueryParameters: request.extraQueryParameters,
305
+ account: request.account,
306
+ authority: discoveredAuthority,
307
+ });
308
+
309
+ return invokeAsync(
310
+ Authorize.handleResponseCode,
311
+ PerformanceEvents.HandleResponseCode,
312
+ this.logger,
313
+ this.performanceClient,
314
+ correlationId
315
+ )(
316
+ silentRequest,
317
+ serverParams,
318
+ pkceCodes.verifier,
319
+ this.apiId,
320
+ this.config,
321
+ authClient,
322
+ this.browserStorage,
323
+ this.nativeStorage,
324
+ this.eventHandler,
325
+ this.logger,
326
+ this.performanceClient,
327
+ this.platformAuthProvider
328
+ );
329
+ } else {
330
+ return invokeAsync(
331
+ Authorize.handleResponseEAR,
332
+ PerformanceEvents.HandleResponseEar,
333
+ this.logger,
334
+ this.performanceClient,
335
+ correlationId
336
+ )(
337
+ silentRequest,
338
+ serverParams,
339
+ this.apiId,
340
+ this.config,
341
+ discoveredAuthority,
342
+ this.browserStorage,
343
+ this.nativeStorage,
344
+ this.eventHandler,
345
+ this.logger,
346
+ this.performanceClient,
347
+ this.platformAuthProvider
348
+ );
349
+ }
301
350
  }
302
351
 
303
352
  /**