@azure/msal-browser 4.26.2 → 4.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (400) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +11 -25
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  11. package/dist/cache/AccountManager.mjs +1 -1
  12. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  13. package/dist/cache/BrowserCacheManager.d.ts +3 -3
  14. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  15. package/dist/cache/BrowserCacheManager.mjs +10 -6
  16. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  17. package/dist/cache/CacheHelpers.mjs +1 -1
  18. package/dist/cache/CacheKeys.mjs +2 -3
  19. package/dist/cache/CacheKeys.mjs.map +1 -1
  20. package/dist/cache/CookieStorage.mjs +1 -1
  21. package/dist/cache/DatabaseStorage.mjs +1 -1
  22. package/dist/cache/EncryptedData.mjs +1 -1
  23. package/dist/cache/LocalStorage.mjs +1 -1
  24. package/dist/cache/MemoryStorage.mjs +1 -1
  25. package/dist/cache/SessionStorage.mjs +1 -1
  26. package/dist/cache/TokenCache.d.ts +3 -2
  27. package/dist/cache/TokenCache.d.ts.map +1 -1
  28. package/dist/cache/TokenCache.mjs +39 -29
  29. package/dist/cache/TokenCache.mjs.map +1 -1
  30. package/dist/config/Configuration.d.ts +4 -0
  31. package/dist/config/Configuration.d.ts.map +1 -1
  32. package/dist/config/Configuration.mjs +2 -1
  33. package/dist/config/Configuration.mjs.map +1 -1
  34. package/dist/controllers/ControllerFactory.mjs +1 -1
  35. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  36. package/dist/controllers/NestedAppAuthController.mjs +3 -3
  37. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  38. package/dist/controllers/StandardController.d.ts.map +1 -1
  39. package/dist/controllers/StandardController.mjs +4 -4
  40. package/dist/controllers/StandardController.mjs.map +1 -1
  41. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  42. package/dist/crypto/BrowserCrypto.mjs +1 -1
  43. package/dist/crypto/CryptoOps.mjs +1 -1
  44. package/dist/crypto/PkceGenerator.mjs +1 -1
  45. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  46. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  49. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  50. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  51. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  52. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +9 -23
  53. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  55. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts +3 -3
  57. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  58. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +10 -6
  59. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  60. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  61. package/dist/custom-auth-path/cache/CacheKeys.mjs +2 -3
  62. package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
  63. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  64. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  65. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  66. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  67. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  68. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  69. package/dist/custom-auth-path/cache/TokenCache.d.ts +3 -2
  70. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  71. package/dist/custom-auth-path/cache/TokenCache.mjs +39 -29
  72. package/dist/custom-auth-path/cache/TokenCache.mjs.map +1 -1
  73. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  74. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  75. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  76. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  77. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  78. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  79. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  80. package/dist/custom-auth-path/controllers/StandardController.mjs +4 -4
  81. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  82. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  83. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  84. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  86. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +3 -3
  125. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs.map +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +2 -2
  129. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs.map +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +2 -2
  133. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -1
  134. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  158. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +2 -2
  159. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
  160. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  184. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  185. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  186. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +6 -6
  187. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
  188. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  189. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  190. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  191. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  192. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  193. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  194. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  195. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  196. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  197. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  198. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  199. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  200. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  201. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  202. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  203. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  204. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  205. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  206. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  207. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  208. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  209. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  210. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  211. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  212. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  213. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  214. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  216. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +3 -3
  217. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  218. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  219. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  220. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  221. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +2 -2
  222. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  223. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  224. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  225. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  226. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +2 -2
  227. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs.map +1 -1
  228. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  229. package/dist/custom-auth-path/interaction_handler/InteractionHandler.d.ts +3 -2
  230. package/dist/custom-auth-path/interaction_handler/InteractionHandler.d.ts.map +1 -1
  231. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +5 -5
  232. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs.map +1 -1
  233. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  234. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  235. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  236. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  237. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  238. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  239. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  240. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  241. package/dist/custom-auth-path/protocol/Authorize.mjs +3 -3
  242. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  243. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  244. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  245. package/dist/custom-auth-path/utils/BrowserConstants.d.ts +20 -1
  246. package/dist/custom-auth-path/utils/BrowserConstants.d.ts.map +1 -1
  247. package/dist/custom-auth-path/utils/BrowserConstants.mjs +27 -3
  248. package/dist/custom-auth-path/utils/BrowserConstants.mjs.map +1 -1
  249. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  250. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  251. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  252. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  253. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  254. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  255. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  256. package/dist/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  257. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  258. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  259. package/dist/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  260. package/dist/encode/Base64Decode.mjs +1 -1
  261. package/dist/encode/Base64Encode.mjs +1 -1
  262. package/dist/error/BrowserAuthError.mjs +1 -1
  263. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  264. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  265. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  266. package/dist/error/NativeAuthError.mjs +1 -1
  267. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  268. package/dist/error/NestedAppAuthError.mjs +1 -1
  269. package/dist/event/EventHandler.mjs +1 -1
  270. package/dist/event/EventMessage.mjs +1 -1
  271. package/dist/event/EventType.mjs +1 -1
  272. package/dist/index.mjs +1 -1
  273. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  274. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  275. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  276. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +3 -3
  277. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  278. package/dist/interaction_client/PopupClient.mjs +1 -1
  279. package/dist/interaction_client/RedirectClient.mjs +1 -1
  280. package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  281. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  282. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  283. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  284. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  285. package/dist/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  286. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  287. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  288. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  289. package/dist/interaction_handler/InteractionHandler.d.ts +3 -2
  290. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  291. package/dist/interaction_handler/InteractionHandler.mjs +5 -5
  292. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  293. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  294. package/dist/naa/BridgeError.mjs +1 -1
  295. package/dist/naa/BridgeProxy.mjs +1 -1
  296. package/dist/naa/BridgeStatusCode.mjs +1 -1
  297. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  298. package/dist/navigation/NavigationClient.mjs +1 -1
  299. package/dist/network/FetchClient.mjs +1 -1
  300. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  301. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  302. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  303. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  304. package/dist/packageMetadata.d.ts +1 -1
  305. package/dist/packageMetadata.mjs +2 -2
  306. package/dist/protocol/Authorize.d.ts.map +1 -1
  307. package/dist/protocol/Authorize.mjs +3 -3
  308. package/dist/protocol/Authorize.mjs.map +1 -1
  309. package/dist/request/RequestHelpers.mjs +1 -1
  310. package/dist/response/ResponseHandler.mjs +1 -1
  311. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  312. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  313. package/dist/utils/BrowserConstants.d.ts +20 -1
  314. package/dist/utils/BrowserConstants.d.ts.map +1 -1
  315. package/dist/utils/BrowserConstants.mjs +27 -3
  316. package/dist/utils/BrowserConstants.mjs.map +1 -1
  317. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  318. package/dist/utils/BrowserUtils.mjs +1 -1
  319. package/dist/utils/Helpers.mjs +1 -1
  320. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  321. package/lib/custom-auth-path/msal-custom-auth.cjs +201 -161
  322. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  323. package/lib/custom-auth-path/msal-custom-auth.js +22608 -0
  324. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -0
  325. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  326. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  327. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts +3 -3
  328. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  329. package/lib/custom-auth-path/types/cache/TokenCache.d.ts +3 -2
  330. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  331. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  332. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  333. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  334. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  335. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  336. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  337. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  338. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  339. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  340. package/lib/custom-auth-path/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  341. package/lib/custom-auth-path/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  342. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  343. package/lib/custom-auth-path/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  344. package/lib/custom-auth-path/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  345. package/lib/custom-auth-path/types/interaction_handler/InteractionHandler.d.ts +3 -2
  346. package/lib/custom-auth-path/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  347. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  348. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/utils/BrowserConstants.d.ts +20 -1
  350. package/lib/custom-auth-path/types/utils/BrowserConstants.d.ts.map +1 -1
  351. package/lib/msal-browser.cjs +201 -156
  352. package/lib/msal-browser.cjs.map +1 -1
  353. package/lib/msal-browser.js +201 -156
  354. package/lib/msal-browser.js.map +1 -1
  355. package/lib/msal-browser.min.js +66 -66
  356. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  357. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  358. package/lib/types/cache/BrowserCacheManager.d.ts +3 -3
  359. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  360. package/lib/types/cache/TokenCache.d.ts +3 -2
  361. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  362. package/lib/types/config/Configuration.d.ts +4 -0
  363. package/lib/types/config/Configuration.d.ts.map +1 -1
  364. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  365. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  366. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  367. package/lib/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  368. package/lib/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  369. package/lib/types/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  370. package/lib/types/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  371. package/lib/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  372. package/lib/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  373. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  374. package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  375. package/lib/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  376. package/lib/types/interaction_handler/InteractionHandler.d.ts +3 -2
  377. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  378. package/lib/types/packageMetadata.d.ts +1 -1
  379. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  380. package/lib/types/utils/BrowserConstants.d.ts +20 -1
  381. package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
  382. package/package.json +2 -2
  383. package/src/broker/nativeBroker/PlatformAuthProvider.ts +21 -23
  384. package/src/cache/BrowserCacheManager.ts +16 -2
  385. package/src/cache/TokenCache.ts +122 -72
  386. package/src/config/Configuration.ts +5 -0
  387. package/src/controllers/NestedAppAuthController.ts +2 -1
  388. package/src/controllers/StandardController.ts +6 -3
  389. package/src/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.ts +4 -2
  390. package/src/custom_auth/core/interaction_client/jit/JitClient.ts +2 -1
  391. package/src/custom_auth/core/interaction_client/mfa/MfaClient.ts +2 -1
  392. package/src/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.ts +2 -1
  393. package/src/custom_auth/sign_in/interaction_client/SignInClient.ts +10 -5
  394. package/src/interaction_client/PlatformAuthInteractionClient.ts +3 -1
  395. package/src/interaction_client/SilentAuthCodeClient.ts +1 -0
  396. package/src/interaction_client/SilentRefreshClient.ts +7 -5
  397. package/src/interaction_handler/InteractionHandler.ts +10 -3
  398. package/src/packageMetadata.ts +1 -1
  399. package/src/protocol/Authorize.ts +2 -1
  400. package/src/utils/BrowserConstants.ts +27 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.26.2 2025-11-19 */
1
+ /*! @azure/msal-browser v4.28.0 2026-01-13 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -276,7 +276,7 @@ const JsonWebTokenTypes = {
276
276
  // Token renewal offset default in seconds
277
277
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
278
278
 
279
- /*! @azure/msal-common v15.13.2 2025-11-19 */
279
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
280
280
  /*
281
281
  * Copyright (c) Microsoft Corporation. All rights reserved.
282
282
  * Licensed under the MIT License.
@@ -287,7 +287,7 @@ const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
287
287
  const unexpectedError = "unexpected_error";
288
288
  const postRequestFailed$1 = "post_request_failed";
289
289
 
290
- /*! @azure/msal-common v15.13.2 2025-11-19 */
290
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
291
291
 
292
292
  /*
293
293
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -322,7 +322,7 @@ function createAuthError(code, additionalMessage) {
322
322
  : AuthErrorMessages[code]);
323
323
  }
324
324
 
325
- /*! @azure/msal-common v15.13.2 2025-11-19 */
325
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
328
328
  * Licensed under the MIT License.
@@ -373,7 +373,7 @@ const methodNotImplemented = "method_not_implemented";
373
373
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
374
374
  const platformBrokerError = "platform_broker_error";
375
375
 
376
- /*! @azure/msal-common v15.13.2 2025-11-19 */
376
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
377
377
 
378
378
  /*
379
379
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -448,7 +448,7 @@ function createClientAuthError(errorCode, additionalMessage) {
448
448
  return new ClientAuthError(errorCode, additionalMessage);
449
449
  }
450
450
 
451
- /*! @azure/msal-common v15.13.2 2025-11-19 */
451
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
452
452
 
453
453
  /*
454
454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -487,7 +487,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
487
487
  },
488
488
  };
489
489
 
490
- /*! @azure/msal-common v15.13.2 2025-11-19 */
490
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
491
491
 
492
492
  /*
493
493
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -678,12 +678,12 @@ class Logger {
678
678
  }
679
679
  }
680
680
 
681
- /*! @azure/msal-common v15.13.2 2025-11-19 */
681
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
682
682
  /* eslint-disable header/header */
683
683
  const name$1 = "@azure/msal-common";
684
- const version$1 = "15.13.2";
684
+ const version$1 = "15.14.0";
685
685
 
686
- /*! @azure/msal-common v15.13.2 2025-11-19 */
686
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
687
687
  /*
688
688
  * Copyright (c) Microsoft Corporation. All rights reserved.
689
689
  * Licensed under the MIT License.
@@ -692,7 +692,7 @@ const AzureCloudInstance = {
692
692
  // AzureCloudInstance is not specified.
693
693
  None: "none"};
694
694
 
695
- /*! @azure/msal-common v15.13.2 2025-11-19 */
695
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
696
696
  /*
697
697
  * Copyright (c) Microsoft Corporation. All rights reserved.
698
698
  * Licensed under the MIT License.
@@ -719,9 +719,10 @@ const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
719
719
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
720
720
  const authorityMismatch = "authority_mismatch";
721
721
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
722
- const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
722
+ const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
723
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
723
724
 
724
- /*! @azure/msal-common v15.13.2 2025-11-19 */
725
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
725
726
 
726
727
  /*
727
728
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -751,6 +752,7 @@ const ClientConfigurationErrorMessages = {
751
752
  [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
752
753
  [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
753
754
  [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
755
+ [invalidPlatformBrokerConfiguration]: "Invalid platform broker configuration. `allowPlatformBrokerWithDOM` can only be enabled when `allowPlatformBroker` is enabled.",
754
756
  };
755
757
  /**
756
758
  * Error thrown when there is an error in configuration of the MSAL.js library.
@@ -766,7 +768,7 @@ function createClientConfigurationError(errorCode) {
766
768
  return new ClientConfigurationError(errorCode);
767
769
  }
768
770
 
769
- /*! @azure/msal-common v15.13.2 2025-11-19 */
771
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
770
772
  /*
771
773
  * Copyright (c) Microsoft Corporation. All rights reserved.
772
774
  * Licensed under the MIT License.
@@ -863,7 +865,7 @@ class StringUtils {
863
865
  }
864
866
  }
865
867
 
866
- /*! @azure/msal-common v15.13.2 2025-11-19 */
868
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
867
869
 
868
870
  /*
869
871
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1058,7 +1060,7 @@ class ScopeSet {
1058
1060
  }
1059
1061
  }
1060
1062
 
1061
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1063
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1062
1064
 
1063
1065
  /*
1064
1066
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1098,7 +1100,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1098
1100
  };
1099
1101
  }
1100
1102
 
1101
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1103
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1102
1104
  /*
1103
1105
  * Copyright (c) Microsoft Corporation. All rights reserved.
1104
1106
  * Licensed under the MIT License.
@@ -1180,7 +1182,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1180
1182
  return updatedAccountInfo;
1181
1183
  }
1182
1184
 
1183
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1185
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1184
1186
  /*
1185
1187
  * Copyright (c) Microsoft Corporation. All rights reserved.
1186
1188
  * Licensed under the MIT License.
@@ -1195,7 +1197,7 @@ const AuthorityType = {
1195
1197
  Ciam: 3,
1196
1198
  };
1197
1199
 
1198
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1200
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1199
1201
  /*
1200
1202
  * Copyright (c) Microsoft Corporation. All rights reserved.
1201
1203
  * Licensed under the MIT License.
@@ -1217,7 +1219,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
1217
1219
  return null;
1218
1220
  }
1219
1221
 
1220
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1222
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1221
1223
  /*
1222
1224
  * Copyright (c) Microsoft Corporation. All rights reserved.
1223
1225
  * Licensed under the MIT License.
@@ -1241,7 +1243,7 @@ const ProtocolMode = {
1241
1243
  EAR: "EAR",
1242
1244
  };
1243
1245
 
1244
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1246
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1245
1247
 
1246
1248
  /*
1247
1249
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1462,7 +1464,7 @@ class AccountEntity {
1462
1464
  }
1463
1465
  }
1464
1466
 
1465
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1467
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1466
1468
 
1467
1469
  /*
1468
1470
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1543,7 +1545,7 @@ function checkMaxAge(authTime, maxAge) {
1543
1545
  }
1544
1546
  }
1545
1547
 
1546
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1548
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1547
1549
 
1548
1550
  /*
1549
1551
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1659,7 +1661,7 @@ function normalizeUrlForComparison(url) {
1659
1661
  }
1660
1662
  }
1661
1663
 
1662
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1664
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1663
1665
 
1664
1666
  /*
1665
1667
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1823,7 +1825,7 @@ class UrlString {
1823
1825
  }
1824
1826
  }
1825
1827
 
1826
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1828
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1827
1829
 
1828
1830
  /*
1829
1831
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1962,7 +1964,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1962
1964
  return null;
1963
1965
  }
1964
1966
 
1965
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1967
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1966
1968
  /*
1967
1969
  * Copyright (c) Microsoft Corporation. All rights reserved.
1968
1970
  * Licensed under the MIT License.
@@ -1970,7 +1972,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1970
1972
  const cacheQuotaExceeded = "cache_quota_exceeded";
1971
1973
  const cacheErrorUnknown = "cache_error_unknown";
1972
1974
 
1973
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1975
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1974
1976
 
1975
1977
  /*
1976
1978
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2015,7 +2017,7 @@ function createCacheError(e) {
2015
2017
  }
2016
2018
  }
2017
2019
 
2018
- /*! @azure/msal-common v15.13.2 2025-11-19 */
2020
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
2019
2021
 
2020
2022
  /*
2021
2023
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2185,15 +2187,16 @@ class CacheManager {
2185
2187
  * @param cacheRecord {CacheRecord}
2186
2188
  * @param correlationId {?string} correlation id
2187
2189
  * @param kmsi - Keep Me Signed In
2190
+ * @param apiId - API identifier for telemetry tracking
2188
2191
  * @param storeInCache {?StoreInCache}
2189
2192
  */
2190
- async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
2193
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache) {
2191
2194
  if (!cacheRecord) {
2192
2195
  throw createClientAuthError(invalidCacheRecord);
2193
2196
  }
2194
2197
  try {
2195
2198
  if (!!cacheRecord.account) {
2196
- await this.setAccount(cacheRecord.account, correlationId, kmsi);
2199
+ await this.setAccount(cacheRecord.account, correlationId, kmsi, apiId);
2197
2200
  }
2198
2201
  if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {
2199
2202
  await this.setIdTokenCredential(cacheRecord.idToken, correlationId, kmsi);
@@ -3124,7 +3127,7 @@ class DefaultStorageClass extends CacheManager {
3124
3127
  }
3125
3128
  }
3126
3129
 
3127
- /*! @azure/msal-common v15.13.2 2025-11-19 */
3130
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
3128
3131
  /*
3129
3132
  * Copyright (c) Microsoft Corporation. All rights reserved.
3130
3133
  * Licensed under the MIT License.
@@ -3381,6 +3384,11 @@ const PerformanceEvents = {
3381
3384
  Decrypt: "decrypt",
3382
3385
  GenerateEarKey: "generateEarKey",
3383
3386
  DecryptEarResponse: "decryptEarResponse",
3387
+ LoadExternalTokens: "LoadExternalTokens",
3388
+ LoadAccount: "loadAccount",
3389
+ LoadIdToken: "loadIdToken",
3390
+ LoadAccessToken: "loadAccessToken",
3391
+ LoadRefreshToken: "loadRefreshToken",
3384
3392
  };
3385
3393
  /**
3386
3394
  * State of the performance event.
@@ -3391,7 +3399,7 @@ const PerformanceEvents = {
3391
3399
  const PerformanceEventStatus = {
3392
3400
  InProgress: 1};
3393
3401
 
3394
- /*! @azure/msal-common v15.13.2 2025-11-19 */
3402
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
3395
3403
 
3396
3404
  /*
3397
3405
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3470,7 +3478,7 @@ class StubPerformanceClient {
3470
3478
  }
3471
3479
  }
3472
3480
 
3473
- /*! @azure/msal-common v15.13.2 2025-11-19 */
3481
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
3474
3482
 
3475
3483
  /*
3476
3484
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3570,7 +3578,7 @@ function isOidcProtocolMode(config) {
3570
3578
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3571
3579
  }
3572
3580
 
3573
- /*! @azure/msal-common v15.13.2 2025-11-19 */
3581
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
3574
3582
  /*
3575
3583
  * Copyright (c) Microsoft Corporation. All rights reserved.
3576
3584
  * Licensed under the MIT License.
@@ -3580,7 +3588,7 @@ const CcsCredentialType = {
3580
3588
  UPN: "UPN",
3581
3589
  };
3582
3590
 
3583
- /*! @azure/msal-common v15.13.2 2025-11-19 */
3591
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
3584
3592
  /*
3585
3593
  * Copyright (c) Microsoft Corporation. All rights reserved.
3586
3594
  * Licensed under the MIT License.
@@ -3630,7 +3638,7 @@ const INSTANCE_AWARE = "instance_aware";
3630
3638
  const EAR_JWK = "ear_jwk";
3631
3639
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
3632
3640
 
3633
- /*! @azure/msal-common v15.13.2 2025-11-19 */
3641
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
3634
3642
 
3635
3643
  /*
3636
3644
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4010,7 +4018,7 @@ function addPostBodyParameters(parameters, bodyParameters) {
4010
4018
  });
4011
4019
  }
4012
4020
 
4013
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4021
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4014
4022
  /*
4015
4023
  * Copyright (c) Microsoft Corporation. All rights reserved.
4016
4024
  * Licensed under the MIT License.
@@ -4022,7 +4030,7 @@ function isOpenIdConfigResponse(response) {
4022
4030
  response.hasOwnProperty("jwks_uri"));
4023
4031
  }
4024
4032
 
4025
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4033
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4026
4034
  /*
4027
4035
  * Copyright (c) Microsoft Corporation. All rights reserved.
4028
4036
  * Licensed under the MIT License.
@@ -4032,7 +4040,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4032
4040
  response.hasOwnProperty("metadata"));
4033
4041
  }
4034
4042
 
4035
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4043
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4036
4044
  /*
4037
4045
  * Copyright (c) Microsoft Corporation. All rights reserved.
4038
4046
  * Licensed under the MIT License.
@@ -4042,7 +4050,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4042
4050
  response.hasOwnProperty("error_description"));
4043
4051
  }
4044
4052
 
4045
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4053
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4046
4054
  /*
4047
4055
  * Copyright (c) Microsoft Corporation. All rights reserved.
4048
4056
  * Licensed under the MIT License.
@@ -4138,7 +4146,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4138
4146
  };
4139
4147
  };
4140
4148
 
4141
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4149
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4142
4150
 
4143
4151
  /*
4144
4152
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4244,7 +4252,7 @@ RegionDiscovery.IMDS_OPTIONS = {
4244
4252
  },
4245
4253
  };
4246
4254
 
4247
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4255
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4248
4256
  /*
4249
4257
  * Copyright (c) Microsoft Corporation. All rights reserved.
4250
4258
  * Licensed under the MIT License.
@@ -4309,7 +4317,7 @@ function wasClockTurnedBack(cachedAt) {
4309
4317
  return cachedAtSec > nowSeconds();
4310
4318
  }
4311
4319
 
4312
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4320
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4313
4321
 
4314
4322
  /*
4315
4323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4571,7 +4579,7 @@ function isAuthorityMetadataExpired(metadata) {
4571
4579
  return metadata.expiresAt <= nowSeconds();
4572
4580
  }
4573
4581
 
4574
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4582
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4575
4583
 
4576
4584
  /*
4577
4585
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5410,7 +5418,7 @@ function buildStaticAuthorityOptions(authOptions) {
5410
5418
  };
5411
5419
  }
5412
5420
 
5413
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5421
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5414
5422
 
5415
5423
  /*
5416
5424
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5441,7 +5449,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5441
5449
  }
5442
5450
  }
5443
5451
 
5444
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5452
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5445
5453
 
5446
5454
  /*
5447
5455
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5460,7 +5468,7 @@ class ServerError extends AuthError {
5460
5468
  }
5461
5469
  }
5462
5470
 
5463
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5471
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5464
5472
  /*
5465
5473
  * Copyright (c) Microsoft Corporation. All rights reserved.
5466
5474
  * Licensed under the MIT License.
@@ -5481,7 +5489,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
5481
5489
  };
5482
5490
  }
5483
5491
 
5484
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5492
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5485
5493
 
5486
5494
  /*
5487
5495
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5568,7 +5576,7 @@ class ThrottlingUtils {
5568
5576
  }
5569
5577
  }
5570
5578
 
5571
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5579
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5572
5580
 
5573
5581
  /*
5574
5582
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5599,7 +5607,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5599
5607
  return new NetworkError(error, httpStatus, responseHeaders);
5600
5608
  }
5601
5609
 
5602
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5610
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5603
5611
 
5604
5612
  /*
5605
5613
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5747,7 +5755,7 @@ class BaseClient {
5747
5755
  }
5748
5756
  }
5749
5757
 
5750
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5758
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5751
5759
  /*
5752
5760
  * Copyright (c) Microsoft Corporation. All rights reserved.
5753
5761
  * Licensed under the MIT License.
@@ -5763,7 +5771,7 @@ const consentRequired = "consent_required";
5763
5771
  const loginRequired = "login_required";
5764
5772
  const badToken = "bad_token";
5765
5773
 
5766
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5774
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5767
5775
 
5768
5776
  /*
5769
5777
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5835,7 +5843,7 @@ function createInteractionRequiredAuthError(errorCode) {
5835
5843
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
5836
5844
  }
5837
5845
 
5838
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5846
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5839
5847
 
5840
5848
  /*
5841
5849
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5907,7 +5915,7 @@ class ProtocolUtils {
5907
5915
  }
5908
5916
  }
5909
5917
 
5910
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5918
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5911
5919
 
5912
5920
  /*
5913
5921
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5989,7 +5997,7 @@ class PopTokenGenerator {
5989
5997
  }
5990
5998
  }
5991
5999
 
5992
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6000
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5993
6001
  /*
5994
6002
  * Copyright (c) Microsoft Corporation. All rights reserved.
5995
6003
  * Licensed under the MIT License.
@@ -6016,7 +6024,7 @@ class PopTokenGenerator {
6016
6024
  }
6017
6025
  }
6018
6026
 
6019
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6027
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6020
6028
 
6021
6029
  /*
6022
6030
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6080,7 +6088,7 @@ class ResponseHandler {
6080
6088
  * @param serverTokenResponse
6081
6089
  * @param authority
6082
6090
  */
6083
- async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
6091
+ async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, apiId, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
6084
6092
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id);
6085
6093
  // create an idToken object (not entity)
6086
6094
  let idTokenClaims;
@@ -6135,7 +6143,7 @@ class ResponseHandler {
6135
6143
  return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
6136
6144
  }
6137
6145
  }
6138
- await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), request.storeInCache);
6146
+ await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), apiId, request.storeInCache);
6139
6147
  }
6140
6148
  finally {
6141
6149
  if (this.persistencePlugin &&
@@ -6205,6 +6213,9 @@ class ResponseHandler {
6205
6213
  ? parseInt(serverTokenResponse.refresh_token_expires_in, 10)
6206
6214
  : serverTokenResponse.refresh_token_expires_in;
6207
6215
  rtExpiresOn = reqTimestamp + rtExpiresIn;
6216
+ this.performanceClient?.addFields({
6217
+ ntwkRtExpiresOnSeconds: rtExpiresOn,
6218
+ }, request.correlationId);
6208
6219
  }
6209
6220
  cachedRefreshToken = createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token, this.clientId, serverTokenResponse.foci, userAssertionHash, rtExpiresOn);
6210
6221
  }
@@ -6347,7 +6358,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6347
6358
  return baseAccount;
6348
6359
  }
6349
6360
 
6350
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6361
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6351
6362
  /*
6352
6363
  * Copyright (c) Microsoft Corporation. All rights reserved.
6353
6364
  * Licensed under the MIT License.
@@ -6365,7 +6376,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
6365
6376
  }
6366
6377
  }
6367
6378
 
6368
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6379
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6369
6380
 
6370
6381
  /*
6371
6382
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6387,8 +6398,9 @@ class AuthorizationCodeClient extends BaseClient {
6387
6398
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
6388
6399
  * authorization_code_grant
6389
6400
  * @param request
6401
+ * @param apiId - API identifier for telemetry tracking
6390
6402
  */
6391
- async acquireToken(request, authCodePayload) {
6403
+ async acquireToken(request, apiId, authCodePayload) {
6392
6404
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientAcquireToken, request.correlationId);
6393
6405
  if (!request.code) {
6394
6406
  throw createClientAuthError(requestCannotBeMade);
@@ -6400,7 +6412,7 @@ class AuthorizationCodeClient extends BaseClient {
6400
6412
  const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin, this.performanceClient);
6401
6413
  // Validate response. This function throws a server error if an error is returned by the server.
6402
6414
  responseHandler.validateTokenResponse(response.body);
6403
- return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);
6415
+ return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, apiId, authCodePayload, undefined, undefined, undefined, requestId);
6404
6416
  }
6405
6417
  /**
6406
6418
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
@@ -6600,7 +6612,7 @@ class AuthorizationCodeClient extends BaseClient {
6600
6612
  }
6601
6613
  }
6602
6614
 
6603
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6615
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6604
6616
 
6605
6617
  /*
6606
6618
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6615,7 +6627,7 @@ class RefreshTokenClient extends BaseClient {
6615
6627
  constructor(configuration, performanceClient) {
6616
6628
  super(configuration, performanceClient);
6617
6629
  }
6618
- async acquireToken(request) {
6630
+ async acquireToken(request, apiId) {
6619
6631
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireToken, request.correlationId);
6620
6632
  const reqTimestamp = nowSeconds();
6621
6633
  const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.RefreshTokenClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(request, this.authority);
@@ -6623,13 +6635,13 @@ class RefreshTokenClient extends BaseClient {
6623
6635
  const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID];
6624
6636
  const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin);
6625
6637
  responseHandler.validateTokenResponse(response.body);
6626
- return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, undefined, undefined, true, request.forceCache, requestId);
6638
+ return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, apiId, undefined, undefined, true, request.forceCache, requestId);
6627
6639
  }
6628
6640
  /**
6629
6641
  * Gets cached refresh token and attaches to request, then calls acquireToken API
6630
6642
  * @param request
6631
6643
  */
6632
- async acquireTokenByRefreshToken(request) {
6644
+ async acquireTokenByRefreshToken(request, apiId) {
6633
6645
  // Cannot renew token if no request object is given.
6634
6646
  if (!request) {
6635
6647
  throw createClientConfigurationError(tokenRequestEmpty);
@@ -6644,7 +6656,7 @@ class RefreshTokenClient extends BaseClient {
6644
6656
  // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest
6645
6657
  if (isFOCI) {
6646
6658
  try {
6647
- return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true);
6659
+ return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true, apiId);
6648
6660
  }
6649
6661
  catch (e) {
6650
6662
  const noFamilyRTInCache = e instanceof InteractionRequiredAuthError &&
@@ -6655,7 +6667,7 @@ class RefreshTokenClient extends BaseClient {
6655
6667
  e.subError === Errors.CLIENT_MISMATCH_ERROR;
6656
6668
  // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART)
6657
6669
  if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) {
6658
- return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);
6670
+ return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false, apiId);
6659
6671
  // throw in all other cases
6660
6672
  }
6661
6673
  else {
@@ -6664,26 +6676,30 @@ class RefreshTokenClient extends BaseClient {
6664
6676
  }
6665
6677
  }
6666
6678
  // fall back to application refresh token acquisition
6667
- return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);
6679
+ return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false, apiId);
6668
6680
  }
6669
6681
  /**
6670
6682
  * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached
6671
6683
  * @param request
6672
6684
  */
6673
- async acquireTokenWithCachedRefreshToken(request, foci) {
6685
+ async acquireTokenWithCachedRefreshToken(request, foci, apiId) {
6674
6686
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);
6675
6687
  // fetches family RT or application RT based on FOCI value
6676
6688
  const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, request.correlationId, undefined, this.performanceClient);
6677
6689
  if (!refreshToken) {
6678
6690
  throw createInteractionRequiredAuthError(noTokensFound);
6679
6691
  }
6680
- if (refreshToken.expiresOn &&
6681
- isTokenExpired(refreshToken.expiresOn, request.refreshTokenExpirationOffsetSeconds ||
6682
- DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS)) {
6683
- this.performanceClient?.addFields({ rtExpiresOnMs: Number(refreshToken.expiresOn) }, request.correlationId);
6684
- throw createInteractionRequiredAuthError(refreshTokenExpired);
6692
+ if (refreshToken.expiresOn) {
6693
+ const offset = request.refreshTokenExpirationOffsetSeconds ||
6694
+ DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS;
6695
+ this.performanceClient?.addFields({
6696
+ cacheRtExpiresOnSeconds: Number(refreshToken.expiresOn),
6697
+ rtOffsetSeconds: offset,
6698
+ }, request.correlationId);
6699
+ if (isTokenExpired(refreshToken.expiresOn, offset)) {
6700
+ throw createInteractionRequiredAuthError(refreshTokenExpired);
6701
+ }
6685
6702
  }
6686
- // attach cached RT size to the current measurement
6687
6703
  const refreshTokenRequest = {
6688
6704
  ...request,
6689
6705
  refreshToken: refreshToken.secret,
@@ -6694,11 +6710,10 @@ class RefreshTokenClient extends BaseClient {
6694
6710
  },
6695
6711
  };
6696
6712
  try {
6697
- return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest);
6713
+ return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest, apiId);
6698
6714
  }
6699
6715
  catch (e) {
6700
6716
  if (e instanceof InteractionRequiredAuthError) {
6701
- this.performanceClient?.addFields({ rtExpiresOnMs: Number(refreshToken.expiresOn) }, request.correlationId);
6702
6717
  if (e.subError === badToken) {
6703
6718
  // Remove bad refresh token from cache
6704
6719
  this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");
@@ -6809,7 +6824,7 @@ class RefreshTokenClient extends BaseClient {
6809
6824
  }
6810
6825
  }
6811
6826
 
6812
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6827
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6813
6828
 
6814
6829
  /*
6815
6830
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6907,7 +6922,7 @@ class SilentFlowClient extends BaseClient {
6907
6922
  }
6908
6923
  }
6909
6924
 
6910
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6925
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6911
6926
 
6912
6927
  /*
6913
6928
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6922,7 +6937,7 @@ const StubbedNetworkModule = {
6922
6937
  },
6923
6938
  };
6924
6939
 
6925
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6940
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6926
6941
 
6927
6942
  /*
6928
6943
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7146,7 +7161,7 @@ function extractLoginHint(account) {
7146
7161
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7147
7162
  }
7148
7163
 
7149
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7164
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7150
7165
 
7151
7166
  /*
7152
7167
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7409,7 +7424,7 @@ class ServerTelemetryManager {
7409
7424
  }
7410
7425
  }
7411
7426
 
7412
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7427
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7413
7428
  /*
7414
7429
  * Copyright (c) Microsoft Corporation. All rights reserved.
7415
7430
  * Licensed under the MIT License.
@@ -7417,7 +7432,7 @@ class ServerTelemetryManager {
7417
7432
  const missingKidError = "missing_kid_error";
7418
7433
  const missingAlgError = "missing_alg_error";
7419
7434
 
7420
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7435
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7421
7436
 
7422
7437
  /*
7423
7438
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7442,7 +7457,7 @@ function createJoseHeaderError(code) {
7442
7457
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
7443
7458
  }
7444
7459
 
7445
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7460
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7446
7461
 
7447
7462
  /*
7448
7463
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7877,7 +7892,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7877
7892
 
7878
7893
  /* eslint-disable header/header */
7879
7894
  const name = "@azure/msal-browser";
7880
- const version = "4.26.2";
7895
+ const version = "4.28.0";
7881
7896
 
7882
7897
  /*
7883
7898
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8461,9 +8476,9 @@ const InMemoryCacheKeys = {
8461
8476
  };
8462
8477
  /**
8463
8478
  * API Codes for Telemetry purposes.
8464
- * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs
8465
8479
  * 0-99 Silent Flow
8466
8480
  * 800-899 Auth Code Flow
8481
+ * 900-999 Miscellaneous
8467
8482
  */
8468
8483
  const ApiId = {
8469
8484
  acquireTokenRedirect: 861,
@@ -8475,6 +8490,30 @@ const ApiId = {
8475
8490
  acquireTokenSilent_silentFlow: 61,
8476
8491
  logout: 961,
8477
8492
  logoutPopup: 962,
8493
+ hydrateCache: 963,
8494
+ loadExternalTokens: 964,
8495
+ };
8496
+ /**
8497
+ * API Names for Telemetry purposes.
8498
+ */
8499
+ const ApiName = {
8500
+ 861: "acquireTokenRedirect",
8501
+ 862: "acquireTokenPopup",
8502
+ 863: "ssoSilent",
8503
+ 864: "acquireTokenSilent_authCode",
8504
+ 865: "handleRedirectPromise",
8505
+ 866: "acquireTokenByCode",
8506
+ 61: "acquireTokenSilent_silentFlow",
8507
+ 961: "logout",
8508
+ 962: "logoutPopup",
8509
+ 963: "hydrateCache",
8510
+ 964: "loadExternalTokens",
8511
+ };
8512
+ const apiIdToName = (id) => {
8513
+ if (typeof id === "number" && id in ApiName) {
8514
+ return ApiName[id];
8515
+ }
8516
+ return "unknown";
8478
8517
  };
8479
8518
  /*
8480
8519
  * Interaction type of the API - used for state and telemetry
@@ -9688,7 +9727,7 @@ class CustomAuthInteractionClientBase extends StandardInteractionClient {
9688
9727
  * @param correlationId Correlation ID for logging
9689
9728
  * @returns Authentication result from the token response
9690
9729
  */
9691
- async handleTokenResponse(tokenResponse, requestScopes, correlationId) {
9730
+ async handleTokenResponse(tokenResponse, requestScopes, correlationId, apiId) {
9692
9731
  this.logger.verbose("Processing token response.", correlationId);
9693
9732
  const requestTimestamp = Math.round(new Date().getTime() / 1000.0);
9694
9733
  // Save tokens and create authentication result
@@ -9696,7 +9735,7 @@ class CustomAuthInteractionClientBase extends StandardInteractionClient {
9696
9735
  authority: this.customAuthAuthority.canonicalAuthority,
9697
9736
  correlationId: tokenResponse.correlation_id ?? correlationId,
9698
9737
  scopes: requestScopes,
9699
- });
9738
+ }, apiId);
9700
9739
  return result;
9701
9740
  }
9702
9741
  // It is not necessary to implement this method from base class.
@@ -9872,7 +9911,7 @@ class SignInClient extends CustomAuthInteractionClientBase {
9872
9911
  claims: parameters.claims,
9873
9912
  }),
9874
9913
  };
9875
- return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithOob(request), scopes, parameters.correlationId, telemetryManager);
9914
+ return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithOob(request), scopes, parameters.correlationId, telemetryManager, apiId);
9876
9915
  }
9877
9916
  /**
9878
9917
  * Submits the password for sign-in flow.
@@ -9894,7 +9933,7 @@ class SignInClient extends CustomAuthInteractionClientBase {
9894
9933
  claims: parameters.claims,
9895
9934
  }),
9896
9935
  };
9897
- return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithPassword(request), scopes, parameters.correlationId, telemetryManager);
9936
+ return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithPassword(request), scopes, parameters.correlationId, telemetryManager, apiId);
9898
9937
  }
9899
9938
  /**
9900
9939
  * Signs in with continuation token.
@@ -9917,7 +9956,7 @@ class SignInClient extends CustomAuthInteractionClientBase {
9917
9956
  }),
9918
9957
  };
9919
9958
  // Call token endpoint.
9920
- return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokenWithContinuationToken(request), scopes, parameters.correlationId, telemetryManager);
9959
+ return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokenWithContinuationToken(request), scopes, parameters.correlationId, telemetryManager, apiId);
9921
9960
  }
9922
9961
  /**
9923
9962
  * Common method to handle token endpoint calls and create sign-in results.
@@ -9927,12 +9966,12 @@ class SignInClient extends CustomAuthInteractionClientBase {
9927
9966
  * @param telemetryManager Telemetry manager for telemetry logging
9928
9967
  * @returns SignInCompletedResult | SignInJitRequiredResult | SignInMfaRequiredResult with authentication result
9929
9968
  */
9930
- async performTokenRequest(tokenEndpointCaller, scopes, correlationId, telemetryManager) {
9969
+ async performTokenRequest(tokenEndpointCaller, scopes, correlationId, telemetryManager, apiId) {
9931
9970
  this.logger.verbose("Calling token endpoint for sign in.", correlationId);
9932
9971
  try {
9933
9972
  const tokenResponse = await tokenEndpointCaller();
9934
9973
  this.logger.verbose("Token endpoint response received for sign in.", correlationId);
9935
- const authResult = await this.handleTokenResponse(tokenResponse, scopes, correlationId);
9974
+ const authResult = await this.handleTokenResponse(tokenResponse, scopes, correlationId, apiId);
9936
9975
  return createSignInCompleteResult({
9937
9976
  correlationId: tokenResponse.correlation_id ?? correlationId,
9938
9977
  authenticationResult: authResult,
@@ -11553,7 +11592,7 @@ class JitClient extends CustomAuthInteractionClientBase {
11553
11592
  }),
11554
11593
  };
11555
11594
  const tokenResponse = await this.customAuthApiClient.signInApi.requestTokenWithContinuationToken(tokenRequest);
11556
- const authResult = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id || continueResponse.correlation_id);
11595
+ const authResult = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id || continueResponse.correlation_id, apiId);
11557
11596
  return createJitCompletedResult({
11558
11597
  correlationId: continueResponse.correlation_id,
11559
11598
  authenticationResult: authResult,
@@ -11646,7 +11685,7 @@ class MfaClient extends CustomAuthInteractionClientBase {
11646
11685
  this.logger.verbose("Calling token endpoint for MFA challenge submission.", parameters.correlationId);
11647
11686
  const tokenResponse = await this.customAuthApiClient.signInApi.requestTokensWithOob(request);
11648
11687
  // Save tokens and create authentication result
11649
- const result = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id ?? parameters.correlationId);
11688
+ const result = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id ?? parameters.correlationId, apiId);
11650
11689
  return createMfaCompletedResult({
11651
11690
  correlationId: parameters.correlationId,
11652
11691
  authenticationResult: result,
@@ -11697,7 +11736,7 @@ class CustomAuthSilentCacheClient extends CustomAuthInteractionClientBase {
11697
11736
  this.logger.verbose("Token refresh is required to acquire token silently", correlationId);
11698
11737
  const refreshTokenClient = new RefreshTokenClient(clientConfig, this.performanceClient);
11699
11738
  this.logger.verbose("Starting refresh flow to refresh token", correlationId);
11700
- const refreshTokenResult = await refreshTokenClient.acquireTokenByRefreshToken(silentRequest);
11739
+ const refreshTokenResult = await refreshTokenClient.acquireTokenByRefreshToken(silentRequest, ACCOUNT_GET_ACCESS_TOKEN);
11701
11740
  this.logger.verbose("Refresh flow to refresh token is completed", correlationId);
11702
11741
  return refreshTokenResult;
11703
11742
  }
@@ -14149,7 +14188,6 @@ const CREDENTIAL_SCHEMA_VERSION = 2;
14149
14188
  const ACCOUNT_SCHEMA_VERSION = 2;
14150
14189
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
14151
14190
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
14152
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
14153
14191
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
14154
14192
  const ACCOUNT_KEYS = "account.keys";
14155
14193
  const TOKEN_KEYS = "token.keys";
@@ -15225,17 +15263,21 @@ class BrowserCacheManager extends CacheManager {
15225
15263
  if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) {
15226
15264
  return null;
15227
15265
  }
15266
+ this.performanceClient.addFields({
15267
+ accountCachedBy: apiIdToName(parsedAccount.cachedByApiId),
15268
+ }, correlationId);
15228
15269
  return CacheManager.toObject(new AccountEntity(), parsedAccount);
15229
15270
  }
15230
15271
  /**
15231
15272
  * set account entity in the platform cache
15232
15273
  * @param account
15233
15274
  */
15234
- async setAccount(account, correlationId, kmsi) {
15275
+ async setAccount(account, correlationId, kmsi, apiId) {
15235
15276
  this.logger.trace("BrowserCacheManager.setAccount called");
15236
15277
  const key = this.generateAccountKey(AccountEntity.getAccountInfo(account));
15237
15278
  const timestamp = Date.now().toString();
15238
15279
  account.lastUpdatedAt = timestamp;
15280
+ account.cachedByApiId = apiId;
15239
15281
  await this.setUserData(key, JSON.stringify(account), correlationId, timestamp, kmsi);
15240
15282
  const wasAdded = this.addAccountKeyToMap(key, correlationId);
15241
15283
  this.performanceClient.addFields({ kmsi: kmsi }, correlationId);
@@ -16015,7 +16057,7 @@ class BrowserCacheManager extends CacheManager {
16015
16057
  idToken: idTokenEntity,
16016
16058
  accessToken: accessTokenEntity,
16017
16059
  };
16018
- return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)));
16060
+ return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)), ApiId.hydrateCache);
16019
16061
  }
16020
16062
  /**
16021
16063
  * saves a cache record
@@ -16023,9 +16065,9 @@ class BrowserCacheManager extends CacheManager {
16023
16065
  * @param storeInCache {?StoreInCache}
16024
16066
  * @param correlationId {?string} correlation id
16025
16067
  */
16026
- async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
16068
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache) {
16027
16069
  try {
16028
- await super.saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache);
16070
+ await super.saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache);
16029
16071
  }
16030
16072
  catch (e) {
16031
16073
  if (e instanceof CacheError &&
@@ -16385,7 +16427,7 @@ class InteractionHandler {
16385
16427
  * Function to handle response parameters from hash.
16386
16428
  * @param locationHash
16387
16429
  */
16388
- async handleCodeResponse(response, request) {
16430
+ async handleCodeResponse(response, request, apiId) {
16389
16431
  this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponse, request.correlationId);
16390
16432
  let authCodeResponse;
16391
16433
  try {
@@ -16401,7 +16443,7 @@ class InteractionHandler {
16401
16443
  throw e;
16402
16444
  }
16403
16445
  }
16404
- return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request);
16446
+ return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request, apiId);
16405
16447
  }
16406
16448
  /**
16407
16449
  * Process auth code response from AAD
@@ -16411,7 +16453,7 @@ class InteractionHandler {
16411
16453
  * @param networkModule
16412
16454
  * @returns
16413
16455
  */
16414
- async handleCodeResponseFromServer(authCodeResponse, request, validateNonce = true) {
16456
+ async handleCodeResponseFromServer(authCodeResponse, request, apiId, validateNonce = true) {
16415
16457
  this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponseFromServer, request.correlationId);
16416
16458
  this.logger.trace("InteractionHandler.handleCodeResponseFromServer called");
16417
16459
  // Assign code to request
@@ -16437,7 +16479,7 @@ class InteractionHandler {
16437
16479
  }
16438
16480
  }
16439
16481
  // Acquire token with retrieved code.
16440
- const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, authCodeResponse));
16482
+ const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, apiId, authCodeResponse));
16441
16483
  return tokenResponse;
16442
16484
  }
16443
16485
  /**
@@ -16985,7 +17027,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16985
17027
  */
16986
17028
  async cacheAccount(accountEntity, correlationId, kmsi) {
16987
17029
  // Store the account info and hence `nativeAccountId` in browser cache
16988
- await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi);
17030
+ await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi, this.apiId);
16989
17031
  // Remove any existing cached tokens for this account in browser storage
16990
17032
  this.browserStorage.removeAccountContext(AccountEntity.getAccountInfo(accountEntity), correlationId);
16991
17033
  }
@@ -17014,7 +17056,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
17014
17056
  idToken: cachedIdToken,
17015
17057
  accessToken: cachedAccessToken,
17016
17058
  };
17017
- return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), request.storeInCache);
17059
+ return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), this.apiId, request.storeInCache);
17018
17060
  }
17019
17061
  getExpiresInValue(tokenType, expiresIn) {
17020
17062
  return tokenType === AuthenticationScheme.POP
@@ -17389,7 +17431,7 @@ async function handleResponseCode(request, response, codeVerifier, apiId, config
17389
17431
  // Create popup interaction handler.
17390
17432
  const interactionHandler = new InteractionHandler(authClient, browserStorage, authCodeRequest, logger, performanceClient);
17391
17433
  // Handle response from hash string.
17392
- const result = await invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, logger, performanceClient, request.correlationId)(response, request);
17434
+ const result = await invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, logger, performanceClient, request.correlationId)(response, request, apiId);
17393
17435
  return result;
17394
17436
  }
17395
17437
  /**
@@ -17436,7 +17478,7 @@ async function handleResponseEAR(request, response, apiId, config, authority, br
17436
17478
  cloud_instance_name: decryptedData.cloud_instance_name,
17437
17479
  msgraph_host: decryptedData.msgraph_host,
17438
17480
  };
17439
- return (await invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, logger, performanceClient, request.correlationId)(decryptedData, authority, nowSeconds(), request, additionalData, undefined, undefined, undefined, undefined));
17481
+ return (await invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, logger, performanceClient, request.correlationId)(decryptedData, authority, nowSeconds(), request, apiId, additionalData, undefined, undefined, undefined, undefined));
17440
17482
  }
17441
17483
 
17442
17484
  /*
@@ -17742,6 +17784,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17742
17784
  asyncPopups: false,
17743
17785
  allowRedirectInIframe: false,
17744
17786
  allowPlatformBroker: false,
17787
+ allowPlatformBrokerWithDOM: false,
17745
17788
  nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
17746
17789
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
17747
17790
  pollIntervalMilliseconds: BrowserConstants.DEFAULT_POLL_INTERVAL_MS,
@@ -18188,9 +18231,8 @@ class PlatformAuthDOMHandler {
18188
18231
  * Copyright (c) Microsoft Corporation. All rights reserved.
18189
18232
  * Licensed under the MIT License.
18190
18233
  */
18191
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
18234
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
18192
18235
  logger.trace("getPlatformAuthProvider called", correlationId);
18193
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
18194
18236
  logger.trace("Has client allowed platform auth via DOM API: " +
18195
18237
  enablePlatformBrokerDOMSupport);
18196
18238
  let platformAuthProvider;
@@ -18215,22 +18257,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
18215
18257
  }
18216
18258
  return platformAuthProvider;
18217
18259
  }
18218
- /**
18219
- * Returns true if the DOM API support for platform auth is enabled in session storage
18220
- * @returns boolean
18221
- * @deprecated
18222
- */
18223
- function isDomEnabledForPlatformAuth() {
18224
- let sessionStorage;
18225
- try {
18226
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
18227
- // Mute errors if it's a non-browser environment or cookies are blocked.
18228
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
18229
- }
18230
- catch (e) {
18231
- return false;
18232
- }
18233
- }
18234
18260
  /**
18235
18261
  * Returns boolean indicating whether or not the request should attempt to use native broker
18236
18262
  * @param logger
@@ -18240,6 +18266,11 @@ function isDomEnabledForPlatformAuth() {
18240
18266
  */
18241
18267
  function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticationScheme) {
18242
18268
  logger.trace("isPlatformAuthAllowed called");
18269
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
18270
+ if (!config.system.allowPlatformBroker &&
18271
+ config.system.allowPlatformBrokerWithDOM) {
18272
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
18273
+ }
18243
18274
  if (!config.system.allowPlatformBroker) {
18244
18275
  logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false");
18245
18276
  // Developer disabled WAM
@@ -19538,7 +19569,7 @@ class SilentRefreshClient extends StandardInteractionClient {
19538
19569
  account: silentRequest.account,
19539
19570
  });
19540
19571
  // Send request to renew token. Auth module will throw errors if token cannot be renewed.
19541
- return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest).catch((e) => {
19572
+ return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest, ApiId.acquireTokenSilent_silentFlow).catch((e) => {
19542
19573
  e.setCorrelationId(this.correlationId);
19543
19574
  serverTelemetryManager.cacheFailedRequest(e);
19544
19575
  throw e;
@@ -19582,12 +19613,13 @@ class SilentRefreshClient extends StandardInteractionClient {
19582
19613
  * Token cache manager
19583
19614
  */
19584
19615
  class TokenCache {
19585
- constructor(configuration, storage, logger, cryptoObj) {
19616
+ constructor(configuration, storage, logger, cryptoObj, performanceClient) {
19586
19617
  this.isBrowserEnvironment = typeof window !== "undefined";
19587
19618
  this.config = configuration;
19588
19619
  this.storage = storage;
19589
19620
  this.logger = logger;
19590
19621
  this.cryptoObj = cryptoObj;
19622
+ this.performanceClient = performanceClient;
19591
19623
  }
19592
19624
  // Move getAllAccounts here and cache utility APIs
19593
19625
  /**
@@ -19602,30 +19634,38 @@ class TokenCache {
19602
19634
  throw createBrowserAuthError(nonBrowserEnvironment);
19603
19635
  }
19604
19636
  const correlationId = request.correlationId || createNewGuid();
19605
- const idTokenClaims = response.id_token
19606
- ? extractTokenClaims(response.id_token, base64Decode)
19607
- : undefined;
19608
- const kmsi = isKmsi(idTokenClaims || {});
19609
- const authorityOptions = {
19610
- protocolMode: this.config.auth.protocolMode,
19611
- knownAuthorities: this.config.auth.knownAuthorities,
19612
- cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
19613
- authorityMetadata: this.config.auth.authorityMetadata,
19614
- skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,
19615
- };
19616
- const authority = request.authority
19617
- ? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || createNewGuid())
19618
- : undefined;
19619
- const cacheRecordAccount = await this.loadAccount(request, options.clientInfo || response.client_info || "", correlationId, idTokenClaims, authority);
19620
- const idToken = await this.loadIdToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
19621
- const accessToken = await this.loadAccessToken(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
19622
- const refreshToken = await this.loadRefreshToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
19623
- return this.generateAuthenticationResult(request, {
19624
- account: cacheRecordAccount,
19625
- idToken,
19626
- accessToken,
19627
- refreshToken,
19628
- }, idTokenClaims, authority);
19637
+ const rootMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.LoadExternalTokens, correlationId);
19638
+ try {
19639
+ const idTokenClaims = response.id_token
19640
+ ? extractTokenClaims(response.id_token, base64Decode)
19641
+ : undefined;
19642
+ const kmsi = isKmsi(idTokenClaims || {});
19643
+ const authorityOptions = {
19644
+ protocolMode: this.config.auth.protocolMode,
19645
+ knownAuthorities: this.config.auth.knownAuthorities,
19646
+ cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
19647
+ authorityMetadata: this.config.auth.authorityMetadata,
19648
+ skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,
19649
+ };
19650
+ const authority = request.authority
19651
+ ? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || createNewGuid())
19652
+ : undefined;
19653
+ const cacheRecordAccount = await invokeAsync(this.loadAccount.bind(this), PerformanceEvents.LoadAccount, this.logger, this.performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, idTokenClaims, authority);
19654
+ const idToken = await invokeAsync(this.loadIdToken.bind(this), PerformanceEvents.LoadIdToken, this.logger, this.performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
19655
+ const accessToken = await invokeAsync(this.loadAccessToken.bind(this), PerformanceEvents.LoadAccessToken, this.logger, this.performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
19656
+ const refreshToken = await invokeAsync(this.loadRefreshToken.bind(this), PerformanceEvents.LoadRefreshToken, this.logger, this.performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
19657
+ rootMeasurement.end({ success: true }, undefined, AccountEntity.getAccountInfo(cacheRecordAccount));
19658
+ return this.generateAuthenticationResult(request, {
19659
+ account: cacheRecordAccount,
19660
+ idToken,
19661
+ accessToken,
19662
+ refreshToken,
19663
+ }, idTokenClaims, authority);
19664
+ }
19665
+ catch (error) {
19666
+ rootMeasurement.end({ success: false }, error);
19667
+ throw error;
19668
+ }
19629
19669
  }
19630
19670
  /**
19631
19671
  * Helper function to load account to msal-browser cache
@@ -19640,7 +19680,7 @@ class TokenCache {
19640
19680
  this.logger.verbose("TokenCache - loading account");
19641
19681
  if (request.account) {
19642
19682
  const accountEntity = AccountEntity.createFromAccountInfo(request.account);
19643
- await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}));
19683
+ await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
19644
19684
  return accountEntity;
19645
19685
  }
19646
19686
  else if (!authority || (!clientInfo && !idTokenClaims)) {
@@ -19652,7 +19692,7 @@ class TokenCache {
19652
19692
  const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.hostnameAndPort, claimsTenantId, undefined, // authCodePayload
19653
19693
  undefined, // nativeAccountId
19654
19694
  this.logger);
19655
- await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}));
19695
+ await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
19656
19696
  return cachedAccount;
19657
19697
  }
19658
19698
  /**
@@ -19828,7 +19868,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
19828
19868
  msgraph_host: request.msGraphHost,
19829
19869
  cloud_graph_host_name: request.cloudGraphHostName,
19830
19870
  cloud_instance_host_name: request.cloudInstanceHostName,
19831
- }, silentRequest, false);
19871
+ }, silentRequest, this.apiId, false);
19832
19872
  }
19833
19873
  catch (e) {
19834
19874
  if (e instanceof AuthError) {
@@ -19941,7 +19981,7 @@ class StandardController {
19941
19981
  };
19942
19982
  this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
19943
19983
  // Initialize the token cache
19944
- this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto);
19984
+ this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto, this.performanceClient);
19945
19985
  this.activeSilentTokenRequests = new Map();
19946
19986
  // Register listener functions
19947
19987
  this.trackPageVisibility = this.trackPageVisibility.bind(this);
@@ -19992,7 +20032,7 @@ class StandardController {
19992
20032
  if (allowPlatformBroker) {
19993
20033
  try {
19994
20034
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
19995
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, initCorrelationId, this.config.system.nativeBrokerHandshakeTimeout);
20035
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, initCorrelationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.system.allowPlatformBrokerWithDOM);
19996
20036
  }
19997
20037
  catch (e) {
19998
20038
  this.logger.verbose(e);
@@ -20771,7 +20811,7 @@ class StandardController {
20771
20811
  this.logger.verbose("hydrateCache called");
20772
20812
  // Account gets saved to browser storage regardless of native or not
20773
20813
  const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost);
20774
- await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims));
20814
+ await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims), ApiId.hydrateCache);
20775
20815
  if (result.fromNativeBroker) {
20776
20816
  this.logger.verbose("Response was from native broker, storing in-memory");
20777
20817
  // Tokens from native broker are stored in-memory