@azure/msal-browser 4.26.2 → 4.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (400) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +11 -25
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  11. package/dist/cache/AccountManager.mjs +1 -1
  12. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  13. package/dist/cache/BrowserCacheManager.d.ts +3 -3
  14. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  15. package/dist/cache/BrowserCacheManager.mjs +10 -6
  16. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  17. package/dist/cache/CacheHelpers.mjs +1 -1
  18. package/dist/cache/CacheKeys.mjs +2 -3
  19. package/dist/cache/CacheKeys.mjs.map +1 -1
  20. package/dist/cache/CookieStorage.mjs +1 -1
  21. package/dist/cache/DatabaseStorage.mjs +1 -1
  22. package/dist/cache/EncryptedData.mjs +1 -1
  23. package/dist/cache/LocalStorage.mjs +1 -1
  24. package/dist/cache/MemoryStorage.mjs +1 -1
  25. package/dist/cache/SessionStorage.mjs +1 -1
  26. package/dist/cache/TokenCache.d.ts +3 -2
  27. package/dist/cache/TokenCache.d.ts.map +1 -1
  28. package/dist/cache/TokenCache.mjs +39 -29
  29. package/dist/cache/TokenCache.mjs.map +1 -1
  30. package/dist/config/Configuration.d.ts +4 -0
  31. package/dist/config/Configuration.d.ts.map +1 -1
  32. package/dist/config/Configuration.mjs +2 -1
  33. package/dist/config/Configuration.mjs.map +1 -1
  34. package/dist/controllers/ControllerFactory.mjs +1 -1
  35. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  36. package/dist/controllers/NestedAppAuthController.mjs +3 -3
  37. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  38. package/dist/controllers/StandardController.d.ts.map +1 -1
  39. package/dist/controllers/StandardController.mjs +4 -4
  40. package/dist/controllers/StandardController.mjs.map +1 -1
  41. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  42. package/dist/crypto/BrowserCrypto.mjs +1 -1
  43. package/dist/crypto/CryptoOps.mjs +1 -1
  44. package/dist/crypto/PkceGenerator.mjs +1 -1
  45. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  46. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  49. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  50. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  51. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  52. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +9 -23
  53. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  55. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts +3 -3
  57. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  58. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +10 -6
  59. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  60. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  61. package/dist/custom-auth-path/cache/CacheKeys.mjs +2 -3
  62. package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
  63. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  64. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  65. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  66. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  67. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  68. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  69. package/dist/custom-auth-path/cache/TokenCache.d.ts +3 -2
  70. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  71. package/dist/custom-auth-path/cache/TokenCache.mjs +39 -29
  72. package/dist/custom-auth-path/cache/TokenCache.mjs.map +1 -1
  73. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  74. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  75. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  76. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  77. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  78. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  79. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  80. package/dist/custom-auth-path/controllers/StandardController.mjs +4 -4
  81. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  82. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  83. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  84. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  86. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +3 -3
  125. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs.map +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +2 -2
  129. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs.map +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +2 -2
  133. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -1
  134. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  158. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +2 -2
  159. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
  160. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  184. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  185. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  186. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +6 -6
  187. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
  188. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  189. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  190. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  191. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  192. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  193. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  194. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  195. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  196. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  197. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  198. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  199. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  200. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  201. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  202. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  203. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  204. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  205. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  206. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  207. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  208. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  209. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  210. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  211. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  212. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  213. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  214. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  216. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +3 -3
  217. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  218. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  219. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  220. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  221. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +2 -2
  222. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  223. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  224. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  225. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  226. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +2 -2
  227. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs.map +1 -1
  228. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  229. package/dist/custom-auth-path/interaction_handler/InteractionHandler.d.ts +3 -2
  230. package/dist/custom-auth-path/interaction_handler/InteractionHandler.d.ts.map +1 -1
  231. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +5 -5
  232. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs.map +1 -1
  233. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  234. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  235. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  236. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  237. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  238. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  239. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  240. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  241. package/dist/custom-auth-path/protocol/Authorize.mjs +3 -3
  242. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  243. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  244. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  245. package/dist/custom-auth-path/utils/BrowserConstants.d.ts +20 -1
  246. package/dist/custom-auth-path/utils/BrowserConstants.d.ts.map +1 -1
  247. package/dist/custom-auth-path/utils/BrowserConstants.mjs +27 -3
  248. package/dist/custom-auth-path/utils/BrowserConstants.mjs.map +1 -1
  249. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  250. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  251. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  252. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  253. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  254. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  255. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  256. package/dist/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  257. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  258. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  259. package/dist/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  260. package/dist/encode/Base64Decode.mjs +1 -1
  261. package/dist/encode/Base64Encode.mjs +1 -1
  262. package/dist/error/BrowserAuthError.mjs +1 -1
  263. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  264. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  265. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  266. package/dist/error/NativeAuthError.mjs +1 -1
  267. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  268. package/dist/error/NestedAppAuthError.mjs +1 -1
  269. package/dist/event/EventHandler.mjs +1 -1
  270. package/dist/event/EventMessage.mjs +1 -1
  271. package/dist/event/EventType.mjs +1 -1
  272. package/dist/index.mjs +1 -1
  273. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  274. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  275. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  276. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +3 -3
  277. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  278. package/dist/interaction_client/PopupClient.mjs +1 -1
  279. package/dist/interaction_client/RedirectClient.mjs +1 -1
  280. package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  281. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  282. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  283. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  284. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  285. package/dist/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  286. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  287. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  288. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  289. package/dist/interaction_handler/InteractionHandler.d.ts +3 -2
  290. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  291. package/dist/interaction_handler/InteractionHandler.mjs +5 -5
  292. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  293. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  294. package/dist/naa/BridgeError.mjs +1 -1
  295. package/dist/naa/BridgeProxy.mjs +1 -1
  296. package/dist/naa/BridgeStatusCode.mjs +1 -1
  297. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  298. package/dist/navigation/NavigationClient.mjs +1 -1
  299. package/dist/network/FetchClient.mjs +1 -1
  300. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  301. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  302. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  303. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  304. package/dist/packageMetadata.d.ts +1 -1
  305. package/dist/packageMetadata.mjs +2 -2
  306. package/dist/protocol/Authorize.d.ts.map +1 -1
  307. package/dist/protocol/Authorize.mjs +3 -3
  308. package/dist/protocol/Authorize.mjs.map +1 -1
  309. package/dist/request/RequestHelpers.mjs +1 -1
  310. package/dist/response/ResponseHandler.mjs +1 -1
  311. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  312. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  313. package/dist/utils/BrowserConstants.d.ts +20 -1
  314. package/dist/utils/BrowserConstants.d.ts.map +1 -1
  315. package/dist/utils/BrowserConstants.mjs +27 -3
  316. package/dist/utils/BrowserConstants.mjs.map +1 -1
  317. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  318. package/dist/utils/BrowserUtils.mjs +1 -1
  319. package/dist/utils/Helpers.mjs +1 -1
  320. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  321. package/lib/custom-auth-path/msal-custom-auth.cjs +201 -161
  322. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  323. package/lib/custom-auth-path/msal-custom-auth.js +22608 -0
  324. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -0
  325. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  326. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  327. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts +3 -3
  328. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  329. package/lib/custom-auth-path/types/cache/TokenCache.d.ts +3 -2
  330. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  331. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  332. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  333. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  334. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  335. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  336. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  337. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  338. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  339. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  340. package/lib/custom-auth-path/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  341. package/lib/custom-auth-path/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  342. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  343. package/lib/custom-auth-path/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  344. package/lib/custom-auth-path/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  345. package/lib/custom-auth-path/types/interaction_handler/InteractionHandler.d.ts +3 -2
  346. package/lib/custom-auth-path/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  347. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  348. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/utils/BrowserConstants.d.ts +20 -1
  350. package/lib/custom-auth-path/types/utils/BrowserConstants.d.ts.map +1 -1
  351. package/lib/msal-browser.cjs +201 -156
  352. package/lib/msal-browser.cjs.map +1 -1
  353. package/lib/msal-browser.js +201 -156
  354. package/lib/msal-browser.js.map +1 -1
  355. package/lib/msal-browser.min.js +66 -66
  356. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +2 -8
  357. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  358. package/lib/types/cache/BrowserCacheManager.d.ts +3 -3
  359. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  360. package/lib/types/cache/TokenCache.d.ts +3 -2
  361. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  362. package/lib/types/config/Configuration.d.ts +4 -0
  363. package/lib/types/config/Configuration.d.ts.map +1 -1
  364. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  365. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  366. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  367. package/lib/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  368. package/lib/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  369. package/lib/types/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  370. package/lib/types/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  371. package/lib/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  372. package/lib/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  373. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  374. package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  375. package/lib/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  376. package/lib/types/interaction_handler/InteractionHandler.d.ts +3 -2
  377. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  378. package/lib/types/packageMetadata.d.ts +1 -1
  379. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  380. package/lib/types/utils/BrowserConstants.d.ts +20 -1
  381. package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
  382. package/package.json +2 -2
  383. package/src/broker/nativeBroker/PlatformAuthProvider.ts +21 -23
  384. package/src/cache/BrowserCacheManager.ts +16 -2
  385. package/src/cache/TokenCache.ts +122 -72
  386. package/src/config/Configuration.ts +5 -0
  387. package/src/controllers/NestedAppAuthController.ts +2 -1
  388. package/src/controllers/StandardController.ts +6 -3
  389. package/src/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.ts +4 -2
  390. package/src/custom_auth/core/interaction_client/jit/JitClient.ts +2 -1
  391. package/src/custom_auth/core/interaction_client/mfa/MfaClient.ts +2 -1
  392. package/src/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.ts +2 -1
  393. package/src/custom_auth/sign_in/interaction_client/SignInClient.ts +10 -5
  394. package/src/interaction_client/PlatformAuthInteractionClient.ts +3 -1
  395. package/src/interaction_client/SilentAuthCodeClient.ts +1 -0
  396. package/src/interaction_client/SilentRefreshClient.ts +7 -5
  397. package/src/interaction_handler/InteractionHandler.ts +10 -3
  398. package/src/packageMetadata.ts +1 -1
  399. package/src/protocol/Authorize.ts +2 -1
  400. package/src/utils/BrowserConstants.ts +27 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.26.2 2025-11-19 */
1
+ /*! @azure/msal-browser v4.28.0 2026-01-13 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -279,7 +279,7 @@ const JsonWebTokenTypes = {
279
279
  // Token renewal offset default in seconds
280
280
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
281
281
 
282
- /*! @azure/msal-common v15.13.2 2025-11-19 */
282
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
283
283
  /*
284
284
  * Copyright (c) Microsoft Corporation. All rights reserved.
285
285
  * Licensed under the MIT License.
@@ -296,7 +296,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
296
296
  unexpectedError: unexpectedError
297
297
  });
298
298
 
299
- /*! @azure/msal-common v15.13.2 2025-11-19 */
299
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
300
300
 
301
301
  /*
302
302
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -345,7 +345,7 @@ function createAuthError(code, additionalMessage) {
345
345
  : AuthErrorMessages[code]);
346
346
  }
347
347
 
348
- /*! @azure/msal-common v15.13.2 2025-11-19 */
348
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
349
349
  /*
350
350
  * Copyright (c) Microsoft Corporation. All rights reserved.
351
351
  * Licensed under the MIT License.
@@ -445,7 +445,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
445
445
  userTimeoutReached: userTimeoutReached
446
446
  });
447
447
 
448
- /*! @azure/msal-common v15.13.2 2025-11-19 */
448
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
449
449
 
450
450
  /*
451
451
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -702,7 +702,7 @@ function createClientAuthError(errorCode, additionalMessage) {
702
702
  return new ClientAuthError(errorCode, additionalMessage);
703
703
  }
704
704
 
705
- /*! @azure/msal-common v15.13.2 2025-11-19 */
705
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
706
706
 
707
707
  /*
708
708
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -741,7 +741,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
741
741
  },
742
742
  };
743
743
 
744
- /*! @azure/msal-common v15.13.2 2025-11-19 */
744
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
745
745
 
746
746
  /*
747
747
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -932,12 +932,12 @@ class Logger {
932
932
  }
933
933
  }
934
934
 
935
- /*! @azure/msal-common v15.13.2 2025-11-19 */
935
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
936
936
  /* eslint-disable header/header */
937
937
  const name$1 = "@azure/msal-common";
938
- const version$1 = "15.13.2";
938
+ const version$1 = "15.14.0";
939
939
 
940
- /*! @azure/msal-common v15.13.2 2025-11-19 */
940
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
941
941
  /*
942
942
  * Copyright (c) Microsoft Corporation. All rights reserved.
943
943
  * Licensed under the MIT License.
@@ -957,7 +957,7 @@ const AzureCloudInstance = {
957
957
  AzureUsGovernment: "https://login.microsoftonline.us",
958
958
  };
959
959
 
960
- /*! @azure/msal-common v15.13.2 2025-11-19 */
960
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
961
961
  /*
962
962
  * Copyright (c) Microsoft Corporation. All rights reserved.
963
963
  * Licensed under the MIT License.
@@ -984,7 +984,8 @@ const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
984
984
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
985
985
  const authorityMismatch = "authority_mismatch";
986
986
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
987
- const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
987
+ const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
988
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
988
989
 
989
990
  var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
990
991
  __proto__: null,
@@ -1000,6 +1001,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
1000
1001
  invalidClaims: invalidClaims,
1001
1002
  invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
1002
1003
  invalidCodeChallengeMethod: invalidCodeChallengeMethod,
1004
+ invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration,
1003
1005
  invalidRequestMethodForEAR: invalidRequestMethodForEAR,
1004
1006
  logoutRequestEmpty: logoutRequestEmpty,
1005
1007
  missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
@@ -1013,7 +1015,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
1013
1015
  urlParseError: urlParseError
1014
1016
  });
1015
1017
 
1016
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1018
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1017
1019
 
1018
1020
  /*
1019
1021
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1043,6 +1045,7 @@ const ClientConfigurationErrorMessages = {
1043
1045
  [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
1044
1046
  [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
1045
1047
  [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
1048
+ [invalidPlatformBrokerConfiguration]: "Invalid platform broker configuration. `allowPlatformBrokerWithDOM` can only be enabled when `allowPlatformBroker` is enabled.",
1046
1049
  };
1047
1050
  /**
1048
1051
  * ClientConfigurationErrorMessage class containing string constants used by error codes and messages.
@@ -1141,6 +1144,10 @@ const ClientConfigurationErrorMessage = {
1141
1144
  code: invalidRequestMethodForEAR,
1142
1145
  desc: ClientConfigurationErrorMessages[invalidRequestMethodForEAR],
1143
1146
  },
1147
+ invalidPlatformBrokerConfiguration: {
1148
+ code: invalidPlatformBrokerConfiguration,
1149
+ desc: ClientConfigurationErrorMessages[invalidPlatformBrokerConfiguration],
1150
+ },
1144
1151
  };
1145
1152
  /**
1146
1153
  * Error thrown when there is an error in configuration of the MSAL.js library.
@@ -1156,7 +1163,7 @@ function createClientConfigurationError(errorCode) {
1156
1163
  return new ClientConfigurationError(errorCode);
1157
1164
  }
1158
1165
 
1159
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1166
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1160
1167
  /*
1161
1168
  * Copyright (c) Microsoft Corporation. All rights reserved.
1162
1169
  * Licensed under the MIT License.
@@ -1253,7 +1260,7 @@ class StringUtils {
1253
1260
  }
1254
1261
  }
1255
1262
 
1256
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1263
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1257
1264
 
1258
1265
  /*
1259
1266
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1448,7 +1455,7 @@ class ScopeSet {
1448
1455
  }
1449
1456
  }
1450
1457
 
1451
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1458
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1452
1459
 
1453
1460
  /*
1454
1461
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1488,7 +1495,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1488
1495
  };
1489
1496
  }
1490
1497
 
1491
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1498
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1492
1499
  /*
1493
1500
  * Copyright (c) Microsoft Corporation. All rights reserved.
1494
1501
  * Licensed under the MIT License.
@@ -1570,7 +1577,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1570
1577
  return updatedAccountInfo;
1571
1578
  }
1572
1579
 
1573
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1580
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1574
1581
  /*
1575
1582
  * Copyright (c) Microsoft Corporation. All rights reserved.
1576
1583
  * Licensed under the MIT License.
@@ -1585,7 +1592,7 @@ const AuthorityType = {
1585
1592
  Ciam: 3,
1586
1593
  };
1587
1594
 
1588
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1595
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1589
1596
  /*
1590
1597
  * Copyright (c) Microsoft Corporation. All rights reserved.
1591
1598
  * Licensed under the MIT License.
@@ -1607,7 +1614,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
1607
1614
  return null;
1608
1615
  }
1609
1616
 
1610
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1617
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1611
1618
  /*
1612
1619
  * Copyright (c) Microsoft Corporation. All rights reserved.
1613
1620
  * Licensed under the MIT License.
@@ -1631,7 +1638,7 @@ const ProtocolMode = {
1631
1638
  EAR: "EAR",
1632
1639
  };
1633
1640
 
1634
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1641
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1635
1642
 
1636
1643
  /*
1637
1644
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1852,7 +1859,7 @@ class AccountEntity {
1852
1859
  }
1853
1860
  }
1854
1861
 
1855
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1862
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1856
1863
 
1857
1864
  /*
1858
1865
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1933,7 +1940,7 @@ function checkMaxAge(authTime, maxAge) {
1933
1940
  }
1934
1941
  }
1935
1942
 
1936
- /*! @azure/msal-common v15.13.2 2025-11-19 */
1943
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
1937
1944
 
1938
1945
  /*
1939
1946
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2049,7 +2056,7 @@ function normalizeUrlForComparison(url) {
2049
2056
  }
2050
2057
  }
2051
2058
 
2052
- /*! @azure/msal-common v15.13.2 2025-11-19 */
2059
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
2053
2060
 
2054
2061
  /*
2055
2062
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2213,7 +2220,7 @@ class UrlString {
2213
2220
  }
2214
2221
  }
2215
2222
 
2216
- /*! @azure/msal-common v15.13.2 2025-11-19 */
2223
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
2217
2224
 
2218
2225
  /*
2219
2226
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2352,7 +2359,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2352
2359
  return null;
2353
2360
  }
2354
2361
 
2355
- /*! @azure/msal-common v15.13.2 2025-11-19 */
2362
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
2356
2363
  /*
2357
2364
  * Copyright (c) Microsoft Corporation. All rights reserved.
2358
2365
  * Licensed under the MIT License.
@@ -2360,7 +2367,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2360
2367
  const cacheQuotaExceeded = "cache_quota_exceeded";
2361
2368
  const cacheErrorUnknown = "cache_error_unknown";
2362
2369
 
2363
- /*! @azure/msal-common v15.13.2 2025-11-19 */
2370
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
2364
2371
 
2365
2372
  /*
2366
2373
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2405,7 +2412,7 @@ function createCacheError(e) {
2405
2412
  }
2406
2413
  }
2407
2414
 
2408
- /*! @azure/msal-common v15.13.2 2025-11-19 */
2415
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
2409
2416
 
2410
2417
  /*
2411
2418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2575,15 +2582,16 @@ class CacheManager {
2575
2582
  * @param cacheRecord {CacheRecord}
2576
2583
  * @param correlationId {?string} correlation id
2577
2584
  * @param kmsi - Keep Me Signed In
2585
+ * @param apiId - API identifier for telemetry tracking
2578
2586
  * @param storeInCache {?StoreInCache}
2579
2587
  */
2580
- async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
2588
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache) {
2581
2589
  if (!cacheRecord) {
2582
2590
  throw createClientAuthError(invalidCacheRecord);
2583
2591
  }
2584
2592
  try {
2585
2593
  if (!!cacheRecord.account) {
2586
- await this.setAccount(cacheRecord.account, correlationId, kmsi);
2594
+ await this.setAccount(cacheRecord.account, correlationId, kmsi, apiId);
2587
2595
  }
2588
2596
  if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {
2589
2597
  await this.setIdTokenCredential(cacheRecord.idToken, correlationId, kmsi);
@@ -3515,7 +3523,7 @@ class DefaultStorageClass extends CacheManager {
3515
3523
  }
3516
3524
  }
3517
3525
 
3518
- /*! @azure/msal-common v15.13.2 2025-11-19 */
3526
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
3519
3527
  /*
3520
3528
  * Copyright (c) Microsoft Corporation. All rights reserved.
3521
3529
  * Licensed under the MIT License.
@@ -3772,6 +3780,11 @@ const PerformanceEvents = {
3772
3780
  Decrypt: "decrypt",
3773
3781
  GenerateEarKey: "generateEarKey",
3774
3782
  DecryptEarResponse: "decryptEarResponse",
3783
+ LoadExternalTokens: "LoadExternalTokens",
3784
+ LoadAccount: "loadAccount",
3785
+ LoadIdToken: "loadIdToken",
3786
+ LoadAccessToken: "loadAccessToken",
3787
+ LoadRefreshToken: "loadRefreshToken",
3775
3788
  };
3776
3789
  const PerformanceEventAbbreviations = new Map([
3777
3790
  [PerformanceEvents.AcquireTokenByCode, "ATByCode"],
@@ -4037,7 +4050,7 @@ const IntFields = new Set([
4037
4050
  "upgradedCacheCount",
4038
4051
  ]);
4039
4052
 
4040
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4053
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4041
4054
 
4042
4055
  /*
4043
4056
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4116,7 +4129,7 @@ class StubPerformanceClient {
4116
4129
  }
4117
4130
  }
4118
4131
 
4119
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4132
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4120
4133
 
4121
4134
  /*
4122
4135
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4216,7 +4229,7 @@ function isOidcProtocolMode(config) {
4216
4229
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4217
4230
  }
4218
4231
 
4219
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4232
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4220
4233
  /*
4221
4234
  * Copyright (c) Microsoft Corporation. All rights reserved.
4222
4235
  * Licensed under the MIT License.
@@ -4226,7 +4239,7 @@ const CcsCredentialType = {
4226
4239
  UPN: "UPN",
4227
4240
  };
4228
4241
 
4229
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4242
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4230
4243
  /*
4231
4244
  * Copyright (c) Microsoft Corporation. All rights reserved.
4232
4245
  * Licensed under the MIT License.
@@ -4276,7 +4289,7 @@ const INSTANCE_AWARE = "instance_aware";
4276
4289
  const EAR_JWK = "ear_jwk";
4277
4290
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4278
4291
 
4279
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4292
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4280
4293
 
4281
4294
  /*
4282
4295
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4656,7 +4669,7 @@ function addPostBodyParameters(parameters, bodyParameters) {
4656
4669
  });
4657
4670
  }
4658
4671
 
4659
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4672
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4660
4673
  /*
4661
4674
  * Copyright (c) Microsoft Corporation. All rights reserved.
4662
4675
  * Licensed under the MIT License.
@@ -4668,7 +4681,7 @@ function isOpenIdConfigResponse(response) {
4668
4681
  response.hasOwnProperty("jwks_uri"));
4669
4682
  }
4670
4683
 
4671
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4684
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4672
4685
  /*
4673
4686
  * Copyright (c) Microsoft Corporation. All rights reserved.
4674
4687
  * Licensed under the MIT License.
@@ -4678,7 +4691,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4678
4691
  response.hasOwnProperty("metadata"));
4679
4692
  }
4680
4693
 
4681
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4694
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4682
4695
  /*
4683
4696
  * Copyright (c) Microsoft Corporation. All rights reserved.
4684
4697
  * Licensed under the MIT License.
@@ -4688,7 +4701,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4688
4701
  response.hasOwnProperty("error_description"));
4689
4702
  }
4690
4703
 
4691
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4704
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4692
4705
  /*
4693
4706
  * Copyright (c) Microsoft Corporation. All rights reserved.
4694
4707
  * Licensed under the MIT License.
@@ -4784,7 +4797,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4784
4797
  };
4785
4798
  };
4786
4799
 
4787
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4800
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4788
4801
 
4789
4802
  /*
4790
4803
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4890,7 +4903,7 @@ RegionDiscovery.IMDS_OPTIONS = {
4890
4903
  },
4891
4904
  };
4892
4905
 
4893
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4906
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4894
4907
  /*
4895
4908
  * Copyright (c) Microsoft Corporation. All rights reserved.
4896
4909
  * Licensed under the MIT License.
@@ -4955,7 +4968,7 @@ function wasClockTurnedBack(cachedAt) {
4955
4968
  return cachedAtSec > nowSeconds();
4956
4969
  }
4957
4970
 
4958
- /*! @azure/msal-common v15.13.2 2025-11-19 */
4971
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
4959
4972
 
4960
4973
  /*
4961
4974
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5217,7 +5230,7 @@ function isAuthorityMetadataExpired(metadata) {
5217
5230
  return metadata.expiresAt <= nowSeconds();
5218
5231
  }
5219
5232
 
5220
- /*! @azure/msal-common v15.13.2 2025-11-19 */
5233
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
5221
5234
 
5222
5235
  /*
5223
5236
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6056,7 +6069,7 @@ function buildStaticAuthorityOptions(authOptions) {
6056
6069
  };
6057
6070
  }
6058
6071
 
6059
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6072
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6060
6073
 
6061
6074
  /*
6062
6075
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6087,7 +6100,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6087
6100
  }
6088
6101
  }
6089
6102
 
6090
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6103
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6091
6104
 
6092
6105
  /*
6093
6106
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6106,7 +6119,7 @@ class ServerError extends AuthError {
6106
6119
  }
6107
6120
  }
6108
6121
 
6109
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6122
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6110
6123
  /*
6111
6124
  * Copyright (c) Microsoft Corporation. All rights reserved.
6112
6125
  * Licensed under the MIT License.
@@ -6127,7 +6140,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
6127
6140
  };
6128
6141
  }
6129
6142
 
6130
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6143
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6131
6144
 
6132
6145
  /*
6133
6146
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6214,7 +6227,7 @@ class ThrottlingUtils {
6214
6227
  }
6215
6228
  }
6216
6229
 
6217
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6230
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6218
6231
 
6219
6232
  /*
6220
6233
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6245,7 +6258,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
6245
6258
  return new NetworkError(error, httpStatus, responseHeaders);
6246
6259
  }
6247
6260
 
6248
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6261
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6249
6262
 
6250
6263
  /*
6251
6264
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6393,7 +6406,7 @@ class BaseClient {
6393
6406
  }
6394
6407
  }
6395
6408
 
6396
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6409
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6397
6410
  /*
6398
6411
  * Copyright (c) Microsoft Corporation. All rights reserved.
6399
6412
  * Licensed under the MIT License.
@@ -6421,7 +6434,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
6421
6434
  uxNotAllowed: uxNotAllowed
6422
6435
  });
6423
6436
 
6424
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6437
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6425
6438
 
6426
6439
  /*
6427
6440
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6511,7 +6524,7 @@ function createInteractionRequiredAuthError(errorCode) {
6511
6524
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
6512
6525
  }
6513
6526
 
6514
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6527
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6515
6528
 
6516
6529
  /*
6517
6530
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6583,7 +6596,7 @@ class ProtocolUtils {
6583
6596
  }
6584
6597
  }
6585
6598
 
6586
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6599
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6587
6600
 
6588
6601
  /*
6589
6602
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6665,7 +6678,7 @@ class PopTokenGenerator {
6665
6678
  }
6666
6679
  }
6667
6680
 
6668
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6681
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6669
6682
  /*
6670
6683
  * Copyright (c) Microsoft Corporation. All rights reserved.
6671
6684
  * Licensed under the MIT License.
@@ -6692,7 +6705,7 @@ class PopTokenGenerator {
6692
6705
  }
6693
6706
  }
6694
6707
 
6695
- /*! @azure/msal-common v15.13.2 2025-11-19 */
6708
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
6696
6709
 
6697
6710
  /*
6698
6711
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6756,7 +6769,7 @@ class ResponseHandler {
6756
6769
  * @param serverTokenResponse
6757
6770
  * @param authority
6758
6771
  */
6759
- async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
6772
+ async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, apiId, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
6760
6773
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id);
6761
6774
  // create an idToken object (not entity)
6762
6775
  let idTokenClaims;
@@ -6811,7 +6824,7 @@ class ResponseHandler {
6811
6824
  return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
6812
6825
  }
6813
6826
  }
6814
- await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), request.storeInCache);
6827
+ await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), apiId, request.storeInCache);
6815
6828
  }
6816
6829
  finally {
6817
6830
  if (this.persistencePlugin &&
@@ -6881,6 +6894,9 @@ class ResponseHandler {
6881
6894
  ? parseInt(serverTokenResponse.refresh_token_expires_in, 10)
6882
6895
  : serverTokenResponse.refresh_token_expires_in;
6883
6896
  rtExpiresOn = reqTimestamp + rtExpiresIn;
6897
+ this.performanceClient?.addFields({
6898
+ ntwkRtExpiresOnSeconds: rtExpiresOn,
6899
+ }, request.correlationId);
6884
6900
  }
6885
6901
  cachedRefreshToken = createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token, this.clientId, serverTokenResponse.foci, userAssertionHash, rtExpiresOn);
6886
6902
  }
@@ -7023,7 +7039,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
7023
7039
  return baseAccount;
7024
7040
  }
7025
7041
 
7026
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7042
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7027
7043
  /*
7028
7044
  * Copyright (c) Microsoft Corporation. All rights reserved.
7029
7045
  * Licensed under the MIT License.
@@ -7041,7 +7057,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
7041
7057
  }
7042
7058
  }
7043
7059
 
7044
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7060
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7045
7061
 
7046
7062
  /*
7047
7063
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7063,8 +7079,9 @@ class AuthorizationCodeClient extends BaseClient {
7063
7079
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
7064
7080
  * authorization_code_grant
7065
7081
  * @param request
7082
+ * @param apiId - API identifier for telemetry tracking
7066
7083
  */
7067
- async acquireToken(request, authCodePayload) {
7084
+ async acquireToken(request, apiId, authCodePayload) {
7068
7085
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientAcquireToken, request.correlationId);
7069
7086
  if (!request.code) {
7070
7087
  throw createClientAuthError(requestCannotBeMade);
@@ -7076,7 +7093,7 @@ class AuthorizationCodeClient extends BaseClient {
7076
7093
  const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin, this.performanceClient);
7077
7094
  // Validate response. This function throws a server error if an error is returned by the server.
7078
7095
  responseHandler.validateTokenResponse(response.body);
7079
- return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);
7096
+ return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, apiId, authCodePayload, undefined, undefined, undefined, requestId);
7080
7097
  }
7081
7098
  /**
7082
7099
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
@@ -7276,7 +7293,7 @@ class AuthorizationCodeClient extends BaseClient {
7276
7293
  }
7277
7294
  }
7278
7295
 
7279
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7296
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7280
7297
 
7281
7298
  /*
7282
7299
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7291,7 +7308,7 @@ class RefreshTokenClient extends BaseClient {
7291
7308
  constructor(configuration, performanceClient) {
7292
7309
  super(configuration, performanceClient);
7293
7310
  }
7294
- async acquireToken(request) {
7311
+ async acquireToken(request, apiId) {
7295
7312
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireToken, request.correlationId);
7296
7313
  const reqTimestamp = nowSeconds();
7297
7314
  const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.RefreshTokenClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(request, this.authority);
@@ -7299,13 +7316,13 @@ class RefreshTokenClient extends BaseClient {
7299
7316
  const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID];
7300
7317
  const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin);
7301
7318
  responseHandler.validateTokenResponse(response.body);
7302
- return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, undefined, undefined, true, request.forceCache, requestId);
7319
+ return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, apiId, undefined, undefined, true, request.forceCache, requestId);
7303
7320
  }
7304
7321
  /**
7305
7322
  * Gets cached refresh token and attaches to request, then calls acquireToken API
7306
7323
  * @param request
7307
7324
  */
7308
- async acquireTokenByRefreshToken(request) {
7325
+ async acquireTokenByRefreshToken(request, apiId) {
7309
7326
  // Cannot renew token if no request object is given.
7310
7327
  if (!request) {
7311
7328
  throw createClientConfigurationError(tokenRequestEmpty);
@@ -7320,7 +7337,7 @@ class RefreshTokenClient extends BaseClient {
7320
7337
  // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest
7321
7338
  if (isFOCI) {
7322
7339
  try {
7323
- return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true);
7340
+ return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true, apiId);
7324
7341
  }
7325
7342
  catch (e) {
7326
7343
  const noFamilyRTInCache = e instanceof InteractionRequiredAuthError &&
@@ -7331,7 +7348,7 @@ class RefreshTokenClient extends BaseClient {
7331
7348
  e.subError === Errors.CLIENT_MISMATCH_ERROR;
7332
7349
  // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART)
7333
7350
  if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) {
7334
- return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);
7351
+ return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false, apiId);
7335
7352
  // throw in all other cases
7336
7353
  }
7337
7354
  else {
@@ -7340,26 +7357,30 @@ class RefreshTokenClient extends BaseClient {
7340
7357
  }
7341
7358
  }
7342
7359
  // fall back to application refresh token acquisition
7343
- return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);
7360
+ return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false, apiId);
7344
7361
  }
7345
7362
  /**
7346
7363
  * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached
7347
7364
  * @param request
7348
7365
  */
7349
- async acquireTokenWithCachedRefreshToken(request, foci) {
7366
+ async acquireTokenWithCachedRefreshToken(request, foci, apiId) {
7350
7367
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);
7351
7368
  // fetches family RT or application RT based on FOCI value
7352
7369
  const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, request.correlationId, undefined, this.performanceClient);
7353
7370
  if (!refreshToken) {
7354
7371
  throw createInteractionRequiredAuthError(noTokensFound);
7355
7372
  }
7356
- if (refreshToken.expiresOn &&
7357
- isTokenExpired(refreshToken.expiresOn, request.refreshTokenExpirationOffsetSeconds ||
7358
- DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS)) {
7359
- this.performanceClient?.addFields({ rtExpiresOnMs: Number(refreshToken.expiresOn) }, request.correlationId);
7360
- throw createInteractionRequiredAuthError(refreshTokenExpired);
7373
+ if (refreshToken.expiresOn) {
7374
+ const offset = request.refreshTokenExpirationOffsetSeconds ||
7375
+ DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS;
7376
+ this.performanceClient?.addFields({
7377
+ cacheRtExpiresOnSeconds: Number(refreshToken.expiresOn),
7378
+ rtOffsetSeconds: offset,
7379
+ }, request.correlationId);
7380
+ if (isTokenExpired(refreshToken.expiresOn, offset)) {
7381
+ throw createInteractionRequiredAuthError(refreshTokenExpired);
7382
+ }
7361
7383
  }
7362
- // attach cached RT size to the current measurement
7363
7384
  const refreshTokenRequest = {
7364
7385
  ...request,
7365
7386
  refreshToken: refreshToken.secret,
@@ -7370,11 +7391,10 @@ class RefreshTokenClient extends BaseClient {
7370
7391
  },
7371
7392
  };
7372
7393
  try {
7373
- return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest);
7394
+ return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest, apiId);
7374
7395
  }
7375
7396
  catch (e) {
7376
7397
  if (e instanceof InteractionRequiredAuthError) {
7377
- this.performanceClient?.addFields({ rtExpiresOnMs: Number(refreshToken.expiresOn) }, request.correlationId);
7378
7398
  if (e.subError === badToken) {
7379
7399
  // Remove bad refresh token from cache
7380
7400
  this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");
@@ -7485,7 +7505,7 @@ class RefreshTokenClient extends BaseClient {
7485
7505
  }
7486
7506
  }
7487
7507
 
7488
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7508
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7489
7509
 
7490
7510
  /*
7491
7511
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7583,7 +7603,7 @@ class SilentFlowClient extends BaseClient {
7583
7603
  }
7584
7604
  }
7585
7605
 
7586
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7606
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7587
7607
 
7588
7608
  /*
7589
7609
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7598,7 +7618,7 @@ const StubbedNetworkModule = {
7598
7618
  },
7599
7619
  };
7600
7620
 
7601
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7621
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7602
7622
 
7603
7623
  /*
7604
7624
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7822,7 +7842,7 @@ function extractLoginHint(account) {
7822
7842
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7823
7843
  }
7824
7844
 
7825
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7845
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7826
7846
 
7827
7847
  /*
7828
7848
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7880,7 +7900,7 @@ class AuthenticationHeaderParser {
7880
7900
  }
7881
7901
  }
7882
7902
 
7883
- /*! @azure/msal-common v15.13.2 2025-11-19 */
7903
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
7884
7904
 
7885
7905
  /*
7886
7906
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8143,7 +8163,7 @@ class ServerTelemetryManager {
8143
8163
  }
8144
8164
  }
8145
8165
 
8146
- /*! @azure/msal-common v15.13.2 2025-11-19 */
8166
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
8147
8167
  /*
8148
8168
  * Copyright (c) Microsoft Corporation. All rights reserved.
8149
8169
  * Licensed under the MIT License.
@@ -8151,7 +8171,7 @@ class ServerTelemetryManager {
8151
8171
  const missingKidError = "missing_kid_error";
8152
8172
  const missingAlgError = "missing_alg_error";
8153
8173
 
8154
- /*! @azure/msal-common v15.13.2 2025-11-19 */
8174
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
8155
8175
 
8156
8176
  /*
8157
8177
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8176,7 +8196,7 @@ function createJoseHeaderError(code) {
8176
8196
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
8177
8197
  }
8178
8198
 
8179
- /*! @azure/msal-common v15.13.2 2025-11-19 */
8199
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
8180
8200
 
8181
8201
  /*
8182
8202
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8216,7 +8236,7 @@ class JoseHeader {
8216
8236
  }
8217
8237
  }
8218
8238
 
8219
- /*! @azure/msal-common v15.13.2 2025-11-19 */
8239
+ /*! @azure/msal-common v15.14.0 2026-01-13 */
8220
8240
 
8221
8241
  /*
8222
8242
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9304,9 +9324,9 @@ const InMemoryCacheKeys = {
9304
9324
  };
9305
9325
  /**
9306
9326
  * API Codes for Telemetry purposes.
9307
- * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs
9308
9327
  * 0-99 Silent Flow
9309
9328
  * 800-899 Auth Code Flow
9329
+ * 900-999 Miscellaneous
9310
9330
  */
9311
9331
  const ApiId = {
9312
9332
  acquireTokenRedirect: 861,
@@ -9318,6 +9338,30 @@ const ApiId = {
9318
9338
  acquireTokenSilent_silentFlow: 61,
9319
9339
  logout: 961,
9320
9340
  logoutPopup: 962,
9341
+ hydrateCache: 963,
9342
+ loadExternalTokens: 964,
9343
+ };
9344
+ /**
9345
+ * API Names for Telemetry purposes.
9346
+ */
9347
+ const ApiName = {
9348
+ 861: "acquireTokenRedirect",
9349
+ 862: "acquireTokenPopup",
9350
+ 863: "ssoSilent",
9351
+ 864: "acquireTokenSilent_authCode",
9352
+ 865: "handleRedirectPromise",
9353
+ 866: "acquireTokenByCode",
9354
+ 61: "acquireTokenSilent_silentFlow",
9355
+ 961: "logout",
9356
+ 962: "logoutPopup",
9357
+ 963: "hydrateCache",
9358
+ 964: "loadExternalTokens",
9359
+ };
9360
+ const apiIdToName = (id) => {
9361
+ if (typeof id === "number" && id in ApiName) {
9362
+ return ApiName[id];
9363
+ }
9364
+ return "unknown";
9321
9365
  };
9322
9366
  /*
9323
9367
  * Interaction type of the API - used for state and telemetry
@@ -10286,6 +10330,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
10286
10330
  asyncPopups: false,
10287
10331
  allowRedirectInIframe: false,
10288
10332
  allowPlatformBroker: false,
10333
+ allowPlatformBrokerWithDOM: false,
10289
10334
  nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
10290
10335
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
10291
10336
  pollIntervalMilliseconds: BrowserConstants.DEFAULT_POLL_INTERVAL_MS,
@@ -10332,7 +10377,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
10332
10377
 
10333
10378
  /* eslint-disable header/header */
10334
10379
  const name = "@azure/msal-browser";
10335
- const version = "4.26.2";
10380
+ const version = "4.28.0";
10336
10381
 
10337
10382
  /*
10338
10383
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10346,7 +10391,6 @@ const ACCOUNT_SCHEMA_VERSION = 2;
10346
10391
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
10347
10392
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
10348
10393
  const BROWSER_PERF_ENABLED_KEY = `${PREFIX}.${BROWSER_PREFIX}.performance.enabled`;
10349
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
10350
10394
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
10351
10395
  const ACCOUNT_KEYS = "account.keys";
10352
10396
  const TOKEN_KEYS = "token.keys";
@@ -12353,17 +12397,21 @@ class BrowserCacheManager extends CacheManager {
12353
12397
  if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) {
12354
12398
  return null;
12355
12399
  }
12400
+ this.performanceClient.addFields({
12401
+ accountCachedBy: apiIdToName(parsedAccount.cachedByApiId),
12402
+ }, correlationId);
12356
12403
  return CacheManager.toObject(new AccountEntity(), parsedAccount);
12357
12404
  }
12358
12405
  /**
12359
12406
  * set account entity in the platform cache
12360
12407
  * @param account
12361
12408
  */
12362
- async setAccount(account, correlationId, kmsi) {
12409
+ async setAccount(account, correlationId, kmsi, apiId) {
12363
12410
  this.logger.trace("BrowserCacheManager.setAccount called");
12364
12411
  const key = this.generateAccountKey(AccountEntity.getAccountInfo(account));
12365
12412
  const timestamp = Date.now().toString();
12366
12413
  account.lastUpdatedAt = timestamp;
12414
+ account.cachedByApiId = apiId;
12367
12415
  await this.setUserData(key, JSON.stringify(account), correlationId, timestamp, kmsi);
12368
12416
  const wasAdded = this.addAccountKeyToMap(key, correlationId);
12369
12417
  this.performanceClient.addFields({ kmsi: kmsi }, correlationId);
@@ -13143,7 +13191,7 @@ class BrowserCacheManager extends CacheManager {
13143
13191
  idToken: idTokenEntity,
13144
13192
  accessToken: accessTokenEntity,
13145
13193
  };
13146
- return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)));
13194
+ return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)), ApiId.hydrateCache);
13147
13195
  }
13148
13196
  /**
13149
13197
  * saves a cache record
@@ -13151,9 +13199,9 @@ class BrowserCacheManager extends CacheManager {
13151
13199
  * @param storeInCache {?StoreInCache}
13152
13200
  * @param correlationId {?string} correlation id
13153
13201
  */
13154
- async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
13202
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache) {
13155
13203
  try {
13156
- await super.saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache);
13204
+ await super.saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache);
13157
13205
  }
13158
13206
  catch (e) {
13159
13207
  if (e instanceof CacheError &&
@@ -13912,7 +13960,7 @@ class InteractionHandler {
13912
13960
  * Function to handle response parameters from hash.
13913
13961
  * @param locationHash
13914
13962
  */
13915
- async handleCodeResponse(response, request) {
13963
+ async handleCodeResponse(response, request, apiId) {
13916
13964
  this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponse, request.correlationId);
13917
13965
  let authCodeResponse;
13918
13966
  try {
@@ -13928,7 +13976,7 @@ class InteractionHandler {
13928
13976
  throw e;
13929
13977
  }
13930
13978
  }
13931
- return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request);
13979
+ return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request, apiId);
13932
13980
  }
13933
13981
  /**
13934
13982
  * Process auth code response from AAD
@@ -13938,7 +13986,7 @@ class InteractionHandler {
13938
13986
  * @param networkModule
13939
13987
  * @returns
13940
13988
  */
13941
- async handleCodeResponseFromServer(authCodeResponse, request, validateNonce = true) {
13989
+ async handleCodeResponseFromServer(authCodeResponse, request, apiId, validateNonce = true) {
13942
13990
  this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponseFromServer, request.correlationId);
13943
13991
  this.logger.trace("InteractionHandler.handleCodeResponseFromServer called");
13944
13992
  // Assign code to request
@@ -13964,7 +14012,7 @@ class InteractionHandler {
13964
14012
  }
13965
14013
  }
13966
14014
  // Acquire token with retrieved code.
13967
- const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, authCodeResponse));
14015
+ const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, apiId, authCodeResponse));
13968
14016
  return tokenResponse;
13969
14017
  }
13970
14018
  /**
@@ -14512,7 +14560,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
14512
14560
  */
14513
14561
  async cacheAccount(accountEntity, correlationId, kmsi) {
14514
14562
  // Store the account info and hence `nativeAccountId` in browser cache
14515
- await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi);
14563
+ await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi, this.apiId);
14516
14564
  // Remove any existing cached tokens for this account in browser storage
14517
14565
  this.browserStorage.removeAccountContext(AccountEntity.getAccountInfo(accountEntity), correlationId);
14518
14566
  }
@@ -14541,7 +14589,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
14541
14589
  idToken: cachedIdToken,
14542
14590
  accessToken: cachedAccessToken,
14543
14591
  };
14544
- return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), request.storeInCache);
14592
+ return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), this.apiId, request.storeInCache);
14545
14593
  }
14546
14594
  getExpiresInValue(tokenType, expiresIn) {
14547
14595
  return tokenType === AuthenticationScheme.POP
@@ -14916,7 +14964,7 @@ async function handleResponseCode(request, response, codeVerifier, apiId, config
14916
14964
  // Create popup interaction handler.
14917
14965
  const interactionHandler = new InteractionHandler(authClient, browserStorage, authCodeRequest, logger, performanceClient);
14918
14966
  // Handle response from hash string.
14919
- const result = await invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, logger, performanceClient, request.correlationId)(response, request);
14967
+ const result = await invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, logger, performanceClient, request.correlationId)(response, request, apiId);
14920
14968
  return result;
14921
14969
  }
14922
14970
  /**
@@ -14963,7 +15011,7 @@ async function handleResponseEAR(request, response, apiId, config, authority, br
14963
15011
  cloud_instance_name: decryptedData.cloud_instance_name,
14964
15012
  msgraph_host: decryptedData.msgraph_host,
14965
15013
  };
14966
- return (await invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, logger, performanceClient, request.correlationId)(decryptedData, authority, nowSeconds(), request, additionalData, undefined, undefined, undefined, undefined));
15014
+ return (await invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, logger, performanceClient, request.correlationId)(decryptedData, authority, nowSeconds(), request, apiId, additionalData, undefined, undefined, undefined, undefined));
14967
15015
  }
14968
15016
 
14969
15017
  /*
@@ -15429,7 +15477,7 @@ class PlatformAuthDOMHandler {
15429
15477
  * @param perfClient
15430
15478
  * @returns
15431
15479
  */
15432
- async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationId) {
15480
+ async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationId, domConfig) {
15433
15481
  const logger = new Logger(loggerOptions || {}, name, version);
15434
15482
  logger.trace("isPlatformBrokerAvailable called");
15435
15483
  const performanceClient = perfClient || new StubPerformanceClient();
@@ -15437,11 +15485,10 @@ async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationI
15437
15485
  logger.trace("Non-browser environment detected, returning false");
15438
15486
  return false;
15439
15487
  }
15440
- return !!(await getPlatformAuthProvider(logger, performanceClient, correlationId || createNewGuid()));
15488
+ return !!(await getPlatformAuthProvider(logger, performanceClient, correlationId || createNewGuid(), undefined, domConfig));
15441
15489
  }
15442
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
15490
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
15443
15491
  logger.trace("getPlatformAuthProvider called", correlationId);
15444
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
15445
15492
  logger.trace("Has client allowed platform auth via DOM API: " +
15446
15493
  enablePlatformBrokerDOMSupport);
15447
15494
  let platformAuthProvider;
@@ -15466,22 +15513,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
15466
15513
  }
15467
15514
  return platformAuthProvider;
15468
15515
  }
15469
- /**
15470
- * Returns true if the DOM API support for platform auth is enabled in session storage
15471
- * @returns boolean
15472
- * @deprecated
15473
- */
15474
- function isDomEnabledForPlatformAuth() {
15475
- let sessionStorage;
15476
- try {
15477
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
15478
- // Mute errors if it's a non-browser environment or cookies are blocked.
15479
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
15480
- }
15481
- catch (e) {
15482
- return false;
15483
- }
15484
- }
15485
15516
  /**
15486
15517
  * Returns boolean indicating whether or not the request should attempt to use native broker
15487
15518
  * @param logger
@@ -15491,6 +15522,11 @@ function isDomEnabledForPlatformAuth() {
15491
15522
  */
15492
15523
  function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticationScheme) {
15493
15524
  logger.trace("isPlatformAuthAllowed called");
15525
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
15526
+ if (!config.system.allowPlatformBroker &&
15527
+ config.system.allowPlatformBrokerWithDOM) {
15528
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
15529
+ }
15494
15530
  if (!config.system.allowPlatformBroker) {
15495
15531
  logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false");
15496
15532
  // Developer disabled WAM
@@ -16789,7 +16825,7 @@ class SilentRefreshClient extends StandardInteractionClient {
16789
16825
  account: silentRequest.account,
16790
16826
  });
16791
16827
  // Send request to renew token. Auth module will throw errors if token cannot be renewed.
16792
- return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest).catch((e) => {
16828
+ return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest, ApiId.acquireTokenSilent_silentFlow).catch((e) => {
16793
16829
  e.setCorrelationId(this.correlationId);
16794
16830
  serverTelemetryManager.cacheFailedRequest(e);
16795
16831
  throw e;
@@ -16833,12 +16869,13 @@ class SilentRefreshClient extends StandardInteractionClient {
16833
16869
  * Token cache manager
16834
16870
  */
16835
16871
  class TokenCache {
16836
- constructor(configuration, storage, logger, cryptoObj) {
16872
+ constructor(configuration, storage, logger, cryptoObj, performanceClient) {
16837
16873
  this.isBrowserEnvironment = typeof window !== "undefined";
16838
16874
  this.config = configuration;
16839
16875
  this.storage = storage;
16840
16876
  this.logger = logger;
16841
16877
  this.cryptoObj = cryptoObj;
16878
+ this.performanceClient = performanceClient;
16842
16879
  }
16843
16880
  // Move getAllAccounts here and cache utility APIs
16844
16881
  /**
@@ -16853,30 +16890,38 @@ class TokenCache {
16853
16890
  throw createBrowserAuthError(nonBrowserEnvironment);
16854
16891
  }
16855
16892
  const correlationId = request.correlationId || createNewGuid();
16856
- const idTokenClaims = response.id_token
16857
- ? extractTokenClaims(response.id_token, base64Decode)
16858
- : undefined;
16859
- const kmsi = isKmsi(idTokenClaims || {});
16860
- const authorityOptions = {
16861
- protocolMode: this.config.auth.protocolMode,
16862
- knownAuthorities: this.config.auth.knownAuthorities,
16863
- cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
16864
- authorityMetadata: this.config.auth.authorityMetadata,
16865
- skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,
16866
- };
16867
- const authority = request.authority
16868
- ? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || createNewGuid())
16869
- : undefined;
16870
- const cacheRecordAccount = await this.loadAccount(request, options.clientInfo || response.client_info || "", correlationId, idTokenClaims, authority);
16871
- const idToken = await this.loadIdToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
16872
- const accessToken = await this.loadAccessToken(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
16873
- const refreshToken = await this.loadRefreshToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
16874
- return this.generateAuthenticationResult(request, {
16875
- account: cacheRecordAccount,
16876
- idToken,
16877
- accessToken,
16878
- refreshToken,
16879
- }, idTokenClaims, authority);
16893
+ const rootMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.LoadExternalTokens, correlationId);
16894
+ try {
16895
+ const idTokenClaims = response.id_token
16896
+ ? extractTokenClaims(response.id_token, base64Decode)
16897
+ : undefined;
16898
+ const kmsi = isKmsi(idTokenClaims || {});
16899
+ const authorityOptions = {
16900
+ protocolMode: this.config.auth.protocolMode,
16901
+ knownAuthorities: this.config.auth.knownAuthorities,
16902
+ cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
16903
+ authorityMetadata: this.config.auth.authorityMetadata,
16904
+ skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,
16905
+ };
16906
+ const authority = request.authority
16907
+ ? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || createNewGuid())
16908
+ : undefined;
16909
+ const cacheRecordAccount = await invokeAsync(this.loadAccount.bind(this), PerformanceEvents.LoadAccount, this.logger, this.performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, idTokenClaims, authority);
16910
+ const idToken = await invokeAsync(this.loadIdToken.bind(this), PerformanceEvents.LoadIdToken, this.logger, this.performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
16911
+ const accessToken = await invokeAsync(this.loadAccessToken.bind(this), PerformanceEvents.LoadAccessToken, this.logger, this.performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
16912
+ const refreshToken = await invokeAsync(this.loadRefreshToken.bind(this), PerformanceEvents.LoadRefreshToken, this.logger, this.performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
16913
+ rootMeasurement.end({ success: true }, undefined, AccountEntity.getAccountInfo(cacheRecordAccount));
16914
+ return this.generateAuthenticationResult(request, {
16915
+ account: cacheRecordAccount,
16916
+ idToken,
16917
+ accessToken,
16918
+ refreshToken,
16919
+ }, idTokenClaims, authority);
16920
+ }
16921
+ catch (error) {
16922
+ rootMeasurement.end({ success: false }, error);
16923
+ throw error;
16924
+ }
16880
16925
  }
16881
16926
  /**
16882
16927
  * Helper function to load account to msal-browser cache
@@ -16891,7 +16936,7 @@ class TokenCache {
16891
16936
  this.logger.verbose("TokenCache - loading account");
16892
16937
  if (request.account) {
16893
16938
  const accountEntity = AccountEntity.createFromAccountInfo(request.account);
16894
- await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}));
16939
+ await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
16895
16940
  return accountEntity;
16896
16941
  }
16897
16942
  else if (!authority || (!clientInfo && !idTokenClaims)) {
@@ -16903,7 +16948,7 @@ class TokenCache {
16903
16948
  const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.hostnameAndPort, claimsTenantId, undefined, // authCodePayload
16904
16949
  undefined, // nativeAccountId
16905
16950
  this.logger);
16906
- await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}));
16951
+ await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
16907
16952
  return cachedAccount;
16908
16953
  }
16909
16954
  /**
@@ -17079,7 +17124,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
17079
17124
  msgraph_host: request.msGraphHost,
17080
17125
  cloud_graph_host_name: request.cloudGraphHostName,
17081
17126
  cloud_instance_host_name: request.cloudInstanceHostName,
17082
- }, silentRequest, false);
17127
+ }, silentRequest, this.apiId, false);
17083
17128
  }
17084
17129
  catch (e) {
17085
17130
  if (e instanceof AuthError) {
@@ -17192,7 +17237,7 @@ class StandardController {
17192
17237
  };
17193
17238
  this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
17194
17239
  // Initialize the token cache
17195
- this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto);
17240
+ this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto, this.performanceClient);
17196
17241
  this.activeSilentTokenRequests = new Map();
17197
17242
  // Register listener functions
17198
17243
  this.trackPageVisibility = this.trackPageVisibility.bind(this);
@@ -17243,7 +17288,7 @@ class StandardController {
17243
17288
  if (allowPlatformBroker) {
17244
17289
  try {
17245
17290
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
17246
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, initCorrelationId, this.config.system.nativeBrokerHandshakeTimeout);
17291
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, initCorrelationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.system.allowPlatformBrokerWithDOM);
17247
17292
  }
17248
17293
  catch (e) {
17249
17294
  this.logger.verbose(e);
@@ -18022,7 +18067,7 @@ class StandardController {
18022
18067
  this.logger.verbose("hydrateCache called");
18023
18068
  // Account gets saved to browser storage regardless of native or not
18024
18069
  const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost);
18025
- await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims));
18070
+ await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims), ApiId.hydrateCache);
18026
18071
  if (result.fromNativeBroker) {
18027
18072
  this.logger.verbose("Response was from native broker, storing in-memory");
18028
18073
  // Tokens from native broker are stored in-memory
@@ -19300,7 +19345,7 @@ class NestedAppAuthController {
19300
19345
  async hydrateCache(result, request) {
19301
19346
  this.logger.verbose("hydrateCache called");
19302
19347
  const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost);
19303
- await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims));
19348
+ await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims), ApiId.hydrateCache);
19304
19349
  return this.browserStorage.hydrateCache(result, request);
19305
19350
  }
19306
19351
  }