@azure/msal-browser 4.27.0 → 4.28.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (376) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.d.ts +3 -3
  11. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  12. package/dist/cache/BrowserCacheManager.mjs +12 -8
  13. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  14. package/dist/cache/CacheHelpers.mjs +1 -1
  15. package/dist/cache/CacheKeys.mjs +1 -1
  16. package/dist/cache/CookieStorage.mjs +1 -1
  17. package/dist/cache/DatabaseStorage.mjs +1 -1
  18. package/dist/cache/EncryptedData.mjs +1 -1
  19. package/dist/cache/LocalStorage.mjs +1 -1
  20. package/dist/cache/MemoryStorage.mjs +1 -1
  21. package/dist/cache/SessionStorage.mjs +1 -1
  22. package/dist/cache/TokenCache.d.ts +3 -2
  23. package/dist/cache/TokenCache.d.ts.map +1 -1
  24. package/dist/cache/TokenCache.mjs +50 -35
  25. package/dist/cache/TokenCache.mjs.map +1 -1
  26. package/dist/config/Configuration.mjs +1 -1
  27. package/dist/controllers/ControllerFactory.mjs +1 -1
  28. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  29. package/dist/controllers/NestedAppAuthController.mjs +3 -3
  30. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  31. package/dist/controllers/StandardController.d.ts.map +1 -1
  32. package/dist/controllers/StandardController.mjs +3 -3
  33. package/dist/controllers/StandardController.mjs.map +1 -1
  34. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  35. package/dist/crypto/BrowserCrypto.mjs +1 -1
  36. package/dist/crypto/CryptoOps.mjs +1 -1
  37. package/dist/crypto/PkceGenerator.mjs +1 -1
  38. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  39. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  40. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  44. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  45. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  46. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts +3 -3
  47. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  48. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +12 -8
  49. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  50. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  51. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  52. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  53. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  55. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/TokenCache.d.ts +3 -2
  59. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  60. package/dist/custom-auth-path/cache/TokenCache.mjs +50 -35
  61. package/dist/custom-auth-path/cache/TokenCache.mjs.map +1 -1
  62. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  63. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  64. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  65. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  66. package/dist/custom-auth-path/controllers/StandardController.mjs +3 -3
  67. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  68. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  69. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  70. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  72. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +3 -3
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs.map +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +2 -2
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs.map +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +2 -2
  119. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  144. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +2 -2
  145. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
  146. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +6 -6
  173. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  184. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  185. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  186. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  187. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  188. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  189. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  190. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  191. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  192. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  193. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  194. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  195. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  196. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  197. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  198. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  199. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  200. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  201. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  202. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +3 -3
  203. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  205. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +2 -2
  208. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  209. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  210. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  212. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +2 -2
  213. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs.map +1 -1
  214. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_handler/InteractionHandler.d.ts +3 -2
  216. package/dist/custom-auth-path/interaction_handler/InteractionHandler.d.ts.map +1 -1
  217. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +5 -5
  218. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs.map +1 -1
  219. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  220. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  221. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  222. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  223. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  224. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  225. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  226. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  227. package/dist/custom-auth-path/protocol/Authorize.mjs +3 -3
  228. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  229. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  230. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  231. package/dist/custom-auth-path/utils/BrowserConstants.d.ts +20 -1
  232. package/dist/custom-auth-path/utils/BrowserConstants.d.ts.map +1 -1
  233. package/dist/custom-auth-path/utils/BrowserConstants.mjs +27 -3
  234. package/dist/custom-auth-path/utils/BrowserConstants.mjs.map +1 -1
  235. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  236. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  237. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  238. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  239. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  240. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  241. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  242. package/dist/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  243. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  244. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  245. package/dist/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  246. package/dist/encode/Base64Decode.mjs +1 -1
  247. package/dist/encode/Base64Encode.mjs +1 -1
  248. package/dist/error/BrowserAuthError.mjs +1 -1
  249. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  250. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  251. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  252. package/dist/error/NativeAuthError.mjs +1 -1
  253. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  254. package/dist/error/NestedAppAuthError.mjs +1 -1
  255. package/dist/event/EventHandler.mjs +1 -1
  256. package/dist/event/EventMessage.mjs +1 -1
  257. package/dist/event/EventType.mjs +1 -1
  258. package/dist/index.mjs +1 -1
  259. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  260. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  261. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  262. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +3 -3
  263. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  264. package/dist/interaction_client/PopupClient.mjs +1 -1
  265. package/dist/interaction_client/RedirectClient.mjs +1 -1
  266. package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  267. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  268. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  269. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  270. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  271. package/dist/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  272. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  273. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  274. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  275. package/dist/interaction_handler/InteractionHandler.d.ts +3 -2
  276. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  277. package/dist/interaction_handler/InteractionHandler.mjs +5 -5
  278. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  279. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  280. package/dist/naa/BridgeError.mjs +1 -1
  281. package/dist/naa/BridgeProxy.mjs +1 -1
  282. package/dist/naa/BridgeStatusCode.mjs +1 -1
  283. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  284. package/dist/navigation/NavigationClient.mjs +1 -1
  285. package/dist/network/FetchClient.mjs +1 -1
  286. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  287. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  288. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  289. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  290. package/dist/packageMetadata.d.ts +1 -1
  291. package/dist/packageMetadata.mjs +2 -2
  292. package/dist/protocol/Authorize.d.ts.map +1 -1
  293. package/dist/protocol/Authorize.mjs +3 -3
  294. package/dist/protocol/Authorize.mjs.map +1 -1
  295. package/dist/request/RequestHelpers.mjs +1 -1
  296. package/dist/response/ResponseHandler.mjs +1 -1
  297. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  298. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  299. package/dist/utils/BrowserConstants.d.ts +20 -1
  300. package/dist/utils/BrowserConstants.d.ts.map +1 -1
  301. package/dist/utils/BrowserConstants.mjs +27 -3
  302. package/dist/utils/BrowserConstants.mjs.map +1 -1
  303. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  304. package/dist/utils/BrowserUtils.mjs +1 -1
  305. package/dist/utils/Helpers.mjs +1 -1
  306. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  307. package/lib/custom-auth-path/msal-custom-auth.cjs +227 -153
  308. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  309. package/lib/custom-auth-path/msal-custom-auth.js +22632 -0
  310. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -0
  311. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts +3 -3
  312. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  313. package/lib/custom-auth-path/types/cache/TokenCache.d.ts +3 -2
  314. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  315. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  316. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  317. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  318. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  319. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  320. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  321. package/lib/custom-auth-path/types/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  322. package/lib/custom-auth-path/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  323. package/lib/custom-auth-path/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  324. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  325. package/lib/custom-auth-path/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  326. package/lib/custom-auth-path/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  327. package/lib/custom-auth-path/types/interaction_handler/InteractionHandler.d.ts +3 -2
  328. package/lib/custom-auth-path/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  329. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  330. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  331. package/lib/custom-auth-path/types/utils/BrowserConstants.d.ts +20 -1
  332. package/lib/custom-auth-path/types/utils/BrowserConstants.d.ts.map +1 -1
  333. package/lib/msal-browser.cjs +220 -146
  334. package/lib/msal-browser.cjs.map +1 -1
  335. package/lib/msal-browser.js +220 -146
  336. package/lib/msal-browser.js.map +1 -1
  337. package/lib/msal-browser.min.js +63 -63
  338. package/lib/types/cache/BrowserCacheManager.d.ts +3 -3
  339. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  340. package/lib/types/cache/TokenCache.d.ts +3 -2
  341. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  342. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  343. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  344. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  345. package/lib/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts +1 -1
  346. package/lib/types/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.d.ts.map +1 -1
  347. package/lib/types/custom_auth/core/interaction_client/jit/JitClient.d.ts.map +1 -1
  348. package/lib/types/custom_auth/core/interaction_client/mfa/MfaClient.d.ts.map +1 -1
  349. package/lib/types/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.d.ts.map +1 -1
  350. package/lib/types/custom_auth/sign_in/interaction_client/SignInClient.d.ts.map +1 -1
  351. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  352. package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  353. package/lib/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  354. package/lib/types/interaction_handler/InteractionHandler.d.ts +3 -2
  355. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  356. package/lib/types/packageMetadata.d.ts +1 -1
  357. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  358. package/lib/types/utils/BrowserConstants.d.ts +20 -1
  359. package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
  360. package/package.json +2 -2
  361. package/src/cache/BrowserCacheManager.ts +19 -5
  362. package/src/cache/TokenCache.ts +142 -80
  363. package/src/controllers/NestedAppAuthController.ts +2 -1
  364. package/src/controllers/StandardController.ts +4 -2
  365. package/src/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.ts +4 -2
  366. package/src/custom_auth/core/interaction_client/jit/JitClient.ts +2 -1
  367. package/src/custom_auth/core/interaction_client/mfa/MfaClient.ts +2 -1
  368. package/src/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.ts +2 -1
  369. package/src/custom_auth/sign_in/interaction_client/SignInClient.ts +10 -5
  370. package/src/interaction_client/PlatformAuthInteractionClient.ts +3 -1
  371. package/src/interaction_client/SilentAuthCodeClient.ts +1 -0
  372. package/src/interaction_client/SilentRefreshClient.ts +7 -5
  373. package/src/interaction_handler/InteractionHandler.ts +10 -3
  374. package/src/packageMetadata.ts +1 -1
  375. package/src/protocol/Authorize.ts +2 -1
  376. package/src/utils/BrowserConstants.ts +27 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.27.0 2025-12-04 */
1
+ /*! @azure/msal-browser v4.28.1 2026-01-17 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -276,7 +276,7 @@ const JsonWebTokenTypes = {
276
276
  // Token renewal offset default in seconds
277
277
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
278
278
 
279
- /*! @azure/msal-common v15.13.3 2025-12-04 */
279
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
280
280
  /*
281
281
  * Copyright (c) Microsoft Corporation. All rights reserved.
282
282
  * Licensed under the MIT License.
@@ -287,7 +287,7 @@ const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
287
287
  const unexpectedError = "unexpected_error";
288
288
  const postRequestFailed$1 = "post_request_failed";
289
289
 
290
- /*! @azure/msal-common v15.13.3 2025-12-04 */
290
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
291
291
 
292
292
  /*
293
293
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -322,7 +322,7 @@ function createAuthError(code, additionalMessage) {
322
322
  : AuthErrorMessages[code]);
323
323
  }
324
324
 
325
- /*! @azure/msal-common v15.13.3 2025-12-04 */
325
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
328
328
  * Licensed under the MIT License.
@@ -373,7 +373,7 @@ const methodNotImplemented = "method_not_implemented";
373
373
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
374
374
  const platformBrokerError = "platform_broker_error";
375
375
 
376
- /*! @azure/msal-common v15.13.3 2025-12-04 */
376
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
377
377
 
378
378
  /*
379
379
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -448,7 +448,7 @@ function createClientAuthError(errorCode, additionalMessage) {
448
448
  return new ClientAuthError(errorCode, additionalMessage);
449
449
  }
450
450
 
451
- /*! @azure/msal-common v15.13.3 2025-12-04 */
451
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
452
452
 
453
453
  /*
454
454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -487,7 +487,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
487
487
  },
488
488
  };
489
489
 
490
- /*! @azure/msal-common v15.13.3 2025-12-04 */
490
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
491
491
 
492
492
  /*
493
493
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -678,12 +678,12 @@ class Logger {
678
678
  }
679
679
  }
680
680
 
681
- /*! @azure/msal-common v15.13.3 2025-12-04 */
681
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
682
682
  /* eslint-disable header/header */
683
683
  const name$1 = "@azure/msal-common";
684
- const version$1 = "15.13.3";
684
+ const version$1 = "15.14.1";
685
685
 
686
- /*! @azure/msal-common v15.13.3 2025-12-04 */
686
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
687
687
  /*
688
688
  * Copyright (c) Microsoft Corporation. All rights reserved.
689
689
  * Licensed under the MIT License.
@@ -692,7 +692,7 @@ const AzureCloudInstance = {
692
692
  // AzureCloudInstance is not specified.
693
693
  None: "none"};
694
694
 
695
- /*! @azure/msal-common v15.13.3 2025-12-04 */
695
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
696
696
  /*
697
697
  * Copyright (c) Microsoft Corporation. All rights reserved.
698
698
  * Licensed under the MIT License.
@@ -722,7 +722,7 @@ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
722
722
  const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
723
723
  const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
724
724
 
725
- /*! @azure/msal-common v15.13.3 2025-12-04 */
725
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
726
726
 
727
727
  /*
728
728
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -768,7 +768,7 @@ function createClientConfigurationError(errorCode) {
768
768
  return new ClientConfigurationError(errorCode);
769
769
  }
770
770
 
771
- /*! @azure/msal-common v15.13.3 2025-12-04 */
771
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
772
772
  /*
773
773
  * Copyright (c) Microsoft Corporation. All rights reserved.
774
774
  * Licensed under the MIT License.
@@ -865,7 +865,7 @@ class StringUtils {
865
865
  }
866
866
  }
867
867
 
868
- /*! @azure/msal-common v15.13.3 2025-12-04 */
868
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
869
869
 
870
870
  /*
871
871
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1060,7 +1060,7 @@ class ScopeSet {
1060
1060
  }
1061
1061
  }
1062
1062
 
1063
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1063
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1064
1064
 
1065
1065
  /*
1066
1066
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1100,7 +1100,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1100
1100
  };
1101
1101
  }
1102
1102
 
1103
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1103
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1104
1104
  /*
1105
1105
  * Copyright (c) Microsoft Corporation. All rights reserved.
1106
1106
  * Licensed under the MIT License.
@@ -1182,7 +1182,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1182
1182
  return updatedAccountInfo;
1183
1183
  }
1184
1184
 
1185
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1185
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1186
1186
  /*
1187
1187
  * Copyright (c) Microsoft Corporation. All rights reserved.
1188
1188
  * Licensed under the MIT License.
@@ -1197,7 +1197,7 @@ const AuthorityType = {
1197
1197
  Ciam: 3,
1198
1198
  };
1199
1199
 
1200
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1200
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1201
1201
  /*
1202
1202
  * Copyright (c) Microsoft Corporation. All rights reserved.
1203
1203
  * Licensed under the MIT License.
@@ -1219,7 +1219,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
1219
1219
  return null;
1220
1220
  }
1221
1221
 
1222
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1222
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1223
1223
  /*
1224
1224
  * Copyright (c) Microsoft Corporation. All rights reserved.
1225
1225
  * Licensed under the MIT License.
@@ -1243,7 +1243,7 @@ const ProtocolMode = {
1243
1243
  EAR: "EAR",
1244
1244
  };
1245
1245
 
1246
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1246
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1247
1247
 
1248
1248
  /*
1249
1249
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1277,6 +1277,13 @@ class AccountEntity {
1277
1277
  * Returns the AccountInfo interface for this account.
1278
1278
  */
1279
1279
  static getAccountInfo(accountEntity) {
1280
+ const tenantProfiles = accountEntity.tenantProfiles || [];
1281
+ // Ensure at least the home tenant profile exists
1282
+ if (tenantProfiles.length === 0 &&
1283
+ accountEntity.realm &&
1284
+ accountEntity.localAccountId) {
1285
+ tenantProfiles.push(buildTenantProfile(accountEntity.homeAccountId, accountEntity.localAccountId, accountEntity.realm));
1286
+ }
1280
1287
  return {
1281
1288
  homeAccountId: accountEntity.homeAccountId,
1282
1289
  environment: accountEntity.environment,
@@ -1288,7 +1295,7 @@ class AccountEntity {
1288
1295
  nativeAccountId: accountEntity.nativeAccountId,
1289
1296
  authorityType: accountEntity.authorityType,
1290
1297
  // Deserialize tenant profiles array into a Map
1291
- tenantProfiles: new Map((accountEntity.tenantProfiles || []).map((tenantProfile) => {
1298
+ tenantProfiles: new Map(tenantProfiles.map((tenantProfile) => {
1292
1299
  return [tenantProfile.tenantId, tenantProfile];
1293
1300
  })),
1294
1301
  dataBoundary: accountEntity.dataBoundary,
@@ -1389,7 +1396,14 @@ class AccountEntity {
1389
1396
  account.cloudGraphHostName = cloudGraphHostName;
1390
1397
  account.msGraphHost = msGraphHost;
1391
1398
  // Serialize tenant profiles map into an array
1392
- account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
1399
+ const tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
1400
+ // Ensure at least the home tenant profile exists
1401
+ if (tenantProfiles.length === 0 &&
1402
+ accountInfo.tenantId &&
1403
+ accountInfo.localAccountId) {
1404
+ tenantProfiles.push(buildTenantProfile(accountInfo.homeAccountId, accountInfo.localAccountId, accountInfo.tenantId, accountInfo.idTokenClaims));
1405
+ }
1406
+ account.tenantProfiles = tenantProfiles;
1393
1407
  account.dataBoundary = accountInfo.dataBoundary;
1394
1408
  return account;
1395
1409
  }
@@ -1464,7 +1478,7 @@ class AccountEntity {
1464
1478
  }
1465
1479
  }
1466
1480
 
1467
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1481
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1468
1482
 
1469
1483
  /*
1470
1484
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1545,7 +1559,7 @@ function checkMaxAge(authTime, maxAge) {
1545
1559
  }
1546
1560
  }
1547
1561
 
1548
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1562
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1549
1563
 
1550
1564
  /*
1551
1565
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1661,7 +1675,7 @@ function normalizeUrlForComparison(url) {
1661
1675
  }
1662
1676
  }
1663
1677
 
1664
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1678
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1665
1679
 
1666
1680
  /*
1667
1681
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1825,7 +1839,7 @@ class UrlString {
1825
1839
  }
1826
1840
  }
1827
1841
 
1828
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1842
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1829
1843
 
1830
1844
  /*
1831
1845
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1964,7 +1978,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1964
1978
  return null;
1965
1979
  }
1966
1980
 
1967
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1981
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1968
1982
  /*
1969
1983
  * Copyright (c) Microsoft Corporation. All rights reserved.
1970
1984
  * Licensed under the MIT License.
@@ -1972,7 +1986,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1972
1986
  const cacheQuotaExceeded = "cache_quota_exceeded";
1973
1987
  const cacheErrorUnknown = "cache_error_unknown";
1974
1988
 
1975
- /*! @azure/msal-common v15.13.3 2025-12-04 */
1989
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
1976
1990
 
1977
1991
  /*
1978
1992
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2017,7 +2031,7 @@ function createCacheError(e) {
2017
2031
  }
2018
2032
  }
2019
2033
 
2020
- /*! @azure/msal-common v15.13.3 2025-12-04 */
2034
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
2021
2035
 
2022
2036
  /*
2023
2037
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2187,15 +2201,16 @@ class CacheManager {
2187
2201
  * @param cacheRecord {CacheRecord}
2188
2202
  * @param correlationId {?string} correlation id
2189
2203
  * @param kmsi - Keep Me Signed In
2204
+ * @param apiId - API identifier for telemetry tracking
2190
2205
  * @param storeInCache {?StoreInCache}
2191
2206
  */
2192
- async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
2207
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache) {
2193
2208
  if (!cacheRecord) {
2194
2209
  throw createClientAuthError(invalidCacheRecord);
2195
2210
  }
2196
2211
  try {
2197
2212
  if (!!cacheRecord.account) {
2198
- await this.setAccount(cacheRecord.account, correlationId, kmsi);
2213
+ await this.setAccount(cacheRecord.account, correlationId, kmsi, apiId);
2199
2214
  }
2200
2215
  if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {
2201
2216
  await this.setIdTokenCredential(cacheRecord.idToken, correlationId, kmsi);
@@ -3126,7 +3141,7 @@ class DefaultStorageClass extends CacheManager {
3126
3141
  }
3127
3142
  }
3128
3143
 
3129
- /*! @azure/msal-common v15.13.3 2025-12-04 */
3144
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
3130
3145
  /*
3131
3146
  * Copyright (c) Microsoft Corporation. All rights reserved.
3132
3147
  * Licensed under the MIT License.
@@ -3383,6 +3398,11 @@ const PerformanceEvents = {
3383
3398
  Decrypt: "decrypt",
3384
3399
  GenerateEarKey: "generateEarKey",
3385
3400
  DecryptEarResponse: "decryptEarResponse",
3401
+ LoadExternalTokens: "LoadExternalTokens",
3402
+ LoadAccount: "loadAccount",
3403
+ LoadIdToken: "loadIdToken",
3404
+ LoadAccessToken: "loadAccessToken",
3405
+ LoadRefreshToken: "loadRefreshToken",
3386
3406
  };
3387
3407
  /**
3388
3408
  * State of the performance event.
@@ -3393,7 +3413,7 @@ const PerformanceEvents = {
3393
3413
  const PerformanceEventStatus = {
3394
3414
  InProgress: 1};
3395
3415
 
3396
- /*! @azure/msal-common v15.13.3 2025-12-04 */
3416
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
3397
3417
 
3398
3418
  /*
3399
3419
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3472,7 +3492,7 @@ class StubPerformanceClient {
3472
3492
  }
3473
3493
  }
3474
3494
 
3475
- /*! @azure/msal-common v15.13.3 2025-12-04 */
3495
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
3476
3496
 
3477
3497
  /*
3478
3498
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3572,7 +3592,7 @@ function isOidcProtocolMode(config) {
3572
3592
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3573
3593
  }
3574
3594
 
3575
- /*! @azure/msal-common v15.13.3 2025-12-04 */
3595
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
3576
3596
  /*
3577
3597
  * Copyright (c) Microsoft Corporation. All rights reserved.
3578
3598
  * Licensed under the MIT License.
@@ -3582,7 +3602,7 @@ const CcsCredentialType = {
3582
3602
  UPN: "UPN",
3583
3603
  };
3584
3604
 
3585
- /*! @azure/msal-common v15.13.3 2025-12-04 */
3605
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
3586
3606
  /*
3587
3607
  * Copyright (c) Microsoft Corporation. All rights reserved.
3588
3608
  * Licensed under the MIT License.
@@ -3632,7 +3652,7 @@ const INSTANCE_AWARE = "instance_aware";
3632
3652
  const EAR_JWK = "ear_jwk";
3633
3653
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
3634
3654
 
3635
- /*! @azure/msal-common v15.13.3 2025-12-04 */
3655
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
3636
3656
 
3637
3657
  /*
3638
3658
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4012,7 +4032,7 @@ function addPostBodyParameters(parameters, bodyParameters) {
4012
4032
  });
4013
4033
  }
4014
4034
 
4015
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4035
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4016
4036
  /*
4017
4037
  * Copyright (c) Microsoft Corporation. All rights reserved.
4018
4038
  * Licensed under the MIT License.
@@ -4024,7 +4044,7 @@ function isOpenIdConfigResponse(response) {
4024
4044
  response.hasOwnProperty("jwks_uri"));
4025
4045
  }
4026
4046
 
4027
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4047
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4028
4048
  /*
4029
4049
  * Copyright (c) Microsoft Corporation. All rights reserved.
4030
4050
  * Licensed under the MIT License.
@@ -4034,7 +4054,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4034
4054
  response.hasOwnProperty("metadata"));
4035
4055
  }
4036
4056
 
4037
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4057
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4038
4058
  /*
4039
4059
  * Copyright (c) Microsoft Corporation. All rights reserved.
4040
4060
  * Licensed under the MIT License.
@@ -4044,7 +4064,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4044
4064
  response.hasOwnProperty("error_description"));
4045
4065
  }
4046
4066
 
4047
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4067
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4048
4068
  /*
4049
4069
  * Copyright (c) Microsoft Corporation. All rights reserved.
4050
4070
  * Licensed under the MIT License.
@@ -4140,7 +4160,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4140
4160
  };
4141
4161
  };
4142
4162
 
4143
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4163
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4144
4164
 
4145
4165
  /*
4146
4166
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4246,7 +4266,7 @@ RegionDiscovery.IMDS_OPTIONS = {
4246
4266
  },
4247
4267
  };
4248
4268
 
4249
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4269
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4250
4270
  /*
4251
4271
  * Copyright (c) Microsoft Corporation. All rights reserved.
4252
4272
  * Licensed under the MIT License.
@@ -4311,7 +4331,7 @@ function wasClockTurnedBack(cachedAt) {
4311
4331
  return cachedAtSec > nowSeconds();
4312
4332
  }
4313
4333
 
4314
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4334
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4315
4335
 
4316
4336
  /*
4317
4337
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4573,7 +4593,7 @@ function isAuthorityMetadataExpired(metadata) {
4573
4593
  return metadata.expiresAt <= nowSeconds();
4574
4594
  }
4575
4595
 
4576
- /*! @azure/msal-common v15.13.3 2025-12-04 */
4596
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
4577
4597
 
4578
4598
  /*
4579
4599
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5412,7 +5432,7 @@ function buildStaticAuthorityOptions(authOptions) {
5412
5432
  };
5413
5433
  }
5414
5434
 
5415
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5435
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5416
5436
 
5417
5437
  /*
5418
5438
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5443,7 +5463,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5443
5463
  }
5444
5464
  }
5445
5465
 
5446
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5466
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5447
5467
 
5448
5468
  /*
5449
5469
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5462,7 +5482,7 @@ class ServerError extends AuthError {
5462
5482
  }
5463
5483
  }
5464
5484
 
5465
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5485
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5466
5486
  /*
5467
5487
  * Copyright (c) Microsoft Corporation. All rights reserved.
5468
5488
  * Licensed under the MIT License.
@@ -5483,7 +5503,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
5483
5503
  };
5484
5504
  }
5485
5505
 
5486
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5506
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5487
5507
 
5488
5508
  /*
5489
5509
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5570,7 +5590,7 @@ class ThrottlingUtils {
5570
5590
  }
5571
5591
  }
5572
5592
 
5573
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5593
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5574
5594
 
5575
5595
  /*
5576
5596
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5601,7 +5621,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5601
5621
  return new NetworkError(error, httpStatus, responseHeaders);
5602
5622
  }
5603
5623
 
5604
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5624
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5605
5625
 
5606
5626
  /*
5607
5627
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5749,7 +5769,7 @@ class BaseClient {
5749
5769
  }
5750
5770
  }
5751
5771
 
5752
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5772
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5753
5773
  /*
5754
5774
  * Copyright (c) Microsoft Corporation. All rights reserved.
5755
5775
  * Licensed under the MIT License.
@@ -5765,7 +5785,7 @@ const consentRequired = "consent_required";
5765
5785
  const loginRequired = "login_required";
5766
5786
  const badToken = "bad_token";
5767
5787
 
5768
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5788
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5769
5789
 
5770
5790
  /*
5771
5791
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5837,7 +5857,7 @@ function createInteractionRequiredAuthError(errorCode) {
5837
5857
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
5838
5858
  }
5839
5859
 
5840
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5860
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5841
5861
 
5842
5862
  /*
5843
5863
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5909,7 +5929,7 @@ class ProtocolUtils {
5909
5929
  }
5910
5930
  }
5911
5931
 
5912
- /*! @azure/msal-common v15.13.3 2025-12-04 */
5932
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5913
5933
 
5914
5934
  /*
5915
5935
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5991,7 +6011,7 @@ class PopTokenGenerator {
5991
6011
  }
5992
6012
  }
5993
6013
 
5994
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6014
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
5995
6015
  /*
5996
6016
  * Copyright (c) Microsoft Corporation. All rights reserved.
5997
6017
  * Licensed under the MIT License.
@@ -6018,7 +6038,7 @@ class PopTokenGenerator {
6018
6038
  }
6019
6039
  }
6020
6040
 
6021
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6041
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6022
6042
 
6023
6043
  /*
6024
6044
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6082,7 +6102,7 @@ class ResponseHandler {
6082
6102
  * @param serverTokenResponse
6083
6103
  * @param authority
6084
6104
  */
6085
- async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
6105
+ async handleServerTokenResponse(serverTokenResponse, authority, reqTimestamp, request, apiId, authCodePayload, userAssertionHash, handlingRefreshTokenResponse, forceCacheRefreshTokenResponse, serverRequestId) {
6086
6106
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.HandleServerTokenResponse, serverTokenResponse.correlation_id);
6087
6107
  // create an idToken object (not entity)
6088
6108
  let idTokenClaims;
@@ -6130,14 +6150,19 @@ class ResponseHandler {
6130
6150
  if (handlingRefreshTokenResponse &&
6131
6151
  !forceCacheRefreshTokenResponse &&
6132
6152
  cacheRecord.account) {
6133
- const key = this.cacheStorage.generateAccountKey(AccountEntity.getAccountInfo(cacheRecord.account));
6134
- const account = this.cacheStorage.getAccount(key, request.correlationId);
6135
- if (!account) {
6153
+ const cachedAccounts = this.cacheStorage.getAllAccounts({
6154
+ homeAccountId: cacheRecord.account.homeAccountId,
6155
+ environment: cacheRecord.account.environment,
6156
+ }, request.correlationId);
6157
+ if (cachedAccounts.length < 1) {
6136
6158
  this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache");
6159
+ this.performanceClient?.addFields({
6160
+ acntLoggedOut: true,
6161
+ }, request.correlationId);
6137
6162
  return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
6138
6163
  }
6139
6164
  }
6140
- await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), request.storeInCache);
6165
+ await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), apiId, request.storeInCache);
6141
6166
  }
6142
6167
  finally {
6143
6168
  if (this.persistencePlugin &&
@@ -6207,6 +6232,9 @@ class ResponseHandler {
6207
6232
  ? parseInt(serverTokenResponse.refresh_token_expires_in, 10)
6208
6233
  : serverTokenResponse.refresh_token_expires_in;
6209
6234
  rtExpiresOn = reqTimestamp + rtExpiresIn;
6235
+ this.performanceClient?.addFields({
6236
+ ntwkRtExpiresOnSeconds: rtExpiresOn,
6237
+ }, request.correlationId);
6210
6238
  }
6211
6239
  cachedRefreshToken = createRefreshTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.refresh_token, this.clientId, serverTokenResponse.foci, userAssertionHash, rtExpiresOn);
6212
6240
  }
@@ -6349,7 +6377,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6349
6377
  return baseAccount;
6350
6378
  }
6351
6379
 
6352
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6380
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6353
6381
  /*
6354
6382
  * Copyright (c) Microsoft Corporation. All rights reserved.
6355
6383
  * Licensed under the MIT License.
@@ -6367,7 +6395,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
6367
6395
  }
6368
6396
  }
6369
6397
 
6370
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6398
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6371
6399
 
6372
6400
  /*
6373
6401
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6389,8 +6417,9 @@ class AuthorizationCodeClient extends BaseClient {
6389
6417
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
6390
6418
  * authorization_code_grant
6391
6419
  * @param request
6420
+ * @param apiId - API identifier for telemetry tracking
6392
6421
  */
6393
- async acquireToken(request, authCodePayload) {
6422
+ async acquireToken(request, apiId, authCodePayload) {
6394
6423
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientAcquireToken, request.correlationId);
6395
6424
  if (!request.code) {
6396
6425
  throw createClientAuthError(requestCannotBeMade);
@@ -6402,7 +6431,7 @@ class AuthorizationCodeClient extends BaseClient {
6402
6431
  const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin, this.performanceClient);
6403
6432
  // Validate response. This function throws a server error if an error is returned by the server.
6404
6433
  responseHandler.validateTokenResponse(response.body);
6405
- return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);
6434
+ return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, apiId, authCodePayload, undefined, undefined, undefined, requestId);
6406
6435
  }
6407
6436
  /**
6408
6437
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
@@ -6602,7 +6631,7 @@ class AuthorizationCodeClient extends BaseClient {
6602
6631
  }
6603
6632
  }
6604
6633
 
6605
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6634
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6606
6635
 
6607
6636
  /*
6608
6637
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6617,7 +6646,7 @@ class RefreshTokenClient extends BaseClient {
6617
6646
  constructor(configuration, performanceClient) {
6618
6647
  super(configuration, performanceClient);
6619
6648
  }
6620
- async acquireToken(request) {
6649
+ async acquireToken(request, apiId) {
6621
6650
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireToken, request.correlationId);
6622
6651
  const reqTimestamp = nowSeconds();
6623
6652
  const response = await invokeAsync(this.executeTokenRequest.bind(this), PerformanceEvents.RefreshTokenClientExecuteTokenRequest, this.logger, this.performanceClient, request.correlationId)(request, this.authority);
@@ -6625,13 +6654,13 @@ class RefreshTokenClient extends BaseClient {
6625
6654
  const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID];
6626
6655
  const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin);
6627
6656
  responseHandler.validateTokenResponse(response.body);
6628
- return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, undefined, undefined, true, request.forceCache, requestId);
6657
+ return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, apiId, undefined, undefined, true, request.forceCache, requestId);
6629
6658
  }
6630
6659
  /**
6631
6660
  * Gets cached refresh token and attaches to request, then calls acquireToken API
6632
6661
  * @param request
6633
6662
  */
6634
- async acquireTokenByRefreshToken(request) {
6663
+ async acquireTokenByRefreshToken(request, apiId) {
6635
6664
  // Cannot renew token if no request object is given.
6636
6665
  if (!request) {
6637
6666
  throw createClientConfigurationError(tokenRequestEmpty);
@@ -6646,7 +6675,7 @@ class RefreshTokenClient extends BaseClient {
6646
6675
  // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest
6647
6676
  if (isFOCI) {
6648
6677
  try {
6649
- return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true);
6678
+ return await invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, true, apiId);
6650
6679
  }
6651
6680
  catch (e) {
6652
6681
  const noFamilyRTInCache = e instanceof InteractionRequiredAuthError &&
@@ -6657,7 +6686,7 @@ class RefreshTokenClient extends BaseClient {
6657
6686
  e.subError === Errors.CLIENT_MISMATCH_ERROR;
6658
6687
  // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART)
6659
6688
  if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) {
6660
- return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);
6689
+ return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false, apiId);
6661
6690
  // throw in all other cases
6662
6691
  }
6663
6692
  else {
@@ -6666,26 +6695,30 @@ class RefreshTokenClient extends BaseClient {
6666
6695
  }
6667
6696
  }
6668
6697
  // fall back to application refresh token acquisition
6669
- return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false);
6698
+ return invokeAsync(this.acquireTokenWithCachedRefreshToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, this.logger, this.performanceClient, request.correlationId)(request, false, apiId);
6670
6699
  }
6671
6700
  /**
6672
6701
  * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached
6673
6702
  * @param request
6674
6703
  */
6675
- async acquireTokenWithCachedRefreshToken(request, foci) {
6704
+ async acquireTokenWithCachedRefreshToken(request, foci, apiId) {
6676
6705
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);
6677
6706
  // fetches family RT or application RT based on FOCI value
6678
6707
  const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, request.correlationId, undefined, this.performanceClient);
6679
6708
  if (!refreshToken) {
6680
6709
  throw createInteractionRequiredAuthError(noTokensFound);
6681
6710
  }
6682
- if (refreshToken.expiresOn &&
6683
- isTokenExpired(refreshToken.expiresOn, request.refreshTokenExpirationOffsetSeconds ||
6684
- DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS)) {
6685
- this.performanceClient?.addFields({ rtExpiresOnMs: Number(refreshToken.expiresOn) }, request.correlationId);
6686
- throw createInteractionRequiredAuthError(refreshTokenExpired);
6711
+ if (refreshToken.expiresOn) {
6712
+ const offset = request.refreshTokenExpirationOffsetSeconds ||
6713
+ DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS;
6714
+ this.performanceClient?.addFields({
6715
+ cacheRtExpiresOnSeconds: Number(refreshToken.expiresOn),
6716
+ rtOffsetSeconds: offset,
6717
+ }, request.correlationId);
6718
+ if (isTokenExpired(refreshToken.expiresOn, offset)) {
6719
+ throw createInteractionRequiredAuthError(refreshTokenExpired);
6720
+ }
6687
6721
  }
6688
- // attach cached RT size to the current measurement
6689
6722
  const refreshTokenRequest = {
6690
6723
  ...request,
6691
6724
  refreshToken: refreshToken.secret,
@@ -6696,11 +6729,10 @@ class RefreshTokenClient extends BaseClient {
6696
6729
  },
6697
6730
  };
6698
6731
  try {
6699
- return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest);
6732
+ return await invokeAsync(this.acquireToken.bind(this), PerformanceEvents.RefreshTokenClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(refreshTokenRequest, apiId);
6700
6733
  }
6701
6734
  catch (e) {
6702
6735
  if (e instanceof InteractionRequiredAuthError) {
6703
- this.performanceClient?.addFields({ rtExpiresOnMs: Number(refreshToken.expiresOn) }, request.correlationId);
6704
6736
  if (e.subError === badToken) {
6705
6737
  // Remove bad refresh token from cache
6706
6738
  this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");
@@ -6811,7 +6843,7 @@ class RefreshTokenClient extends BaseClient {
6811
6843
  }
6812
6844
  }
6813
6845
 
6814
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6846
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6815
6847
 
6816
6848
  /*
6817
6849
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6909,7 +6941,7 @@ class SilentFlowClient extends BaseClient {
6909
6941
  }
6910
6942
  }
6911
6943
 
6912
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6944
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6913
6945
 
6914
6946
  /*
6915
6947
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6924,7 +6956,7 @@ const StubbedNetworkModule = {
6924
6956
  },
6925
6957
  };
6926
6958
 
6927
- /*! @azure/msal-common v15.13.3 2025-12-04 */
6959
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
6928
6960
 
6929
6961
  /*
6930
6962
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7148,7 +7180,7 @@ function extractLoginHint(account) {
7148
7180
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7149
7181
  }
7150
7182
 
7151
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7183
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7152
7184
 
7153
7185
  /*
7154
7186
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7411,7 +7443,7 @@ class ServerTelemetryManager {
7411
7443
  }
7412
7444
  }
7413
7445
 
7414
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7446
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7415
7447
  /*
7416
7448
  * Copyright (c) Microsoft Corporation. All rights reserved.
7417
7449
  * Licensed under the MIT License.
@@ -7419,7 +7451,7 @@ class ServerTelemetryManager {
7419
7451
  const missingKidError = "missing_kid_error";
7420
7452
  const missingAlgError = "missing_alg_error";
7421
7453
 
7422
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7454
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7423
7455
 
7424
7456
  /*
7425
7457
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7444,7 +7476,7 @@ function createJoseHeaderError(code) {
7444
7476
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
7445
7477
  }
7446
7478
 
7447
- /*! @azure/msal-common v15.13.3 2025-12-04 */
7479
+ /*! @azure/msal-common v15.14.1 2026-01-17 */
7448
7480
 
7449
7481
  /*
7450
7482
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7879,7 +7911,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7879
7911
 
7880
7912
  /* eslint-disable header/header */
7881
7913
  const name = "@azure/msal-browser";
7882
- const version = "4.27.0";
7914
+ const version = "4.28.1";
7883
7915
 
7884
7916
  /*
7885
7917
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8463,9 +8495,9 @@ const InMemoryCacheKeys = {
8463
8495
  };
8464
8496
  /**
8465
8497
  * API Codes for Telemetry purposes.
8466
- * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs
8467
8498
  * 0-99 Silent Flow
8468
8499
  * 800-899 Auth Code Flow
8500
+ * 900-999 Miscellaneous
8469
8501
  */
8470
8502
  const ApiId = {
8471
8503
  acquireTokenRedirect: 861,
@@ -8477,6 +8509,30 @@ const ApiId = {
8477
8509
  acquireTokenSilent_silentFlow: 61,
8478
8510
  logout: 961,
8479
8511
  logoutPopup: 962,
8512
+ hydrateCache: 963,
8513
+ loadExternalTokens: 964,
8514
+ };
8515
+ /**
8516
+ * API Names for Telemetry purposes.
8517
+ */
8518
+ const ApiName = {
8519
+ 861: "acquireTokenRedirect",
8520
+ 862: "acquireTokenPopup",
8521
+ 863: "ssoSilent",
8522
+ 864: "acquireTokenSilent_authCode",
8523
+ 865: "handleRedirectPromise",
8524
+ 866: "acquireTokenByCode",
8525
+ 61: "acquireTokenSilent_silentFlow",
8526
+ 961: "logout",
8527
+ 962: "logoutPopup",
8528
+ 963: "hydrateCache",
8529
+ 964: "loadExternalTokens",
8530
+ };
8531
+ const apiIdToName = (id) => {
8532
+ if (typeof id === "number" && id in ApiName) {
8533
+ return ApiName[id];
8534
+ }
8535
+ return "unknown";
8480
8536
  };
8481
8537
  /*
8482
8538
  * Interaction type of the API - used for state and telemetry
@@ -9690,7 +9746,7 @@ class CustomAuthInteractionClientBase extends StandardInteractionClient {
9690
9746
  * @param correlationId Correlation ID for logging
9691
9747
  * @returns Authentication result from the token response
9692
9748
  */
9693
- async handleTokenResponse(tokenResponse, requestScopes, correlationId) {
9749
+ async handleTokenResponse(tokenResponse, requestScopes, correlationId, apiId) {
9694
9750
  this.logger.verbose("Processing token response.", correlationId);
9695
9751
  const requestTimestamp = Math.round(new Date().getTime() / 1000.0);
9696
9752
  // Save tokens and create authentication result
@@ -9698,7 +9754,7 @@ class CustomAuthInteractionClientBase extends StandardInteractionClient {
9698
9754
  authority: this.customAuthAuthority.canonicalAuthority,
9699
9755
  correlationId: tokenResponse.correlation_id ?? correlationId,
9700
9756
  scopes: requestScopes,
9701
- });
9757
+ }, apiId);
9702
9758
  return result;
9703
9759
  }
9704
9760
  // It is not necessary to implement this method from base class.
@@ -9874,7 +9930,7 @@ class SignInClient extends CustomAuthInteractionClientBase {
9874
9930
  claims: parameters.claims,
9875
9931
  }),
9876
9932
  };
9877
- return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithOob(request), scopes, parameters.correlationId, telemetryManager);
9933
+ return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithOob(request), scopes, parameters.correlationId, telemetryManager, apiId);
9878
9934
  }
9879
9935
  /**
9880
9936
  * Submits the password for sign-in flow.
@@ -9896,7 +9952,7 @@ class SignInClient extends CustomAuthInteractionClientBase {
9896
9952
  claims: parameters.claims,
9897
9953
  }),
9898
9954
  };
9899
- return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithPassword(request), scopes, parameters.correlationId, telemetryManager);
9955
+ return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokensWithPassword(request), scopes, parameters.correlationId, telemetryManager, apiId);
9900
9956
  }
9901
9957
  /**
9902
9958
  * Signs in with continuation token.
@@ -9919,7 +9975,7 @@ class SignInClient extends CustomAuthInteractionClientBase {
9919
9975
  }),
9920
9976
  };
9921
9977
  // Call token endpoint.
9922
- return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokenWithContinuationToken(request), scopes, parameters.correlationId, telemetryManager);
9978
+ return this.performTokenRequest(() => this.customAuthApiClient.signInApi.requestTokenWithContinuationToken(request), scopes, parameters.correlationId, telemetryManager, apiId);
9923
9979
  }
9924
9980
  /**
9925
9981
  * Common method to handle token endpoint calls and create sign-in results.
@@ -9929,12 +9985,12 @@ class SignInClient extends CustomAuthInteractionClientBase {
9929
9985
  * @param telemetryManager Telemetry manager for telemetry logging
9930
9986
  * @returns SignInCompletedResult | SignInJitRequiredResult | SignInMfaRequiredResult with authentication result
9931
9987
  */
9932
- async performTokenRequest(tokenEndpointCaller, scopes, correlationId, telemetryManager) {
9988
+ async performTokenRequest(tokenEndpointCaller, scopes, correlationId, telemetryManager, apiId) {
9933
9989
  this.logger.verbose("Calling token endpoint for sign in.", correlationId);
9934
9990
  try {
9935
9991
  const tokenResponse = await tokenEndpointCaller();
9936
9992
  this.logger.verbose("Token endpoint response received for sign in.", correlationId);
9937
- const authResult = await this.handleTokenResponse(tokenResponse, scopes, correlationId);
9993
+ const authResult = await this.handleTokenResponse(tokenResponse, scopes, correlationId, apiId);
9938
9994
  return createSignInCompleteResult({
9939
9995
  correlationId: tokenResponse.correlation_id ?? correlationId,
9940
9996
  authenticationResult: authResult,
@@ -11555,7 +11611,7 @@ class JitClient extends CustomAuthInteractionClientBase {
11555
11611
  }),
11556
11612
  };
11557
11613
  const tokenResponse = await this.customAuthApiClient.signInApi.requestTokenWithContinuationToken(tokenRequest);
11558
- const authResult = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id || continueResponse.correlation_id);
11614
+ const authResult = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id || continueResponse.correlation_id, apiId);
11559
11615
  return createJitCompletedResult({
11560
11616
  correlationId: continueResponse.correlation_id,
11561
11617
  authenticationResult: authResult,
@@ -11648,7 +11704,7 @@ class MfaClient extends CustomAuthInteractionClientBase {
11648
11704
  this.logger.verbose("Calling token endpoint for MFA challenge submission.", parameters.correlationId);
11649
11705
  const tokenResponse = await this.customAuthApiClient.signInApi.requestTokensWithOob(request);
11650
11706
  // Save tokens and create authentication result
11651
- const result = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id ?? parameters.correlationId);
11707
+ const result = await this.handleTokenResponse(tokenResponse, scopes, tokenResponse.correlation_id ?? parameters.correlationId, apiId);
11652
11708
  return createMfaCompletedResult({
11653
11709
  correlationId: parameters.correlationId,
11654
11710
  authenticationResult: result,
@@ -11699,7 +11755,7 @@ class CustomAuthSilentCacheClient extends CustomAuthInteractionClientBase {
11699
11755
  this.logger.verbose("Token refresh is required to acquire token silently", correlationId);
11700
11756
  const refreshTokenClient = new RefreshTokenClient(clientConfig, this.performanceClient);
11701
11757
  this.logger.verbose("Starting refresh flow to refresh token", correlationId);
11702
- const refreshTokenResult = await refreshTokenClient.acquireTokenByRefreshToken(silentRequest);
11758
+ const refreshTokenResult = await refreshTokenClient.acquireTokenByRefreshToken(silentRequest, ACCOUNT_GET_ACCESS_TOKEN);
11703
11759
  this.logger.verbose("Refresh flow to refresh token is completed", correlationId);
11704
11760
  return refreshTokenResult;
11705
11761
  }
@@ -15226,17 +15282,21 @@ class BrowserCacheManager extends CacheManager {
15226
15282
  if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) {
15227
15283
  return null;
15228
15284
  }
15285
+ this.performanceClient.addFields({
15286
+ accountCachedBy: apiIdToName(parsedAccount.cachedByApiId),
15287
+ }, correlationId);
15229
15288
  return CacheManager.toObject(new AccountEntity(), parsedAccount);
15230
15289
  }
15231
15290
  /**
15232
15291
  * set account entity in the platform cache
15233
15292
  * @param account
15234
15293
  */
15235
- async setAccount(account, correlationId, kmsi) {
15294
+ async setAccount(account, correlationId, kmsi, apiId) {
15236
15295
  this.logger.trace("BrowserCacheManager.setAccount called");
15237
15296
  const key = this.generateAccountKey(AccountEntity.getAccountInfo(account));
15238
15297
  const timestamp = Date.now().toString();
15239
15298
  account.lastUpdatedAt = timestamp;
15299
+ account.cachedByApiId = apiId;
15240
15300
  await this.setUserData(key, JSON.stringify(account), correlationId, timestamp, kmsi);
15241
15301
  const wasAdded = this.addAccountKeyToMap(key, correlationId);
15242
15302
  this.performanceClient.addFields({ kmsi: kmsi }, correlationId);
@@ -15991,7 +16051,7 @@ class BrowserCacheManager extends CacheManager {
15991
16051
  * @param request
15992
16052
  */
15993
16053
  async hydrateCache(result, request) {
15994
- const idTokenEntity = createIdTokenEntity(result.account?.homeAccountId, result.account?.environment, result.idToken, this.clientId, result.tenantId);
16054
+ const idTokenEntity = createIdTokenEntity(result.account.homeAccountId, result.account.environment, result.idToken, this.clientId, result.tenantId);
15995
16055
  let claimsHash;
15996
16056
  if (request.claims) {
15997
16057
  claimsHash = await this.cryptoImpl.hashString(request.claims);
@@ -16003,7 +16063,7 @@ class BrowserCacheManager extends CacheManager {
16003
16063
  *
16004
16064
  * The next MSAL VFuture should map these both to same value if possible
16005
16065
  */
16006
- const accessTokenEntity = createAccessTokenEntity(result.account?.homeAccountId, result.account.environment, result.accessToken, this.clientId, result.tenantId, result.scopes.join(" "),
16066
+ const accessTokenEntity = createAccessTokenEntity(result.account.homeAccountId, result.account.environment, result.accessToken, this.clientId, result.tenantId, result.scopes.join(" "),
16007
16067
  // Access token expiresOn stored in seconds, converting from AuthenticationResult expiresOn stored as Date
16008
16068
  result.expiresOn
16009
16069
  ? toSecondsFromDate(result.expiresOn)
@@ -16016,7 +16076,7 @@ class BrowserCacheManager extends CacheManager {
16016
16076
  idToken: idTokenEntity,
16017
16077
  accessToken: accessTokenEntity,
16018
16078
  };
16019
- return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)));
16079
+ return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)), ApiId.hydrateCache);
16020
16080
  }
16021
16081
  /**
16022
16082
  * saves a cache record
@@ -16024,9 +16084,9 @@ class BrowserCacheManager extends CacheManager {
16024
16084
  * @param storeInCache {?StoreInCache}
16025
16085
  * @param correlationId {?string} correlation id
16026
16086
  */
16027
- async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
16087
+ async saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache) {
16028
16088
  try {
16029
- await super.saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache);
16089
+ await super.saveCacheRecord(cacheRecord, correlationId, kmsi, apiId, storeInCache);
16030
16090
  }
16031
16091
  catch (e) {
16032
16092
  if (e instanceof CacheError &&
@@ -16386,7 +16446,7 @@ class InteractionHandler {
16386
16446
  * Function to handle response parameters from hash.
16387
16447
  * @param locationHash
16388
16448
  */
16389
- async handleCodeResponse(response, request) {
16449
+ async handleCodeResponse(response, request, apiId) {
16390
16450
  this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponse, request.correlationId);
16391
16451
  let authCodeResponse;
16392
16452
  try {
@@ -16402,7 +16462,7 @@ class InteractionHandler {
16402
16462
  throw e;
16403
16463
  }
16404
16464
  }
16405
- return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request);
16465
+ return invokeAsync(this.handleCodeResponseFromServer.bind(this), PerformanceEvents.HandleCodeResponseFromServer, this.logger, this.performanceClient, request.correlationId)(authCodeResponse, request, apiId);
16406
16466
  }
16407
16467
  /**
16408
16468
  * Process auth code response from AAD
@@ -16412,7 +16472,7 @@ class InteractionHandler {
16412
16472
  * @param networkModule
16413
16473
  * @returns
16414
16474
  */
16415
- async handleCodeResponseFromServer(authCodeResponse, request, validateNonce = true) {
16475
+ async handleCodeResponseFromServer(authCodeResponse, request, apiId, validateNonce = true) {
16416
16476
  this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponseFromServer, request.correlationId);
16417
16477
  this.logger.trace("InteractionHandler.handleCodeResponseFromServer called");
16418
16478
  // Assign code to request
@@ -16438,7 +16498,7 @@ class InteractionHandler {
16438
16498
  }
16439
16499
  }
16440
16500
  // Acquire token with retrieved code.
16441
- const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, authCodeResponse));
16501
+ const tokenResponse = (await invokeAsync(this.authModule.acquireToken.bind(this.authModule), PerformanceEvents.AuthClientAcquireToken, this.logger, this.performanceClient, request.correlationId)(this.authCodeRequest, apiId, authCodeResponse));
16442
16502
  return tokenResponse;
16443
16503
  }
16444
16504
  /**
@@ -16986,7 +17046,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16986
17046
  */
16987
17047
  async cacheAccount(accountEntity, correlationId, kmsi) {
16988
17048
  // Store the account info and hence `nativeAccountId` in browser cache
16989
- await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi);
17049
+ await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi, this.apiId);
16990
17050
  // Remove any existing cached tokens for this account in browser storage
16991
17051
  this.browserStorage.removeAccountContext(AccountEntity.getAccountInfo(accountEntity), correlationId);
16992
17052
  }
@@ -17015,7 +17075,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
17015
17075
  idToken: cachedIdToken,
17016
17076
  accessToken: cachedAccessToken,
17017
17077
  };
17018
- return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), request.storeInCache);
17078
+ return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), this.apiId, request.storeInCache);
17019
17079
  }
17020
17080
  getExpiresInValue(tokenType, expiresIn) {
17021
17081
  return tokenType === AuthenticationScheme.POP
@@ -17390,7 +17450,7 @@ async function handleResponseCode(request, response, codeVerifier, apiId, config
17390
17450
  // Create popup interaction handler.
17391
17451
  const interactionHandler = new InteractionHandler(authClient, browserStorage, authCodeRequest, logger, performanceClient);
17392
17452
  // Handle response from hash string.
17393
- const result = await invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, logger, performanceClient, request.correlationId)(response, request);
17453
+ const result = await invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, logger, performanceClient, request.correlationId)(response, request, apiId);
17394
17454
  return result;
17395
17455
  }
17396
17456
  /**
@@ -17437,7 +17497,7 @@ async function handleResponseEAR(request, response, apiId, config, authority, br
17437
17497
  cloud_instance_name: decryptedData.cloud_instance_name,
17438
17498
  msgraph_host: decryptedData.msgraph_host,
17439
17499
  };
17440
- return (await invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, logger, performanceClient, request.correlationId)(decryptedData, authority, nowSeconds(), request, additionalData, undefined, undefined, undefined, undefined));
17500
+ return (await invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, logger, performanceClient, request.correlationId)(decryptedData, authority, nowSeconds(), request, apiId, additionalData, undefined, undefined, undefined, undefined));
17441
17501
  }
17442
17502
 
17443
17503
  /*
@@ -19528,7 +19588,7 @@ class SilentRefreshClient extends StandardInteractionClient {
19528
19588
  account: silentRequest.account,
19529
19589
  });
19530
19590
  // Send request to renew token. Auth module will throw errors if token cannot be renewed.
19531
- return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest).catch((e) => {
19591
+ return invokeAsync(refreshTokenClient.acquireTokenByRefreshToken.bind(refreshTokenClient), PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken, this.logger, this.performanceClient, request.correlationId)(silentRequest, ApiId.acquireTokenSilent_silentFlow).catch((e) => {
19532
19592
  e.setCorrelationId(this.correlationId);
19533
19593
  serverTelemetryManager.cacheFailedRequest(e);
19534
19594
  throw e;
@@ -19572,12 +19632,13 @@ class SilentRefreshClient extends StandardInteractionClient {
19572
19632
  * Token cache manager
19573
19633
  */
19574
19634
  class TokenCache {
19575
- constructor(configuration, storage, logger, cryptoObj) {
19635
+ constructor(configuration, storage, logger, cryptoObj, performanceClient) {
19576
19636
  this.isBrowserEnvironment = typeof window !== "undefined";
19577
19637
  this.config = configuration;
19578
19638
  this.storage = storage;
19579
19639
  this.logger = logger;
19580
19640
  this.cryptoObj = cryptoObj;
19641
+ this.performanceClient = performanceClient;
19581
19642
  }
19582
19643
  // Move getAllAccounts here and cache utility APIs
19583
19644
  /**
@@ -19592,30 +19653,37 @@ class TokenCache {
19592
19653
  throw createBrowserAuthError(nonBrowserEnvironment);
19593
19654
  }
19594
19655
  const correlationId = request.correlationId || createNewGuid();
19595
- const idTokenClaims = response.id_token
19596
- ? extractTokenClaims(response.id_token, base64Decode)
19597
- : undefined;
19598
- const kmsi = isKmsi(idTokenClaims || {});
19599
- const authorityOptions = {
19600
- protocolMode: this.config.auth.protocolMode,
19601
- knownAuthorities: this.config.auth.knownAuthorities,
19602
- cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
19603
- authorityMetadata: this.config.auth.authorityMetadata,
19604
- skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,
19605
- };
19606
- const authority = request.authority
19607
- ? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || createNewGuid())
19608
- : undefined;
19609
- const cacheRecordAccount = await this.loadAccount(request, options.clientInfo || response.client_info || "", correlationId, idTokenClaims, authority);
19610
- const idToken = await this.loadIdToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
19611
- const accessToken = await this.loadAccessToken(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
19612
- const refreshToken = await this.loadRefreshToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
19613
- return this.generateAuthenticationResult(request, {
19614
- account: cacheRecordAccount,
19615
- idToken,
19616
- accessToken,
19617
- refreshToken,
19618
- }, idTokenClaims, authority);
19656
+ const rootMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.LoadExternalTokens, correlationId);
19657
+ try {
19658
+ const idTokenClaims = response.id_token
19659
+ ? extractTokenClaims(response.id_token, base64Decode)
19660
+ : undefined;
19661
+ const kmsi = isKmsi(idTokenClaims || {});
19662
+ const authorityOptions = {
19663
+ protocolMode: this.config.auth.protocolMode,
19664
+ knownAuthorities: this.config.auth.knownAuthorities,
19665
+ cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
19666
+ authorityMetadata: this.config.auth.authorityMetadata,
19667
+ skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,
19668
+ };
19669
+ const authorityString = request.authority || this.config.auth.authority;
19670
+ const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, correlationId, this.performanceClient);
19671
+ const cacheRecordAccount = await invokeAsync(this.loadAccount.bind(this), PerformanceEvents.LoadAccount, this.logger, this.performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, authority, idTokenClaims);
19672
+ const idToken = await invokeAsync(this.loadIdToken.bind(this), PerformanceEvents.LoadIdToken, this.logger, this.performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
19673
+ const accessToken = await invokeAsync(this.loadAccessToken.bind(this), PerformanceEvents.LoadAccessToken, this.logger, this.performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
19674
+ const refreshToken = await invokeAsync(this.loadRefreshToken.bind(this), PerformanceEvents.LoadRefreshToken, this.logger, this.performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
19675
+ rootMeasurement.end({ success: true }, undefined, AccountEntity.getAccountInfo(cacheRecordAccount));
19676
+ return this.generateAuthenticationResult(request, {
19677
+ account: cacheRecordAccount,
19678
+ idToken,
19679
+ accessToken,
19680
+ refreshToken,
19681
+ }, authority, idTokenClaims);
19682
+ }
19683
+ catch (error) {
19684
+ rootMeasurement.end({ success: false }, error);
19685
+ throw error;
19686
+ }
19619
19687
  }
19620
19688
  /**
19621
19689
  * Helper function to load account to msal-browser cache
@@ -19626,23 +19694,23 @@ class TokenCache {
19626
19694
  * @param requestHomeAccountId
19627
19695
  * @returns `AccountEntity`
19628
19696
  */
19629
- async loadAccount(request, clientInfo, correlationId, idTokenClaims, authority) {
19697
+ async loadAccount(request, clientInfo, correlationId, authority, idTokenClaims) {
19630
19698
  this.logger.verbose("TokenCache - loading account");
19631
19699
  if (request.account) {
19632
19700
  const accountEntity = AccountEntity.createFromAccountInfo(request.account);
19633
- await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}));
19701
+ await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
19634
19702
  return accountEntity;
19635
19703
  }
19636
- else if (!authority || (!clientInfo && !idTokenClaims)) {
19637
- this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead.");
19704
+ else if (!clientInfo && !idTokenClaims) {
19705
+ this.logger.error("TokenCache - if an account is not provided on the request, clientInfo or idToken must be provided instead.");
19638
19706
  throw createBrowserAuthError(unableToLoadToken);
19639
19707
  }
19640
19708
  const homeAccountId = AccountEntity.generateHomeAccountId(clientInfo, authority.authorityType, this.logger, this.cryptoObj, idTokenClaims);
19641
19709
  const claimsTenantId = idTokenClaims?.tid;
19642
- const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.hostnameAndPort, claimsTenantId, undefined, // authCodePayload
19710
+ const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
19643
19711
  undefined, // nativeAccountId
19644
19712
  this.logger);
19645
- await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}));
19713
+ await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
19646
19714
  return cachedAccount;
19647
19715
  }
19648
19716
  /**
@@ -19711,9 +19779,15 @@ class TokenCache {
19711
19779
  this.logger.verbose("TokenCache - no refresh token found in response");
19712
19780
  return null;
19713
19781
  }
19782
+ const expiresOn = response.refresh_token_expires_in
19783
+ ? response.refresh_token_expires_in + nowSeconds()
19784
+ : undefined;
19785
+ this.performanceClient.addFields({
19786
+ extRtExpiresOnSeconds: expiresOn,
19787
+ }, correlationId);
19714
19788
  this.logger.verbose("TokenCache - loading refresh token");
19715
19789
  const refreshTokenEntity = createRefreshTokenEntity(homeAccountId, environment, response.refresh_token, this.config.auth.clientId, response.foci, undefined, // userAssertionHash
19716
- response.refresh_token_expires_in);
19790
+ expiresOn);
19717
19791
  await this.storage.setRefreshTokenCredential(refreshTokenEntity, correlationId, kmsi);
19718
19792
  return refreshTokenEntity;
19719
19793
  }
@@ -19725,7 +19799,7 @@ class TokenCache {
19725
19799
  * @param authority
19726
19800
  * @returns `AuthenticationResult`
19727
19801
  */
19728
- generateAuthenticationResult(request, cacheRecord, idTokenClaims, authority) {
19802
+ generateAuthenticationResult(request, cacheRecord, authority, idTokenClaims) {
19729
19803
  let accessToken = "";
19730
19804
  let responseScopes = [];
19731
19805
  let expiresOn = null;
@@ -19818,7 +19892,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
19818
19892
  msgraph_host: request.msGraphHost,
19819
19893
  cloud_graph_host_name: request.cloudGraphHostName,
19820
19894
  cloud_instance_host_name: request.cloudInstanceHostName,
19821
- }, silentRequest, false);
19895
+ }, silentRequest, this.apiId, false);
19822
19896
  }
19823
19897
  catch (e) {
19824
19898
  if (e instanceof AuthError) {
@@ -19931,7 +20005,7 @@ class StandardController {
19931
20005
  };
19932
20006
  this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
19933
20007
  // Initialize the token cache
19934
- this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto);
20008
+ this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto, this.performanceClient);
19935
20009
  this.activeSilentTokenRequests = new Map();
19936
20010
  // Register listener functions
19937
20011
  this.trackPageVisibility = this.trackPageVisibility.bind(this);
@@ -20761,7 +20835,7 @@ class StandardController {
20761
20835
  this.logger.verbose("hydrateCache called");
20762
20836
  // Account gets saved to browser storage regardless of native or not
20763
20837
  const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost);
20764
- await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims));
20838
+ await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims), ApiId.hydrateCache);
20765
20839
  if (result.fromNativeBroker) {
20766
20840
  this.logger.verbose("Response was from native broker, storing in-memory");
20767
20841
  // Tokens from native broker are stored in-memory