@azure/msal-browser 4.28.2 → 4.29.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (333) hide show
  1. package/README.md +25 -25
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/app/PublicClientNext.mjs +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +23 -9
  8. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  11. package/dist/cache/AccountManager.mjs +1 -1
  12. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  13. package/dist/cache/BrowserCacheManager.mjs +1 -1
  14. package/dist/cache/CacheHelpers.mjs +1 -1
  15. package/dist/cache/CacheKeys.mjs +1 -1
  16. package/dist/cache/CookieStorage.mjs +1 -1
  17. package/dist/cache/DatabaseStorage.mjs +1 -1
  18. package/dist/cache/EncryptedData.mjs +1 -1
  19. package/dist/cache/LocalStorage.mjs +1 -1
  20. package/dist/cache/MemoryStorage.mjs +1 -1
  21. package/dist/cache/SessionStorage.mjs +1 -1
  22. package/dist/cache/TokenCache.mjs +1 -1
  23. package/dist/config/Configuration.d.ts +7 -0
  24. package/dist/config/Configuration.d.ts.map +1 -1
  25. package/dist/config/Configuration.mjs +2 -1
  26. package/dist/config/Configuration.mjs.map +1 -1
  27. package/dist/controllers/ControllerFactory.mjs +1 -1
  28. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  29. package/dist/controllers/StandardController.d.ts +13 -2
  30. package/dist/controllers/StandardController.d.ts.map +1 -1
  31. package/dist/controllers/StandardController.mjs +109 -20
  32. package/dist/controllers/StandardController.mjs.map +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.mjs +1 -1
  36. package/dist/crypto/PkceGenerator.mjs +1 -1
  37. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  38. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  39. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  40. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +23 -9
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  45. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  46. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  47. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  48. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  49. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  50. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  51. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  52. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  53. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  57. package/dist/custom-auth-path/config/Configuration.d.ts +7 -0
  58. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  59. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  60. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  61. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  62. package/dist/custom-auth-path/controllers/StandardController.d.ts +13 -2
  63. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  64. package/dist/custom-auth-path/controllers/StandardController.mjs +109 -20
  65. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  66. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  67. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  68. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  70. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  176. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  177. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  178. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  179. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  180. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  181. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  182. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  183. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  184. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  185. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  186. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  187. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  188. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  189. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  190. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  191. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  192. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  193. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +7 -0
  194. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +49 -3
  196. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  197. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  198. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +5 -1
  200. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
  203. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +15 -2
  204. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  205. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  206. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  207. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  208. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  209. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  210. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  211. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  212. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  213. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  214. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
  215. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  216. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  217. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  218. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  219. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  220. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  221. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  222. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  223. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  224. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  225. package/dist/encode/Base64Decode.mjs +1 -1
  226. package/dist/encode/Base64Encode.mjs +1 -1
  227. package/dist/error/BrowserAuthError.mjs +1 -1
  228. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  229. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  230. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  231. package/dist/error/NativeAuthError.mjs +1 -1
  232. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  233. package/dist/error/NestedAppAuthError.mjs +1 -1
  234. package/dist/event/EventHandler.mjs +1 -1
  235. package/dist/event/EventMessage.mjs +1 -1
  236. package/dist/event/EventType.mjs +1 -1
  237. package/dist/index.mjs +1 -1
  238. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  239. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  240. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  241. package/dist/interaction_client/PopupClient.mjs +1 -1
  242. package/dist/interaction_client/RedirectClient.mjs +1 -1
  243. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  244. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  245. package/dist/interaction_client/SilentIframeClient.d.ts +7 -0
  246. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  247. package/dist/interaction_client/SilentIframeClient.mjs +49 -3
  248. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  249. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  250. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  251. package/dist/interaction_client/StandardInteractionClient.mjs +5 -1
  252. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  253. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  254. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  255. package/dist/interaction_handler/SilentHandler.mjs +15 -2
  256. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  257. package/dist/naa/BridgeError.mjs +1 -1
  258. package/dist/naa/BridgeProxy.mjs +1 -1
  259. package/dist/naa/BridgeStatusCode.mjs +1 -1
  260. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  261. package/dist/navigation/NavigationClient.mjs +1 -1
  262. package/dist/network/FetchClient.mjs +1 -1
  263. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  264. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  265. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  266. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  267. package/dist/packageMetadata.d.ts +1 -1
  268. package/dist/packageMetadata.mjs +2 -2
  269. package/dist/protocol/Authorize.mjs +1 -1
  270. package/dist/request/RequestHelpers.mjs +1 -1
  271. package/dist/response/ResponseHandler.mjs +1 -1
  272. package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
  273. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  274. package/dist/telemetry/BrowserPerformanceClient.mjs +10 -1
  275. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  276. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  277. package/dist/utils/BrowserConstants.mjs +1 -1
  278. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  279. package/dist/utils/BrowserUtils.mjs +1 -1
  280. package/dist/utils/Helpers.mjs +1 -1
  281. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  282. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  283. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  284. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  285. package/lib/custom-auth-path/msal-custom-auth.cjs +375 -111
  286. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  287. package/lib/custom-auth-path/msal-custom-auth.js +375 -111
  288. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  289. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  290. package/lib/custom-auth-path/types/config/Configuration.d.ts +7 -0
  291. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  292. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +13 -2
  293. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  294. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  295. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +7 -0
  296. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  297. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  298. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  299. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  300. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  301. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  302. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  303. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  304. package/lib/msal-browser.cjs +408 -113
  305. package/lib/msal-browser.cjs.map +1 -1
  306. package/lib/msal-browser.js +408 -113
  307. package/lib/msal-browser.js.map +1 -1
  308. package/lib/msal-browser.min.js +64 -64
  309. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  310. package/lib/types/config/Configuration.d.ts +7 -0
  311. package/lib/types/config/Configuration.d.ts.map +1 -1
  312. package/lib/types/controllers/StandardController.d.ts +13 -2
  313. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  314. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  315. package/lib/types/interaction_client/SilentIframeClient.d.ts +7 -0
  316. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  317. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  318. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  319. package/lib/types/packageMetadata.d.ts +1 -1
  320. package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  321. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  322. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  323. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  324. package/package.json +2 -2
  325. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +24 -13
  326. package/src/config/Configuration.ts +8 -0
  327. package/src/controllers/StandardController.ts +164 -39
  328. package/src/interaction_client/SilentIframeClient.ts +136 -0
  329. package/src/interaction_client/StandardInteractionClient.ts +12 -0
  330. package/src/interaction_handler/SilentHandler.ts +21 -1
  331. package/src/packageMetadata.ts +1 -1
  332. package/src/telemetry/BrowserPerformanceClient.ts +10 -0
  333. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v4.28.2 2026-02-10 */
1
+ /*! @azure/msal-browser v4.29.1 2026-03-13 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v15.14.2 2026-02-10 */
9
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -280,7 +280,7 @@
280
280
  // Token renewal offset default in seconds
281
281
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
282
282
 
283
- /*! @azure/msal-common v15.14.2 2026-02-10 */
283
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
284
284
  /*
285
285
  * Copyright (c) Microsoft Corporation. All rights reserved.
286
286
  * Licensed under the MIT License.
@@ -291,7 +291,7 @@
291
291
  const unexpectedError = "unexpected_error";
292
292
  const postRequestFailed$1 = "post_request_failed";
293
293
 
294
- /*! @azure/msal-common v15.14.2 2026-02-10 */
294
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
295
295
 
296
296
  /*
297
297
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -326,7 +326,7 @@
326
326
  : AuthErrorMessages[code]);
327
327
  }
328
328
 
329
- /*! @azure/msal-common v15.14.2 2026-02-10 */
329
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
330
330
  /*
331
331
  * Copyright (c) Microsoft Corporation. All rights reserved.
332
332
  * Licensed under the MIT License.
@@ -377,7 +377,7 @@
377
377
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
378
378
  const platformBrokerError = "platform_broker_error";
379
379
 
380
- /*! @azure/msal-common v15.14.2 2026-02-10 */
380
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
381
381
 
382
382
  /*
383
383
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -452,7 +452,7 @@
452
452
  return new ClientAuthError(errorCode, additionalMessage);
453
453
  }
454
454
 
455
- /*! @azure/msal-common v15.14.2 2026-02-10 */
455
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
456
456
 
457
457
  /*
458
458
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -491,7 +491,7 @@
491
491
  },
492
492
  };
493
493
 
494
- /*! @azure/msal-common v15.14.2 2026-02-10 */
494
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
495
495
 
496
496
  /*
497
497
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -682,12 +682,12 @@
682
682
  }
683
683
  }
684
684
 
685
- /*! @azure/msal-common v15.14.2 2026-02-10 */
685
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
686
686
  /* eslint-disable header/header */
687
687
  const name$1 = "@azure/msal-common";
688
- const version$1 = "15.14.2";
688
+ const version$1 = "15.16.1";
689
689
 
690
- /*! @azure/msal-common v15.14.2 2026-02-10 */
690
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
691
691
  /*
692
692
  * Copyright (c) Microsoft Corporation. All rights reserved.
693
693
  * Licensed under the MIT License.
@@ -696,7 +696,7 @@
696
696
  // AzureCloudInstance is not specified.
697
697
  None: "none"};
698
698
 
699
- /*! @azure/msal-common v15.14.2 2026-02-10 */
699
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
700
700
  /*
701
701
  * Copyright (c) Microsoft Corporation. All rights reserved.
702
702
  * Licensed under the MIT License.
@@ -726,7 +726,7 @@
726
726
  const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
727
727
  const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
728
728
 
729
- /*! @azure/msal-common v15.14.2 2026-02-10 */
729
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
730
730
 
731
731
  /*
732
732
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -772,7 +772,7 @@
772
772
  return new ClientConfigurationError(errorCode);
773
773
  }
774
774
 
775
- /*! @azure/msal-common v15.14.2 2026-02-10 */
775
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
776
776
  /*
777
777
  * Copyright (c) Microsoft Corporation. All rights reserved.
778
778
  * Licensed under the MIT License.
@@ -867,9 +867,48 @@
867
867
  .replace(/\?/g, "\\?"));
868
868
  return regex.test(input);
869
869
  }
870
+ /**
871
+ * Tests if a given string matches a given pattern using stricter, anchored matching semantics.
872
+ *
873
+ * Differences from `matchPattern` (legacy):
874
+ * - All regex metacharacters (including `.`) in the pattern are treated as literals,
875
+ * so `example.com` matches only `example.com` and not `exampleXcom`.
876
+ * - The generated regex is anchored with `^` and `$` so partial/substring matches
877
+ * are not allowed.
878
+ * - `*` is the only supported wildcard. Its behaviour depends on the URL component:
879
+ * - `host` component: `*` matches any sequence of characters that does NOT include
880
+ * a dot (`.`), keeping wildcards within a single DNS label boundary.
881
+ * - All other components: `*` matches any sequence of characters (including `/`).
882
+ *
883
+ * @param pattern - The `protectedResourceMap` key pattern to match against. `*` is a
884
+ * multi-character wildcard; all other characters are treated as literals.
885
+ * @param input - The URL component value (e.g. host, pathname) extracted from the
886
+ * outgoing request URL to test against the pattern.
887
+ * @param options - Optional. Provide `component` to enable component-aware wildcard
888
+ * semantics. Accepted values: `"host"`, `"path"`, `"protocol"`, `"search"`,
889
+ * `"hash"`. Defaults to path-style (permissive) matching when omitted.
890
+ * @returns `true` if the full input string matches the pattern; `false` otherwise.
891
+ */
892
+ static matchPatternStrict(pattern, input, options) {
893
+ const component = options?.component;
894
+ // Step 1: Escape all regex special characters so literals are matched literally.
895
+ let regexBody = pattern.replace(/[.+^${}()|[\]\\*?]/g, "\\$&");
896
+ // Step 2: Replace the escaped '*' with its component-aware regex equivalent.
897
+ if (component === "host") {
898
+ regexBody = regexBody.replace(/\\\*/g, "[^.]*");
899
+ }
900
+ else {
901
+ // PATH, PROTOCOL, SEARCH, HASH, or unspecified: '*' matches any characters.
902
+ regexBody = regexBody.replace(/\\\*/g, ".*");
903
+ }
904
+ // Step 3: Anchor for full-string matching.
905
+ // eslint-disable-next-line security/detect-non-literal-regexp
906
+ const regex = new RegExp(`^${regexBody}$`);
907
+ return regex.test(input);
908
+ }
870
909
  }
871
910
 
872
- /*! @azure/msal-common v15.14.2 2026-02-10 */
911
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
873
912
 
874
913
  /*
875
914
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1064,7 +1103,7 @@
1064
1103
  }
1065
1104
  }
1066
1105
 
1067
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1106
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1068
1107
 
1069
1108
  /*
1070
1109
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1104,7 +1143,7 @@
1104
1143
  };
1105
1144
  }
1106
1145
 
1107
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1146
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1108
1147
  /*
1109
1148
  * Copyright (c) Microsoft Corporation. All rights reserved.
1110
1149
  * Licensed under the MIT License.
@@ -1186,7 +1225,7 @@
1186
1225
  return updatedAccountInfo;
1187
1226
  }
1188
1227
 
1189
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1228
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1190
1229
  /*
1191
1230
  * Copyright (c) Microsoft Corporation. All rights reserved.
1192
1231
  * Licensed under the MIT License.
@@ -1201,7 +1240,7 @@
1201
1240
  Ciam: 3,
1202
1241
  };
1203
1242
 
1204
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1243
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1205
1244
  /*
1206
1245
  * Copyright (c) Microsoft Corporation. All rights reserved.
1207
1246
  * Licensed under the MIT License.
@@ -1223,7 +1262,7 @@
1223
1262
  return null;
1224
1263
  }
1225
1264
 
1226
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1265
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1227
1266
  /*
1228
1267
  * Copyright (c) Microsoft Corporation. All rights reserved.
1229
1268
  * Licensed under the MIT License.
@@ -1247,7 +1286,7 @@
1247
1286
  EAR: "EAR",
1248
1287
  };
1249
1288
 
1250
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1289
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1251
1290
 
1252
1291
  /*
1253
1292
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1482,7 +1521,7 @@
1482
1521
  }
1483
1522
  }
1484
1523
 
1485
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1524
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1486
1525
 
1487
1526
  /*
1488
1527
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1563,7 +1602,7 @@
1563
1602
  }
1564
1603
  }
1565
1604
 
1566
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1605
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1567
1606
 
1568
1607
  /*
1569
1608
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1679,7 +1718,7 @@
1679
1718
  }
1680
1719
  }
1681
1720
 
1682
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1721
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1683
1722
 
1684
1723
  /*
1685
1724
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1843,7 +1882,7 @@
1843
1882
  }
1844
1883
  }
1845
1884
 
1846
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1885
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1847
1886
 
1848
1887
  /*
1849
1888
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2018,7 +2057,7 @@
2018
2057
  return null;
2019
2058
  }
2020
2059
 
2021
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2060
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2022
2061
  /*
2023
2062
  * Copyright (c) Microsoft Corporation. All rights reserved.
2024
2063
  * Licensed under the MIT License.
@@ -2026,7 +2065,7 @@
2026
2065
  const cacheQuotaExceeded = "cache_quota_exceeded";
2027
2066
  const cacheErrorUnknown = "cache_error_unknown";
2028
2067
 
2029
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2068
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2030
2069
 
2031
2070
  /*
2032
2071
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2071,7 +2110,7 @@
2071
2110
  }
2072
2111
  }
2073
2112
 
2074
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2113
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2075
2114
 
2076
2115
  /*
2077
2116
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3181,7 +3220,7 @@
3181
3220
  }
3182
3221
  }
3183
3222
 
3184
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3223
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3185
3224
  /*
3186
3225
  * Copyright (c) Microsoft Corporation. All rights reserved.
3187
3226
  * Licensed under the MIT License.
@@ -3443,6 +3482,11 @@
3443
3482
  LoadIdToken: "loadIdToken",
3444
3483
  LoadAccessToken: "loadAccessToken",
3445
3484
  LoadRefreshToken: "loadRefreshToken",
3485
+ /**
3486
+ * SSO capability verification call (msal-browser).
3487
+ * Fire-and-forget SSO verification call made after interactive authentication completes.
3488
+ */
3489
+ SsoCapable: "ssoCapable",
3446
3490
  };
3447
3491
  /**
3448
3492
  * State of the performance event.
@@ -3453,7 +3497,7 @@
3453
3497
  const PerformanceEventStatus = {
3454
3498
  InProgress: 1};
3455
3499
 
3456
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3500
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3457
3501
 
3458
3502
  /*
3459
3503
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3532,7 +3576,7 @@
3532
3576
  }
3533
3577
  }
3534
3578
 
3535
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3579
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3536
3580
 
3537
3581
  /*
3538
3582
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3632,7 +3676,7 @@
3632
3676
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3633
3677
  }
3634
3678
 
3635
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3679
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3636
3680
  /*
3637
3681
  * Copyright (c) Microsoft Corporation. All rights reserved.
3638
3682
  * Licensed under the MIT License.
@@ -3642,7 +3686,7 @@
3642
3686
  UPN: "UPN",
3643
3687
  };
3644
3688
 
3645
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3689
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3646
3690
  /*
3647
3691
  * Copyright (c) Microsoft Corporation. All rights reserved.
3648
3692
  * Licensed under the MIT License.
@@ -3692,7 +3736,7 @@
3692
3736
  const EAR_JWK = "ear_jwk";
3693
3737
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
3694
3738
 
3695
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3739
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3696
3740
 
3697
3741
  /*
3698
3742
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4072,7 +4116,7 @@
4072
4116
  });
4073
4117
  }
4074
4118
 
4075
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4119
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4076
4120
  /*
4077
4121
  * Copyright (c) Microsoft Corporation. All rights reserved.
4078
4122
  * Licensed under the MIT License.
@@ -4084,7 +4128,7 @@
4084
4128
  response.hasOwnProperty("jwks_uri"));
4085
4129
  }
4086
4130
 
4087
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4131
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4088
4132
  /*
4089
4133
  * Copyright (c) Microsoft Corporation. All rights reserved.
4090
4134
  * Licensed under the MIT License.
@@ -4094,7 +4138,7 @@
4094
4138
  response.hasOwnProperty("metadata"));
4095
4139
  }
4096
4140
 
4097
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4141
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4098
4142
  /*
4099
4143
  * Copyright (c) Microsoft Corporation. All rights reserved.
4100
4144
  * Licensed under the MIT License.
@@ -4104,7 +4148,7 @@
4104
4148
  response.hasOwnProperty("error_description"));
4105
4149
  }
4106
4150
 
4107
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4151
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4108
4152
  /*
4109
4153
  * Copyright (c) Microsoft Corporation. All rights reserved.
4110
4154
  * Licensed under the MIT License.
@@ -4200,7 +4244,7 @@
4200
4244
  };
4201
4245
  };
4202
4246
 
4203
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4247
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4204
4248
 
4205
4249
  /*
4206
4250
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4306,7 +4350,7 @@
4306
4350
  },
4307
4351
  };
4308
4352
 
4309
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4353
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4310
4354
  /*
4311
4355
  * Copyright (c) Microsoft Corporation. All rights reserved.
4312
4356
  * Licensed under the MIT License.
@@ -4371,7 +4415,7 @@
4371
4415
  return cachedAtSec > nowSeconds();
4372
4416
  }
4373
4417
 
4374
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4418
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4375
4419
 
4376
4420
  /*
4377
4421
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4633,7 +4677,7 @@
4633
4677
  return metadata.expiresAt <= nowSeconds();
4634
4678
  }
4635
4679
 
4636
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4680
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4637
4681
 
4638
4682
  /*
4639
4683
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5472,7 +5516,7 @@
5472
5516
  };
5473
5517
  }
5474
5518
 
5475
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5519
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5476
5520
 
5477
5521
  /*
5478
5522
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5503,7 +5547,7 @@
5503
5547
  }
5504
5548
  }
5505
5549
 
5506
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5550
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5507
5551
 
5508
5552
  /*
5509
5553
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5522,7 +5566,7 @@
5522
5566
  }
5523
5567
  }
5524
5568
 
5525
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5569
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5526
5570
  /*
5527
5571
  * Copyright (c) Microsoft Corporation. All rights reserved.
5528
5572
  * Licensed under the MIT License.
@@ -5543,7 +5587,7 @@
5543
5587
  };
5544
5588
  }
5545
5589
 
5546
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5590
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5547
5591
 
5548
5592
  /*
5549
5593
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5630,7 +5674,7 @@
5630
5674
  }
5631
5675
  }
5632
5676
 
5633
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5677
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5634
5678
 
5635
5679
  /*
5636
5680
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5661,7 +5705,7 @@
5661
5705
  return new NetworkError(error, httpStatus, responseHeaders);
5662
5706
  }
5663
5707
 
5664
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5708
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5665
5709
 
5666
5710
  /*
5667
5711
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5809,23 +5853,58 @@
5809
5853
  }
5810
5854
  }
5811
5855
 
5812
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5856
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5813
5857
  /*
5814
5858
  * Copyright (c) Microsoft Corporation. All rights reserved.
5815
5859
  * Licensed under the MIT License.
5816
5860
  */
5817
- // Codes defined by MSAL
5861
+ /**
5862
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
5863
+ * @public
5864
+ */
5818
5865
  const noTokensFound = "no_tokens_found";
5866
+ /**
5867
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
5868
+ * @public
5869
+ */
5819
5870
  const nativeAccountUnavailable = "native_account_unavailable";
5871
+ /**
5872
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
5873
+ * @public
5874
+ */
5820
5875
  const refreshTokenExpired = "refresh_token_expired";
5876
+ /**
5877
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
5878
+ * @public
5879
+ */
5821
5880
  const uxNotAllowed = "ux_not_allowed";
5822
- // Codes potentially returned by server
5881
+ /**
5882
+ * Server-originated error code indicating interaction is required to complete the request.
5883
+ * @public
5884
+ */
5823
5885
  const interactionRequired = "interaction_required";
5886
+ /**
5887
+ * Server-originated error code indicating user consent is required.
5888
+ * @public
5889
+ */
5824
5890
  const consentRequired = "consent_required";
5891
+ /**
5892
+ * Server-originated error code indicating user login is required.
5893
+ * @public
5894
+ */
5825
5895
  const loginRequired = "login_required";
5826
- const badToken = "bad_token";
5896
+ /**
5897
+ * Server-originated error code indicating the token is invalid or corrupted.
5898
+ * @public
5899
+ */
5900
+ const badToken = "bad_token";
5901
+ /**
5902
+ * Server-originated error code indicating the user was interrupted and must reattempt the flow.
5903
+ * @public
5904
+ */
5905
+ const interruptedUser = "interrupted_user";
5827
5906
 
5828
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5907
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5829
5908
 
5830
5909
  /*
5831
5910
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5840,6 +5919,7 @@
5840
5919
  loginRequired,
5841
5920
  badToken,
5842
5921
  uxNotAllowed,
5922
+ interruptedUser,
5843
5923
  ];
5844
5924
  const InteractionRequiredAuthSubErrorMessage = [
5845
5925
  "message_only",
@@ -5848,6 +5928,7 @@
5848
5928
  "user_password_expired",
5849
5929
  "consent_required",
5850
5930
  "bad_token",
5931
+ "interrupted_user",
5851
5932
  ];
5852
5933
  const InteractionRequiredAuthErrorMessages = {
5853
5934
  [noTokensFound]: "No refresh token found in the cache. Please sign-in.",
@@ -5855,6 +5936,7 @@
5855
5936
  [refreshTokenExpired]: "Refresh token has expired.",
5856
5937
  [badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",
5857
5938
  [uxNotAllowed]: "`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve.",
5939
+ [interruptedUser]: "The user could not be authenticated due to an interrupted state. Please invoke an interactive API to resolve.",
5858
5940
  };
5859
5941
  /**
5860
5942
  * Error thrown when user interaction is required.
@@ -5897,7 +5979,7 @@
5897
5979
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
5898
5980
  }
5899
5981
 
5900
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5982
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5901
5983
 
5902
5984
  /*
5903
5985
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5969,7 +6051,7 @@
5969
6051
  }
5970
6052
  }
5971
6053
 
5972
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6054
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5973
6055
 
5974
6056
  /*
5975
6057
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6051,7 +6133,7 @@
6051
6133
  }
6052
6134
  }
6053
6135
 
6054
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6136
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6055
6137
  /*
6056
6138
  * Copyright (c) Microsoft Corporation. All rights reserved.
6057
6139
  * Licensed under the MIT License.
@@ -6078,7 +6160,7 @@
6078
6160
  }
6079
6161
  }
6080
6162
 
6081
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6163
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6082
6164
 
6083
6165
  /*
6084
6166
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6417,7 +6499,7 @@
6417
6499
  return baseAccount;
6418
6500
  }
6419
6501
 
6420
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6502
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6421
6503
  /*
6422
6504
  * Copyright (c) Microsoft Corporation. All rights reserved.
6423
6505
  * Licensed under the MIT License.
@@ -6435,7 +6517,7 @@
6435
6517
  }
6436
6518
  }
6437
6519
 
6438
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6520
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6439
6521
 
6440
6522
  /*
6441
6523
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6584,11 +6666,6 @@
6584
6666
  throw createClientConfigurationError(missingSshJwk);
6585
6667
  }
6586
6668
  }
6587
- if (!StringUtils.isEmptyObj(request.claims) ||
6588
- (this.config.authOptions.clientCapabilities &&
6589
- this.config.authOptions.clientCapabilities.length > 0)) {
6590
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6591
- }
6592
6669
  let ccsCred = undefined;
6593
6670
  if (request.clientInfo) {
6594
6671
  try {
@@ -6638,6 +6715,15 @@
6638
6715
  });
6639
6716
  }
6640
6717
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6718
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
6719
+ const configClaims = request.skipBrokerClaims &&
6720
+ parameters.has(BROKER_CLIENT_ID)
6721
+ ? undefined
6722
+ : this.config.authOptions.clientCapabilities;
6723
+ if (!StringUtils.isEmptyObj(request.claims) ||
6724
+ (configClaims && configClaims.length > 0)) {
6725
+ addClaims(parameters, request.claims, configClaims);
6726
+ }
6641
6727
  return mapToQueryString(parameters);
6642
6728
  }
6643
6729
  /**
@@ -6671,7 +6757,7 @@
6671
6757
  }
6672
6758
  }
6673
6759
 
6674
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6760
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6675
6761
 
6676
6762
  /*
6677
6763
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6849,11 +6935,6 @@
6849
6935
  throw createClientConfigurationError(missingSshJwk);
6850
6936
  }
6851
6937
  }
6852
- if (!StringUtils.isEmptyObj(request.claims) ||
6853
- (this.config.authOptions.clientCapabilities &&
6854
- this.config.authOptions.clientCapabilities.length > 0)) {
6855
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6856
- }
6857
6938
  if (this.config.systemOptions.preventCorsPreflight &&
6858
6939
  request.ccsCredential) {
6859
6940
  switch (request.ccsCredential.type) {
@@ -6879,11 +6960,20 @@
6879
6960
  addExtraQueryParameters(parameters, request.tokenBodyParameters);
6880
6961
  }
6881
6962
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6963
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
6964
+ const configClaims = request.skipBrokerClaims &&
6965
+ parameters.has(BROKER_CLIENT_ID)
6966
+ ? undefined
6967
+ : this.config.authOptions.clientCapabilities;
6968
+ if (!StringUtils.isEmptyObj(request.claims) ||
6969
+ (configClaims && configClaims.length > 0)) {
6970
+ addClaims(parameters, request.claims, configClaims);
6971
+ }
6882
6972
  return mapToQueryString(parameters);
6883
6973
  }
6884
6974
  }
6885
6975
 
6886
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6976
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6887
6977
 
6888
6978
  /*
6889
6979
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6981,7 +7071,7 @@
6981
7071
  }
6982
7072
  }
6983
7073
 
6984
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7074
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6985
7075
 
6986
7076
  /*
6987
7077
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6996,7 +7086,7 @@
6996
7086
  },
6997
7087
  };
6998
7088
 
6999
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7089
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7000
7090
 
7001
7091
  /*
7002
7092
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7117,14 +7207,17 @@
7117
7207
  if (request.state) {
7118
7208
  addState(parameters, request.state);
7119
7209
  }
7120
- if (request.claims ||
7121
- (authOptions.clientCapabilities &&
7122
- authOptions.clientCapabilities.length > 0)) {
7123
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
7124
- }
7125
7210
  if (request.embeddedClientId) {
7126
7211
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
7127
7212
  }
7213
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
7214
+ const configClaims = request.skipBrokerClaims &&
7215
+ parameters.has(BROKER_CLIENT_ID)
7216
+ ? undefined
7217
+ : authOptions.clientCapabilities;
7218
+ if (request.claims || (configClaims && configClaims.length > 0)) {
7219
+ addClaims(parameters, request.claims, configClaims);
7220
+ }
7128
7221
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
7129
7222
  if (authOptions.instanceAware &&
7130
7223
  (!request.extraQueryParameters ||
@@ -7220,7 +7313,7 @@
7220
7313
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7221
7314
  }
7222
7315
 
7223
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7316
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7224
7317
 
7225
7318
  /*
7226
7319
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7483,7 +7576,7 @@
7483
7576
  }
7484
7577
  }
7485
7578
 
7486
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7579
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7487
7580
  /*
7488
7581
  * Copyright (c) Microsoft Corporation. All rights reserved.
7489
7582
  * Licensed under the MIT License.
@@ -7491,7 +7584,7 @@
7491
7584
  const missingKidError = "missing_kid_error";
7492
7585
  const missingAlgError = "missing_alg_error";
7493
7586
 
7494
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7587
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7495
7588
 
7496
7589
  /*
7497
7590
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7516,7 +7609,7 @@
7516
7609
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
7517
7610
  }
7518
7611
 
7519
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7612
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7520
7613
 
7521
7614
  /*
7522
7615
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7951,7 +8044,7 @@
7951
8044
 
7952
8045
  /* eslint-disable header/header */
7953
8046
  const name = "@azure/msal-browser";
7954
- const version = "4.28.2";
8047
+ const version = "4.29.1";
7955
8048
 
7956
8049
  /*
7957
8050
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9719,6 +9812,10 @@
9719
9812
  async initializeAuthorizationRequest(request, interactionType) {
9720
9813
  this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.correlationId);
9721
9814
  const redirectUri = this.getRedirectUri(request.redirectUri);
9815
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
9816
+ this.logger.warning("The origin of the redirect URI does not match the origin of the current page. This is likely to cause issues with authentication.", this.correlationId);
9817
+ this.performanceClient.addFields({ isRedirectUriCrossOrigin: true }, this.correlationId);
9818
+ }
9722
9819
  const browserState = {
9723
9820
  interactionType: interactionType,
9724
9821
  };
@@ -17806,6 +17903,7 @@
17806
17903
  supportsNestedAppAuth: false,
17807
17904
  instanceAware: false,
17808
17905
  encodeExtraQueryParams: false,
17906
+ verifySSO: false,
17809
17907
  };
17810
17908
  // Default cache options for browser
17811
17909
  const DEFAULT_CACHE_OPTIONS = {
@@ -18279,14 +18377,28 @@
18279
18377
  return nativeResponse;
18280
18378
  }
18281
18379
  getDOMExtraParams(extraParameters) {
18282
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
18283
- record[key] = String(value);
18284
- return record;
18285
- }, {});
18286
- const validExtraParams = {
18287
- ...stringifiedParams,
18288
- };
18289
- return validExtraParams;
18380
+ try {
18381
+ const stringifiedProperties = {};
18382
+ for (const [key, value] of Object.entries(extraParameters)) {
18383
+ if (!value) {
18384
+ continue;
18385
+ }
18386
+ if (typeof value === "object") {
18387
+ stringifiedProperties[key] = JSON.stringify(value);
18388
+ }
18389
+ else {
18390
+ stringifiedProperties[key] = String(value);
18391
+ }
18392
+ }
18393
+ return stringifiedProperties;
18394
+ }
18395
+ catch (e) {
18396
+ this.logger.error(this.platformAuthType + " - Error stringifying extra parameters");
18397
+ this.logger.errorPii(this.platformAuthType +
18398
+ " - Error stringifying extra parameters: " +
18399
+ e);
18400
+ return {};
18401
+ }
18290
18402
  }
18291
18403
  }
18292
18404
 
@@ -19337,6 +19449,12 @@
19337
19449
  */
19338
19450
  async function monitorIframeForHash(iframe, timeout, pollIntervalMilliseconds, performanceClient, logger, correlationId, responseType) {
19339
19451
  performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerMonitorIframeForHash, correlationId);
19452
+ performanceClient.addFields({
19453
+ iframePollIntervalMs: pollIntervalMilliseconds,
19454
+ iframeTimeoutMs: timeout,
19455
+ }, correlationId);
19456
+ let totalTickCount = 0;
19457
+ let crossOriginTickCount = 0;
19340
19458
  return new Promise((resolve, reject) => {
19341
19459
  if (timeout < DEFAULT_IFRAME_TIMEOUT_MS) {
19342
19460
  logger.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${timeout}ms) than the default (${DEFAULT_IFRAME_TIMEOUT_MS}ms). This may result in timeouts.`);
@@ -19350,6 +19468,7 @@
19350
19468
  reject(createBrowserAuthError(monitorWindowTimeout));
19351
19469
  }, timeout);
19352
19470
  const intervalId = window.setInterval(() => {
19471
+ totalTickCount++;
19353
19472
  let href = "";
19354
19473
  const contentWindow = iframe.contentWindow;
19355
19474
  try {
@@ -19360,7 +19479,9 @@
19360
19479
  */
19361
19480
  href = contentWindow ? contentWindow.location.href : "";
19362
19481
  }
19363
- catch (e) { }
19482
+ catch (e) {
19483
+ crossOriginTickCount++;
19484
+ }
19364
19485
  if (!href || href === "about:blank") {
19365
19486
  return;
19366
19487
  }
@@ -19378,6 +19499,10 @@
19378
19499
  resolve(responseString);
19379
19500
  }, pollIntervalMilliseconds);
19380
19501
  }).finally(() => {
19502
+ performanceClient.addFields({
19503
+ iframeTickCount: totalTickCount,
19504
+ crossOriginTickCount: crossOriginTickCount,
19505
+ }, correlationId);
19381
19506
  invoke(removeHiddenIframe, PerformanceEvents.RemoveHiddenIframe, logger, performanceClient, correlationId)(iframe);
19382
19507
  });
19383
19508
  }
@@ -19565,6 +19690,52 @@
19565
19690
  return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19566
19691
  }
19567
19692
  }
19693
+ /**
19694
+ * Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
19695
+ * This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
19696
+ * @param request - The SSO silent request
19697
+ * @returns true if SSO verification was successful with a valid authorization code, false otherwise
19698
+ */
19699
+ async verifySso(request) {
19700
+ this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentIframeClientAcquireToken, request.correlationId);
19701
+ const inputRequest = { ...request };
19702
+ if (!inputRequest.prompt) {
19703
+ inputRequest.prompt = PromptValue.NONE;
19704
+ }
19705
+ // Create silent request
19706
+ const silentRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, request.correlationId)(inputRequest, InteractionType.Silent);
19707
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
19708
+ serverTelemetryManager: this.initializeServerTelemetryManager(this.apiId),
19709
+ requestAuthority: silentRequest.authority,
19710
+ requestAzureCloudOptions: silentRequest.azureCloudOptions,
19711
+ requestExtraQueryParameters: silentRequest.extraQueryParameters,
19712
+ account: silentRequest.account,
19713
+ });
19714
+ const correlationId = silentRequest.correlationId;
19715
+ const pkceCodes = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
19716
+ const requestWithPkce = {
19717
+ ...silentRequest,
19718
+ codeChallenge: pkceCodes.challenge,
19719
+ };
19720
+ // Create authorize request url
19721
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, requestWithPkce, this.logger, this.performanceClient);
19722
+ // Get the frame handle for the silent request - this triggers the SSO verification
19723
+ const msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
19724
+ const responseType = this.config.auth.OIDCOptions.serverResponseType;
19725
+ // Monitor the iframe for the response
19726
+ const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType);
19727
+ // Deserialize the response
19728
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger);
19729
+ // Validate the response - this checks for errors and validates state
19730
+ validateAuthorizationResponse(serverParams, silentRequest.state);
19731
+ // Verify a valid authorization code is present
19732
+ if (!serverParams.code) {
19733
+ this.logger.warning("SSO verification response did not contain an authorization code", correlationId);
19734
+ return false;
19735
+ }
19736
+ this.logger.verbose("SSO verification completed successfully with valid authorization code - skipped token exchange", correlationId);
19737
+ return true;
19738
+ }
19568
19739
  /**
19569
19740
  * Currently Unsupported
19570
19741
  */
@@ -19959,6 +20130,10 @@
19959
20130
  * Copyright (c) Microsoft Corporation. All rights reserved.
19960
20131
  * Licensed under the MIT License.
19961
20132
  */
20133
+ /**
20134
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
20135
+ * @returns Network connection information, or an empty object if not available.
20136
+ */
19962
20137
  function collectInstanceStats(currentClientId, performanceEvent, logger) {
19963
20138
  const frameInstances =
19964
20139
  // @ts-ignore
@@ -20052,22 +20227,30 @@
20052
20227
  this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto, this.performanceClient);
20053
20228
  this.activeSilentTokenRequests = new Map();
20054
20229
  // Register listener functions
20055
- this.trackPageVisibility = this.trackPageVisibility.bind(this);
20056
- // Register listener functions
20057
- this.trackPageVisibilityWithMeasurement =
20058
- this.trackPageVisibilityWithMeasurement.bind(this);
20230
+ this.trackStateChangeWithMeasurement =
20231
+ this.trackStateChangeWithMeasurement.bind(this);
20059
20232
  }
20060
20233
  static async createController(operatingContext, request) {
20061
20234
  const controller = new StandardController(operatingContext);
20062
20235
  await controller.initialize(request);
20063
20236
  return controller;
20064
20237
  }
20065
- trackPageVisibility(correlationId) {
20238
+ trackStateChange(correlationId, event) {
20066
20239
  if (!correlationId) {
20067
20240
  return;
20068
20241
  }
20069
- this.logger.info("Perf: Visibility change detected");
20070
- this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
20242
+ if (event.type === "visibilitychange") {
20243
+ this.logger.info("Perf: Visibility change detected");
20244
+ this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
20245
+ }
20246
+ else if (event.type === "online") {
20247
+ this.logger.info("Perf: Online status change detected");
20248
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
20249
+ }
20250
+ else if (event.type === "offline") {
20251
+ this.logger.info("Perf: Offline status change detected");
20252
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
20253
+ }
20071
20254
  }
20072
20255
  /**
20073
20256
  * Initializer function to perform async startup tasks such as connecting to WAM extension
@@ -20215,6 +20398,8 @@
20215
20398
  rootMeasurement.end({
20216
20399
  success: true,
20217
20400
  }, undefined, result.account);
20401
+ // Fire-and-forget SSO capability verification in background
20402
+ this.verifySsoCapability(result.account, InteractionType.Redirect);
20218
20403
  }
20219
20404
  else {
20220
20405
  /*
@@ -20447,6 +20632,8 @@
20447
20632
  accessTokenSize: result.accessToken.length,
20448
20633
  idTokenSize: result.idToken.length,
20449
20634
  }, undefined, result.account);
20635
+ // SSO capability verification in background
20636
+ this.verifySsoCapability(result.account, InteractionType.Popup);
20450
20637
  return result;
20451
20638
  })
20452
20639
  .catch((e) => {
@@ -20469,16 +20656,87 @@
20469
20656
  }
20470
20657
  });
20471
20658
  }
20472
- trackPageVisibilityWithMeasurement() {
20659
+ trackStateChangeWithMeasurement(event) {
20473
20660
  const measurement = this.ssoSilentMeasurement ||
20474
20661
  this.acquireTokenByCodeAsyncMeasurement;
20475
20662
  if (!measurement) {
20476
20663
  return;
20477
20664
  }
20478
- this.logger.info("Perf: Visibility change detected in ", measurement.event.name);
20479
- measurement.increment({
20480
- visibilityChangeCount: 1,
20665
+ if (event.type === "visibilitychange") {
20666
+ this.logger.info("Perf: Visibility change detected in ", measurement.event.name);
20667
+ measurement.increment({
20668
+ visibilityChangeCount: 1,
20669
+ });
20670
+ }
20671
+ else if (event.type === "online") {
20672
+ this.logger.info("Perf: Online status change detected in ", measurement.event.name);
20673
+ measurement.increment({
20674
+ onlineStatusChangeCount: 1,
20675
+ });
20676
+ }
20677
+ else if (event.type === "offline") {
20678
+ this.logger.info("Perf: Offline status change detected in ", measurement.event.name);
20679
+ measurement.increment({
20680
+ onlineStatusChangeCount: 1,
20681
+ });
20682
+ }
20683
+ }
20684
+ addStateChangeListeners(listener) {
20685
+ document.addEventListener("visibilitychange", listener);
20686
+ window.addEventListener("online", listener);
20687
+ window.addEventListener("offline", listener);
20688
+ }
20689
+ removeStateChangeListeners(listener) {
20690
+ document.removeEventListener("visibilitychange", listener);
20691
+ window.removeEventListener("online", listener);
20692
+ window.removeEventListener("offline", listener);
20693
+ }
20694
+ /**
20695
+ * SSO capability verification in the background.
20696
+ * This method makes an iframe request to /authorize to verify SSO capability without calling /token.
20697
+ * This method does not block the caller and tracks telemetry for success/failure.
20698
+ * This method only executes if verifySSO is set to true in the auth configuration.
20699
+ * @param account - The account to use for the SSO verification
20700
+ * @param parentApi - The API ID of the parent operation for logging purposes
20701
+ */
20702
+ verifySsoCapability(account, parentApi) {
20703
+ // Check if SSO capability verification is enabled
20704
+ if (!this.config.auth.verifySSO) {
20705
+ return;
20706
+ }
20707
+ const correlationId = this.browserCrypto.createNewGuid();
20708
+ const ssoCapableMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.SsoCapable, correlationId);
20709
+ ssoCapableMeasurement.add({
20710
+ parentApi: parentApi,
20481
20711
  });
20712
+ this.logger.verbose(`SSO capability verification initiated after ${parentApi}`, correlationId);
20713
+ /*
20714
+ * Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
20715
+ * This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
20716
+ */
20717
+ setTimeout(() => {
20718
+ const ssoVerificationRequest = {
20719
+ account: account,
20720
+ correlationId: correlationId,
20721
+ };
20722
+ const silentIframeClient = this.createSilentIframeClient(correlationId);
20723
+ silentIframeClient
20724
+ .verifySso(ssoVerificationRequest)
20725
+ .then((success) => {
20726
+ this.logger.verbose(`SSO capability verification completed after ${parentApi}, success: ${success}`, correlationId);
20727
+ ssoCapableMeasurement.end({
20728
+ fromCache: false,
20729
+ success: success,
20730
+ }, undefined, account);
20731
+ })
20732
+ .catch((error) => {
20733
+ this.logger.warning(`SSO capability verification failed after ${parentApi}: ${error.message}`, correlationId);
20734
+ ssoCapableMeasurement.end({
20735
+ fromCache: false,
20736
+ success: false,
20737
+ }, error, account);
20738
+ });
20739
+ }, 0);
20482
20740
  }
20483
20741
  // #endregion
20484
20742
  // #region Silent Flow
@@ -20512,8 +20770,9 @@
20512
20770
  preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
20513
20771
  this.ssoSilentMeasurement?.increment({
20514
20772
  visibilityChangeCount: 0,
20773
+ onlineStatusChangeCount: 0,
20515
20774
  });
20516
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20775
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
20517
20776
  this.logger.verbose("ssoSilent called", correlationId);
20518
20777
  this.eventHandler.emitEvent(EventType.SSO_SILENT_START, InteractionType.Silent, validRequest);
20519
20778
  let result;
@@ -20557,7 +20816,7 @@
20557
20816
  throw e;
20558
20817
  })
20559
20818
  .finally(() => {
20560
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20819
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
20561
20820
  });
20562
20821
  }
20563
20822
  /**
@@ -20669,8 +20928,9 @@
20669
20928
  this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenByCodeAsync, request.correlationId);
20670
20929
  this.acquireTokenByCodeAsyncMeasurement?.increment({
20671
20930
  visibilityChangeCount: 0,
20931
+ onlineStatusChangeCount: 0,
20672
20932
  });
20673
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20933
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
20674
20934
  const silentAuthCodeClient = this.createSilentAuthCodeClient(request.correlationId);
20675
20935
  const silentTokenResult = await silentAuthCodeClient
20676
20936
  .acquireToken(request)
@@ -20688,7 +20948,7 @@
20688
20948
  throw tokenRenewalError;
20689
20949
  })
20690
20950
  .finally(() => {
20691
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20951
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
20692
20952
  });
20693
20953
  return silentTokenResult;
20694
20954
  }
@@ -21233,18 +21493,22 @@
21233
21493
  * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
21234
21494
  */
21235
21495
  async acquireTokenSilentAsync(request, account) {
21236
- const trackPageVisibility = () => this.trackPageVisibility(request.correlationId);
21496
+ const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
21237
21497
  this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenSilentAsync, request.correlationId);
21238
21498
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Silent, request);
21239
21499
  if (request.correlationId) {
21240
- this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
21500
+ this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
21241
21501
  }
21242
- document.addEventListener("visibilitychange", trackPageVisibility);
21502
+ this.addStateChangeListeners(trackStateChange);
21243
21503
  const silentRequest = await invokeAsync(initializeSilentRequest, PerformanceEvents.InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
21244
21504
  const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
21245
21505
  const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
21246
21506
  const shouldTryToResolveSilently = checkIfRefreshTokenErrorCanBeResolvedSilently(refreshTokenError, cacheLookupPolicy);
21247
21507
  if (shouldTryToResolveSilently) {
21508
+ const silentRefreshReason = `${refreshTokenError.errorCode}${refreshTokenError.subError
21509
+ ? `|${refreshTokenError.subError}`
21510
+ : ""}`;
21511
+ this.performanceClient.addFields({ silentRefreshReason }, silentRequest.correlationId);
21248
21512
  if (!this.activeIframeRequest) {
21249
21513
  let _resolve;
21250
21514
  // Always set the active request tracker immediately after checking it to prevent races
@@ -21314,7 +21578,7 @@
21314
21578
  throw tokenRenewalError;
21315
21579
  })
21316
21580
  .finally(() => {
21317
- document.removeEventListener("visibilitychange", trackPageVisibility);
21581
+ this.removeStateChangeListeners(trackStateChange);
21318
21582
  });
21319
21583
  }
21320
21584
  /**