@azure/msal-browser 4.28.2 → 4.29.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (333) hide show
  1. package/README.md +25 -25
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/app/PublicClientNext.mjs +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +23 -9
  8. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  11. package/dist/cache/AccountManager.mjs +1 -1
  12. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  13. package/dist/cache/BrowserCacheManager.mjs +1 -1
  14. package/dist/cache/CacheHelpers.mjs +1 -1
  15. package/dist/cache/CacheKeys.mjs +1 -1
  16. package/dist/cache/CookieStorage.mjs +1 -1
  17. package/dist/cache/DatabaseStorage.mjs +1 -1
  18. package/dist/cache/EncryptedData.mjs +1 -1
  19. package/dist/cache/LocalStorage.mjs +1 -1
  20. package/dist/cache/MemoryStorage.mjs +1 -1
  21. package/dist/cache/SessionStorage.mjs +1 -1
  22. package/dist/cache/TokenCache.mjs +1 -1
  23. package/dist/config/Configuration.d.ts +7 -0
  24. package/dist/config/Configuration.d.ts.map +1 -1
  25. package/dist/config/Configuration.mjs +2 -1
  26. package/dist/config/Configuration.mjs.map +1 -1
  27. package/dist/controllers/ControllerFactory.mjs +1 -1
  28. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  29. package/dist/controllers/StandardController.d.ts +13 -2
  30. package/dist/controllers/StandardController.d.ts.map +1 -1
  31. package/dist/controllers/StandardController.mjs +109 -20
  32. package/dist/controllers/StandardController.mjs.map +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.mjs +1 -1
  36. package/dist/crypto/PkceGenerator.mjs +1 -1
  37. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  38. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  39. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  40. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +23 -9
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  45. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  46. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  47. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  48. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  49. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  50. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  51. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  52. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  53. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  57. package/dist/custom-auth-path/config/Configuration.d.ts +7 -0
  58. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  59. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  60. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  61. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  62. package/dist/custom-auth-path/controllers/StandardController.d.ts +13 -2
  63. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  64. package/dist/custom-auth-path/controllers/StandardController.mjs +109 -20
  65. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  66. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  67. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  68. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  70. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  176. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  177. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  178. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  179. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  180. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  181. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  182. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  183. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  184. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  185. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  186. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  187. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  188. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  189. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  190. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  191. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  192. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  193. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +7 -0
  194. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +49 -3
  196. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  197. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  198. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +5 -1
  200. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
  203. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +15 -2
  204. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  205. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  206. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  207. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  208. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  209. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  210. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  211. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  212. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  213. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  214. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
  215. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  216. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  217. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  218. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  219. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  220. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  221. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  222. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  223. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  224. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  225. package/dist/encode/Base64Decode.mjs +1 -1
  226. package/dist/encode/Base64Encode.mjs +1 -1
  227. package/dist/error/BrowserAuthError.mjs +1 -1
  228. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  229. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  230. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  231. package/dist/error/NativeAuthError.mjs +1 -1
  232. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  233. package/dist/error/NestedAppAuthError.mjs +1 -1
  234. package/dist/event/EventHandler.mjs +1 -1
  235. package/dist/event/EventMessage.mjs +1 -1
  236. package/dist/event/EventType.mjs +1 -1
  237. package/dist/index.mjs +1 -1
  238. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  239. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  240. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  241. package/dist/interaction_client/PopupClient.mjs +1 -1
  242. package/dist/interaction_client/RedirectClient.mjs +1 -1
  243. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  244. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  245. package/dist/interaction_client/SilentIframeClient.d.ts +7 -0
  246. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  247. package/dist/interaction_client/SilentIframeClient.mjs +49 -3
  248. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  249. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  250. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  251. package/dist/interaction_client/StandardInteractionClient.mjs +5 -1
  252. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  253. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  254. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  255. package/dist/interaction_handler/SilentHandler.mjs +15 -2
  256. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  257. package/dist/naa/BridgeError.mjs +1 -1
  258. package/dist/naa/BridgeProxy.mjs +1 -1
  259. package/dist/naa/BridgeStatusCode.mjs +1 -1
  260. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  261. package/dist/navigation/NavigationClient.mjs +1 -1
  262. package/dist/network/FetchClient.mjs +1 -1
  263. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  264. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  265. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  266. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  267. package/dist/packageMetadata.d.ts +1 -1
  268. package/dist/packageMetadata.mjs +2 -2
  269. package/dist/protocol/Authorize.mjs +1 -1
  270. package/dist/request/RequestHelpers.mjs +1 -1
  271. package/dist/response/ResponseHandler.mjs +1 -1
  272. package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
  273. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  274. package/dist/telemetry/BrowserPerformanceClient.mjs +10 -1
  275. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  276. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  277. package/dist/utils/BrowserConstants.mjs +1 -1
  278. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  279. package/dist/utils/BrowserUtils.mjs +1 -1
  280. package/dist/utils/Helpers.mjs +1 -1
  281. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  282. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  283. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  284. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  285. package/lib/custom-auth-path/msal-custom-auth.cjs +375 -111
  286. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  287. package/lib/custom-auth-path/msal-custom-auth.js +375 -111
  288. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  289. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  290. package/lib/custom-auth-path/types/config/Configuration.d.ts +7 -0
  291. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  292. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +13 -2
  293. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  294. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  295. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +7 -0
  296. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  297. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  298. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  299. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  300. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  301. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  302. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  303. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  304. package/lib/msal-browser.cjs +408 -113
  305. package/lib/msal-browser.cjs.map +1 -1
  306. package/lib/msal-browser.js +408 -113
  307. package/lib/msal-browser.js.map +1 -1
  308. package/lib/msal-browser.min.js +64 -64
  309. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  310. package/lib/types/config/Configuration.d.ts +7 -0
  311. package/lib/types/config/Configuration.d.ts.map +1 -1
  312. package/lib/types/controllers/StandardController.d.ts +13 -2
  313. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  314. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  315. package/lib/types/interaction_client/SilentIframeClient.d.ts +7 -0
  316. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  317. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  318. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  319. package/lib/types/packageMetadata.d.ts +1 -1
  320. package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  321. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  322. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  323. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  324. package/package.json +2 -2
  325. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +24 -13
  326. package/src/config/Configuration.ts +8 -0
  327. package/src/controllers/StandardController.ts +164 -39
  328. package/src/interaction_client/SilentIframeClient.ts +136 -0
  329. package/src/interaction_client/StandardInteractionClient.ts +12 -0
  330. package/src/interaction_handler/SilentHandler.ts +21 -1
  331. package/src/packageMetadata.ts +1 -1
  332. package/src/telemetry/BrowserPerformanceClient.ts +10 -0
  333. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v4.28.2 2026-02-10 */
1
+ /*! @azure/msal-browser v4.29.1 2026-03-13 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v15.14.2 2026-02-10 */
9
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -283,7 +283,7 @@
283
283
  // Token renewal offset default in seconds
284
284
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
285
285
 
286
- /*! @azure/msal-common v15.14.2 2026-02-10 */
286
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
287
287
  /*
288
288
  * Copyright (c) Microsoft Corporation. All rights reserved.
289
289
  * Licensed under the MIT License.
@@ -300,7 +300,7 @@
300
300
  unexpectedError: unexpectedError
301
301
  });
302
302
 
303
- /*! @azure/msal-common v15.14.2 2026-02-10 */
303
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
304
304
 
305
305
  /*
306
306
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -349,7 +349,7 @@
349
349
  : AuthErrorMessages[code]);
350
350
  }
351
351
 
352
- /*! @azure/msal-common v15.14.2 2026-02-10 */
352
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
353
353
  /*
354
354
  * Copyright (c) Microsoft Corporation. All rights reserved.
355
355
  * Licensed under the MIT License.
@@ -449,7 +449,7 @@
449
449
  userTimeoutReached: userTimeoutReached
450
450
  });
451
451
 
452
- /*! @azure/msal-common v15.14.2 2026-02-10 */
452
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
453
453
 
454
454
  /*
455
455
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -706,7 +706,7 @@
706
706
  return new ClientAuthError(errorCode, additionalMessage);
707
707
  }
708
708
 
709
- /*! @azure/msal-common v15.14.2 2026-02-10 */
709
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
710
710
 
711
711
  /*
712
712
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -745,7 +745,7 @@
745
745
  },
746
746
  };
747
747
 
748
- /*! @azure/msal-common v15.14.2 2026-02-10 */
748
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
749
749
 
750
750
  /*
751
751
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -936,12 +936,12 @@
936
936
  }
937
937
  }
938
938
 
939
- /*! @azure/msal-common v15.14.2 2026-02-10 */
939
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
940
940
  /* eslint-disable header/header */
941
941
  const name$1 = "@azure/msal-common";
942
- const version$1 = "15.14.2";
942
+ const version$1 = "15.16.1";
943
943
 
944
- /*! @azure/msal-common v15.14.2 2026-02-10 */
944
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
945
945
  /*
946
946
  * Copyright (c) Microsoft Corporation. All rights reserved.
947
947
  * Licensed under the MIT License.
@@ -961,7 +961,7 @@
961
961
  AzureUsGovernment: "https://login.microsoftonline.us",
962
962
  };
963
963
 
964
- /*! @azure/msal-common v15.14.2 2026-02-10 */
964
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
965
965
  /*
966
966
  * Copyright (c) Microsoft Corporation. All rights reserved.
967
967
  * Licensed under the MIT License.
@@ -1019,7 +1019,7 @@
1019
1019
  urlParseError: urlParseError
1020
1020
  });
1021
1021
 
1022
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1022
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1023
1023
 
1024
1024
  /*
1025
1025
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1167,7 +1167,7 @@
1167
1167
  return new ClientConfigurationError(errorCode);
1168
1168
  }
1169
1169
 
1170
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1170
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1171
1171
  /*
1172
1172
  * Copyright (c) Microsoft Corporation. All rights reserved.
1173
1173
  * Licensed under the MIT License.
@@ -1262,9 +1262,48 @@
1262
1262
  .replace(/\?/g, "\\?"));
1263
1263
  return regex.test(input);
1264
1264
  }
1265
+ /**
1266
+ * Tests if a given string matches a given pattern using stricter, anchored matching semantics.
1267
+ *
1268
+ * Differences from `matchPattern` (legacy):
1269
+ * - All regex metacharacters (including `.`) in the pattern are treated as literals,
1270
+ * so `example.com` matches only `example.com` and not `exampleXcom`.
1271
+ * - The generated regex is anchored with `^` and `$` so partial/substring matches
1272
+ * are not allowed.
1273
+ * - `*` is the only supported wildcard. Its behaviour depends on the URL component:
1274
+ * - `host` component: `*` matches any sequence of characters that does NOT include
1275
+ * a dot (`.`), keeping wildcards within a single DNS label boundary.
1276
+ * - All other components: `*` matches any sequence of characters (including `/`).
1277
+ *
1278
+ * @param pattern - The `protectedResourceMap` key pattern to match against. `*` is a
1279
+ * multi-character wildcard; all other characters are treated as literals.
1280
+ * @param input - The URL component value (e.g. host, pathname) extracted from the
1281
+ * outgoing request URL to test against the pattern.
1282
+ * @param options - Optional. Provide `component` to enable component-aware wildcard
1283
+ * semantics. Accepted values: `"host"`, `"path"`, `"protocol"`, `"search"`,
1284
+ * `"hash"`. Defaults to path-style (permissive) matching when omitted.
1285
+ * @returns `true` if the full input string matches the pattern; `false` otherwise.
1286
+ */
1287
+ static matchPatternStrict(pattern, input, options) {
1288
+ const component = options?.component;
1289
+ // Step 1: Escape all regex special characters so literals are matched literally.
1290
+ let regexBody = pattern.replace(/[.+^${}()|[\]\\*?]/g, "\\$&");
1291
+ // Step 2: Replace the escaped '*' with its component-aware regex equivalent.
1292
+ if (component === "host") {
1293
+ regexBody = regexBody.replace(/\\\*/g, "[^.]*");
1294
+ }
1295
+ else {
1296
+ // PATH, PROTOCOL, SEARCH, HASH, or unspecified: '*' matches any characters.
1297
+ regexBody = regexBody.replace(/\\\*/g, ".*");
1298
+ }
1299
+ // Step 3: Anchor for full-string matching.
1300
+ // eslint-disable-next-line security/detect-non-literal-regexp
1301
+ const regex = new RegExp(`^${regexBody}$`);
1302
+ return regex.test(input);
1303
+ }
1265
1304
  }
1266
1305
 
1267
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1306
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1268
1307
 
1269
1308
  /*
1270
1309
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1459,7 +1498,7 @@
1459
1498
  }
1460
1499
  }
1461
1500
 
1462
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1501
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1463
1502
 
1464
1503
  /*
1465
1504
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1499,7 +1538,7 @@
1499
1538
  };
1500
1539
  }
1501
1540
 
1502
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1541
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1503
1542
  /*
1504
1543
  * Copyright (c) Microsoft Corporation. All rights reserved.
1505
1544
  * Licensed under the MIT License.
@@ -1581,7 +1620,7 @@
1581
1620
  return updatedAccountInfo;
1582
1621
  }
1583
1622
 
1584
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1623
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1585
1624
  /*
1586
1625
  * Copyright (c) Microsoft Corporation. All rights reserved.
1587
1626
  * Licensed under the MIT License.
@@ -1596,7 +1635,7 @@
1596
1635
  Ciam: 3,
1597
1636
  };
1598
1637
 
1599
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1638
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1600
1639
  /*
1601
1640
  * Copyright (c) Microsoft Corporation. All rights reserved.
1602
1641
  * Licensed under the MIT License.
@@ -1618,7 +1657,7 @@
1618
1657
  return null;
1619
1658
  }
1620
1659
 
1621
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1660
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1622
1661
  /*
1623
1662
  * Copyright (c) Microsoft Corporation. All rights reserved.
1624
1663
  * Licensed under the MIT License.
@@ -1642,7 +1681,7 @@
1642
1681
  EAR: "EAR",
1643
1682
  };
1644
1683
 
1645
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1684
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1646
1685
 
1647
1686
  /*
1648
1687
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1877,7 +1916,7 @@
1877
1916
  }
1878
1917
  }
1879
1918
 
1880
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1919
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1881
1920
 
1882
1921
  /*
1883
1922
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1958,7 +1997,7 @@
1958
1997
  }
1959
1998
  }
1960
1999
 
1961
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2000
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1962
2001
 
1963
2002
  /*
1964
2003
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2074,7 +2113,7 @@
2074
2113
  }
2075
2114
  }
2076
2115
 
2077
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2116
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2078
2117
 
2079
2118
  /*
2080
2119
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2238,7 +2277,7 @@
2238
2277
  }
2239
2278
  }
2240
2279
 
2241
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2280
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2242
2281
 
2243
2282
  /*
2244
2283
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2413,7 +2452,7 @@
2413
2452
  return null;
2414
2453
  }
2415
2454
 
2416
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2455
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2417
2456
  /*
2418
2457
  * Copyright (c) Microsoft Corporation. All rights reserved.
2419
2458
  * Licensed under the MIT License.
@@ -2421,7 +2460,7 @@
2421
2460
  const cacheQuotaExceeded = "cache_quota_exceeded";
2422
2461
  const cacheErrorUnknown = "cache_error_unknown";
2423
2462
 
2424
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2463
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2425
2464
 
2426
2465
  /*
2427
2466
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2466,7 +2505,7 @@
2466
2505
  }
2467
2506
  }
2468
2507
 
2469
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2508
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2470
2509
 
2471
2510
  /*
2472
2511
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3577,7 +3616,7 @@
3577
3616
  }
3578
3617
  }
3579
3618
 
3580
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3619
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3581
3620
  /*
3582
3621
  * Copyright (c) Microsoft Corporation. All rights reserved.
3583
3622
  * Licensed under the MIT License.
@@ -3839,6 +3878,11 @@
3839
3878
  LoadIdToken: "loadIdToken",
3840
3879
  LoadAccessToken: "loadAccessToken",
3841
3880
  LoadRefreshToken: "loadRefreshToken",
3881
+ /**
3882
+ * SSO capability verification call (msal-browser).
3883
+ * Fire-and-forget SSO verification call made after interactive authentication completes.
3884
+ */
3885
+ SsoCapable: "ssoCapable",
3842
3886
  };
3843
3887
  const PerformanceEventAbbreviations = new Map([
3844
3888
  [PerformanceEvents.AcquireTokenByCode, "ATByCode"],
@@ -4066,6 +4110,7 @@
4066
4110
  [PerformanceEvents.Decrypt, "decrypt"],
4067
4111
  [PerformanceEvents.GenerateEarKey, "genEarKey"],
4068
4112
  [PerformanceEvents.DecryptEarResponse, "decryptEarResp"],
4113
+ [PerformanceEvents.SsoCapable, "SsoCapable"],
4069
4114
  ]);
4070
4115
  /**
4071
4116
  * State of the performance event.
@@ -4102,9 +4147,14 @@
4102
4147
  "currRefreshCount",
4103
4148
  "expiredCacheRemovedCount",
4104
4149
  "upgradedCacheCount",
4150
+ "networkRtt",
4151
+ "iframePollIntervalMs",
4152
+ "iframeTimeoutMs",
4153
+ "iframeTickCount",
4154
+ "crossOriginTickCount",
4105
4155
  ]);
4106
4156
 
4107
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4157
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4108
4158
 
4109
4159
  /*
4110
4160
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4183,7 +4233,7 @@
4183
4233
  }
4184
4234
  }
4185
4235
 
4186
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4236
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4187
4237
 
4188
4238
  /*
4189
4239
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4283,7 +4333,7 @@
4283
4333
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
4284
4334
  }
4285
4335
 
4286
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4336
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4287
4337
  /*
4288
4338
  * Copyright (c) Microsoft Corporation. All rights reserved.
4289
4339
  * Licensed under the MIT License.
@@ -4293,7 +4343,7 @@
4293
4343
  UPN: "UPN",
4294
4344
  };
4295
4345
 
4296
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4346
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4297
4347
  /*
4298
4348
  * Copyright (c) Microsoft Corporation. All rights reserved.
4299
4349
  * Licensed under the MIT License.
@@ -4343,7 +4393,7 @@
4343
4393
  const EAR_JWK = "ear_jwk";
4344
4394
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
4345
4395
 
4346
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4396
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4347
4397
 
4348
4398
  /*
4349
4399
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4723,7 +4773,7 @@
4723
4773
  });
4724
4774
  }
4725
4775
 
4726
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4776
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4727
4777
  /*
4728
4778
  * Copyright (c) Microsoft Corporation. All rights reserved.
4729
4779
  * Licensed under the MIT License.
@@ -4735,7 +4785,7 @@
4735
4785
  response.hasOwnProperty("jwks_uri"));
4736
4786
  }
4737
4787
 
4738
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4788
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4739
4789
  /*
4740
4790
  * Copyright (c) Microsoft Corporation. All rights reserved.
4741
4791
  * Licensed under the MIT License.
@@ -4745,7 +4795,7 @@
4745
4795
  response.hasOwnProperty("metadata"));
4746
4796
  }
4747
4797
 
4748
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4798
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4749
4799
  /*
4750
4800
  * Copyright (c) Microsoft Corporation. All rights reserved.
4751
4801
  * Licensed under the MIT License.
@@ -4755,7 +4805,7 @@
4755
4805
  response.hasOwnProperty("error_description"));
4756
4806
  }
4757
4807
 
4758
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4808
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4759
4809
  /*
4760
4810
  * Copyright (c) Microsoft Corporation. All rights reserved.
4761
4811
  * Licensed under the MIT License.
@@ -4851,7 +4901,7 @@
4851
4901
  };
4852
4902
  };
4853
4903
 
4854
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4904
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4855
4905
 
4856
4906
  /*
4857
4907
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4957,7 +5007,7 @@
4957
5007
  },
4958
5008
  };
4959
5009
 
4960
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5010
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4961
5011
  /*
4962
5012
  * Copyright (c) Microsoft Corporation. All rights reserved.
4963
5013
  * Licensed under the MIT License.
@@ -5022,7 +5072,7 @@
5022
5072
  return cachedAtSec > nowSeconds();
5023
5073
  }
5024
5074
 
5025
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5075
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5026
5076
 
5027
5077
  /*
5028
5078
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5284,7 +5334,7 @@
5284
5334
  return metadata.expiresAt <= nowSeconds();
5285
5335
  }
5286
5336
 
5287
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5337
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5288
5338
 
5289
5339
  /*
5290
5340
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6123,7 +6173,7 @@
6123
6173
  };
6124
6174
  }
6125
6175
 
6126
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6176
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6127
6177
 
6128
6178
  /*
6129
6179
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6154,7 +6204,7 @@
6154
6204
  }
6155
6205
  }
6156
6206
 
6157
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6207
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6158
6208
 
6159
6209
  /*
6160
6210
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6173,7 +6223,7 @@
6173
6223
  }
6174
6224
  }
6175
6225
 
6176
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6226
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6177
6227
  /*
6178
6228
  * Copyright (c) Microsoft Corporation. All rights reserved.
6179
6229
  * Licensed under the MIT License.
@@ -6194,7 +6244,7 @@
6194
6244
  };
6195
6245
  }
6196
6246
 
6197
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6247
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6198
6248
 
6199
6249
  /*
6200
6250
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6281,7 +6331,7 @@
6281
6331
  }
6282
6332
  }
6283
6333
 
6284
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6334
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6285
6335
 
6286
6336
  /*
6287
6337
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6312,7 +6362,7 @@
6312
6362
  return new NetworkError(error, httpStatus, responseHeaders);
6313
6363
  }
6314
6364
 
6315
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6365
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6316
6366
 
6317
6367
  /*
6318
6368
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6460,27 +6510,63 @@
6460
6510
  }
6461
6511
  }
6462
6512
 
6463
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6513
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6464
6514
  /*
6465
6515
  * Copyright (c) Microsoft Corporation. All rights reserved.
6466
6516
  * Licensed under the MIT License.
6467
6517
  */
6468
- // Codes defined by MSAL
6518
+ /**
6519
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
6520
+ * @public
6521
+ */
6469
6522
  const noTokensFound = "no_tokens_found";
6523
+ /**
6524
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
6525
+ * @public
6526
+ */
6470
6527
  const nativeAccountUnavailable = "native_account_unavailable";
6528
+ /**
6529
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
6530
+ * @public
6531
+ */
6471
6532
  const refreshTokenExpired = "refresh_token_expired";
6533
+ /**
6534
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
6535
+ * @public
6536
+ */
6472
6537
  const uxNotAllowed = "ux_not_allowed";
6473
- // Codes potentially returned by server
6538
+ /**
6539
+ * Server-originated error code indicating interaction is required to complete the request.
6540
+ * @public
6541
+ */
6474
6542
  const interactionRequired = "interaction_required";
6543
+ /**
6544
+ * Server-originated error code indicating user consent is required.
6545
+ * @public
6546
+ */
6475
6547
  const consentRequired = "consent_required";
6548
+ /**
6549
+ * Server-originated error code indicating user login is required.
6550
+ * @public
6551
+ */
6476
6552
  const loginRequired = "login_required";
6477
- const badToken = "bad_token";
6553
+ /**
6554
+ * Server-originated error code indicating the token is invalid or corrupted.
6555
+ * @public
6556
+ */
6557
+ const badToken = "bad_token";
6558
+ /**
6559
+ * Server-originated error code indicating the user was interrupted and must reattempt the flow.
6560
+ * @public
6561
+ */
6562
+ const interruptedUser = "interrupted_user";
6478
6563
 
6479
6564
  var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
6480
6565
  __proto__: null,
6481
6566
  badToken: badToken,
6482
6567
  consentRequired: consentRequired,
6483
6568
  interactionRequired: interactionRequired,
6569
+ interruptedUser: interruptedUser,
6484
6570
  loginRequired: loginRequired,
6485
6571
  nativeAccountUnavailable: nativeAccountUnavailable,
6486
6572
  noTokensFound: noTokensFound,
@@ -6488,7 +6574,7 @@
6488
6574
  uxNotAllowed: uxNotAllowed
6489
6575
  });
6490
6576
 
6491
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6577
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6492
6578
 
6493
6579
  /*
6494
6580
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6503,6 +6589,7 @@
6503
6589
  loginRequired,
6504
6590
  badToken,
6505
6591
  uxNotAllowed,
6592
+ interruptedUser,
6506
6593
  ];
6507
6594
  const InteractionRequiredAuthSubErrorMessage = [
6508
6595
  "message_only",
@@ -6511,6 +6598,7 @@
6511
6598
  "user_password_expired",
6512
6599
  "consent_required",
6513
6600
  "bad_token",
6601
+ "interrupted_user",
6514
6602
  ];
6515
6603
  const InteractionRequiredAuthErrorMessages = {
6516
6604
  [noTokensFound]: "No refresh token found in the cache. Please sign-in.",
@@ -6518,6 +6606,7 @@
6518
6606
  [refreshTokenExpired]: "Refresh token has expired.",
6519
6607
  [badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",
6520
6608
  [uxNotAllowed]: "`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve.",
6609
+ [interruptedUser]: "The user could not be authenticated due to an interrupted state. Please invoke an interactive API to resolve.",
6521
6610
  };
6522
6611
  /**
6523
6612
  * Interaction required errors defined by the SDK
@@ -6536,6 +6625,10 @@
6536
6625
  code: badToken,
6537
6626
  desc: InteractionRequiredAuthErrorMessages[badToken],
6538
6627
  },
6628
+ interrupted_user: {
6629
+ code: interruptedUser,
6630
+ desc: InteractionRequiredAuthErrorMessages[interruptedUser],
6631
+ },
6539
6632
  };
6540
6633
  /**
6541
6634
  * Error thrown when user interaction is required.
@@ -6578,7 +6671,7 @@
6578
6671
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
6579
6672
  }
6580
6673
 
6581
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6674
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6582
6675
 
6583
6676
  /*
6584
6677
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6650,7 +6743,7 @@
6650
6743
  }
6651
6744
  }
6652
6745
 
6653
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6746
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6654
6747
 
6655
6748
  /*
6656
6749
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6732,7 +6825,7 @@
6732
6825
  }
6733
6826
  }
6734
6827
 
6735
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6828
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6736
6829
  /*
6737
6830
  * Copyright (c) Microsoft Corporation. All rights reserved.
6738
6831
  * Licensed under the MIT License.
@@ -6759,7 +6852,7 @@
6759
6852
  }
6760
6853
  }
6761
6854
 
6762
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6855
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6763
6856
 
6764
6857
  /*
6765
6858
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7098,7 +7191,7 @@
7098
7191
  return baseAccount;
7099
7192
  }
7100
7193
 
7101
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7194
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7102
7195
  /*
7103
7196
  * Copyright (c) Microsoft Corporation. All rights reserved.
7104
7197
  * Licensed under the MIT License.
@@ -7116,7 +7209,7 @@
7116
7209
  }
7117
7210
  }
7118
7211
 
7119
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7212
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7120
7213
 
7121
7214
  /*
7122
7215
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7265,11 +7358,6 @@
7265
7358
  throw createClientConfigurationError(missingSshJwk);
7266
7359
  }
7267
7360
  }
7268
- if (!StringUtils.isEmptyObj(request.claims) ||
7269
- (this.config.authOptions.clientCapabilities &&
7270
- this.config.authOptions.clientCapabilities.length > 0)) {
7271
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
7272
- }
7273
7361
  let ccsCred = undefined;
7274
7362
  if (request.clientInfo) {
7275
7363
  try {
@@ -7319,6 +7407,15 @@
7319
7407
  });
7320
7408
  }
7321
7409
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
7410
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
7411
+ const configClaims = request.skipBrokerClaims &&
7412
+ parameters.has(BROKER_CLIENT_ID)
7413
+ ? undefined
7414
+ : this.config.authOptions.clientCapabilities;
7415
+ if (!StringUtils.isEmptyObj(request.claims) ||
7416
+ (configClaims && configClaims.length > 0)) {
7417
+ addClaims(parameters, request.claims, configClaims);
7418
+ }
7322
7419
  return mapToQueryString(parameters);
7323
7420
  }
7324
7421
  /**
@@ -7352,7 +7449,7 @@
7352
7449
  }
7353
7450
  }
7354
7451
 
7355
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7452
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7356
7453
 
7357
7454
  /*
7358
7455
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7530,11 +7627,6 @@
7530
7627
  throw createClientConfigurationError(missingSshJwk);
7531
7628
  }
7532
7629
  }
7533
- if (!StringUtils.isEmptyObj(request.claims) ||
7534
- (this.config.authOptions.clientCapabilities &&
7535
- this.config.authOptions.clientCapabilities.length > 0)) {
7536
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
7537
- }
7538
7630
  if (this.config.systemOptions.preventCorsPreflight &&
7539
7631
  request.ccsCredential) {
7540
7632
  switch (request.ccsCredential.type) {
@@ -7560,11 +7652,20 @@
7560
7652
  addExtraQueryParameters(parameters, request.tokenBodyParameters);
7561
7653
  }
7562
7654
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
7655
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
7656
+ const configClaims = request.skipBrokerClaims &&
7657
+ parameters.has(BROKER_CLIENT_ID)
7658
+ ? undefined
7659
+ : this.config.authOptions.clientCapabilities;
7660
+ if (!StringUtils.isEmptyObj(request.claims) ||
7661
+ (configClaims && configClaims.length > 0)) {
7662
+ addClaims(parameters, request.claims, configClaims);
7663
+ }
7563
7664
  return mapToQueryString(parameters);
7564
7665
  }
7565
7666
  }
7566
7667
 
7567
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7668
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7568
7669
 
7569
7670
  /*
7570
7671
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7662,7 +7763,7 @@
7662
7763
  }
7663
7764
  }
7664
7765
 
7665
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7766
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7666
7767
 
7667
7768
  /*
7668
7769
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7677,7 +7778,7 @@
7677
7778
  },
7678
7779
  };
7679
7780
 
7680
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7781
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7681
7782
 
7682
7783
  /*
7683
7784
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7798,14 +7899,17 @@
7798
7899
  if (request.state) {
7799
7900
  addState(parameters, request.state);
7800
7901
  }
7801
- if (request.claims ||
7802
- (authOptions.clientCapabilities &&
7803
- authOptions.clientCapabilities.length > 0)) {
7804
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
7805
- }
7806
7902
  if (request.embeddedClientId) {
7807
7903
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
7808
7904
  }
7905
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
7906
+ const configClaims = request.skipBrokerClaims &&
7907
+ parameters.has(BROKER_CLIENT_ID)
7908
+ ? undefined
7909
+ : authOptions.clientCapabilities;
7910
+ if (request.claims || (configClaims && configClaims.length > 0)) {
7911
+ addClaims(parameters, request.claims, configClaims);
7912
+ }
7809
7913
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
7810
7914
  if (authOptions.instanceAware &&
7811
7915
  (!request.extraQueryParameters ||
@@ -7901,7 +8005,7 @@
7901
8005
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7902
8006
  }
7903
8007
 
7904
- /*! @azure/msal-common v15.14.2 2026-02-10 */
8008
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7905
8009
 
7906
8010
  /*
7907
8011
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7959,7 +8063,7 @@
7959
8063
  }
7960
8064
  }
7961
8065
 
7962
- /*! @azure/msal-common v15.14.2 2026-02-10 */
8066
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7963
8067
 
7964
8068
  /*
7965
8069
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8222,7 +8326,7 @@
8222
8326
  }
8223
8327
  }
8224
8328
 
8225
- /*! @azure/msal-common v15.14.2 2026-02-10 */
8329
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
8226
8330
  /*
8227
8331
  * Copyright (c) Microsoft Corporation. All rights reserved.
8228
8332
  * Licensed under the MIT License.
@@ -8230,7 +8334,7 @@
8230
8334
  const missingKidError = "missing_kid_error";
8231
8335
  const missingAlgError = "missing_alg_error";
8232
8336
 
8233
- /*! @azure/msal-common v15.14.2 2026-02-10 */
8337
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
8234
8338
 
8235
8339
  /*
8236
8340
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8255,7 +8359,7 @@
8255
8359
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
8256
8360
  }
8257
8361
 
8258
- /*! @azure/msal-common v15.14.2 2026-02-10 */
8362
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
8259
8363
 
8260
8364
  /*
8261
8365
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8295,7 +8399,7 @@
8295
8399
  }
8296
8400
  }
8297
8401
 
8298
- /*! @azure/msal-common v15.14.2 2026-02-10 */
8402
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
8299
8403
 
8300
8404
  /*
8301
8405
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10348,6 +10452,7 @@
10348
10452
  supportsNestedAppAuth: false,
10349
10453
  instanceAware: false,
10350
10454
  encodeExtraQueryParams: false,
10455
+ verifySSO: false,
10351
10456
  };
10352
10457
  // Default cache options for browser
10353
10458
  const DEFAULT_CACHE_OPTIONS = {
@@ -10436,7 +10541,7 @@
10436
10541
 
10437
10542
  /* eslint-disable header/header */
10438
10543
  const name = "@azure/msal-browser";
10439
- const version = "4.28.2";
10544
+ const version = "4.29.1";
10440
10545
 
10441
10546
  /*
10442
10547
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -13909,6 +14014,10 @@
13909
14014
  async initializeAuthorizationRequest(request, interactionType) {
13910
14015
  this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.correlationId);
13911
14016
  const redirectUri = this.getRedirectUri(request.redirectUri);
14017
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
14018
+ this.logger.warning("The origin of the redirect URI does not match the origin of the current page. This is likely to cause issues with authentication.", this.correlationId);
14019
+ this.performanceClient.addFields({ isRedirectUriCrossOrigin: true }, this.correlationId);
14020
+ }
13912
14021
  const browserState = {
13913
14022
  interactionType: interactionType,
13914
14023
  };
@@ -15519,14 +15628,28 @@
15519
15628
  return nativeResponse;
15520
15629
  }
15521
15630
  getDOMExtraParams(extraParameters) {
15522
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
15523
- record[key] = String(value);
15524
- return record;
15525
- }, {});
15526
- const validExtraParams = {
15527
- ...stringifiedParams,
15528
- };
15529
- return validExtraParams;
15631
+ try {
15632
+ const stringifiedProperties = {};
15633
+ for (const [key, value] of Object.entries(extraParameters)) {
15634
+ if (!value) {
15635
+ continue;
15636
+ }
15637
+ if (typeof value === "object") {
15638
+ stringifiedProperties[key] = JSON.stringify(value);
15639
+ }
15640
+ else {
15641
+ stringifiedProperties[key] = String(value);
15642
+ }
15643
+ }
15644
+ return stringifiedProperties;
15645
+ }
15646
+ catch (e) {
15647
+ this.logger.error(this.platformAuthType + " - Error stringifying extra parameters");
15648
+ this.logger.errorPii(this.platformAuthType +
15649
+ " - Error stringifying extra parameters: " +
15650
+ e);
15651
+ return {};
15652
+ }
15530
15653
  }
15531
15654
  }
15532
15655
 
@@ -16593,6 +16716,12 @@
16593
16716
  */
16594
16717
  async function monitorIframeForHash(iframe, timeout, pollIntervalMilliseconds, performanceClient, logger, correlationId, responseType) {
16595
16718
  performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerMonitorIframeForHash, correlationId);
16719
+ performanceClient.addFields({
16720
+ iframePollIntervalMs: pollIntervalMilliseconds,
16721
+ iframeTimeoutMs: timeout,
16722
+ }, correlationId);
16723
+ let totalTickCount = 0;
16724
+ let crossOriginTickCount = 0;
16596
16725
  return new Promise((resolve, reject) => {
16597
16726
  if (timeout < DEFAULT_IFRAME_TIMEOUT_MS) {
16598
16727
  logger.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${timeout}ms) than the default (${DEFAULT_IFRAME_TIMEOUT_MS}ms). This may result in timeouts.`);
@@ -16606,6 +16735,7 @@
16606
16735
  reject(createBrowserAuthError(monitorWindowTimeout));
16607
16736
  }, timeout);
16608
16737
  const intervalId = window.setInterval(() => {
16738
+ totalTickCount++;
16609
16739
  let href = "";
16610
16740
  const contentWindow = iframe.contentWindow;
16611
16741
  try {
@@ -16616,7 +16746,9 @@
16616
16746
  */
16617
16747
  href = contentWindow ? contentWindow.location.href : "";
16618
16748
  }
16619
- catch (e) { }
16749
+ catch (e) {
16750
+ crossOriginTickCount++;
16751
+ }
16620
16752
  if (!href || href === "about:blank") {
16621
16753
  return;
16622
16754
  }
@@ -16634,6 +16766,10 @@
16634
16766
  resolve(responseString);
16635
16767
  }, pollIntervalMilliseconds);
16636
16768
  }).finally(() => {
16769
+ performanceClient.addFields({
16770
+ iframeTickCount: totalTickCount,
16771
+ crossOriginTickCount: crossOriginTickCount,
16772
+ }, correlationId);
16637
16773
  invoke(removeHiddenIframe, PerformanceEvents.RemoveHiddenIframe, logger, performanceClient, correlationId)(iframe);
16638
16774
  });
16639
16775
  }
@@ -16821,6 +16957,52 @@
16821
16957
  return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
16822
16958
  }
16823
16959
  }
16960
+ /**
16961
+ * Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
16962
+ * This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
16963
+ * @param request - The SSO silent request
16964
+ * @returns true if SSO verification was successful with a valid authorization code, false otherwise
16965
+ */
16966
+ async verifySso(request) {
16967
+ this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentIframeClientAcquireToken, request.correlationId);
16968
+ const inputRequest = { ...request };
16969
+ if (!inputRequest.prompt) {
16970
+ inputRequest.prompt = PromptValue.NONE;
16971
+ }
16972
+ // Create silent request
16973
+ const silentRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, request.correlationId)(inputRequest, exports.InteractionType.Silent);
16974
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
16975
+ serverTelemetryManager: this.initializeServerTelemetryManager(this.apiId),
16976
+ requestAuthority: silentRequest.authority,
16977
+ requestAzureCloudOptions: silentRequest.azureCloudOptions,
16978
+ requestExtraQueryParameters: silentRequest.extraQueryParameters,
16979
+ account: silentRequest.account,
16980
+ });
16981
+ const correlationId = silentRequest.correlationId;
16982
+ const pkceCodes = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
16983
+ const requestWithPkce = {
16984
+ ...silentRequest,
16985
+ codeChallenge: pkceCodes.challenge,
16986
+ };
16987
+ // Create authorize request url
16988
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, requestWithPkce, this.logger, this.performanceClient);
16989
+ // Get the frame handle for the silent request - this triggers the SSO verification
16990
+ const msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
16991
+ const responseType = this.config.auth.OIDCOptions.serverResponseType;
16992
+ // Monitor the iframe for the response
16993
+ const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType);
16994
+ // Deserialize the response
16995
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger);
16996
+ // Validate the response - this checks for errors and validates state
16997
+ validateAuthorizationResponse(serverParams, silentRequest.state);
16998
+ // Verify a valid authorization code is present
16999
+ if (!serverParams.code) {
17000
+ this.logger.warning("SSO verification response did not contain an authorization code", correlationId);
17001
+ return false;
17002
+ }
17003
+ this.logger.verbose("SSO verification completed successfully with valid authorization code - skipped token exchange", correlationId);
17004
+ return true;
17005
+ }
16824
17006
  /**
16825
17007
  * Currently Unsupported
16826
17008
  */
@@ -17215,6 +17397,22 @@
17215
17397
  * Copyright (c) Microsoft Corporation. All rights reserved.
17216
17398
  * Licensed under the MIT License.
17217
17399
  */
17400
+ /**
17401
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
17402
+ * @returns Network connection information, or an empty object if not available.
17403
+ */
17404
+ function getNetworkInfo() {
17405
+ if (typeof window === "undefined" || !window.navigator) {
17406
+ return {};
17407
+ }
17408
+ const connection = "connection" in window.navigator
17409
+ ? window.navigator.connection
17410
+ : undefined;
17411
+ return {
17412
+ effectiveType: connection?.effectiveType,
17413
+ rtt: connection?.rtt,
17414
+ };
17415
+ }
17218
17416
  function collectInstanceStats(currentClientId, performanceEvent, logger) {
17219
17417
  const frameInstances =
17220
17418
  // @ts-ignore
@@ -17308,22 +17506,30 @@
17308
17506
  this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto, this.performanceClient);
17309
17507
  this.activeSilentTokenRequests = new Map();
17310
17508
  // Register listener functions
17311
- this.trackPageVisibility = this.trackPageVisibility.bind(this);
17312
- // Register listener functions
17313
- this.trackPageVisibilityWithMeasurement =
17314
- this.trackPageVisibilityWithMeasurement.bind(this);
17509
+ this.trackStateChangeWithMeasurement =
17510
+ this.trackStateChangeWithMeasurement.bind(this);
17315
17511
  }
17316
17512
  static async createController(operatingContext, request) {
17317
17513
  const controller = new StandardController(operatingContext);
17318
17514
  await controller.initialize(request);
17319
17515
  return controller;
17320
17516
  }
17321
- trackPageVisibility(correlationId) {
17517
+ trackStateChange(correlationId, event) {
17322
17518
  if (!correlationId) {
17323
17519
  return;
17324
17520
  }
17325
- this.logger.info("Perf: Visibility change detected");
17326
- this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
17521
+ if (event.type === "visibilitychange") {
17522
+ this.logger.info("Perf: Visibility change detected");
17523
+ this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
17524
+ }
17525
+ else if (event.type === "online") {
17526
+ this.logger.info("Perf: Online status change detected");
17527
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
17528
+ }
17529
+ else if (event.type === "offline") {
17530
+ this.logger.info("Perf: Offline status change detected");
17531
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
17532
+ }
17327
17533
  }
17328
17534
  /**
17329
17535
  * Initializer function to perform async startup tasks such as connecting to WAM extension
@@ -17471,6 +17677,8 @@
17471
17677
  rootMeasurement.end({
17472
17678
  success: true,
17473
17679
  }, undefined, result.account);
17680
+ // Fire-and-forget SSO capability verification in background
17681
+ this.verifySsoCapability(result.account, exports.InteractionType.Redirect);
17474
17682
  }
17475
17683
  else {
17476
17684
  /*
@@ -17703,6 +17911,8 @@
17703
17911
  accessTokenSize: result.accessToken.length,
17704
17912
  idTokenSize: result.idToken.length,
17705
17913
  }, undefined, result.account);
17914
+ // SSO capability verification in background
17915
+ this.verifySsoCapability(result.account, exports.InteractionType.Popup);
17706
17916
  return result;
17707
17917
  })
17708
17918
  .catch((e) => {
@@ -17725,16 +17935,87 @@
17725
17935
  }
17726
17936
  });
17727
17937
  }
17728
- trackPageVisibilityWithMeasurement() {
17938
+ trackStateChangeWithMeasurement(event) {
17729
17939
  const measurement = this.ssoSilentMeasurement ||
17730
17940
  this.acquireTokenByCodeAsyncMeasurement;
17731
17941
  if (!measurement) {
17732
17942
  return;
17733
17943
  }
17734
- this.logger.info("Perf: Visibility change detected in ", measurement.event.name);
17735
- measurement.increment({
17736
- visibilityChangeCount: 1,
17944
+ if (event.type === "visibilitychange") {
17945
+ this.logger.info("Perf: Visibility change detected in ", measurement.event.name);
17946
+ measurement.increment({
17947
+ visibilityChangeCount: 1,
17948
+ });
17949
+ }
17950
+ else if (event.type === "online") {
17951
+ this.logger.info("Perf: Online status change detected in ", measurement.event.name);
17952
+ measurement.increment({
17953
+ onlineStatusChangeCount: 1,
17954
+ });
17955
+ }
17956
+ else if (event.type === "offline") {
17957
+ this.logger.info("Perf: Offline status change detected in ", measurement.event.name);
17958
+ measurement.increment({
17959
+ onlineStatusChangeCount: 1,
17960
+ });
17961
+ }
17962
+ }
17963
+ addStateChangeListeners(listener) {
17964
+ document.addEventListener("visibilitychange", listener);
17965
+ window.addEventListener("online", listener);
17966
+ window.addEventListener("offline", listener);
17967
+ }
17968
+ removeStateChangeListeners(listener) {
17969
+ document.removeEventListener("visibilitychange", listener);
17970
+ window.removeEventListener("online", listener);
17971
+ window.removeEventListener("offline", listener);
17972
+ }
17973
+ /**
17974
+ * SSO capability verification in the background.
17975
+ * This method makes an iframe request to /authorize to verify SSO capability without calling /token.
17976
+ * This method does not block the caller and tracks telemetry for success/failure.
17977
+ * This method only executes if verifySSO is set to true in the auth configuration.
17978
+ * @param account - The account to use for the SSO verification
17979
+ * @param parentApi - The API ID of the parent operation for logging purposes
17980
+ */
17981
+ verifySsoCapability(account, parentApi) {
17982
+ // Check if SSO capability verification is enabled
17983
+ if (!this.config.auth.verifySSO) {
17984
+ return;
17985
+ }
17986
+ const correlationId = this.browserCrypto.createNewGuid();
17987
+ const ssoCapableMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.SsoCapable, correlationId);
17988
+ ssoCapableMeasurement.add({
17989
+ parentApi: parentApi,
17737
17990
  });
17991
+ this.logger.verbose(`SSO capability verification initiated after ${parentApi}`, correlationId);
17992
+ /*
17993
+ * Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
17994
+ * This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
17995
+ */
17996
+ setTimeout(() => {
17997
+ const ssoVerificationRequest = {
17998
+ account: account,
17999
+ correlationId: correlationId,
18000
+ };
18001
+ const silentIframeClient = this.createSilentIframeClient(correlationId);
18002
+ silentIframeClient
18003
+ .verifySso(ssoVerificationRequest)
18004
+ .then((success) => {
18005
+ this.logger.verbose(`SSO capability verification completed after ${parentApi}, success: ${success}`, correlationId);
18006
+ ssoCapableMeasurement.end({
18007
+ fromCache: false,
18008
+ success: success,
18009
+ }, undefined, account);
18010
+ })
18011
+ .catch((error) => {
18012
+ this.logger.warning(`SSO capability verification failed after ${parentApi}: ${error.message}`, correlationId);
18013
+ ssoCapableMeasurement.end({
18014
+ fromCache: false,
18015
+ success: false,
18016
+ }, error, account);
18017
+ });
18018
+ }, 0);
17738
18019
  }
17739
18020
  // #endregion
17740
18021
  // #region Silent Flow
@@ -17768,8 +18049,9 @@
17768
18049
  preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
17769
18050
  this.ssoSilentMeasurement?.increment({
17770
18051
  visibilityChangeCount: 0,
18052
+ onlineStatusChangeCount: 0,
17771
18053
  });
17772
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
18054
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
17773
18055
  this.logger.verbose("ssoSilent called", correlationId);
17774
18056
  this.eventHandler.emitEvent(EventType.SSO_SILENT_START, exports.InteractionType.Silent, validRequest);
17775
18057
  let result;
@@ -17813,7 +18095,7 @@
17813
18095
  throw e;
17814
18096
  })
17815
18097
  .finally(() => {
17816
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
18098
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
17817
18099
  });
17818
18100
  }
17819
18101
  /**
@@ -17925,8 +18207,9 @@
17925
18207
  this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenByCodeAsync, request.correlationId);
17926
18208
  this.acquireTokenByCodeAsyncMeasurement?.increment({
17927
18209
  visibilityChangeCount: 0,
18210
+ onlineStatusChangeCount: 0,
17928
18211
  });
17929
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
18212
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
17930
18213
  const silentAuthCodeClient = this.createSilentAuthCodeClient(request.correlationId);
17931
18214
  const silentTokenResult = await silentAuthCodeClient
17932
18215
  .acquireToken(request)
@@ -17944,7 +18227,7 @@
17944
18227
  throw tokenRenewalError;
17945
18228
  })
17946
18229
  .finally(() => {
17947
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
18230
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
17948
18231
  });
17949
18232
  return silentTokenResult;
17950
18233
  }
@@ -18489,18 +18772,22 @@
18489
18772
  * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
18490
18773
  */
18491
18774
  async acquireTokenSilentAsync(request, account) {
18492
- const trackPageVisibility = () => this.trackPageVisibility(request.correlationId);
18775
+ const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
18493
18776
  this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenSilentAsync, request.correlationId);
18494
18777
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, exports.InteractionType.Silent, request);
18495
18778
  if (request.correlationId) {
18496
- this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
18779
+ this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
18497
18780
  }
18498
- document.addEventListener("visibilitychange", trackPageVisibility);
18781
+ this.addStateChangeListeners(trackStateChange);
18499
18782
  const silentRequest = await invokeAsync(initializeSilentRequest, PerformanceEvents.InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
18500
18783
  const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
18501
18784
  const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
18502
18785
  const shouldTryToResolveSilently = checkIfRefreshTokenErrorCanBeResolvedSilently(refreshTokenError, cacheLookupPolicy);
18503
18786
  if (shouldTryToResolveSilently) {
18787
+ const silentRefreshReason = `${refreshTokenError.errorCode}${refreshTokenError.subError
18788
+ ? `|${refreshTokenError.subError}`
18789
+ : ""}`;
18790
+ this.performanceClient.addFields({ silentRefreshReason }, silentRequest.correlationId);
18504
18791
  if (!this.activeIframeRequest) {
18505
18792
  let _resolve;
18506
18793
  // Always set the active request tracker immediately after checking it to prevent races
@@ -18570,7 +18857,7 @@
18570
18857
  throw tokenRenewalError;
18571
18858
  })
18572
18859
  .finally(() => {
18573
- document.removeEventListener("visibilitychange", trackPageVisibility);
18860
+ this.removeStateChangeListeners(trackStateChange);
18574
18861
  });
18575
18862
  }
18576
18863
  /**
@@ -20749,6 +21036,9 @@
20749
21036
  getPageVisibility() {
20750
21037
  return document.visibilityState?.toString() || null;
20751
21038
  }
21039
+ getOnlineStatus() {
21040
+ return typeof navigator !== "undefined" ? navigator.onLine : null;
21041
+ }
20752
21042
  deleteIncompleteSubMeasurements(inProgressEvent) {
20753
21043
  void getPerfMeasurementModule()?.then((module) => {
20754
21044
  const rootEvent = this.eventsByCorrelationId.get(inProgressEvent.event.correlationId);
@@ -20775,6 +21065,7 @@
20775
21065
  startMeasurement(measureName, correlationId) {
20776
21066
  // Capture page visibilityState and then invoke start/end measurement
20777
21067
  const startPageVisibility = this.getPageVisibility();
21068
+ const startOnlineStatus = this.getOnlineStatus();
20778
21069
  const inProgressEvent = super.startMeasurement(measureName, correlationId);
20779
21070
  const startTime = supportsBrowserPerformanceNow()
20780
21071
  ? window.performance.now()
@@ -20786,11 +21077,15 @@
20786
21077
  return {
20787
21078
  ...inProgressEvent,
20788
21079
  end: (event, error, account) => {
21080
+ const networkInfo = getNetworkInfo();
20789
21081
  const res = inProgressEvent.end({
20790
21082
  ...event,
20791
21083
  startPageVisibility,
21084
+ startOnlineStatus,
20792
21085
  endPageVisibility: this.getPageVisibility(),
20793
21086
  durationMs: getPerfDurationMs(startTime),
21087
+ networkEffectiveType: networkInfo.effectiveType,
21088
+ networkRtt: networkInfo.rtt,
20794
21089
  }, error, account);
20795
21090
  void browserMeasurement?.then((measurement) => measurement.endMeasurement());
20796
21091
  this.deleteIncompleteSubMeasurements(inProgressEvent);