@azure/msal-browser 4.28.2 → 4.29.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (333) hide show
  1. package/README.md +25 -25
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/app/PublicClientNext.mjs +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +23 -9
  8. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  11. package/dist/cache/AccountManager.mjs +1 -1
  12. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  13. package/dist/cache/BrowserCacheManager.mjs +1 -1
  14. package/dist/cache/CacheHelpers.mjs +1 -1
  15. package/dist/cache/CacheKeys.mjs +1 -1
  16. package/dist/cache/CookieStorage.mjs +1 -1
  17. package/dist/cache/DatabaseStorage.mjs +1 -1
  18. package/dist/cache/EncryptedData.mjs +1 -1
  19. package/dist/cache/LocalStorage.mjs +1 -1
  20. package/dist/cache/MemoryStorage.mjs +1 -1
  21. package/dist/cache/SessionStorage.mjs +1 -1
  22. package/dist/cache/TokenCache.mjs +1 -1
  23. package/dist/config/Configuration.d.ts +7 -0
  24. package/dist/config/Configuration.d.ts.map +1 -1
  25. package/dist/config/Configuration.mjs +2 -1
  26. package/dist/config/Configuration.mjs.map +1 -1
  27. package/dist/controllers/ControllerFactory.mjs +1 -1
  28. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  29. package/dist/controllers/StandardController.d.ts +13 -2
  30. package/dist/controllers/StandardController.d.ts.map +1 -1
  31. package/dist/controllers/StandardController.mjs +109 -20
  32. package/dist/controllers/StandardController.mjs.map +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.mjs +1 -1
  36. package/dist/crypto/PkceGenerator.mjs +1 -1
  37. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  38. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  39. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  40. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +23 -9
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  45. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  46. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  47. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  48. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  49. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  50. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  51. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  52. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  53. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/TokenCache.mjs +1 -1
  57. package/dist/custom-auth-path/config/Configuration.d.ts +7 -0
  58. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  59. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  60. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  61. package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
  62. package/dist/custom-auth-path/controllers/StandardController.d.ts +13 -2
  63. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  64. package/dist/custom-auth-path/controllers/StandardController.mjs +109 -20
  65. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  66. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  67. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  68. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  70. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  176. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  177. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  178. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  179. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  180. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  181. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  182. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  183. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  184. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  185. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  186. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  187. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  188. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  189. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  190. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  191. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  192. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  193. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +7 -0
  194. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +49 -3
  196. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  197. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  198. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +5 -1
  200. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
  203. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +15 -2
  204. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  205. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  206. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  207. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  208. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  209. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  210. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  211. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  212. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  213. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  214. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
  215. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  216. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  217. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  218. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  219. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  220. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  221. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  222. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  223. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  224. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  225. package/dist/encode/Base64Decode.mjs +1 -1
  226. package/dist/encode/Base64Encode.mjs +1 -1
  227. package/dist/error/BrowserAuthError.mjs +1 -1
  228. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  229. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  230. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  231. package/dist/error/NativeAuthError.mjs +1 -1
  232. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  233. package/dist/error/NestedAppAuthError.mjs +1 -1
  234. package/dist/event/EventHandler.mjs +1 -1
  235. package/dist/event/EventMessage.mjs +1 -1
  236. package/dist/event/EventType.mjs +1 -1
  237. package/dist/index.mjs +1 -1
  238. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  239. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  240. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  241. package/dist/interaction_client/PopupClient.mjs +1 -1
  242. package/dist/interaction_client/RedirectClient.mjs +1 -1
  243. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  244. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  245. package/dist/interaction_client/SilentIframeClient.d.ts +7 -0
  246. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  247. package/dist/interaction_client/SilentIframeClient.mjs +49 -3
  248. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  249. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  250. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  251. package/dist/interaction_client/StandardInteractionClient.mjs +5 -1
  252. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  253. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  254. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  255. package/dist/interaction_handler/SilentHandler.mjs +15 -2
  256. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  257. package/dist/naa/BridgeError.mjs +1 -1
  258. package/dist/naa/BridgeProxy.mjs +1 -1
  259. package/dist/naa/BridgeStatusCode.mjs +1 -1
  260. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  261. package/dist/navigation/NavigationClient.mjs +1 -1
  262. package/dist/network/FetchClient.mjs +1 -1
  263. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  264. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  265. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  266. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  267. package/dist/packageMetadata.d.ts +1 -1
  268. package/dist/packageMetadata.mjs +2 -2
  269. package/dist/protocol/Authorize.mjs +1 -1
  270. package/dist/request/RequestHelpers.mjs +1 -1
  271. package/dist/response/ResponseHandler.mjs +1 -1
  272. package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
  273. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  274. package/dist/telemetry/BrowserPerformanceClient.mjs +10 -1
  275. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  276. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  277. package/dist/utils/BrowserConstants.mjs +1 -1
  278. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  279. package/dist/utils/BrowserUtils.mjs +1 -1
  280. package/dist/utils/Helpers.mjs +1 -1
  281. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  282. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  283. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  284. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  285. package/lib/custom-auth-path/msal-custom-auth.cjs +375 -111
  286. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  287. package/lib/custom-auth-path/msal-custom-auth.js +375 -111
  288. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  289. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  290. package/lib/custom-auth-path/types/config/Configuration.d.ts +7 -0
  291. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  292. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +13 -2
  293. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  294. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  295. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +7 -0
  296. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  297. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  298. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  299. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  300. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  301. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  302. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  303. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  304. package/lib/msal-browser.cjs +408 -113
  305. package/lib/msal-browser.cjs.map +1 -1
  306. package/lib/msal-browser.js +408 -113
  307. package/lib/msal-browser.js.map +1 -1
  308. package/lib/msal-browser.min.js +64 -64
  309. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  310. package/lib/types/config/Configuration.d.ts +7 -0
  311. package/lib/types/config/Configuration.d.ts.map +1 -1
  312. package/lib/types/controllers/StandardController.d.ts +13 -2
  313. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  314. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  315. package/lib/types/interaction_client/SilentIframeClient.d.ts +7 -0
  316. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  317. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  318. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  319. package/lib/types/packageMetadata.d.ts +1 -1
  320. package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  321. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  322. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  323. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  324. package/package.json +2 -2
  325. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +24 -13
  326. package/src/config/Configuration.ts +8 -0
  327. package/src/controllers/StandardController.ts +164 -39
  328. package/src/interaction_client/SilentIframeClient.ts +136 -0
  329. package/src/interaction_client/StandardInteractionClient.ts +12 -0
  330. package/src/interaction_handler/SilentHandler.ts +21 -1
  331. package/src/packageMetadata.ts +1 -1
  332. package/src/telemetry/BrowserPerformanceClient.ts +10 -0
  333. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v4.28.2 2026-02-10 */
1
+ /*! @azure/msal-browser v4.29.1 2026-03-13 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -276,7 +276,7 @@ const JsonWebTokenTypes = {
276
276
  // Token renewal offset default in seconds
277
277
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
278
278
 
279
- /*! @azure/msal-common v15.14.2 2026-02-10 */
279
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
280
280
  /*
281
281
  * Copyright (c) Microsoft Corporation. All rights reserved.
282
282
  * Licensed under the MIT License.
@@ -287,7 +287,7 @@ const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
287
287
  const unexpectedError = "unexpected_error";
288
288
  const postRequestFailed$1 = "post_request_failed";
289
289
 
290
- /*! @azure/msal-common v15.14.2 2026-02-10 */
290
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
291
291
 
292
292
  /*
293
293
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -322,7 +322,7 @@ function createAuthError(code, additionalMessage) {
322
322
  : AuthErrorMessages[code]);
323
323
  }
324
324
 
325
- /*! @azure/msal-common v15.14.2 2026-02-10 */
325
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
328
328
  * Licensed under the MIT License.
@@ -373,7 +373,7 @@ const methodNotImplemented = "method_not_implemented";
373
373
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
374
374
  const platformBrokerError = "platform_broker_error";
375
375
 
376
- /*! @azure/msal-common v15.14.2 2026-02-10 */
376
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
377
377
 
378
378
  /*
379
379
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -448,7 +448,7 @@ function createClientAuthError(errorCode, additionalMessage) {
448
448
  return new ClientAuthError(errorCode, additionalMessage);
449
449
  }
450
450
 
451
- /*! @azure/msal-common v15.14.2 2026-02-10 */
451
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
452
452
 
453
453
  /*
454
454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -487,7 +487,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
487
487
  },
488
488
  };
489
489
 
490
- /*! @azure/msal-common v15.14.2 2026-02-10 */
490
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
491
491
 
492
492
  /*
493
493
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -678,12 +678,12 @@ class Logger {
678
678
  }
679
679
  }
680
680
 
681
- /*! @azure/msal-common v15.14.2 2026-02-10 */
681
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
682
682
  /* eslint-disable header/header */
683
683
  const name$1 = "@azure/msal-common";
684
- const version$1 = "15.14.2";
684
+ const version$1 = "15.16.1";
685
685
 
686
- /*! @azure/msal-common v15.14.2 2026-02-10 */
686
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
687
687
  /*
688
688
  * Copyright (c) Microsoft Corporation. All rights reserved.
689
689
  * Licensed under the MIT License.
@@ -692,7 +692,7 @@ const AzureCloudInstance = {
692
692
  // AzureCloudInstance is not specified.
693
693
  None: "none"};
694
694
 
695
- /*! @azure/msal-common v15.14.2 2026-02-10 */
695
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
696
696
  /*
697
697
  * Copyright (c) Microsoft Corporation. All rights reserved.
698
698
  * Licensed under the MIT License.
@@ -722,7 +722,7 @@ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
722
722
  const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
723
723
  const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
724
724
 
725
- /*! @azure/msal-common v15.14.2 2026-02-10 */
725
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
726
726
 
727
727
  /*
728
728
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -768,7 +768,7 @@ function createClientConfigurationError(errorCode) {
768
768
  return new ClientConfigurationError(errorCode);
769
769
  }
770
770
 
771
- /*! @azure/msal-common v15.14.2 2026-02-10 */
771
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
772
772
  /*
773
773
  * Copyright (c) Microsoft Corporation. All rights reserved.
774
774
  * Licensed under the MIT License.
@@ -863,9 +863,48 @@ class StringUtils {
863
863
  .replace(/\?/g, "\\?"));
864
864
  return regex.test(input);
865
865
  }
866
+ /**
867
+ * Tests if a given string matches a given pattern using stricter, anchored matching semantics.
868
+ *
869
+ * Differences from `matchPattern` (legacy):
870
+ * - All regex metacharacters (including `.`) in the pattern are treated as literals,
871
+ * so `example.com` matches only `example.com` and not `exampleXcom`.
872
+ * - The generated regex is anchored with `^` and `$` so partial/substring matches
873
+ * are not allowed.
874
+ * - `*` is the only supported wildcard. Its behaviour depends on the URL component:
875
+ * - `host` component: `*` matches any sequence of characters that does NOT include
876
+ * a dot (`.`), keeping wildcards within a single DNS label boundary.
877
+ * - All other components: `*` matches any sequence of characters (including `/`).
878
+ *
879
+ * @param pattern - The `protectedResourceMap` key pattern to match against. `*` is a
880
+ * multi-character wildcard; all other characters are treated as literals.
881
+ * @param input - The URL component value (e.g. host, pathname) extracted from the
882
+ * outgoing request URL to test against the pattern.
883
+ * @param options - Optional. Provide `component` to enable component-aware wildcard
884
+ * semantics. Accepted values: `"host"`, `"path"`, `"protocol"`, `"search"`,
885
+ * `"hash"`. Defaults to path-style (permissive) matching when omitted.
886
+ * @returns `true` if the full input string matches the pattern; `false` otherwise.
887
+ */
888
+ static matchPatternStrict(pattern, input, options) {
889
+ const component = options?.component;
890
+ // Step 1: Escape all regex special characters so literals are matched literally.
891
+ let regexBody = pattern.replace(/[.+^${}()|[\]\\*?]/g, "\\$&");
892
+ // Step 2: Replace the escaped '*' with its component-aware regex equivalent.
893
+ if (component === "host") {
894
+ regexBody = regexBody.replace(/\\\*/g, "[^.]*");
895
+ }
896
+ else {
897
+ // PATH, PROTOCOL, SEARCH, HASH, or unspecified: '*' matches any characters.
898
+ regexBody = regexBody.replace(/\\\*/g, ".*");
899
+ }
900
+ // Step 3: Anchor for full-string matching.
901
+ // eslint-disable-next-line security/detect-non-literal-regexp
902
+ const regex = new RegExp(`^${regexBody}$`);
903
+ return regex.test(input);
904
+ }
866
905
  }
867
906
 
868
- /*! @azure/msal-common v15.14.2 2026-02-10 */
907
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
869
908
 
870
909
  /*
871
910
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1060,7 +1099,7 @@ class ScopeSet {
1060
1099
  }
1061
1100
  }
1062
1101
 
1063
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1102
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1064
1103
 
1065
1104
  /*
1066
1105
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1100,7 +1139,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
1100
1139
  };
1101
1140
  }
1102
1141
 
1103
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1142
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1104
1143
  /*
1105
1144
  * Copyright (c) Microsoft Corporation. All rights reserved.
1106
1145
  * Licensed under the MIT License.
@@ -1182,7 +1221,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1182
1221
  return updatedAccountInfo;
1183
1222
  }
1184
1223
 
1185
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1224
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1186
1225
  /*
1187
1226
  * Copyright (c) Microsoft Corporation. All rights reserved.
1188
1227
  * Licensed under the MIT License.
@@ -1197,7 +1236,7 @@ const AuthorityType = {
1197
1236
  Ciam: 3,
1198
1237
  };
1199
1238
 
1200
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1239
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1201
1240
  /*
1202
1241
  * Copyright (c) Microsoft Corporation. All rights reserved.
1203
1242
  * Licensed under the MIT License.
@@ -1219,7 +1258,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
1219
1258
  return null;
1220
1259
  }
1221
1260
 
1222
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1261
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1223
1262
  /*
1224
1263
  * Copyright (c) Microsoft Corporation. All rights reserved.
1225
1264
  * Licensed under the MIT License.
@@ -1243,7 +1282,7 @@ const ProtocolMode = {
1243
1282
  EAR: "EAR",
1244
1283
  };
1245
1284
 
1246
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1285
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1247
1286
 
1248
1287
  /*
1249
1288
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1478,7 +1517,7 @@ class AccountEntity {
1478
1517
  }
1479
1518
  }
1480
1519
 
1481
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1520
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1482
1521
 
1483
1522
  /*
1484
1523
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1559,7 +1598,7 @@ function checkMaxAge(authTime, maxAge) {
1559
1598
  }
1560
1599
  }
1561
1600
 
1562
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1601
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1563
1602
 
1564
1603
  /*
1565
1604
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1675,7 +1714,7 @@ function normalizeUrlForComparison(url) {
1675
1714
  }
1676
1715
  }
1677
1716
 
1678
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1717
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1679
1718
 
1680
1719
  /*
1681
1720
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1839,7 +1878,7 @@ class UrlString {
1839
1878
  }
1840
1879
  }
1841
1880
 
1842
- /*! @azure/msal-common v15.14.2 2026-02-10 */
1881
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
1843
1882
 
1844
1883
  /*
1845
1884
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2014,7 +2053,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2014
2053
  return null;
2015
2054
  }
2016
2055
 
2017
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2056
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2018
2057
  /*
2019
2058
  * Copyright (c) Microsoft Corporation. All rights reserved.
2020
2059
  * Licensed under the MIT License.
@@ -2022,7 +2061,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2022
2061
  const cacheQuotaExceeded = "cache_quota_exceeded";
2023
2062
  const cacheErrorUnknown = "cache_error_unknown";
2024
2063
 
2025
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2064
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2026
2065
 
2027
2066
  /*
2028
2067
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2067,7 +2106,7 @@ function createCacheError(e) {
2067
2106
  }
2068
2107
  }
2069
2108
 
2070
- /*! @azure/msal-common v15.14.2 2026-02-10 */
2109
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2071
2110
 
2072
2111
  /*
2073
2112
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3177,7 +3216,7 @@ class DefaultStorageClass extends CacheManager {
3177
3216
  }
3178
3217
  }
3179
3218
 
3180
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3219
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3181
3220
  /*
3182
3221
  * Copyright (c) Microsoft Corporation. All rights reserved.
3183
3222
  * Licensed under the MIT License.
@@ -3439,6 +3478,11 @@ const PerformanceEvents = {
3439
3478
  LoadIdToken: "loadIdToken",
3440
3479
  LoadAccessToken: "loadAccessToken",
3441
3480
  LoadRefreshToken: "loadRefreshToken",
3481
+ /**
3482
+ * SSO capability verification call (msal-browser).
3483
+ * Fire-and-forget SSO verification call made after interactive authentication completes.
3484
+ */
3485
+ SsoCapable: "ssoCapable",
3442
3486
  };
3443
3487
  /**
3444
3488
  * State of the performance event.
@@ -3449,7 +3493,7 @@ const PerformanceEvents = {
3449
3493
  const PerformanceEventStatus = {
3450
3494
  InProgress: 1};
3451
3495
 
3452
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3496
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3453
3497
 
3454
3498
  /*
3455
3499
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3528,7 +3572,7 @@ class StubPerformanceClient {
3528
3572
  }
3529
3573
  }
3530
3574
 
3531
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3575
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3532
3576
 
3533
3577
  /*
3534
3578
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3628,7 +3672,7 @@ function isOidcProtocolMode(config) {
3628
3672
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3629
3673
  }
3630
3674
 
3631
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3675
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3632
3676
  /*
3633
3677
  * Copyright (c) Microsoft Corporation. All rights reserved.
3634
3678
  * Licensed under the MIT License.
@@ -3638,7 +3682,7 @@ const CcsCredentialType = {
3638
3682
  UPN: "UPN",
3639
3683
  };
3640
3684
 
3641
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3685
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3642
3686
  /*
3643
3687
  * Copyright (c) Microsoft Corporation. All rights reserved.
3644
3688
  * Licensed under the MIT License.
@@ -3688,7 +3732,7 @@ const INSTANCE_AWARE = "instance_aware";
3688
3732
  const EAR_JWK = "ear_jwk";
3689
3733
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
3690
3734
 
3691
- /*! @azure/msal-common v15.14.2 2026-02-10 */
3735
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
3692
3736
 
3693
3737
  /*
3694
3738
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4068,7 +4112,7 @@ function addPostBodyParameters(parameters, bodyParameters) {
4068
4112
  });
4069
4113
  }
4070
4114
 
4071
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4115
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4072
4116
  /*
4073
4117
  * Copyright (c) Microsoft Corporation. All rights reserved.
4074
4118
  * Licensed under the MIT License.
@@ -4080,7 +4124,7 @@ function isOpenIdConfigResponse(response) {
4080
4124
  response.hasOwnProperty("jwks_uri"));
4081
4125
  }
4082
4126
 
4083
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4127
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4084
4128
  /*
4085
4129
  * Copyright (c) Microsoft Corporation. All rights reserved.
4086
4130
  * Licensed under the MIT License.
@@ -4090,7 +4134,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4090
4134
  response.hasOwnProperty("metadata"));
4091
4135
  }
4092
4136
 
4093
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4137
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4094
4138
  /*
4095
4139
  * Copyright (c) Microsoft Corporation. All rights reserved.
4096
4140
  * Licensed under the MIT License.
@@ -4100,7 +4144,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4100
4144
  response.hasOwnProperty("error_description"));
4101
4145
  }
4102
4146
 
4103
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4147
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4104
4148
  /*
4105
4149
  * Copyright (c) Microsoft Corporation. All rights reserved.
4106
4150
  * Licensed under the MIT License.
@@ -4196,7 +4240,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4196
4240
  };
4197
4241
  };
4198
4242
 
4199
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4243
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4200
4244
 
4201
4245
  /*
4202
4246
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4302,7 +4346,7 @@ RegionDiscovery.IMDS_OPTIONS = {
4302
4346
  },
4303
4347
  };
4304
4348
 
4305
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4349
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4306
4350
  /*
4307
4351
  * Copyright (c) Microsoft Corporation. All rights reserved.
4308
4352
  * Licensed under the MIT License.
@@ -4367,7 +4411,7 @@ function wasClockTurnedBack(cachedAt) {
4367
4411
  return cachedAtSec > nowSeconds();
4368
4412
  }
4369
4413
 
4370
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4414
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4371
4415
 
4372
4416
  /*
4373
4417
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4629,7 +4673,7 @@ function isAuthorityMetadataExpired(metadata) {
4629
4673
  return metadata.expiresAt <= nowSeconds();
4630
4674
  }
4631
4675
 
4632
- /*! @azure/msal-common v15.14.2 2026-02-10 */
4676
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
4633
4677
 
4634
4678
  /*
4635
4679
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5468,7 +5512,7 @@ function buildStaticAuthorityOptions(authOptions) {
5468
5512
  };
5469
5513
  }
5470
5514
 
5471
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5515
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5472
5516
 
5473
5517
  /*
5474
5518
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5499,7 +5543,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5499
5543
  }
5500
5544
  }
5501
5545
 
5502
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5546
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5503
5547
 
5504
5548
  /*
5505
5549
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5518,7 +5562,7 @@ class ServerError extends AuthError {
5518
5562
  }
5519
5563
  }
5520
5564
 
5521
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5565
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5522
5566
  /*
5523
5567
  * Copyright (c) Microsoft Corporation. All rights reserved.
5524
5568
  * Licensed under the MIT License.
@@ -5539,7 +5583,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
5539
5583
  };
5540
5584
  }
5541
5585
 
5542
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5586
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5543
5587
 
5544
5588
  /*
5545
5589
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5626,7 +5670,7 @@ class ThrottlingUtils {
5626
5670
  }
5627
5671
  }
5628
5672
 
5629
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5673
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5630
5674
 
5631
5675
  /*
5632
5676
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5657,7 +5701,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5657
5701
  return new NetworkError(error, httpStatus, responseHeaders);
5658
5702
  }
5659
5703
 
5660
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5704
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5661
5705
 
5662
5706
  /*
5663
5707
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5805,23 +5849,58 @@ class BaseClient {
5805
5849
  }
5806
5850
  }
5807
5851
 
5808
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5852
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5809
5853
  /*
5810
5854
  * Copyright (c) Microsoft Corporation. All rights reserved.
5811
5855
  * Licensed under the MIT License.
5812
5856
  */
5813
- // Codes defined by MSAL
5857
+ /**
5858
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
5859
+ * @public
5860
+ */
5814
5861
  const noTokensFound = "no_tokens_found";
5862
+ /**
5863
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
5864
+ * @public
5865
+ */
5815
5866
  const nativeAccountUnavailable = "native_account_unavailable";
5867
+ /**
5868
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
5869
+ * @public
5870
+ */
5816
5871
  const refreshTokenExpired = "refresh_token_expired";
5872
+ /**
5873
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
5874
+ * @public
5875
+ */
5817
5876
  const uxNotAllowed = "ux_not_allowed";
5818
- // Codes potentially returned by server
5877
+ /**
5878
+ * Server-originated error code indicating interaction is required to complete the request.
5879
+ * @public
5880
+ */
5819
5881
  const interactionRequired = "interaction_required";
5882
+ /**
5883
+ * Server-originated error code indicating user consent is required.
5884
+ * @public
5885
+ */
5820
5886
  const consentRequired = "consent_required";
5887
+ /**
5888
+ * Server-originated error code indicating user login is required.
5889
+ * @public
5890
+ */
5821
5891
  const loginRequired = "login_required";
5822
- const badToken = "bad_token";
5892
+ /**
5893
+ * Server-originated error code indicating the token is invalid or corrupted.
5894
+ * @public
5895
+ */
5896
+ const badToken = "bad_token";
5897
+ /**
5898
+ * Server-originated error code indicating the user was interrupted and must reattempt the flow.
5899
+ * @public
5900
+ */
5901
+ const interruptedUser = "interrupted_user";
5823
5902
 
5824
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5903
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5825
5904
 
5826
5905
  /*
5827
5906
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5836,6 +5915,7 @@ const InteractionRequiredServerErrorMessage = [
5836
5915
  loginRequired,
5837
5916
  badToken,
5838
5917
  uxNotAllowed,
5918
+ interruptedUser,
5839
5919
  ];
5840
5920
  const InteractionRequiredAuthSubErrorMessage = [
5841
5921
  "message_only",
@@ -5844,6 +5924,7 @@ const InteractionRequiredAuthSubErrorMessage = [
5844
5924
  "user_password_expired",
5845
5925
  "consent_required",
5846
5926
  "bad_token",
5927
+ "interrupted_user",
5847
5928
  ];
5848
5929
  const InteractionRequiredAuthErrorMessages = {
5849
5930
  [noTokensFound]: "No refresh token found in the cache. Please sign-in.",
@@ -5851,6 +5932,7 @@ const InteractionRequiredAuthErrorMessages = {
5851
5932
  [refreshTokenExpired]: "Refresh token has expired.",
5852
5933
  [badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",
5853
5934
  [uxNotAllowed]: "`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve.",
5935
+ [interruptedUser]: "The user could not be authenticated due to an interrupted state. Please invoke an interactive API to resolve.",
5854
5936
  };
5855
5937
  /**
5856
5938
  * Error thrown when user interaction is required.
@@ -5893,7 +5975,7 @@ function createInteractionRequiredAuthError(errorCode) {
5893
5975
  return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
5894
5976
  }
5895
5977
 
5896
- /*! @azure/msal-common v15.14.2 2026-02-10 */
5978
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5897
5979
 
5898
5980
  /*
5899
5981
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5965,7 +6047,7 @@ class ProtocolUtils {
5965
6047
  }
5966
6048
  }
5967
6049
 
5968
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6050
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
5969
6051
 
5970
6052
  /*
5971
6053
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6047,7 +6129,7 @@ class PopTokenGenerator {
6047
6129
  }
6048
6130
  }
6049
6131
 
6050
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6132
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6051
6133
  /*
6052
6134
  * Copyright (c) Microsoft Corporation. All rights reserved.
6053
6135
  * Licensed under the MIT License.
@@ -6074,7 +6156,7 @@ class PopTokenGenerator {
6074
6156
  }
6075
6157
  }
6076
6158
 
6077
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6159
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6078
6160
 
6079
6161
  /*
6080
6162
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6413,7 +6495,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6413
6495
  return baseAccount;
6414
6496
  }
6415
6497
 
6416
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6498
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6417
6499
  /*
6418
6500
  * Copyright (c) Microsoft Corporation. All rights reserved.
6419
6501
  * Licensed under the MIT License.
@@ -6431,7 +6513,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
6431
6513
  }
6432
6514
  }
6433
6515
 
6434
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6516
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6435
6517
 
6436
6518
  /*
6437
6519
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6580,11 +6662,6 @@ class AuthorizationCodeClient extends BaseClient {
6580
6662
  throw createClientConfigurationError(missingSshJwk);
6581
6663
  }
6582
6664
  }
6583
- if (!StringUtils.isEmptyObj(request.claims) ||
6584
- (this.config.authOptions.clientCapabilities &&
6585
- this.config.authOptions.clientCapabilities.length > 0)) {
6586
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6587
- }
6588
6665
  let ccsCred = undefined;
6589
6666
  if (request.clientInfo) {
6590
6667
  try {
@@ -6634,6 +6711,15 @@ class AuthorizationCodeClient extends BaseClient {
6634
6711
  });
6635
6712
  }
6636
6713
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6714
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
6715
+ const configClaims = request.skipBrokerClaims &&
6716
+ parameters.has(BROKER_CLIENT_ID)
6717
+ ? undefined
6718
+ : this.config.authOptions.clientCapabilities;
6719
+ if (!StringUtils.isEmptyObj(request.claims) ||
6720
+ (configClaims && configClaims.length > 0)) {
6721
+ addClaims(parameters, request.claims, configClaims);
6722
+ }
6637
6723
  return mapToQueryString(parameters);
6638
6724
  }
6639
6725
  /**
@@ -6667,7 +6753,7 @@ class AuthorizationCodeClient extends BaseClient {
6667
6753
  }
6668
6754
  }
6669
6755
 
6670
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6756
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6671
6757
 
6672
6758
  /*
6673
6759
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6845,11 +6931,6 @@ class RefreshTokenClient extends BaseClient {
6845
6931
  throw createClientConfigurationError(missingSshJwk);
6846
6932
  }
6847
6933
  }
6848
- if (!StringUtils.isEmptyObj(request.claims) ||
6849
- (this.config.authOptions.clientCapabilities &&
6850
- this.config.authOptions.clientCapabilities.length > 0)) {
6851
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6852
- }
6853
6934
  if (this.config.systemOptions.preventCorsPreflight &&
6854
6935
  request.ccsCredential) {
6855
6936
  switch (request.ccsCredential.type) {
@@ -6875,11 +6956,20 @@ class RefreshTokenClient extends BaseClient {
6875
6956
  addExtraQueryParameters(parameters, request.tokenBodyParameters);
6876
6957
  }
6877
6958
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6959
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
6960
+ const configClaims = request.skipBrokerClaims &&
6961
+ parameters.has(BROKER_CLIENT_ID)
6962
+ ? undefined
6963
+ : this.config.authOptions.clientCapabilities;
6964
+ if (!StringUtils.isEmptyObj(request.claims) ||
6965
+ (configClaims && configClaims.length > 0)) {
6966
+ addClaims(parameters, request.claims, configClaims);
6967
+ }
6878
6968
  return mapToQueryString(parameters);
6879
6969
  }
6880
6970
  }
6881
6971
 
6882
- /*! @azure/msal-common v15.14.2 2026-02-10 */
6972
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6883
6973
 
6884
6974
  /*
6885
6975
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6977,7 +7067,7 @@ class SilentFlowClient extends BaseClient {
6977
7067
  }
6978
7068
  }
6979
7069
 
6980
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7070
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6981
7071
 
6982
7072
  /*
6983
7073
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6992,7 +7082,7 @@ const StubbedNetworkModule = {
6992
7082
  },
6993
7083
  };
6994
7084
 
6995
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7085
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
6996
7086
 
6997
7087
  /*
6998
7088
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7113,14 +7203,17 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
7113
7203
  if (request.state) {
7114
7204
  addState(parameters, request.state);
7115
7205
  }
7116
- if (request.claims ||
7117
- (authOptions.clientCapabilities &&
7118
- authOptions.clientCapabilities.length > 0)) {
7119
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
7120
- }
7121
7206
  if (request.embeddedClientId) {
7122
7207
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
7123
7208
  }
7209
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
7210
+ const configClaims = request.skipBrokerClaims &&
7211
+ parameters.has(BROKER_CLIENT_ID)
7212
+ ? undefined
7213
+ : authOptions.clientCapabilities;
7214
+ if (request.claims || (configClaims && configClaims.length > 0)) {
7215
+ addClaims(parameters, request.claims, configClaims);
7216
+ }
7124
7217
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
7125
7218
  if (authOptions.instanceAware &&
7126
7219
  (!request.extraQueryParameters ||
@@ -7216,7 +7309,7 @@ function extractLoginHint(account) {
7216
7309
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7217
7310
  }
7218
7311
 
7219
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7312
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7220
7313
 
7221
7314
  /*
7222
7315
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7479,7 +7572,7 @@ class ServerTelemetryManager {
7479
7572
  }
7480
7573
  }
7481
7574
 
7482
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7575
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7483
7576
  /*
7484
7577
  * Copyright (c) Microsoft Corporation. All rights reserved.
7485
7578
  * Licensed under the MIT License.
@@ -7487,7 +7580,7 @@ class ServerTelemetryManager {
7487
7580
  const missingKidError = "missing_kid_error";
7488
7581
  const missingAlgError = "missing_alg_error";
7489
7582
 
7490
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7583
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7491
7584
 
7492
7585
  /*
7493
7586
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7512,7 +7605,7 @@ function createJoseHeaderError(code) {
7512
7605
  return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
7513
7606
  }
7514
7607
 
7515
- /*! @azure/msal-common v15.14.2 2026-02-10 */
7608
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
7516
7609
 
7517
7610
  /*
7518
7611
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7947,7 +8040,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7947
8040
 
7948
8041
  /* eslint-disable header/header */
7949
8042
  const name = "@azure/msal-browser";
7950
- const version = "4.28.2";
8043
+ const version = "4.29.1";
7951
8044
 
7952
8045
  /*
7953
8046
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9715,6 +9808,10 @@ class StandardInteractionClient extends BaseInteractionClient {
9715
9808
  async initializeAuthorizationRequest(request, interactionType) {
9716
9809
  this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.correlationId);
9717
9810
  const redirectUri = this.getRedirectUri(request.redirectUri);
9811
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
9812
+ this.logger.warning("The origin of the redirect URI does not match the origin of the current page. This is likely to cause issues with authentication.", this.correlationId);
9813
+ this.performanceClient.addFields({ isRedirectUriCrossOrigin: true }, this.correlationId);
9814
+ }
9718
9815
  const browserState = {
9719
9816
  interactionType: interactionType,
9720
9817
  };
@@ -17802,6 +17899,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17802
17899
  supportsNestedAppAuth: false,
17803
17900
  instanceAware: false,
17804
17901
  encodeExtraQueryParams: false,
17902
+ verifySSO: false,
17805
17903
  };
17806
17904
  // Default cache options for browser
17807
17905
  const DEFAULT_CACHE_OPTIONS = {
@@ -18275,14 +18373,28 @@ class PlatformAuthDOMHandler {
18275
18373
  return nativeResponse;
18276
18374
  }
18277
18375
  getDOMExtraParams(extraParameters) {
18278
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
18279
- record[key] = String(value);
18280
- return record;
18281
- }, {});
18282
- const validExtraParams = {
18283
- ...stringifiedParams,
18284
- };
18285
- return validExtraParams;
18376
+ try {
18377
+ const stringifiedProperties = {};
18378
+ for (const [key, value] of Object.entries(extraParameters)) {
18379
+ if (!value) {
18380
+ continue;
18381
+ }
18382
+ if (typeof value === "object") {
18383
+ stringifiedProperties[key] = JSON.stringify(value);
18384
+ }
18385
+ else {
18386
+ stringifiedProperties[key] = String(value);
18387
+ }
18388
+ }
18389
+ return stringifiedProperties;
18390
+ }
18391
+ catch (e) {
18392
+ this.logger.error(this.platformAuthType + " - Error stringifying extra parameters");
18393
+ this.logger.errorPii(this.platformAuthType +
18394
+ " - Error stringifying extra parameters: " +
18395
+ e);
18396
+ return {};
18397
+ }
18286
18398
  }
18287
18399
  }
18288
18400
 
@@ -19333,6 +19445,12 @@ async function initiateEarRequest(config, authority, request, logger, performanc
19333
19445
  */
19334
19446
  async function monitorIframeForHash(iframe, timeout, pollIntervalMilliseconds, performanceClient, logger, correlationId, responseType) {
19335
19447
  performanceClient.addQueueMeasurement(PerformanceEvents.SilentHandlerMonitorIframeForHash, correlationId);
19448
+ performanceClient.addFields({
19449
+ iframePollIntervalMs: pollIntervalMilliseconds,
19450
+ iframeTimeoutMs: timeout,
19451
+ }, correlationId);
19452
+ let totalTickCount = 0;
19453
+ let crossOriginTickCount = 0;
19336
19454
  return new Promise((resolve, reject) => {
19337
19455
  if (timeout < DEFAULT_IFRAME_TIMEOUT_MS) {
19338
19456
  logger.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${timeout}ms) than the default (${DEFAULT_IFRAME_TIMEOUT_MS}ms). This may result in timeouts.`);
@@ -19346,6 +19464,7 @@ async function monitorIframeForHash(iframe, timeout, pollIntervalMilliseconds, p
19346
19464
  reject(createBrowserAuthError(monitorWindowTimeout));
19347
19465
  }, timeout);
19348
19466
  const intervalId = window.setInterval(() => {
19467
+ totalTickCount++;
19349
19468
  let href = "";
19350
19469
  const contentWindow = iframe.contentWindow;
19351
19470
  try {
@@ -19356,7 +19475,9 @@ async function monitorIframeForHash(iframe, timeout, pollIntervalMilliseconds, p
19356
19475
  */
19357
19476
  href = contentWindow ? contentWindow.location.href : "";
19358
19477
  }
19359
- catch (e) { }
19478
+ catch (e) {
19479
+ crossOriginTickCount++;
19480
+ }
19360
19481
  if (!href || href === "about:blank") {
19361
19482
  return;
19362
19483
  }
@@ -19374,6 +19495,10 @@ async function monitorIframeForHash(iframe, timeout, pollIntervalMilliseconds, p
19374
19495
  resolve(responseString);
19375
19496
  }, pollIntervalMilliseconds);
19376
19497
  }).finally(() => {
19498
+ performanceClient.addFields({
19499
+ iframeTickCount: totalTickCount,
19500
+ crossOriginTickCount: crossOriginTickCount,
19501
+ }, correlationId);
19377
19502
  invoke(removeHiddenIframe, PerformanceEvents.RemoveHiddenIframe, logger, performanceClient, correlationId)(iframe);
19378
19503
  });
19379
19504
  }
@@ -19561,6 +19686,52 @@ class SilentIframeClient extends StandardInteractionClient {
19561
19686
  return invokeAsync(handleResponseEAR, PerformanceEvents.HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19562
19687
  }
19563
19688
  }
19689
+ /**
19690
+ * Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
19691
+ * This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
19692
+ * @param request - The SSO silent request
19693
+ * @returns true if SSO verification was successful with a valid authorization code, false otherwise
19694
+ */
19695
+ async verifySso(request) {
19696
+ this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentIframeClientAcquireToken, request.correlationId);
19697
+ const inputRequest = { ...request };
19698
+ if (!inputRequest.prompt) {
19699
+ inputRequest.prompt = PromptValue.NONE;
19700
+ }
19701
+ // Create silent request
19702
+ const silentRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, request.correlationId)(inputRequest, InteractionType.Silent);
19703
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
19704
+ serverTelemetryManager: this.initializeServerTelemetryManager(this.apiId),
19705
+ requestAuthority: silentRequest.authority,
19706
+ requestAzureCloudOptions: silentRequest.azureCloudOptions,
19707
+ requestExtraQueryParameters: silentRequest.extraQueryParameters,
19708
+ account: silentRequest.account,
19709
+ });
19710
+ const correlationId = silentRequest.correlationId;
19711
+ const pkceCodes = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
19712
+ const requestWithPkce = {
19713
+ ...silentRequest,
19714
+ codeChallenge: pkceCodes.challenge,
19715
+ };
19716
+ // Create authorize request url
19717
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, requestWithPkce, this.logger, this.performanceClient);
19718
+ // Get the frame handle for the silent request - this triggers the SSO verification
19719
+ const msalFrame = await invokeAsync(initiateCodeRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
19720
+ const responseType = this.config.auth.OIDCOptions.serverResponseType;
19721
+ // Monitor the iframe for the response
19722
+ const responseString = await invokeAsync(monitorIframeForHash, PerformanceEvents.SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(msalFrame, this.config.system.iframeHashTimeout, this.config.system.pollIntervalMilliseconds, this.performanceClient, this.logger, correlationId, responseType);
19723
+ // Deserialize the response
19724
+ const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger);
19725
+ // Validate the response - this checks for errors and validates state
19726
+ validateAuthorizationResponse(serverParams, silentRequest.state);
19727
+ // Verify a valid authorization code is present
19728
+ if (!serverParams.code) {
19729
+ this.logger.warning("SSO verification response did not contain an authorization code", correlationId);
19730
+ return false;
19731
+ }
19732
+ this.logger.verbose("SSO verification completed successfully with valid authorization code - skipped token exchange", correlationId);
19733
+ return true;
19734
+ }
19564
19735
  /**
19565
19736
  * Currently Unsupported
19566
19737
  */
@@ -19955,6 +20126,10 @@ class SilentAuthCodeClient extends StandardInteractionClient {
19955
20126
  * Copyright (c) Microsoft Corporation. All rights reserved.
19956
20127
  * Licensed under the MIT License.
19957
20128
  */
20129
+ /**
20130
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
20131
+ * @returns Network connection information, or an empty object if not available.
20132
+ */
19958
20133
  function collectInstanceStats(currentClientId, performanceEvent, logger) {
19959
20134
  const frameInstances =
19960
20135
  // @ts-ignore
@@ -20048,22 +20223,30 @@ class StandardController {
20048
20223
  this.tokenCache = new TokenCache(this.config, this.browserStorage, this.logger, this.browserCrypto, this.performanceClient);
20049
20224
  this.activeSilentTokenRequests = new Map();
20050
20225
  // Register listener functions
20051
- this.trackPageVisibility = this.trackPageVisibility.bind(this);
20052
- // Register listener functions
20053
- this.trackPageVisibilityWithMeasurement =
20054
- this.trackPageVisibilityWithMeasurement.bind(this);
20226
+ this.trackStateChangeWithMeasurement =
20227
+ this.trackStateChangeWithMeasurement.bind(this);
20055
20228
  }
20056
20229
  static async createController(operatingContext, request) {
20057
20230
  const controller = new StandardController(operatingContext);
20058
20231
  await controller.initialize(request);
20059
20232
  return controller;
20060
20233
  }
20061
- trackPageVisibility(correlationId) {
20234
+ trackStateChange(correlationId, event) {
20062
20235
  if (!correlationId) {
20063
20236
  return;
20064
20237
  }
20065
- this.logger.info("Perf: Visibility change detected");
20066
- this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
20238
+ if (event.type === "visibilitychange") {
20239
+ this.logger.info("Perf: Visibility change detected");
20240
+ this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
20241
+ }
20242
+ else if (event.type === "online") {
20243
+ this.logger.info("Perf: Online status change detected");
20244
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
20245
+ }
20246
+ else if (event.type === "offline") {
20247
+ this.logger.info("Perf: Offline status change detected");
20248
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
20249
+ }
20067
20250
  }
20068
20251
  /**
20069
20252
  * Initializer function to perform async startup tasks such as connecting to WAM extension
@@ -20211,6 +20394,8 @@ class StandardController {
20211
20394
  rootMeasurement.end({
20212
20395
  success: true,
20213
20396
  }, undefined, result.account);
20397
+ // Fire-and-forget SSO capability verification in background
20398
+ this.verifySsoCapability(result.account, InteractionType.Redirect);
20214
20399
  }
20215
20400
  else {
20216
20401
  /*
@@ -20443,6 +20628,8 @@ class StandardController {
20443
20628
  accessTokenSize: result.accessToken.length,
20444
20629
  idTokenSize: result.idToken.length,
20445
20630
  }, undefined, result.account);
20631
+ // SSO capability verification in background
20632
+ this.verifySsoCapability(result.account, InteractionType.Popup);
20446
20633
  return result;
20447
20634
  })
20448
20635
  .catch((e) => {
@@ -20465,16 +20652,87 @@ class StandardController {
20465
20652
  }
20466
20653
  });
20467
20654
  }
20468
- trackPageVisibilityWithMeasurement() {
20655
+ trackStateChangeWithMeasurement(event) {
20469
20656
  const measurement = this.ssoSilentMeasurement ||
20470
20657
  this.acquireTokenByCodeAsyncMeasurement;
20471
20658
  if (!measurement) {
20472
20659
  return;
20473
20660
  }
20474
- this.logger.info("Perf: Visibility change detected in ", measurement.event.name);
20475
- measurement.increment({
20476
- visibilityChangeCount: 1,
20661
+ if (event.type === "visibilitychange") {
20662
+ this.logger.info("Perf: Visibility change detected in ", measurement.event.name);
20663
+ measurement.increment({
20664
+ visibilityChangeCount: 1,
20665
+ });
20666
+ }
20667
+ else if (event.type === "online") {
20668
+ this.logger.info("Perf: Online status change detected in ", measurement.event.name);
20669
+ measurement.increment({
20670
+ onlineStatusChangeCount: 1,
20671
+ });
20672
+ }
20673
+ else if (event.type === "offline") {
20674
+ this.logger.info("Perf: Offline status change detected in ", measurement.event.name);
20675
+ measurement.increment({
20676
+ onlineStatusChangeCount: 1,
20677
+ });
20678
+ }
20679
+ }
20680
+ addStateChangeListeners(listener) {
20681
+ document.addEventListener("visibilitychange", listener);
20682
+ window.addEventListener("online", listener);
20683
+ window.addEventListener("offline", listener);
20684
+ }
20685
+ removeStateChangeListeners(listener) {
20686
+ document.removeEventListener("visibilitychange", listener);
20687
+ window.removeEventListener("online", listener);
20688
+ window.removeEventListener("offline", listener);
20689
+ }
20690
+ /**
20691
+ * SSO capability verification in the background.
20692
+ * This method makes an iframe request to /authorize to verify SSO capability without calling /token.
20693
+ * This method does not block the caller and tracks telemetry for success/failure.
20694
+ * This method only executes if verifySSO is set to true in the auth configuration.
20695
+ * @param account - The account to use for the SSO verification
20696
+ * @param parentApi - The API ID of the parent operation for logging purposes
20697
+ */
20698
+ verifySsoCapability(account, parentApi) {
20699
+ // Check if SSO capability verification is enabled
20700
+ if (!this.config.auth.verifySSO) {
20701
+ return;
20702
+ }
20703
+ const correlationId = this.browserCrypto.createNewGuid();
20704
+ const ssoCapableMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.SsoCapable, correlationId);
20705
+ ssoCapableMeasurement.add({
20706
+ parentApi: parentApi,
20477
20707
  });
20708
+ this.logger.verbose(`SSO capability verification initiated after ${parentApi}`, correlationId);
20709
+ /*
20710
+ * Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
20711
+ * This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
20712
+ */
20713
+ setTimeout(() => {
20714
+ const ssoVerificationRequest = {
20715
+ account: account,
20716
+ correlationId: correlationId,
20717
+ };
20718
+ const silentIframeClient = this.createSilentIframeClient(correlationId);
20719
+ silentIframeClient
20720
+ .verifySso(ssoVerificationRequest)
20721
+ .then((success) => {
20722
+ this.logger.verbose(`SSO capability verification completed after ${parentApi}, success: ${success}`, correlationId);
20723
+ ssoCapableMeasurement.end({
20724
+ fromCache: false,
20725
+ success: success,
20726
+ }, undefined, account);
20727
+ })
20728
+ .catch((error) => {
20729
+ this.logger.warning(`SSO capability verification failed after ${parentApi}: ${error.message}`, correlationId);
20730
+ ssoCapableMeasurement.end({
20731
+ fromCache: false,
20732
+ success: false,
20733
+ }, error, account);
20734
+ });
20735
+ }, 0);
20478
20736
  }
20479
20737
  // #endregion
20480
20738
  // #region Silent Flow
@@ -20508,8 +20766,9 @@ class StandardController {
20508
20766
  preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
20509
20767
  this.ssoSilentMeasurement?.increment({
20510
20768
  visibilityChangeCount: 0,
20769
+ onlineStatusChangeCount: 0,
20511
20770
  });
20512
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20771
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
20513
20772
  this.logger.verbose("ssoSilent called", correlationId);
20514
20773
  this.eventHandler.emitEvent(EventType.SSO_SILENT_START, InteractionType.Silent, validRequest);
20515
20774
  let result;
@@ -20553,7 +20812,7 @@ class StandardController {
20553
20812
  throw e;
20554
20813
  })
20555
20814
  .finally(() => {
20556
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20815
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
20557
20816
  });
20558
20817
  }
20559
20818
  /**
@@ -20665,8 +20924,9 @@ class StandardController {
20665
20924
  this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenByCodeAsync, request.correlationId);
20666
20925
  this.acquireTokenByCodeAsyncMeasurement?.increment({
20667
20926
  visibilityChangeCount: 0,
20927
+ onlineStatusChangeCount: 0,
20668
20928
  });
20669
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20929
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
20670
20930
  const silentAuthCodeClient = this.createSilentAuthCodeClient(request.correlationId);
20671
20931
  const silentTokenResult = await silentAuthCodeClient
20672
20932
  .acquireToken(request)
@@ -20684,7 +20944,7 @@ class StandardController {
20684
20944
  throw tokenRenewalError;
20685
20945
  })
20686
20946
  .finally(() => {
20687
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20947
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
20688
20948
  });
20689
20949
  return silentTokenResult;
20690
20950
  }
@@ -21229,18 +21489,22 @@ class StandardController {
21229
21489
  * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
21230
21490
  */
21231
21491
  async acquireTokenSilentAsync(request, account) {
21232
- const trackPageVisibility = () => this.trackPageVisibility(request.correlationId);
21492
+ const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
21233
21493
  this.performanceClient.addQueueMeasurement(PerformanceEvents.AcquireTokenSilentAsync, request.correlationId);
21234
21494
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Silent, request);
21235
21495
  if (request.correlationId) {
21236
- this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
21496
+ this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
21237
21497
  }
21238
- document.addEventListener("visibilitychange", trackPageVisibility);
21498
+ this.addStateChangeListeners(trackStateChange);
21239
21499
  const silentRequest = await invokeAsync(initializeSilentRequest, PerformanceEvents.InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
21240
21500
  const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
21241
21501
  const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
21242
21502
  const shouldTryToResolveSilently = checkIfRefreshTokenErrorCanBeResolvedSilently(refreshTokenError, cacheLookupPolicy);
21243
21503
  if (shouldTryToResolveSilently) {
21504
+ const silentRefreshReason = `${refreshTokenError.errorCode}${refreshTokenError.subError
21505
+ ? `|${refreshTokenError.subError}`
21506
+ : ""}`;
21507
+ this.performanceClient.addFields({ silentRefreshReason }, silentRequest.correlationId);
21244
21508
  if (!this.activeIframeRequest) {
21245
21509
  let _resolve;
21246
21510
  // Always set the active request tracker immediately after checking it to prevent races
@@ -21310,7 +21574,7 @@ class StandardController {
21310
21574
  throw tokenRenewalError;
21311
21575
  })
21312
21576
  .finally(() => {
21313
- document.removeEventListener("visibilitychange", trackPageVisibility);
21577
+ this.removeStateChangeListeners(trackStateChange);
21314
21578
  });
21315
21579
  }
21316
21580
  /**