@azure/msal-browser 5.10.0 → 5.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +1176 -1176
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +2 -2
- package/lib/custom-auth-path/msal-custom-auth.cjs +215 -70
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +215 -70
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +2 -2
- package/lib/msal-browser.cjs +218 -72
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +218 -72
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/packageMetadata.ts +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/packageMetadata.d.ts +1 -1
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.10.
|
|
1
|
+
/*! @azure/msal-browser v5.10.1 2026-05-11 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.6.
|
|
5
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
|
|
|
234
234
|
// Token renewal offset default in seconds
|
|
235
235
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
236
236
|
|
|
237
|
-
/*! @azure/msal-common v16.6.
|
|
237
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
238
238
|
/*
|
|
239
239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
240
240
|
* Licensed under the MIT License.
|
|
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
286
286
|
const RESOURCE = "resource";
|
|
287
287
|
const CLI_DATA = "clidata";
|
|
288
288
|
|
|
289
|
-
/*! @azure/msal-common v16.6.
|
|
289
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
290
290
|
/*
|
|
291
291
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
292
292
|
* Licensed under the MIT License.
|
|
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
317
317
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
318
318
|
}
|
|
319
319
|
|
|
320
|
-
/*! @azure/msal-common v16.6.
|
|
320
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
321
321
|
|
|
322
322
|
/*
|
|
323
323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
337
337
|
return new ClientConfigurationError(errorCode);
|
|
338
338
|
}
|
|
339
339
|
|
|
340
|
-
/*! @azure/msal-common v16.6.
|
|
340
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
341
341
|
/*
|
|
342
342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
343
343
|
* Licensed under the MIT License.
|
|
@@ -417,7 +417,7 @@ class StringUtils {
|
|
|
417
417
|
}
|
|
418
418
|
}
|
|
419
419
|
|
|
420
|
-
/*! @azure/msal-common v16.6.
|
|
420
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
421
421
|
|
|
422
422
|
/*
|
|
423
423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
440
440
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
441
441
|
}
|
|
442
442
|
|
|
443
|
-
/*! @azure/msal-common v16.6.
|
|
443
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
444
444
|
/*
|
|
445
445
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
446
446
|
* Licensed under the MIT License.
|
|
@@ -466,7 +466,8 @@ const invalidAuthenticationHeader = "invalid_authentication_header";
|
|
|
466
466
|
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
467
467
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
468
468
|
const authorityMismatch = "authority_mismatch";
|
|
469
|
-
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
469
|
+
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
470
|
+
const issuerValidationFailed = "issuer_validation_failed";
|
|
470
471
|
|
|
471
472
|
var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
472
473
|
__proto__: null,
|
|
@@ -482,6 +483,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
482
483
|
invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
|
|
483
484
|
invalidCodeChallengeMethod: invalidCodeChallengeMethod,
|
|
484
485
|
invalidRequestMethodForEAR: invalidRequestMethodForEAR,
|
|
486
|
+
issuerValidationFailed: issuerValidationFailed,
|
|
485
487
|
logoutRequestEmpty: logoutRequestEmpty,
|
|
486
488
|
missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
|
|
487
489
|
missingSshJwk: missingSshJwk,
|
|
@@ -494,7 +496,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
494
496
|
urlParseError: urlParseError
|
|
495
497
|
});
|
|
496
498
|
|
|
497
|
-
/*! @azure/msal-common v16.6.
|
|
499
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
498
500
|
/*
|
|
499
501
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
500
502
|
* Licensed under the MIT License.
|
|
@@ -582,7 +584,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
582
584
|
userCanceled: userCanceled
|
|
583
585
|
});
|
|
584
586
|
|
|
585
|
-
/*! @azure/msal-common v16.6.
|
|
587
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
586
588
|
|
|
587
589
|
/*
|
|
588
590
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -777,7 +779,7 @@ class ScopeSet {
|
|
|
777
779
|
}
|
|
778
780
|
}
|
|
779
781
|
|
|
780
|
-
/*! @azure/msal-common v16.6.
|
|
782
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
781
783
|
|
|
782
784
|
/*
|
|
783
785
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1166,7 +1168,7 @@ function addResource(parameters, resource) {
|
|
|
1166
1168
|
}
|
|
1167
1169
|
}
|
|
1168
1170
|
|
|
1169
|
-
/*! @azure/msal-common v16.6.
|
|
1171
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1170
1172
|
|
|
1171
1173
|
/*
|
|
1172
1174
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1275,7 +1277,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1275
1277
|
}
|
|
1276
1278
|
}
|
|
1277
1279
|
|
|
1278
|
-
/*! @azure/msal-common v16.6.
|
|
1280
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1279
1281
|
|
|
1280
1282
|
/*
|
|
1281
1283
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1314,7 +1316,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1314
1316
|
},
|
|
1315
1317
|
};
|
|
1316
1318
|
|
|
1317
|
-
/*! @azure/msal-common v16.6.
|
|
1319
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1318
1320
|
/*
|
|
1319
1321
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1320
1322
|
* Licensed under the MIT License.
|
|
@@ -1589,12 +1591,12 @@ class Logger {
|
|
|
1589
1591
|
}
|
|
1590
1592
|
}
|
|
1591
1593
|
|
|
1592
|
-
/*! @azure/msal-common v16.6.
|
|
1594
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1593
1595
|
/* eslint-disable header/header */
|
|
1594
1596
|
const name$1 = "@azure/msal-common";
|
|
1595
|
-
const version$1 = "16.6.
|
|
1597
|
+
const version$1 = "16.6.1";
|
|
1596
1598
|
|
|
1597
|
-
/*! @azure/msal-common v16.6.
|
|
1599
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1598
1600
|
/*
|
|
1599
1601
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1600
1602
|
* Licensed under the MIT License.
|
|
@@ -1614,7 +1616,7 @@ const AzureCloudInstance = {
|
|
|
1614
1616
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1615
1617
|
};
|
|
1616
1618
|
|
|
1617
|
-
/*! @azure/msal-common v16.6.
|
|
1619
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1618
1620
|
/*
|
|
1619
1621
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1620
1622
|
* Licensed under the MIT License.
|
|
@@ -1697,7 +1699,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1697
1699
|
return updatedAccountInfo;
|
|
1698
1700
|
}
|
|
1699
1701
|
|
|
1700
|
-
/*! @azure/msal-common v16.6.
|
|
1702
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1701
1703
|
|
|
1702
1704
|
/*
|
|
1703
1705
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1777,7 +1779,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1777
1779
|
}
|
|
1778
1780
|
}
|
|
1779
1781
|
|
|
1780
|
-
/*! @azure/msal-common v16.6.
|
|
1782
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1781
1783
|
|
|
1782
1784
|
/*
|
|
1783
1785
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1934,7 +1936,7 @@ class UrlString {
|
|
|
1934
1936
|
}
|
|
1935
1937
|
}
|
|
1936
1938
|
|
|
1937
|
-
/*! @azure/msal-common v16.6.
|
|
1939
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1938
1940
|
|
|
1939
1941
|
/*
|
|
1940
1942
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2020,6 +2022,15 @@ const rawMetdataJSON = {
|
|
|
2020
2022
|
preferred_cache: "login.sovcloud-identity.sg",
|
|
2021
2023
|
aliases: ["login.sovcloud-identity.sg"],
|
|
2022
2024
|
},
|
|
2025
|
+
{
|
|
2026
|
+
preferred_network: "login.windows-ppe.net",
|
|
2027
|
+
preferred_cache: "login.windows-ppe.net",
|
|
2028
|
+
aliases: [
|
|
2029
|
+
"login.windows-ppe.net",
|
|
2030
|
+
"sts.windows-ppe.net",
|
|
2031
|
+
"login.microsoft-ppe.com",
|
|
2032
|
+
],
|
|
2033
|
+
},
|
|
2023
2034
|
],
|
|
2024
2035
|
},
|
|
2025
2036
|
};
|
|
@@ -2091,7 +2102,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2091
2102
|
return null;
|
|
2092
2103
|
}
|
|
2093
2104
|
|
|
2094
|
-
/*! @azure/msal-common v16.6.
|
|
2105
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2095
2106
|
/*
|
|
2096
2107
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2097
2108
|
* Licensed under the MIT License.
|
|
@@ -2099,7 +2110,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2099
2110
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2100
2111
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2101
2112
|
|
|
2102
|
-
/*! @azure/msal-common v16.6.
|
|
2113
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2103
2114
|
|
|
2104
2115
|
/*
|
|
2105
2116
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2137,7 +2148,7 @@ function createCacheError(e) {
|
|
|
2137
2148
|
}
|
|
2138
2149
|
}
|
|
2139
2150
|
|
|
2140
|
-
/*! @azure/msal-common v16.6.
|
|
2151
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2141
2152
|
|
|
2142
2153
|
/*
|
|
2143
2154
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2175,7 +2186,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2175
2186
|
};
|
|
2176
2187
|
}
|
|
2177
2188
|
|
|
2178
|
-
/*! @azure/msal-common v16.6.
|
|
2189
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2179
2190
|
/*
|
|
2180
2191
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2181
2192
|
* Licensed under the MIT License.
|
|
@@ -2190,7 +2201,7 @@ const AuthorityType = {
|
|
|
2190
2201
|
Ciam: 3,
|
|
2191
2202
|
};
|
|
2192
2203
|
|
|
2193
|
-
/*! @azure/msal-common v16.6.
|
|
2204
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2194
2205
|
/*
|
|
2195
2206
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2196
2207
|
* Licensed under the MIT License.
|
|
@@ -2212,7 +2223,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2212
2223
|
return null;
|
|
2213
2224
|
}
|
|
2214
2225
|
|
|
2215
|
-
/*! @azure/msal-common v16.6.
|
|
2226
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2216
2227
|
/*
|
|
2217
2228
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2218
2229
|
* Licensed under the MIT License.
|
|
@@ -2236,7 +2247,7 @@ const ProtocolMode = {
|
|
|
2236
2247
|
EAR: "EAR",
|
|
2237
2248
|
};
|
|
2238
2249
|
|
|
2239
|
-
/*! @azure/msal-common v16.6.
|
|
2250
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2240
2251
|
/**
|
|
2241
2252
|
* Returns the AccountInfo interface for this account.
|
|
2242
2253
|
*/
|
|
@@ -2411,7 +2422,7 @@ function isAccountEntity(entity) {
|
|
|
2411
2422
|
entity.hasOwnProperty("authorityType"));
|
|
2412
2423
|
}
|
|
2413
2424
|
|
|
2414
|
-
/*! @azure/msal-common v16.6.
|
|
2425
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2415
2426
|
|
|
2416
2427
|
/*
|
|
2417
2428
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3543,7 +3554,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3543
3554
|
}
|
|
3544
3555
|
}
|
|
3545
3556
|
|
|
3546
|
-
/*! @azure/msal-common v16.6.
|
|
3557
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3547
3558
|
/*
|
|
3548
3559
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3549
3560
|
* Licensed under the MIT License.
|
|
@@ -3594,7 +3605,7 @@ const IntFields = new Set([
|
|
|
3594
3605
|
"redirectBridgeMessageVersion",
|
|
3595
3606
|
]);
|
|
3596
3607
|
|
|
3597
|
-
/*! @azure/msal-common v16.6.
|
|
3608
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3598
3609
|
|
|
3599
3610
|
/*
|
|
3600
3611
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3649,7 +3660,7 @@ class StubPerformanceClient {
|
|
|
3649
3660
|
}
|
|
3650
3661
|
}
|
|
3651
3662
|
|
|
3652
|
-
/*! @azure/msal-common v16.6.
|
|
3663
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3653
3664
|
|
|
3654
3665
|
/*
|
|
3655
3666
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3744,7 +3755,7 @@ function isOidcProtocolMode(config) {
|
|
|
3744
3755
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3745
3756
|
}
|
|
3746
3757
|
|
|
3747
|
-
/*! @azure/msal-common v16.6.
|
|
3758
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3748
3759
|
/*
|
|
3749
3760
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3750
3761
|
* Licensed under the MIT License.
|
|
@@ -3771,7 +3782,7 @@ function isOidcProtocolMode(config) {
|
|
|
3771
3782
|
}
|
|
3772
3783
|
}
|
|
3773
3784
|
|
|
3774
|
-
/*! @azure/msal-common v16.6.
|
|
3785
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3775
3786
|
/*
|
|
3776
3787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3777
3788
|
* Licensed under the MIT License.
|
|
@@ -3836,7 +3847,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3836
3847
|
return cachedAtSec > nowSeconds();
|
|
3837
3848
|
}
|
|
3838
3849
|
|
|
3839
|
-
/*! @azure/msal-common v16.6.
|
|
3850
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3840
3851
|
|
|
3841
3852
|
/*
|
|
3842
3853
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4095,7 +4106,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
4095
4106
|
return metadata.expiresAt <= nowSeconds();
|
|
4096
4107
|
}
|
|
4097
4108
|
|
|
4098
|
-
/*! @azure/msal-common v16.6.
|
|
4109
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4099
4110
|
/*
|
|
4100
4111
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4101
4112
|
* Licensed under the MIT License.
|
|
@@ -4166,7 +4177,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4166
4177
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4167
4178
|
const SetUserData = "setUserData";
|
|
4168
4179
|
|
|
4169
|
-
/*! @azure/msal-common v16.6.
|
|
4180
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4170
4181
|
/*
|
|
4171
4182
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4172
4183
|
* Licensed under the MIT License.
|
|
@@ -4259,7 +4270,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4259
4270
|
};
|
|
4260
4271
|
};
|
|
4261
4272
|
|
|
4262
|
-
/*! @azure/msal-common v16.6.
|
|
4273
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4263
4274
|
|
|
4264
4275
|
/*
|
|
4265
4276
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4339,7 +4350,7 @@ class PopTokenGenerator {
|
|
|
4339
4350
|
}
|
|
4340
4351
|
}
|
|
4341
4352
|
|
|
4342
|
-
/*! @azure/msal-common v16.6.
|
|
4353
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4343
4354
|
/*
|
|
4344
4355
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4345
4356
|
* Licensed under the MIT License.
|
|
@@ -4403,7 +4414,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
4403
4414
|
uxNotAllowed: uxNotAllowed
|
|
4404
4415
|
});
|
|
4405
4416
|
|
|
4406
|
-
/*! @azure/msal-common v16.6.
|
|
4417
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4407
4418
|
|
|
4408
4419
|
/*
|
|
4409
4420
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4471,7 +4482,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4471
4482
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4472
4483
|
}
|
|
4473
4484
|
|
|
4474
|
-
/*! @azure/msal-common v16.6.
|
|
4485
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4475
4486
|
|
|
4476
4487
|
/*
|
|
4477
4488
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4490,7 +4501,7 @@ class ServerError extends AuthError {
|
|
|
4490
4501
|
}
|
|
4491
4502
|
}
|
|
4492
4503
|
|
|
4493
|
-
/*! @azure/msal-common v16.6.
|
|
4504
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4494
4505
|
|
|
4495
4506
|
/*
|
|
4496
4507
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4558,7 +4569,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4558
4569
|
}
|
|
4559
4570
|
}
|
|
4560
4571
|
|
|
4561
|
-
/*! @azure/msal-common v16.6.
|
|
4572
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4562
4573
|
|
|
4563
4574
|
/*
|
|
4564
4575
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4906,7 +4917,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4906
4917
|
return baseAccount;
|
|
4907
4918
|
}
|
|
4908
4919
|
|
|
4909
|
-
/*! @azure/msal-common v16.6.
|
|
4920
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4910
4921
|
/*
|
|
4911
4922
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4912
4923
|
* Licensed under the MIT License.
|
|
@@ -4916,7 +4927,7 @@ const CcsCredentialType = {
|
|
|
4916
4927
|
UPN: "UPN",
|
|
4917
4928
|
};
|
|
4918
4929
|
|
|
4919
|
-
/*! @azure/msal-common v16.6.
|
|
4930
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4920
4931
|
/*
|
|
4921
4932
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4922
4933
|
* Licensed under the MIT License.
|
|
@@ -4934,7 +4945,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4934
4945
|
}
|
|
4935
4946
|
}
|
|
4936
4947
|
|
|
4937
|
-
/*! @azure/msal-common v16.6.
|
|
4948
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4938
4949
|
/*
|
|
4939
4950
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4940
4951
|
* Licensed under the MIT License.
|
|
@@ -4955,7 +4966,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4955
4966
|
};
|
|
4956
4967
|
}
|
|
4957
4968
|
|
|
4958
|
-
/*! @azure/msal-common v16.6.
|
|
4969
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4959
4970
|
|
|
4960
4971
|
/*
|
|
4961
4972
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5041,7 +5052,7 @@ class ThrottlingUtils {
|
|
|
5041
5052
|
}
|
|
5042
5053
|
}
|
|
5043
5054
|
|
|
5044
|
-
/*! @azure/msal-common v16.6.
|
|
5055
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5045
5056
|
|
|
5046
5057
|
/*
|
|
5047
5058
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5072,7 +5083,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
5072
5083
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5073
5084
|
}
|
|
5074
5085
|
|
|
5075
|
-
/*! @azure/msal-common v16.6.
|
|
5086
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5076
5087
|
|
|
5077
5088
|
/*
|
|
5078
5089
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5186,7 +5197,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5186
5197
|
return response;
|
|
5187
5198
|
}
|
|
5188
5199
|
|
|
5189
|
-
/*! @azure/msal-common v16.6.
|
|
5200
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5190
5201
|
/*
|
|
5191
5202
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5192
5203
|
* Licensed under the MIT License.
|
|
@@ -5198,7 +5209,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5198
5209
|
response.hasOwnProperty("jwks_uri"));
|
|
5199
5210
|
}
|
|
5200
5211
|
|
|
5201
|
-
/*! @azure/msal-common v16.6.
|
|
5212
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5202
5213
|
/*
|
|
5203
5214
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5204
5215
|
* Licensed under the MIT License.
|
|
@@ -5208,7 +5219,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5208
5219
|
response.hasOwnProperty("metadata"));
|
|
5209
5220
|
}
|
|
5210
5221
|
|
|
5211
|
-
/*! @azure/msal-common v16.6.
|
|
5222
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5212
5223
|
/*
|
|
5213
5224
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5214
5225
|
* Licensed under the MIT License.
|
|
@@ -5218,7 +5229,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5218
5229
|
response.hasOwnProperty("error_description"));
|
|
5219
5230
|
}
|
|
5220
5231
|
|
|
5221
|
-
/*! @azure/msal-common v16.6.
|
|
5232
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5222
5233
|
|
|
5223
5234
|
/*
|
|
5224
5235
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5323,7 +5334,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5323
5334
|
},
|
|
5324
5335
|
};
|
|
5325
5336
|
|
|
5326
|
-
/*! @azure/msal-common v16.6.
|
|
5337
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5327
5338
|
|
|
5328
5339
|
/*
|
|
5329
5340
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5578,7 +5589,7 @@ class Authority {
|
|
|
5578
5589
|
}, this.correlationId);
|
|
5579
5590
|
}
|
|
5580
5591
|
/**
|
|
5581
|
-
* Returns metadata entity from cache if it exists,
|
|
5592
|
+
* Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
|
|
5582
5593
|
* from the configured canonical authority
|
|
5583
5594
|
* @returns
|
|
5584
5595
|
*/
|
|
@@ -5647,6 +5658,8 @@ class Authority {
|
|
|
5647
5658
|
// Get metadata from network if local sources aren't available
|
|
5648
5659
|
let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
5649
5660
|
if (metadata) {
|
|
5661
|
+
// Validate the issuer returned by the OIDC discovery document.
|
|
5662
|
+
this.validateIssuer(metadata.issuer);
|
|
5650
5663
|
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
5651
5664
|
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
5652
5665
|
metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
|
|
@@ -5815,7 +5828,7 @@ class Authority {
|
|
|
5815
5828
|
throw createClientConfigurationError(untrustedAuthority);
|
|
5816
5829
|
}
|
|
5817
5830
|
updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
|
|
5818
|
-
this.logger.verbose("
|
|
5831
|
+
this.logger.verbose("1tpqlr", this.correlationId);
|
|
5819
5832
|
this.logger.verbosePii("1fy7uz", this.correlationId);
|
|
5820
5833
|
this.logger.verbosePii("08zabj", this.correlationId);
|
|
5821
5834
|
this.logger.verbosePii("1o1kv3", this.correlationId);
|
|
@@ -6012,6 +6025,139 @@ class Authority {
|
|
|
6012
6025
|
isAliasOfKnownMicrosoftAuthority(host) {
|
|
6013
6026
|
return InstanceDiscoveryMetadataAliases.has(host);
|
|
6014
6027
|
}
|
|
6028
|
+
/**
|
|
6029
|
+
* Validates the `issuer` returned by an OIDC discovery document against
|
|
6030
|
+
* this authority, per
|
|
6031
|
+
* https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
|
|
6032
|
+
*
|
|
6033
|
+
* The issuer is accepted when ANY of the following holds:
|
|
6034
|
+
* 1. The issuer scheme + host + port match the authority's (path may
|
|
6035
|
+
* differ). Applies to all authorities.
|
|
6036
|
+
* 2. The authority is a Microsoft cloud authority (public, sovereign,
|
|
6037
|
+
* or CIAM), the issuer is HTTPS, and the issuer host is in the known
|
|
6038
|
+
* Microsoft authority host set.
|
|
6039
|
+
* 3. Same as (2), but the issuer host is a single-label regional variant
|
|
6040
|
+
* of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
|
|
6041
|
+
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
6042
|
+
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
6043
|
+
* path.
|
|
6044
|
+
*
|
|
6045
|
+
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
6046
|
+
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
6047
|
+
*/
|
|
6048
|
+
validateIssuer(issuer) {
|
|
6049
|
+
if (!issuer) {
|
|
6050
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6051
|
+
}
|
|
6052
|
+
// Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
|
|
6053
|
+
let issuerUrl;
|
|
6054
|
+
try {
|
|
6055
|
+
issuerUrl = new URL(issuer);
|
|
6056
|
+
}
|
|
6057
|
+
catch {
|
|
6058
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6059
|
+
}
|
|
6060
|
+
const issuerScheme = issuerUrl.protocol;
|
|
6061
|
+
const issuerHost = issuerUrl.host;
|
|
6062
|
+
const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
|
|
6063
|
+
const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
|
|
6064
|
+
// Rule 1: Same scheme and host
|
|
6065
|
+
const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
|
|
6066
|
+
// Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
|
|
6067
|
+
const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
|
|
6068
|
+
this.isAliasOfKnownMicrosoftAuthority(issuerHost);
|
|
6069
|
+
/*
|
|
6070
|
+
* Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
|
|
6071
|
+
* (HTTPS only). E.g. westus2.login.microsoft.com
|
|
6072
|
+
*/
|
|
6073
|
+
const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
|
|
6074
|
+
this.matchesRegionalMicrosoftHost(issuerHost);
|
|
6075
|
+
/*
|
|
6076
|
+
* Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
|
|
6077
|
+
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
6078
|
+
*/
|
|
6079
|
+
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
6080
|
+
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
6081
|
+
if (matchesAuthorityOrigin ||
|
|
6082
|
+
matchesKnownMicrosoftHost ||
|
|
6083
|
+
matchesRegionalMicrosoftHost ||
|
|
6084
|
+
matchesCiamTenantPattern) {
|
|
6085
|
+
return;
|
|
6086
|
+
}
|
|
6087
|
+
// issuer validation fails if none of the above rules are satisfied
|
|
6088
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6089
|
+
}
|
|
6090
|
+
/**
|
|
6091
|
+
* Rule 1: The issuer scheme + host (and port) match the authority's. Path
|
|
6092
|
+
* may differ. Applies to all authorities.
|
|
6093
|
+
*/
|
|
6094
|
+
matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
|
|
6095
|
+
return issuerScheme === authorityScheme && issuerHost === authorityHost;
|
|
6096
|
+
}
|
|
6097
|
+
/**
|
|
6098
|
+
* Rule 3: The issuer host is a regional variant
|
|
6099
|
+
* (`{region}.{host}`) of a known Microsoft authority host.
|
|
6100
|
+
* E.g. `westus2.login.microsoft.com`.
|
|
6101
|
+
*/
|
|
6102
|
+
matchesRegionalMicrosoftHost(issuerHost) {
|
|
6103
|
+
const firstDot = issuerHost.indexOf(".");
|
|
6104
|
+
if (firstDot > 0 && firstDot < issuerHost.length - 1) {
|
|
6105
|
+
const hostWithoutRegion = issuerHost.substring(firstDot + 1);
|
|
6106
|
+
return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
|
|
6107
|
+
}
|
|
6108
|
+
return false;
|
|
6109
|
+
}
|
|
6110
|
+
/**
|
|
6111
|
+
* Rule 4: The issuer matches one of the well-known CIAM tenant patterns
|
|
6112
|
+
* (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
|
|
6113
|
+
*
|
|
6114
|
+
* The bare tenant name is extracted from the authority's first path segment
|
|
6115
|
+
* when available (stripping the `.onmicrosoft.com` suffix that
|
|
6116
|
+
* `transformCIAMAuthority` adds), or otherwise from the leftmost label of
|
|
6117
|
+
* the authority host (to support CIAM custom domain scenarios).
|
|
6118
|
+
*
|
|
6119
|
+
* Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
|
|
6120
|
+
* because the OIDC issuer may use either form depending on the authority URL
|
|
6121
|
+
* that was used to trigger discovery.
|
|
6122
|
+
*/
|
|
6123
|
+
matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
|
|
6124
|
+
/*
|
|
6125
|
+
* authorityPathSegments[0] is the first path segment of the *authority
|
|
6126
|
+
* URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
|
|
6127
|
+
* Additional CIAM issuer path segments such as "/v2.0" are part of the
|
|
6128
|
+
* issuer string, not the authority URL's PathSegments.
|
|
6129
|
+
*/
|
|
6130
|
+
const pathSegment = authorityPathSegments[0];
|
|
6131
|
+
/*
|
|
6132
|
+
* Extract the bare tenant name: strip the .onmicrosoft.com suffix when
|
|
6133
|
+
* present (introduced by transformCIAMAuthority), or fall back to the
|
|
6134
|
+
* first label of the authority hostname for non-transformed/custom-domain
|
|
6135
|
+
* CIAM authorities.
|
|
6136
|
+
*/
|
|
6137
|
+
const tenantName = pathSegment
|
|
6138
|
+
? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
|
|
6139
|
+
? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
|
|
6140
|
+
: pathSegment
|
|
6141
|
+
: authorityHost.split(".")[0];
|
|
6142
|
+
if (!tenantName) {
|
|
6143
|
+
return false;
|
|
6144
|
+
}
|
|
6145
|
+
const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
|
|
6146
|
+
const validCiamPatterns = [
|
|
6147
|
+
ciamBaseURL,
|
|
6148
|
+
`${ciamBaseURL}/${tenantName}`,
|
|
6149
|
+
`${ciamBaseURL}/${tenantName}/v2.0`,
|
|
6150
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
|
|
6151
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
|
|
6152
|
+
];
|
|
6153
|
+
/*
|
|
6154
|
+
* Compose the canonical issuer string from URL components and strip any
|
|
6155
|
+
* trailing slashes from the path so it can be compared to the pattern set.
|
|
6156
|
+
*/
|
|
6157
|
+
const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
|
|
6158
|
+
const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
|
|
6159
|
+
return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
|
|
6160
|
+
}
|
|
6015
6161
|
/**
|
|
6016
6162
|
* Checks whether the provided host is that of a public cloud authority
|
|
6017
6163
|
*
|
|
@@ -6143,7 +6289,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6143
6289
|
};
|
|
6144
6290
|
}
|
|
6145
6291
|
|
|
6146
|
-
/*! @azure/msal-common v16.6.
|
|
6292
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6147
6293
|
|
|
6148
6294
|
/*
|
|
6149
6295
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6177,7 +6323,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6177
6323
|
}
|
|
6178
6324
|
}
|
|
6179
6325
|
|
|
6180
|
-
/*! @azure/msal-common v16.6.
|
|
6326
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6181
6327
|
|
|
6182
6328
|
/*
|
|
6183
6329
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6434,7 +6580,7 @@ class AuthorizationCodeClient {
|
|
|
6434
6580
|
}
|
|
6435
6581
|
}
|
|
6436
6582
|
|
|
6437
|
-
/*! @azure/msal-common v16.6.
|
|
6583
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6438
6584
|
|
|
6439
6585
|
/*
|
|
6440
6586
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6655,7 +6801,7 @@ class RefreshTokenClient {
|
|
|
6655
6801
|
}
|
|
6656
6802
|
}
|
|
6657
6803
|
|
|
6658
|
-
/*! @azure/msal-common v16.6.
|
|
6804
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6659
6805
|
|
|
6660
6806
|
/*
|
|
6661
6807
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6771,7 +6917,7 @@ class SilentFlowClient {
|
|
|
6771
6917
|
}
|
|
6772
6918
|
}
|
|
6773
6919
|
|
|
6774
|
-
/*! @azure/msal-common v16.6.
|
|
6920
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6775
6921
|
|
|
6776
6922
|
/*
|
|
6777
6923
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6786,7 +6932,7 @@ const StubbedNetworkModule = {
|
|
|
6786
6932
|
},
|
|
6787
6933
|
};
|
|
6788
6934
|
|
|
6789
|
-
/*! @azure/msal-common v16.6.
|
|
6935
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6790
6936
|
|
|
6791
6937
|
/*
|
|
6792
6938
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7009,7 +7155,7 @@ function extractLoginHint(account) {
|
|
|
7009
7155
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7010
7156
|
}
|
|
7011
7157
|
|
|
7012
|
-
/*! @azure/msal-common v16.6.
|
|
7158
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7013
7159
|
|
|
7014
7160
|
/*
|
|
7015
7161
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7042,7 +7188,7 @@ function containsResourceParam(params) {
|
|
|
7042
7188
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7043
7189
|
}
|
|
7044
7190
|
|
|
7045
|
-
/*! @azure/msal-common v16.6.
|
|
7191
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7046
7192
|
|
|
7047
7193
|
/*
|
|
7048
7194
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7100,7 +7246,7 @@ class AuthenticationHeaderParser {
|
|
|
7100
7246
|
}
|
|
7101
7247
|
}
|
|
7102
7248
|
|
|
7103
|
-
/*! @azure/msal-common v16.6.
|
|
7249
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7104
7250
|
/*
|
|
7105
7251
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7106
7252
|
* Licensed under the MIT License.
|
|
@@ -7117,7 +7263,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
7117
7263
|
unexpectedError: unexpectedError
|
|
7118
7264
|
});
|
|
7119
7265
|
|
|
7120
|
-
/*! @azure/msal-common v16.6.
|
|
7266
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7121
7267
|
|
|
7122
7268
|
/*
|
|
7123
7269
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7378,7 +7524,7 @@ class ServerTelemetryManager {
|
|
|
7378
7524
|
}
|
|
7379
7525
|
}
|
|
7380
7526
|
|
|
7381
|
-
/*! @azure/msal-common v16.6.
|
|
7527
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7382
7528
|
|
|
7383
7529
|
/*
|
|
7384
7530
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7399,7 +7545,7 @@ function createJoseHeaderError(code) {
|
|
|
7399
7545
|
return new JoseHeaderError(code);
|
|
7400
7546
|
}
|
|
7401
7547
|
|
|
7402
|
-
/*! @azure/msal-common v16.6.
|
|
7548
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7403
7549
|
/*
|
|
7404
7550
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7405
7551
|
* Licensed under the MIT License.
|
|
@@ -7407,7 +7553,7 @@ function createJoseHeaderError(code) {
|
|
|
7407
7553
|
const missingKidError = "missing_kid_error";
|
|
7408
7554
|
const missingAlgError = "missing_alg_error";
|
|
7409
7555
|
|
|
7410
|
-
/*! @azure/msal-common v16.6.
|
|
7556
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7411
7557
|
|
|
7412
7558
|
/*
|
|
7413
7559
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7447,7 +7593,7 @@ class JoseHeader {
|
|
|
7447
7593
|
}
|
|
7448
7594
|
}
|
|
7449
7595
|
|
|
7450
|
-
/*! @azure/msal-common v16.6.
|
|
7596
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7451
7597
|
|
|
7452
7598
|
/*
|
|
7453
7599
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10385,7 +10531,7 @@ const EventType = {
|
|
|
10385
10531
|
|
|
10386
10532
|
/* eslint-disable header/header */
|
|
10387
10533
|
const name = "@azure/msal-browser";
|
|
10388
|
-
const version = "5.10.
|
|
10534
|
+
const version = "5.10.1";
|
|
10389
10535
|
|
|
10390
10536
|
/*
|
|
10391
10537
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|