@azure/msal-browser 5.10.0 → 5.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +1176 -1176
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +2 -2
- package/lib/custom-auth-path/msal-custom-auth.cjs +215 -70
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +215 -70
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +2 -2
- package/lib/msal-browser.cjs +218 -72
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +218 -72
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/packageMetadata.ts +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/packageMetadata.d.ts +1 -1
package/lib/msal-browser.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.10.
|
|
1
|
+
/*! @azure/msal-browser v5.10.1 2026-05-11 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.6.
|
|
9
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
// Token renewal offset default in seconds
|
|
239
239
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
240
240
|
|
|
241
|
-
/*! @azure/msal-common v16.6.
|
|
241
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
242
242
|
/*
|
|
243
243
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
244
244
|
* Licensed under the MIT License.
|
|
@@ -290,7 +290,7 @@
|
|
|
290
290
|
const RESOURCE = "resource";
|
|
291
291
|
const CLI_DATA = "clidata";
|
|
292
292
|
|
|
293
|
-
/*! @azure/msal-common v16.6.
|
|
293
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
294
294
|
/*
|
|
295
295
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
296
296
|
* Licensed under the MIT License.
|
|
@@ -321,7 +321,7 @@
|
|
|
321
321
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
322
322
|
}
|
|
323
323
|
|
|
324
|
-
/*! @azure/msal-common v16.6.
|
|
324
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
325
325
|
|
|
326
326
|
/*
|
|
327
327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -341,7 +341,7 @@
|
|
|
341
341
|
return new ClientConfigurationError(errorCode);
|
|
342
342
|
}
|
|
343
343
|
|
|
344
|
-
/*! @azure/msal-common v16.6.
|
|
344
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
345
345
|
/*
|
|
346
346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
347
347
|
* Licensed under the MIT License.
|
|
@@ -421,7 +421,7 @@
|
|
|
421
421
|
}
|
|
422
422
|
}
|
|
423
423
|
|
|
424
|
-
/*! @azure/msal-common v16.6.
|
|
424
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
425
425
|
|
|
426
426
|
/*
|
|
427
427
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -444,7 +444,7 @@
|
|
|
444
444
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
445
445
|
}
|
|
446
446
|
|
|
447
|
-
/*! @azure/msal-common v16.6.
|
|
447
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
448
448
|
/*
|
|
449
449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
450
450
|
* Licensed under the MIT License.
|
|
@@ -470,7 +470,8 @@
|
|
|
470
470
|
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
471
471
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
472
472
|
const authorityMismatch = "authority_mismatch";
|
|
473
|
-
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
473
|
+
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
474
|
+
const issuerValidationFailed = "issuer_validation_failed";
|
|
474
475
|
|
|
475
476
|
var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
476
477
|
__proto__: null,
|
|
@@ -486,6 +487,7 @@
|
|
|
486
487
|
invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
|
|
487
488
|
invalidCodeChallengeMethod: invalidCodeChallengeMethod,
|
|
488
489
|
invalidRequestMethodForEAR: invalidRequestMethodForEAR,
|
|
490
|
+
issuerValidationFailed: issuerValidationFailed,
|
|
489
491
|
logoutRequestEmpty: logoutRequestEmpty,
|
|
490
492
|
missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
|
|
491
493
|
missingSshJwk: missingSshJwk,
|
|
@@ -498,7 +500,7 @@
|
|
|
498
500
|
urlParseError: urlParseError
|
|
499
501
|
});
|
|
500
502
|
|
|
501
|
-
/*! @azure/msal-common v16.6.
|
|
503
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
502
504
|
/*
|
|
503
505
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
504
506
|
* Licensed under the MIT License.
|
|
@@ -586,7 +588,7 @@
|
|
|
586
588
|
userCanceled: userCanceled
|
|
587
589
|
});
|
|
588
590
|
|
|
589
|
-
/*! @azure/msal-common v16.6.
|
|
591
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
590
592
|
|
|
591
593
|
/*
|
|
592
594
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -781,7 +783,7 @@
|
|
|
781
783
|
}
|
|
782
784
|
}
|
|
783
785
|
|
|
784
|
-
/*! @azure/msal-common v16.6.
|
|
786
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
785
787
|
|
|
786
788
|
/*
|
|
787
789
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1170,7 +1172,7 @@
|
|
|
1170
1172
|
}
|
|
1171
1173
|
}
|
|
1172
1174
|
|
|
1173
|
-
/*! @azure/msal-common v16.6.
|
|
1175
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1174
1176
|
|
|
1175
1177
|
/*
|
|
1176
1178
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1279,7 +1281,7 @@
|
|
|
1279
1281
|
}
|
|
1280
1282
|
}
|
|
1281
1283
|
|
|
1282
|
-
/*! @azure/msal-common v16.6.
|
|
1284
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1283
1285
|
|
|
1284
1286
|
/*
|
|
1285
1287
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1318,7 +1320,7 @@
|
|
|
1318
1320
|
},
|
|
1319
1321
|
};
|
|
1320
1322
|
|
|
1321
|
-
/*! @azure/msal-common v16.6.
|
|
1323
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1322
1324
|
/*
|
|
1323
1325
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1324
1326
|
* Licensed under the MIT License.
|
|
@@ -1593,12 +1595,12 @@
|
|
|
1593
1595
|
}
|
|
1594
1596
|
}
|
|
1595
1597
|
|
|
1596
|
-
/*! @azure/msal-common v16.6.
|
|
1598
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1597
1599
|
/* eslint-disable header/header */
|
|
1598
1600
|
const name$1 = "@azure/msal-common";
|
|
1599
|
-
const version$1 = "16.6.
|
|
1601
|
+
const version$1 = "16.6.1";
|
|
1600
1602
|
|
|
1601
|
-
/*! @azure/msal-common v16.6.
|
|
1603
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1602
1604
|
/*
|
|
1603
1605
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1604
1606
|
* Licensed under the MIT License.
|
|
@@ -1618,7 +1620,7 @@
|
|
|
1618
1620
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1619
1621
|
};
|
|
1620
1622
|
|
|
1621
|
-
/*! @azure/msal-common v16.6.
|
|
1623
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1622
1624
|
/*
|
|
1623
1625
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1624
1626
|
* Licensed under the MIT License.
|
|
@@ -1701,7 +1703,7 @@
|
|
|
1701
1703
|
return updatedAccountInfo;
|
|
1702
1704
|
}
|
|
1703
1705
|
|
|
1704
|
-
/*! @azure/msal-common v16.6.
|
|
1706
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1705
1707
|
|
|
1706
1708
|
/*
|
|
1707
1709
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1781,7 +1783,7 @@
|
|
|
1781
1783
|
}
|
|
1782
1784
|
}
|
|
1783
1785
|
|
|
1784
|
-
/*! @azure/msal-common v16.6.
|
|
1786
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1785
1787
|
|
|
1786
1788
|
/*
|
|
1787
1789
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1938,7 +1940,7 @@
|
|
|
1938
1940
|
}
|
|
1939
1941
|
}
|
|
1940
1942
|
|
|
1941
|
-
/*! @azure/msal-common v16.6.
|
|
1943
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1942
1944
|
|
|
1943
1945
|
/*
|
|
1944
1946
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2024,6 +2026,15 @@
|
|
|
2024
2026
|
preferred_cache: "login.sovcloud-identity.sg",
|
|
2025
2027
|
aliases: ["login.sovcloud-identity.sg"],
|
|
2026
2028
|
},
|
|
2029
|
+
{
|
|
2030
|
+
preferred_network: "login.windows-ppe.net",
|
|
2031
|
+
preferred_cache: "login.windows-ppe.net",
|
|
2032
|
+
aliases: [
|
|
2033
|
+
"login.windows-ppe.net",
|
|
2034
|
+
"sts.windows-ppe.net",
|
|
2035
|
+
"login.microsoft-ppe.com",
|
|
2036
|
+
],
|
|
2037
|
+
},
|
|
2027
2038
|
],
|
|
2028
2039
|
},
|
|
2029
2040
|
};
|
|
@@ -2095,7 +2106,7 @@
|
|
|
2095
2106
|
return null;
|
|
2096
2107
|
}
|
|
2097
2108
|
|
|
2098
|
-
/*! @azure/msal-common v16.6.
|
|
2109
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2099
2110
|
/*
|
|
2100
2111
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2101
2112
|
* Licensed under the MIT License.
|
|
@@ -2103,7 +2114,7 @@
|
|
|
2103
2114
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2104
2115
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2105
2116
|
|
|
2106
|
-
/*! @azure/msal-common v16.6.
|
|
2117
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2107
2118
|
|
|
2108
2119
|
/*
|
|
2109
2120
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2141,7 +2152,7 @@
|
|
|
2141
2152
|
}
|
|
2142
2153
|
}
|
|
2143
2154
|
|
|
2144
|
-
/*! @azure/msal-common v16.6.
|
|
2155
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2145
2156
|
|
|
2146
2157
|
/*
|
|
2147
2158
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2179,7 +2190,7 @@
|
|
|
2179
2190
|
};
|
|
2180
2191
|
}
|
|
2181
2192
|
|
|
2182
|
-
/*! @azure/msal-common v16.6.
|
|
2193
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2183
2194
|
/*
|
|
2184
2195
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2185
2196
|
* Licensed under the MIT License.
|
|
@@ -2194,7 +2205,7 @@
|
|
|
2194
2205
|
Ciam: 3,
|
|
2195
2206
|
};
|
|
2196
2207
|
|
|
2197
|
-
/*! @azure/msal-common v16.6.
|
|
2208
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2198
2209
|
/*
|
|
2199
2210
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2200
2211
|
* Licensed under the MIT License.
|
|
@@ -2216,7 +2227,7 @@
|
|
|
2216
2227
|
return null;
|
|
2217
2228
|
}
|
|
2218
2229
|
|
|
2219
|
-
/*! @azure/msal-common v16.6.
|
|
2230
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2220
2231
|
/*
|
|
2221
2232
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2222
2233
|
* Licensed under the MIT License.
|
|
@@ -2240,7 +2251,7 @@
|
|
|
2240
2251
|
EAR: "EAR",
|
|
2241
2252
|
};
|
|
2242
2253
|
|
|
2243
|
-
/*! @azure/msal-common v16.6.
|
|
2254
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2244
2255
|
/**
|
|
2245
2256
|
* Returns the AccountInfo interface for this account.
|
|
2246
2257
|
*/
|
|
@@ -2415,7 +2426,7 @@
|
|
|
2415
2426
|
entity.hasOwnProperty("authorityType"));
|
|
2416
2427
|
}
|
|
2417
2428
|
|
|
2418
|
-
/*! @azure/msal-common v16.6.
|
|
2429
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2419
2430
|
|
|
2420
2431
|
/*
|
|
2421
2432
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3547,7 +3558,7 @@
|
|
|
3547
3558
|
}
|
|
3548
3559
|
}
|
|
3549
3560
|
|
|
3550
|
-
/*! @azure/msal-common v16.6.
|
|
3561
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3551
3562
|
/*
|
|
3552
3563
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3553
3564
|
* Licensed under the MIT License.
|
|
@@ -3598,7 +3609,7 @@
|
|
|
3598
3609
|
"redirectBridgeMessageVersion",
|
|
3599
3610
|
]);
|
|
3600
3611
|
|
|
3601
|
-
/*! @azure/msal-common v16.6.
|
|
3612
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3602
3613
|
|
|
3603
3614
|
/*
|
|
3604
3615
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3653,7 +3664,7 @@
|
|
|
3653
3664
|
}
|
|
3654
3665
|
}
|
|
3655
3666
|
|
|
3656
|
-
/*! @azure/msal-common v16.6.
|
|
3667
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3657
3668
|
|
|
3658
3669
|
/*
|
|
3659
3670
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3748,7 +3759,7 @@
|
|
|
3748
3759
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3749
3760
|
}
|
|
3750
3761
|
|
|
3751
|
-
/*! @azure/msal-common v16.6.
|
|
3762
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3752
3763
|
/*
|
|
3753
3764
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3754
3765
|
* Licensed under the MIT License.
|
|
@@ -3775,7 +3786,7 @@
|
|
|
3775
3786
|
}
|
|
3776
3787
|
}
|
|
3777
3788
|
|
|
3778
|
-
/*! @azure/msal-common v16.6.
|
|
3789
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3779
3790
|
/*
|
|
3780
3791
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3781
3792
|
* Licensed under the MIT License.
|
|
@@ -3840,7 +3851,7 @@
|
|
|
3840
3851
|
return cachedAtSec > nowSeconds();
|
|
3841
3852
|
}
|
|
3842
3853
|
|
|
3843
|
-
/*! @azure/msal-common v16.6.
|
|
3854
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3844
3855
|
|
|
3845
3856
|
/*
|
|
3846
3857
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4099,7 +4110,7 @@
|
|
|
4099
4110
|
return metadata.expiresAt <= nowSeconds();
|
|
4100
4111
|
}
|
|
4101
4112
|
|
|
4102
|
-
/*! @azure/msal-common v16.6.
|
|
4113
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4103
4114
|
/*
|
|
4104
4115
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4105
4116
|
* Licensed under the MIT License.
|
|
@@ -4170,7 +4181,7 @@
|
|
|
4170
4181
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4171
4182
|
const SetUserData = "setUserData";
|
|
4172
4183
|
|
|
4173
|
-
/*! @azure/msal-common v16.6.
|
|
4184
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4174
4185
|
/*
|
|
4175
4186
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4176
4187
|
* Licensed under the MIT License.
|
|
@@ -4263,7 +4274,7 @@
|
|
|
4263
4274
|
};
|
|
4264
4275
|
};
|
|
4265
4276
|
|
|
4266
|
-
/*! @azure/msal-common v16.6.
|
|
4277
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4267
4278
|
|
|
4268
4279
|
/*
|
|
4269
4280
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4343,7 +4354,7 @@
|
|
|
4343
4354
|
}
|
|
4344
4355
|
}
|
|
4345
4356
|
|
|
4346
|
-
/*! @azure/msal-common v16.6.
|
|
4357
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4347
4358
|
/*
|
|
4348
4359
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4349
4360
|
* Licensed under the MIT License.
|
|
@@ -4407,7 +4418,7 @@
|
|
|
4407
4418
|
uxNotAllowed: uxNotAllowed
|
|
4408
4419
|
});
|
|
4409
4420
|
|
|
4410
|
-
/*! @azure/msal-common v16.6.
|
|
4421
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4411
4422
|
|
|
4412
4423
|
/*
|
|
4413
4424
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4475,7 +4486,7 @@
|
|
|
4475
4486
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4476
4487
|
}
|
|
4477
4488
|
|
|
4478
|
-
/*! @azure/msal-common v16.6.
|
|
4489
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4479
4490
|
|
|
4480
4491
|
/*
|
|
4481
4492
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4494,7 +4505,7 @@
|
|
|
4494
4505
|
}
|
|
4495
4506
|
}
|
|
4496
4507
|
|
|
4497
|
-
/*! @azure/msal-common v16.6.
|
|
4508
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4498
4509
|
|
|
4499
4510
|
/*
|
|
4500
4511
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4562,7 +4573,7 @@
|
|
|
4562
4573
|
}
|
|
4563
4574
|
}
|
|
4564
4575
|
|
|
4565
|
-
/*! @azure/msal-common v16.6.
|
|
4576
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4566
4577
|
|
|
4567
4578
|
/*
|
|
4568
4579
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4910,7 +4921,7 @@
|
|
|
4910
4921
|
return baseAccount;
|
|
4911
4922
|
}
|
|
4912
4923
|
|
|
4913
|
-
/*! @azure/msal-common v16.6.
|
|
4924
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4914
4925
|
/*
|
|
4915
4926
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4916
4927
|
* Licensed under the MIT License.
|
|
@@ -4920,7 +4931,7 @@
|
|
|
4920
4931
|
UPN: "UPN",
|
|
4921
4932
|
};
|
|
4922
4933
|
|
|
4923
|
-
/*! @azure/msal-common v16.6.
|
|
4934
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4924
4935
|
/*
|
|
4925
4936
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4926
4937
|
* Licensed under the MIT License.
|
|
@@ -4938,7 +4949,7 @@
|
|
|
4938
4949
|
}
|
|
4939
4950
|
}
|
|
4940
4951
|
|
|
4941
|
-
/*! @azure/msal-common v16.6.
|
|
4952
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4942
4953
|
/*
|
|
4943
4954
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4944
4955
|
* Licensed under the MIT License.
|
|
@@ -4959,7 +4970,7 @@
|
|
|
4959
4970
|
};
|
|
4960
4971
|
}
|
|
4961
4972
|
|
|
4962
|
-
/*! @azure/msal-common v16.6.
|
|
4973
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4963
4974
|
|
|
4964
4975
|
/*
|
|
4965
4976
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5045,7 +5056,7 @@
|
|
|
5045
5056
|
}
|
|
5046
5057
|
}
|
|
5047
5058
|
|
|
5048
|
-
/*! @azure/msal-common v16.6.
|
|
5059
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5049
5060
|
|
|
5050
5061
|
/*
|
|
5051
5062
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5076,7 +5087,7 @@
|
|
|
5076
5087
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5077
5088
|
}
|
|
5078
5089
|
|
|
5079
|
-
/*! @azure/msal-common v16.6.
|
|
5090
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5080
5091
|
|
|
5081
5092
|
/*
|
|
5082
5093
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5190,7 +5201,7 @@
|
|
|
5190
5201
|
return response;
|
|
5191
5202
|
}
|
|
5192
5203
|
|
|
5193
|
-
/*! @azure/msal-common v16.6.
|
|
5204
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5194
5205
|
/*
|
|
5195
5206
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5196
5207
|
* Licensed under the MIT License.
|
|
@@ -5202,7 +5213,7 @@
|
|
|
5202
5213
|
response.hasOwnProperty("jwks_uri"));
|
|
5203
5214
|
}
|
|
5204
5215
|
|
|
5205
|
-
/*! @azure/msal-common v16.6.
|
|
5216
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5206
5217
|
/*
|
|
5207
5218
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5208
5219
|
* Licensed under the MIT License.
|
|
@@ -5212,7 +5223,7 @@
|
|
|
5212
5223
|
response.hasOwnProperty("metadata"));
|
|
5213
5224
|
}
|
|
5214
5225
|
|
|
5215
|
-
/*! @azure/msal-common v16.6.
|
|
5226
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5216
5227
|
/*
|
|
5217
5228
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5218
5229
|
* Licensed under the MIT License.
|
|
@@ -5222,7 +5233,7 @@
|
|
|
5222
5233
|
response.hasOwnProperty("error_description"));
|
|
5223
5234
|
}
|
|
5224
5235
|
|
|
5225
|
-
/*! @azure/msal-common v16.6.
|
|
5236
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5226
5237
|
|
|
5227
5238
|
/*
|
|
5228
5239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5327,7 +5338,7 @@
|
|
|
5327
5338
|
},
|
|
5328
5339
|
};
|
|
5329
5340
|
|
|
5330
|
-
/*! @azure/msal-common v16.6.
|
|
5341
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5331
5342
|
|
|
5332
5343
|
/*
|
|
5333
5344
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5582,7 +5593,7 @@
|
|
|
5582
5593
|
}, this.correlationId);
|
|
5583
5594
|
}
|
|
5584
5595
|
/**
|
|
5585
|
-
* Returns metadata entity from cache if it exists,
|
|
5596
|
+
* Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
|
|
5586
5597
|
* from the configured canonical authority
|
|
5587
5598
|
* @returns
|
|
5588
5599
|
*/
|
|
@@ -5651,6 +5662,8 @@
|
|
|
5651
5662
|
// Get metadata from network if local sources aren't available
|
|
5652
5663
|
let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
5653
5664
|
if (metadata) {
|
|
5665
|
+
// Validate the issuer returned by the OIDC discovery document.
|
|
5666
|
+
this.validateIssuer(metadata.issuer);
|
|
5654
5667
|
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
5655
5668
|
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
5656
5669
|
metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
|
|
@@ -5819,7 +5832,7 @@
|
|
|
5819
5832
|
throw createClientConfigurationError(untrustedAuthority);
|
|
5820
5833
|
}
|
|
5821
5834
|
updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
|
|
5822
|
-
this.logger.verbose("
|
|
5835
|
+
this.logger.verbose("1tpqlr", this.correlationId);
|
|
5823
5836
|
this.logger.verbosePii("1fy7uz", this.correlationId);
|
|
5824
5837
|
this.logger.verbosePii("08zabj", this.correlationId);
|
|
5825
5838
|
this.logger.verbosePii("1o1kv3", this.correlationId);
|
|
@@ -6016,6 +6029,139 @@
|
|
|
6016
6029
|
isAliasOfKnownMicrosoftAuthority(host) {
|
|
6017
6030
|
return InstanceDiscoveryMetadataAliases.has(host);
|
|
6018
6031
|
}
|
|
6032
|
+
/**
|
|
6033
|
+
* Validates the `issuer` returned by an OIDC discovery document against
|
|
6034
|
+
* this authority, per
|
|
6035
|
+
* https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
|
|
6036
|
+
*
|
|
6037
|
+
* The issuer is accepted when ANY of the following holds:
|
|
6038
|
+
* 1. The issuer scheme + host + port match the authority's (path may
|
|
6039
|
+
* differ). Applies to all authorities.
|
|
6040
|
+
* 2. The authority is a Microsoft cloud authority (public, sovereign,
|
|
6041
|
+
* or CIAM), the issuer is HTTPS, and the issuer host is in the known
|
|
6042
|
+
* Microsoft authority host set.
|
|
6043
|
+
* 3. Same as (2), but the issuer host is a single-label regional variant
|
|
6044
|
+
* of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
|
|
6045
|
+
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
6046
|
+
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
6047
|
+
* path.
|
|
6048
|
+
*
|
|
6049
|
+
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
6050
|
+
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
6051
|
+
*/
|
|
6052
|
+
validateIssuer(issuer) {
|
|
6053
|
+
if (!issuer) {
|
|
6054
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6055
|
+
}
|
|
6056
|
+
// Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
|
|
6057
|
+
let issuerUrl;
|
|
6058
|
+
try {
|
|
6059
|
+
issuerUrl = new URL(issuer);
|
|
6060
|
+
}
|
|
6061
|
+
catch {
|
|
6062
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6063
|
+
}
|
|
6064
|
+
const issuerScheme = issuerUrl.protocol;
|
|
6065
|
+
const issuerHost = issuerUrl.host;
|
|
6066
|
+
const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
|
|
6067
|
+
const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
|
|
6068
|
+
// Rule 1: Same scheme and host
|
|
6069
|
+
const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
|
|
6070
|
+
// Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
|
|
6071
|
+
const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
|
|
6072
|
+
this.isAliasOfKnownMicrosoftAuthority(issuerHost);
|
|
6073
|
+
/*
|
|
6074
|
+
* Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
|
|
6075
|
+
* (HTTPS only). E.g. westus2.login.microsoft.com
|
|
6076
|
+
*/
|
|
6077
|
+
const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
|
|
6078
|
+
this.matchesRegionalMicrosoftHost(issuerHost);
|
|
6079
|
+
/*
|
|
6080
|
+
* Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
|
|
6081
|
+
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
6082
|
+
*/
|
|
6083
|
+
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
6084
|
+
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
6085
|
+
if (matchesAuthorityOrigin ||
|
|
6086
|
+
matchesKnownMicrosoftHost ||
|
|
6087
|
+
matchesRegionalMicrosoftHost ||
|
|
6088
|
+
matchesCiamTenantPattern) {
|
|
6089
|
+
return;
|
|
6090
|
+
}
|
|
6091
|
+
// issuer validation fails if none of the above rules are satisfied
|
|
6092
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6093
|
+
}
|
|
6094
|
+
/**
|
|
6095
|
+
* Rule 1: The issuer scheme + host (and port) match the authority's. Path
|
|
6096
|
+
* may differ. Applies to all authorities.
|
|
6097
|
+
*/
|
|
6098
|
+
matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
|
|
6099
|
+
return issuerScheme === authorityScheme && issuerHost === authorityHost;
|
|
6100
|
+
}
|
|
6101
|
+
/**
|
|
6102
|
+
* Rule 3: The issuer host is a regional variant
|
|
6103
|
+
* (`{region}.{host}`) of a known Microsoft authority host.
|
|
6104
|
+
* E.g. `westus2.login.microsoft.com`.
|
|
6105
|
+
*/
|
|
6106
|
+
matchesRegionalMicrosoftHost(issuerHost) {
|
|
6107
|
+
const firstDot = issuerHost.indexOf(".");
|
|
6108
|
+
if (firstDot > 0 && firstDot < issuerHost.length - 1) {
|
|
6109
|
+
const hostWithoutRegion = issuerHost.substring(firstDot + 1);
|
|
6110
|
+
return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
|
|
6111
|
+
}
|
|
6112
|
+
return false;
|
|
6113
|
+
}
|
|
6114
|
+
/**
|
|
6115
|
+
* Rule 4: The issuer matches one of the well-known CIAM tenant patterns
|
|
6116
|
+
* (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
|
|
6117
|
+
*
|
|
6118
|
+
* The bare tenant name is extracted from the authority's first path segment
|
|
6119
|
+
* when available (stripping the `.onmicrosoft.com` suffix that
|
|
6120
|
+
* `transformCIAMAuthority` adds), or otherwise from the leftmost label of
|
|
6121
|
+
* the authority host (to support CIAM custom domain scenarios).
|
|
6122
|
+
*
|
|
6123
|
+
* Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
|
|
6124
|
+
* because the OIDC issuer may use either form depending on the authority URL
|
|
6125
|
+
* that was used to trigger discovery.
|
|
6126
|
+
*/
|
|
6127
|
+
matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
|
|
6128
|
+
/*
|
|
6129
|
+
* authorityPathSegments[0] is the first path segment of the *authority
|
|
6130
|
+
* URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
|
|
6131
|
+
* Additional CIAM issuer path segments such as "/v2.0" are part of the
|
|
6132
|
+
* issuer string, not the authority URL's PathSegments.
|
|
6133
|
+
*/
|
|
6134
|
+
const pathSegment = authorityPathSegments[0];
|
|
6135
|
+
/*
|
|
6136
|
+
* Extract the bare tenant name: strip the .onmicrosoft.com suffix when
|
|
6137
|
+
* present (introduced by transformCIAMAuthority), or fall back to the
|
|
6138
|
+
* first label of the authority hostname for non-transformed/custom-domain
|
|
6139
|
+
* CIAM authorities.
|
|
6140
|
+
*/
|
|
6141
|
+
const tenantName = pathSegment
|
|
6142
|
+
? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
|
|
6143
|
+
? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
|
|
6144
|
+
: pathSegment
|
|
6145
|
+
: authorityHost.split(".")[0];
|
|
6146
|
+
if (!tenantName) {
|
|
6147
|
+
return false;
|
|
6148
|
+
}
|
|
6149
|
+
const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
|
|
6150
|
+
const validCiamPatterns = [
|
|
6151
|
+
ciamBaseURL,
|
|
6152
|
+
`${ciamBaseURL}/${tenantName}`,
|
|
6153
|
+
`${ciamBaseURL}/${tenantName}/v2.0`,
|
|
6154
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
|
|
6155
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
|
|
6156
|
+
];
|
|
6157
|
+
/*
|
|
6158
|
+
* Compose the canonical issuer string from URL components and strip any
|
|
6159
|
+
* trailing slashes from the path so it can be compared to the pattern set.
|
|
6160
|
+
*/
|
|
6161
|
+
const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
|
|
6162
|
+
const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
|
|
6163
|
+
return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
|
|
6164
|
+
}
|
|
6019
6165
|
/**
|
|
6020
6166
|
* Checks whether the provided host is that of a public cloud authority
|
|
6021
6167
|
*
|
|
@@ -6147,7 +6293,7 @@
|
|
|
6147
6293
|
};
|
|
6148
6294
|
}
|
|
6149
6295
|
|
|
6150
|
-
/*! @azure/msal-common v16.6.
|
|
6296
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6151
6297
|
|
|
6152
6298
|
/*
|
|
6153
6299
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6181,7 +6327,7 @@
|
|
|
6181
6327
|
}
|
|
6182
6328
|
}
|
|
6183
6329
|
|
|
6184
|
-
/*! @azure/msal-common v16.6.
|
|
6330
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6185
6331
|
|
|
6186
6332
|
/*
|
|
6187
6333
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6438,7 +6584,7 @@
|
|
|
6438
6584
|
}
|
|
6439
6585
|
}
|
|
6440
6586
|
|
|
6441
|
-
/*! @azure/msal-common v16.6.
|
|
6587
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6442
6588
|
|
|
6443
6589
|
/*
|
|
6444
6590
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6659,7 +6805,7 @@
|
|
|
6659
6805
|
}
|
|
6660
6806
|
}
|
|
6661
6807
|
|
|
6662
|
-
/*! @azure/msal-common v16.6.
|
|
6808
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6663
6809
|
|
|
6664
6810
|
/*
|
|
6665
6811
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6775,7 +6921,7 @@
|
|
|
6775
6921
|
}
|
|
6776
6922
|
}
|
|
6777
6923
|
|
|
6778
|
-
/*! @azure/msal-common v16.6.
|
|
6924
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6779
6925
|
|
|
6780
6926
|
/*
|
|
6781
6927
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6790,7 +6936,7 @@
|
|
|
6790
6936
|
},
|
|
6791
6937
|
};
|
|
6792
6938
|
|
|
6793
|
-
/*! @azure/msal-common v16.6.
|
|
6939
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6794
6940
|
|
|
6795
6941
|
/*
|
|
6796
6942
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7013,7 +7159,7 @@
|
|
|
7013
7159
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7014
7160
|
}
|
|
7015
7161
|
|
|
7016
|
-
/*! @azure/msal-common v16.6.
|
|
7162
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7017
7163
|
|
|
7018
7164
|
/*
|
|
7019
7165
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7046,7 +7192,7 @@
|
|
|
7046
7192
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7047
7193
|
}
|
|
7048
7194
|
|
|
7049
|
-
/*! @azure/msal-common v16.6.
|
|
7195
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7050
7196
|
|
|
7051
7197
|
/*
|
|
7052
7198
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7104,7 +7250,7 @@
|
|
|
7104
7250
|
}
|
|
7105
7251
|
}
|
|
7106
7252
|
|
|
7107
|
-
/*! @azure/msal-common v16.6.
|
|
7253
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7108
7254
|
/*
|
|
7109
7255
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7110
7256
|
* Licensed under the MIT License.
|
|
@@ -7121,7 +7267,7 @@
|
|
|
7121
7267
|
unexpectedError: unexpectedError
|
|
7122
7268
|
});
|
|
7123
7269
|
|
|
7124
|
-
/*! @azure/msal-common v16.6.
|
|
7270
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7125
7271
|
|
|
7126
7272
|
/*
|
|
7127
7273
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7382,7 +7528,7 @@
|
|
|
7382
7528
|
}
|
|
7383
7529
|
}
|
|
7384
7530
|
|
|
7385
|
-
/*! @azure/msal-common v16.6.
|
|
7531
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7386
7532
|
|
|
7387
7533
|
/*
|
|
7388
7534
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7403,7 +7549,7 @@
|
|
|
7403
7549
|
return new JoseHeaderError(code);
|
|
7404
7550
|
}
|
|
7405
7551
|
|
|
7406
|
-
/*! @azure/msal-common v16.6.
|
|
7552
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7407
7553
|
/*
|
|
7408
7554
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7409
7555
|
* Licensed under the MIT License.
|
|
@@ -7411,7 +7557,7 @@
|
|
|
7411
7557
|
const missingKidError = "missing_kid_error";
|
|
7412
7558
|
const missingAlgError = "missing_alg_error";
|
|
7413
7559
|
|
|
7414
|
-
/*! @azure/msal-common v16.6.
|
|
7560
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7415
7561
|
|
|
7416
7562
|
/*
|
|
7417
7563
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7451,7 +7597,7 @@
|
|
|
7451
7597
|
}
|
|
7452
7598
|
}
|
|
7453
7599
|
|
|
7454
|
-
/*! @azure/msal-common v16.6.
|
|
7600
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7455
7601
|
|
|
7456
7602
|
/*
|
|
7457
7603
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10389,7 +10535,7 @@
|
|
|
10389
10535
|
|
|
10390
10536
|
/* eslint-disable header/header */
|
|
10391
10537
|
const name = "@azure/msal-browser";
|
|
10392
|
-
const version = "5.10.
|
|
10538
|
+
const version = "5.10.1";
|
|
10393
10539
|
|
|
10394
10540
|
/*
|
|
10395
10541
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|