@azure/msal-browser 5.10.0 → 5.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (200) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.mjs +1 -1
  19. package/dist/config/Configuration.mjs +1 -1
  20. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  21. package/dist/controllers/StandardController.mjs +1 -1
  22. package/dist/crypto/BrowserCrypto.mjs +1 -1
  23. package/dist/crypto/CryptoOps.mjs +1 -1
  24. package/dist/crypto/PkceGenerator.mjs +1 -1
  25. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  26. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  27. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  28. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  29. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  30. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  31. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  32. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  33. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  34. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  46. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  47. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  48. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  49. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  50. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  51. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  52. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  53. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  54. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  55. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  56. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  57. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  58. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  59. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  60. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  61. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  62. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  63. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  64. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  65. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  66. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  68. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  69. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  70. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  71. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  72. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  79. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  80. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  81. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  82. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  83. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  84. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  85. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  86. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  87. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  90. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  91. package/dist/custom_auth/index.mjs +1 -1
  92. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  93. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  94. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  95. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  96. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  97. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  98. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  103. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  104. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  105. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  106. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  107. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  108. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  109. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  116. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  117. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  118. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  119. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  120. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  121. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  122. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  123. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  130. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  131. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  132. package/dist/encode/Base64Decode.mjs +1 -1
  133. package/dist/encode/Base64Encode.mjs +1 -1
  134. package/dist/error/BrowserAuthError.mjs +1 -1
  135. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  136. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  137. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  138. package/dist/error/NativeAuthError.mjs +1 -1
  139. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  140. package/dist/error/NestedAppAuthError.mjs +1 -1
  141. package/dist/event/EventHandler.mjs +1 -1
  142. package/dist/event/EventMessage.mjs +1 -1
  143. package/dist/event/EventType.mjs +1 -1
  144. package/dist/index.mjs +1 -1
  145. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  146. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  147. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  148. package/dist/interaction_client/PopupClient.mjs +1 -1
  149. package/dist/interaction_client/RedirectClient.mjs +1 -1
  150. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  151. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  152. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  153. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  154. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  155. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  156. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  157. package/dist/log-strings-mapping.json +1176 -1176
  158. package/dist/naa/BridgeError.mjs +1 -1
  159. package/dist/naa/BridgeProxy.mjs +1 -1
  160. package/dist/naa/BridgeStatusCode.mjs +1 -1
  161. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  162. package/dist/navigation/NavigationClient.mjs +1 -1
  163. package/dist/network/FetchClient.mjs +1 -1
  164. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  165. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  166. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  167. package/dist/packageMetadata.mjs +2 -2
  168. package/dist/protocol/Authorize.mjs +1 -1
  169. package/dist/redirect_bridge/index.mjs +1 -1
  170. package/dist/request/RequestHelpers.mjs +1 -1
  171. package/dist/response/ResponseHandler.mjs +1 -1
  172. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  173. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  174. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  175. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  176. package/dist/utils/BrowserConstants.mjs +1 -1
  177. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  178. package/dist/utils/BrowserUtils.mjs +1 -1
  179. package/dist/utils/Helpers.mjs +1 -1
  180. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  181. package/lib/custom-auth-path/log-strings-mapping.json +2 -2
  182. package/lib/custom-auth-path/msal-custom-auth.cjs +215 -70
  183. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  184. package/lib/custom-auth-path/msal-custom-auth.js +215 -70
  185. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  186. package/lib/log-strings-mapping.json +2 -2
  187. package/lib/msal-browser.cjs +218 -72
  188. package/lib/msal-browser.cjs.map +1 -1
  189. package/lib/msal-browser.js +218 -72
  190. package/lib/msal-browser.js.map +1 -1
  191. package/lib/msal-browser.min.js +2 -2
  192. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  193. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  194. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  195. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  196. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  197. package/package.json +2 -2
  198. package/src/packageMetadata.ts +1 -1
  199. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  200. package/types/packageMetadata.d.ts +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.10.0 2026-05-07 */
1
+ /*! @azure/msal-browser v5.10.1 2026-05-11 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.6.0 2026-05-07 */
9
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -238,7 +238,7 @@
238
238
  // Token renewal offset default in seconds
239
239
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
240
240
 
241
- /*! @azure/msal-common v16.6.0 2026-05-07 */
241
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
242
242
  /*
243
243
  * Copyright (c) Microsoft Corporation. All rights reserved.
244
244
  * Licensed under the MIT License.
@@ -290,7 +290,7 @@
290
290
  const RESOURCE = "resource";
291
291
  const CLI_DATA = "clidata";
292
292
 
293
- /*! @azure/msal-common v16.6.0 2026-05-07 */
293
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
294
294
  /*
295
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
296
296
  * Licensed under the MIT License.
@@ -321,7 +321,7 @@
321
321
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
322
322
  }
323
323
 
324
- /*! @azure/msal-common v16.6.0 2026-05-07 */
324
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
325
325
 
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -341,7 +341,7 @@
341
341
  return new ClientConfigurationError(errorCode);
342
342
  }
343
343
 
344
- /*! @azure/msal-common v16.6.0 2026-05-07 */
344
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
345
345
  /*
346
346
  * Copyright (c) Microsoft Corporation. All rights reserved.
347
347
  * Licensed under the MIT License.
@@ -421,7 +421,7 @@
421
421
  }
422
422
  }
423
423
 
424
- /*! @azure/msal-common v16.6.0 2026-05-07 */
424
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
425
425
 
426
426
  /*
427
427
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -444,7 +444,7 @@
444
444
  return new ClientAuthError(errorCode, additionalMessage);
445
445
  }
446
446
 
447
- /*! @azure/msal-common v16.6.0 2026-05-07 */
447
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
448
448
  /*
449
449
  * Copyright (c) Microsoft Corporation. All rights reserved.
450
450
  * Licensed under the MIT License.
@@ -470,7 +470,8 @@
470
470
  const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
471
471
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
472
472
  const authorityMismatch = "authority_mismatch";
473
- const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
473
+ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
474
+ const issuerValidationFailed = "issuer_validation_failed";
474
475
 
475
476
  var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
476
477
  __proto__: null,
@@ -486,6 +487,7 @@
486
487
  invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
487
488
  invalidCodeChallengeMethod: invalidCodeChallengeMethod,
488
489
  invalidRequestMethodForEAR: invalidRequestMethodForEAR,
490
+ issuerValidationFailed: issuerValidationFailed,
489
491
  logoutRequestEmpty: logoutRequestEmpty,
490
492
  missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
491
493
  missingSshJwk: missingSshJwk,
@@ -498,7 +500,7 @@
498
500
  urlParseError: urlParseError
499
501
  });
500
502
 
501
- /*! @azure/msal-common v16.6.0 2026-05-07 */
503
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
502
504
  /*
503
505
  * Copyright (c) Microsoft Corporation. All rights reserved.
504
506
  * Licensed under the MIT License.
@@ -586,7 +588,7 @@
586
588
  userCanceled: userCanceled
587
589
  });
588
590
 
589
- /*! @azure/msal-common v16.6.0 2026-05-07 */
591
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
590
592
 
591
593
  /*
592
594
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -781,7 +783,7 @@
781
783
  }
782
784
  }
783
785
 
784
- /*! @azure/msal-common v16.6.0 2026-05-07 */
786
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
785
787
 
786
788
  /*
787
789
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1170,7 +1172,7 @@
1170
1172
  }
1171
1173
  }
1172
1174
 
1173
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1175
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1174
1176
 
1175
1177
  /*
1176
1178
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1279,7 +1281,7 @@
1279
1281
  }
1280
1282
  }
1281
1283
 
1282
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1284
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1283
1285
 
1284
1286
  /*
1285
1287
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1318,7 +1320,7 @@
1318
1320
  },
1319
1321
  };
1320
1322
 
1321
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1323
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1322
1324
  /*
1323
1325
  * Copyright (c) Microsoft Corporation. All rights reserved.
1324
1326
  * Licensed under the MIT License.
@@ -1593,12 +1595,12 @@
1593
1595
  }
1594
1596
  }
1595
1597
 
1596
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1598
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1597
1599
  /* eslint-disable header/header */
1598
1600
  const name$1 = "@azure/msal-common";
1599
- const version$1 = "16.6.0";
1601
+ const version$1 = "16.6.1";
1600
1602
 
1601
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1603
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1602
1604
  /*
1603
1605
  * Copyright (c) Microsoft Corporation. All rights reserved.
1604
1606
  * Licensed under the MIT License.
@@ -1618,7 +1620,7 @@
1618
1620
  AzureUsGovernment: "https://login.microsoftonline.us",
1619
1621
  };
1620
1622
 
1621
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1623
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1622
1624
  /*
1623
1625
  * Copyright (c) Microsoft Corporation. All rights reserved.
1624
1626
  * Licensed under the MIT License.
@@ -1701,7 +1703,7 @@
1701
1703
  return updatedAccountInfo;
1702
1704
  }
1703
1705
 
1704
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1706
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1705
1707
 
1706
1708
  /*
1707
1709
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1781,7 +1783,7 @@
1781
1783
  }
1782
1784
  }
1783
1785
 
1784
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1786
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1785
1787
 
1786
1788
  /*
1787
1789
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1938,7 +1940,7 @@
1938
1940
  }
1939
1941
  }
1940
1942
 
1941
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1943
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1942
1944
 
1943
1945
  /*
1944
1946
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2024,6 +2026,15 @@
2024
2026
  preferred_cache: "login.sovcloud-identity.sg",
2025
2027
  aliases: ["login.sovcloud-identity.sg"],
2026
2028
  },
2029
+ {
2030
+ preferred_network: "login.windows-ppe.net",
2031
+ preferred_cache: "login.windows-ppe.net",
2032
+ aliases: [
2033
+ "login.windows-ppe.net",
2034
+ "sts.windows-ppe.net",
2035
+ "login.microsoft-ppe.com",
2036
+ ],
2037
+ },
2027
2038
  ],
2028
2039
  },
2029
2040
  };
@@ -2095,7 +2106,7 @@
2095
2106
  return null;
2096
2107
  }
2097
2108
 
2098
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2109
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2099
2110
  /*
2100
2111
  * Copyright (c) Microsoft Corporation. All rights reserved.
2101
2112
  * Licensed under the MIT License.
@@ -2103,7 +2114,7 @@
2103
2114
  const cacheQuotaExceeded = "cache_quota_exceeded";
2104
2115
  const cacheErrorUnknown = "cache_error_unknown";
2105
2116
 
2106
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2117
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2107
2118
 
2108
2119
  /*
2109
2120
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2141,7 +2152,7 @@
2141
2152
  }
2142
2153
  }
2143
2154
 
2144
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2155
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2145
2156
 
2146
2157
  /*
2147
2158
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2179,7 +2190,7 @@
2179
2190
  };
2180
2191
  }
2181
2192
 
2182
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2193
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2183
2194
  /*
2184
2195
  * Copyright (c) Microsoft Corporation. All rights reserved.
2185
2196
  * Licensed under the MIT License.
@@ -2194,7 +2205,7 @@
2194
2205
  Ciam: 3,
2195
2206
  };
2196
2207
 
2197
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2208
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2198
2209
  /*
2199
2210
  * Copyright (c) Microsoft Corporation. All rights reserved.
2200
2211
  * Licensed under the MIT License.
@@ -2216,7 +2227,7 @@
2216
2227
  return null;
2217
2228
  }
2218
2229
 
2219
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2230
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2220
2231
  /*
2221
2232
  * Copyright (c) Microsoft Corporation. All rights reserved.
2222
2233
  * Licensed under the MIT License.
@@ -2240,7 +2251,7 @@
2240
2251
  EAR: "EAR",
2241
2252
  };
2242
2253
 
2243
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2254
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2244
2255
  /**
2245
2256
  * Returns the AccountInfo interface for this account.
2246
2257
  */
@@ -2415,7 +2426,7 @@
2415
2426
  entity.hasOwnProperty("authorityType"));
2416
2427
  }
2417
2428
 
2418
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2429
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2419
2430
 
2420
2431
  /*
2421
2432
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3547,7 +3558,7 @@
3547
3558
  }
3548
3559
  }
3549
3560
 
3550
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3561
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3551
3562
  /*
3552
3563
  * Copyright (c) Microsoft Corporation. All rights reserved.
3553
3564
  * Licensed under the MIT License.
@@ -3598,7 +3609,7 @@
3598
3609
  "redirectBridgeMessageVersion",
3599
3610
  ]);
3600
3611
 
3601
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3612
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3602
3613
 
3603
3614
  /*
3604
3615
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3653,7 +3664,7 @@
3653
3664
  }
3654
3665
  }
3655
3666
 
3656
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3667
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3657
3668
 
3658
3669
  /*
3659
3670
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3748,7 +3759,7 @@
3748
3759
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3749
3760
  }
3750
3761
 
3751
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3762
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3752
3763
  /*
3753
3764
  * Copyright (c) Microsoft Corporation. All rights reserved.
3754
3765
  * Licensed under the MIT License.
@@ -3775,7 +3786,7 @@
3775
3786
  }
3776
3787
  }
3777
3788
 
3778
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3789
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3779
3790
  /*
3780
3791
  * Copyright (c) Microsoft Corporation. All rights reserved.
3781
3792
  * Licensed under the MIT License.
@@ -3840,7 +3851,7 @@
3840
3851
  return cachedAtSec > nowSeconds();
3841
3852
  }
3842
3853
 
3843
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3854
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3844
3855
 
3845
3856
  /*
3846
3857
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4099,7 +4110,7 @@
4099
4110
  return metadata.expiresAt <= nowSeconds();
4100
4111
  }
4101
4112
 
4102
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4113
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4103
4114
  /*
4104
4115
  * Copyright (c) Microsoft Corporation. All rights reserved.
4105
4116
  * Licensed under the MIT License.
@@ -4170,7 +4181,7 @@
4170
4181
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4171
4182
  const SetUserData = "setUserData";
4172
4183
 
4173
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4184
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4174
4185
  /*
4175
4186
  * Copyright (c) Microsoft Corporation. All rights reserved.
4176
4187
  * Licensed under the MIT License.
@@ -4263,7 +4274,7 @@
4263
4274
  };
4264
4275
  };
4265
4276
 
4266
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4277
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4267
4278
 
4268
4279
  /*
4269
4280
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4343,7 +4354,7 @@
4343
4354
  }
4344
4355
  }
4345
4356
 
4346
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4357
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4347
4358
  /*
4348
4359
  * Copyright (c) Microsoft Corporation. All rights reserved.
4349
4360
  * Licensed under the MIT License.
@@ -4407,7 +4418,7 @@
4407
4418
  uxNotAllowed: uxNotAllowed
4408
4419
  });
4409
4420
 
4410
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4421
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4411
4422
 
4412
4423
  /*
4413
4424
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4475,7 +4486,7 @@
4475
4486
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4476
4487
  }
4477
4488
 
4478
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4489
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4479
4490
 
4480
4491
  /*
4481
4492
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4494,7 +4505,7 @@
4494
4505
  }
4495
4506
  }
4496
4507
 
4497
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4508
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4498
4509
 
4499
4510
  /*
4500
4511
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4562,7 +4573,7 @@
4562
4573
  }
4563
4574
  }
4564
4575
 
4565
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4576
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4566
4577
 
4567
4578
  /*
4568
4579
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4910,7 +4921,7 @@
4910
4921
  return baseAccount;
4911
4922
  }
4912
4923
 
4913
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4924
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4914
4925
  /*
4915
4926
  * Copyright (c) Microsoft Corporation. All rights reserved.
4916
4927
  * Licensed under the MIT License.
@@ -4920,7 +4931,7 @@
4920
4931
  UPN: "UPN",
4921
4932
  };
4922
4933
 
4923
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4934
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4924
4935
  /*
4925
4936
  * Copyright (c) Microsoft Corporation. All rights reserved.
4926
4937
  * Licensed under the MIT License.
@@ -4938,7 +4949,7 @@
4938
4949
  }
4939
4950
  }
4940
4951
 
4941
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4952
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4942
4953
  /*
4943
4954
  * Copyright (c) Microsoft Corporation. All rights reserved.
4944
4955
  * Licensed under the MIT License.
@@ -4959,7 +4970,7 @@
4959
4970
  };
4960
4971
  }
4961
4972
 
4962
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4973
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4963
4974
 
4964
4975
  /*
4965
4976
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5045,7 +5056,7 @@
5045
5056
  }
5046
5057
  }
5047
5058
 
5048
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5059
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5049
5060
 
5050
5061
  /*
5051
5062
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5076,7 +5087,7 @@
5076
5087
  return new NetworkError(error, httpStatus, responseHeaders);
5077
5088
  }
5078
5089
 
5079
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5090
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5080
5091
 
5081
5092
  /*
5082
5093
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5190,7 +5201,7 @@
5190
5201
  return response;
5191
5202
  }
5192
5203
 
5193
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5204
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5194
5205
  /*
5195
5206
  * Copyright (c) Microsoft Corporation. All rights reserved.
5196
5207
  * Licensed under the MIT License.
@@ -5202,7 +5213,7 @@
5202
5213
  response.hasOwnProperty("jwks_uri"));
5203
5214
  }
5204
5215
 
5205
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5216
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5206
5217
  /*
5207
5218
  * Copyright (c) Microsoft Corporation. All rights reserved.
5208
5219
  * Licensed under the MIT License.
@@ -5212,7 +5223,7 @@
5212
5223
  response.hasOwnProperty("metadata"));
5213
5224
  }
5214
5225
 
5215
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5226
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5216
5227
  /*
5217
5228
  * Copyright (c) Microsoft Corporation. All rights reserved.
5218
5229
  * Licensed under the MIT License.
@@ -5222,7 +5233,7 @@
5222
5233
  response.hasOwnProperty("error_description"));
5223
5234
  }
5224
5235
 
5225
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5236
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5226
5237
 
5227
5238
  /*
5228
5239
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5327,7 +5338,7 @@
5327
5338
  },
5328
5339
  };
5329
5340
 
5330
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5341
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5331
5342
 
5332
5343
  /*
5333
5344
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5582,7 +5593,7 @@
5582
5593
  }, this.correlationId);
5583
5594
  }
5584
5595
  /**
5585
- * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
5596
+ * Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
5586
5597
  * from the configured canonical authority
5587
5598
  * @returns
5588
5599
  */
@@ -5651,6 +5662,8 @@
5651
5662
  // Get metadata from network if local sources aren't available
5652
5663
  let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
5653
5664
  if (metadata) {
5665
+ // Validate the issuer returned by the OIDC discovery document.
5666
+ this.validateIssuer(metadata.issuer);
5654
5667
  // If the user prefers to use an azure region replace the global endpoints with regional information.
5655
5668
  if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
5656
5669
  metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
@@ -5819,7 +5832,7 @@
5819
5832
  throw createClientConfigurationError(untrustedAuthority);
5820
5833
  }
5821
5834
  updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
5822
- this.logger.verbose("0jhlgt", this.correlationId);
5835
+ this.logger.verbose("1tpqlr", this.correlationId);
5823
5836
  this.logger.verbosePii("1fy7uz", this.correlationId);
5824
5837
  this.logger.verbosePii("08zabj", this.correlationId);
5825
5838
  this.logger.verbosePii("1o1kv3", this.correlationId);
@@ -6016,6 +6029,139 @@
6016
6029
  isAliasOfKnownMicrosoftAuthority(host) {
6017
6030
  return InstanceDiscoveryMetadataAliases.has(host);
6018
6031
  }
6032
+ /**
6033
+ * Validates the `issuer` returned by an OIDC discovery document against
6034
+ * this authority, per
6035
+ * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
6036
+ *
6037
+ * The issuer is accepted when ANY of the following holds:
6038
+ * 1. The issuer scheme + host + port match the authority's (path may
6039
+ * differ). Applies to all authorities.
6040
+ * 2. The authority is a Microsoft cloud authority (public, sovereign,
6041
+ * or CIAM), the issuer is HTTPS, and the issuer host is in the known
6042
+ * Microsoft authority host set.
6043
+ * 3. Same as (2), but the issuer host is a single-label regional variant
6044
+ * of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
6045
+ * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
6046
+ * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
6047
+ * path.
6048
+ *
6049
+ * @param issuer The `issuer` value returned in the OIDC discovery document.
6050
+ * @throws ClientConfigurationError("issuer_validation_failed") on failure.
6051
+ */
6052
+ validateIssuer(issuer) {
6053
+ if (!issuer) {
6054
+ throw createClientConfigurationError(issuerValidationFailed);
6055
+ }
6056
+ // Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
6057
+ let issuerUrl;
6058
+ try {
6059
+ issuerUrl = new URL(issuer);
6060
+ }
6061
+ catch {
6062
+ throw createClientConfigurationError(issuerValidationFailed);
6063
+ }
6064
+ const issuerScheme = issuerUrl.protocol;
6065
+ const issuerHost = issuerUrl.host;
6066
+ const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
6067
+ const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
6068
+ // Rule 1: Same scheme and host
6069
+ const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
6070
+ // Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
6071
+ const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
6072
+ this.isAliasOfKnownMicrosoftAuthority(issuerHost);
6073
+ /*
6074
+ * Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
6075
+ * (HTTPS only). E.g. westus2.login.microsoft.com
6076
+ */
6077
+ const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
6078
+ this.matchesRegionalMicrosoftHost(issuerHost);
6079
+ /*
6080
+ * Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
6081
+ * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
6082
+ */
6083
+ const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
6084
+ // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
6085
+ if (matchesAuthorityOrigin ||
6086
+ matchesKnownMicrosoftHost ||
6087
+ matchesRegionalMicrosoftHost ||
6088
+ matchesCiamTenantPattern) {
6089
+ return;
6090
+ }
6091
+ // issuer validation fails if none of the above rules are satisfied
6092
+ throw createClientConfigurationError(issuerValidationFailed);
6093
+ }
6094
+ /**
6095
+ * Rule 1: The issuer scheme + host (and port) match the authority's. Path
6096
+ * may differ. Applies to all authorities.
6097
+ */
6098
+ matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
6099
+ return issuerScheme === authorityScheme && issuerHost === authorityHost;
6100
+ }
6101
+ /**
6102
+ * Rule 3: The issuer host is a regional variant
6103
+ * (`{region}.{host}`) of a known Microsoft authority host.
6104
+ * E.g. `westus2.login.microsoft.com`.
6105
+ */
6106
+ matchesRegionalMicrosoftHost(issuerHost) {
6107
+ const firstDot = issuerHost.indexOf(".");
6108
+ if (firstDot > 0 && firstDot < issuerHost.length - 1) {
6109
+ const hostWithoutRegion = issuerHost.substring(firstDot + 1);
6110
+ return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
6111
+ }
6112
+ return false;
6113
+ }
6114
+ /**
6115
+ * Rule 4: The issuer matches one of the well-known CIAM tenant patterns
6116
+ * (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
6117
+ *
6118
+ * The bare tenant name is extracted from the authority's first path segment
6119
+ * when available (stripping the `.onmicrosoft.com` suffix that
6120
+ * `transformCIAMAuthority` adds), or otherwise from the leftmost label of
6121
+ * the authority host (to support CIAM custom domain scenarios).
6122
+ *
6123
+ * Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
6124
+ * because the OIDC issuer may use either form depending on the authority URL
6125
+ * that was used to trigger discovery.
6126
+ */
6127
+ matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
6128
+ /*
6129
+ * authorityPathSegments[0] is the first path segment of the *authority
6130
+ * URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
6131
+ * Additional CIAM issuer path segments such as "/v2.0" are part of the
6132
+ * issuer string, not the authority URL's PathSegments.
6133
+ */
6134
+ const pathSegment = authorityPathSegments[0];
6135
+ /*
6136
+ * Extract the bare tenant name: strip the .onmicrosoft.com suffix when
6137
+ * present (introduced by transformCIAMAuthority), or fall back to the
6138
+ * first label of the authority hostname for non-transformed/custom-domain
6139
+ * CIAM authorities.
6140
+ */
6141
+ const tenantName = pathSegment
6142
+ ? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
6143
+ ? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
6144
+ : pathSegment
6145
+ : authorityHost.split(".")[0];
6146
+ if (!tenantName) {
6147
+ return false;
6148
+ }
6149
+ const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
6150
+ const validCiamPatterns = [
6151
+ ciamBaseURL,
6152
+ `${ciamBaseURL}/${tenantName}`,
6153
+ `${ciamBaseURL}/${tenantName}/v2.0`,
6154
+ `${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
6155
+ `${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
6156
+ ];
6157
+ /*
6158
+ * Compose the canonical issuer string from URL components and strip any
6159
+ * trailing slashes from the path so it can be compared to the pattern set.
6160
+ */
6161
+ const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
6162
+ const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
6163
+ return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
6164
+ }
6019
6165
  /**
6020
6166
  * Checks whether the provided host is that of a public cloud authority
6021
6167
  *
@@ -6147,7 +6293,7 @@
6147
6293
  };
6148
6294
  }
6149
6295
 
6150
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6296
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6151
6297
 
6152
6298
  /*
6153
6299
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6181,7 +6327,7 @@
6181
6327
  }
6182
6328
  }
6183
6329
 
6184
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6330
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6185
6331
 
6186
6332
  /*
6187
6333
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6438,7 +6584,7 @@
6438
6584
  }
6439
6585
  }
6440
6586
 
6441
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6587
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6442
6588
 
6443
6589
  /*
6444
6590
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6659,7 +6805,7 @@
6659
6805
  }
6660
6806
  }
6661
6807
 
6662
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6808
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6663
6809
 
6664
6810
  /*
6665
6811
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6775,7 +6921,7 @@
6775
6921
  }
6776
6922
  }
6777
6923
 
6778
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6924
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6779
6925
 
6780
6926
  /*
6781
6927
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6790,7 +6936,7 @@
6790
6936
  },
6791
6937
  };
6792
6938
 
6793
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6939
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6794
6940
 
6795
6941
  /*
6796
6942
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7013,7 +7159,7 @@
7013
7159
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7014
7160
  }
7015
7161
 
7016
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7162
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7017
7163
 
7018
7164
  /*
7019
7165
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7046,7 +7192,7 @@
7046
7192
  return Object.prototype.hasOwnProperty.call(params, "resource");
7047
7193
  }
7048
7194
 
7049
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7195
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7050
7196
 
7051
7197
  /*
7052
7198
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7104,7 +7250,7 @@
7104
7250
  }
7105
7251
  }
7106
7252
 
7107
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7253
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7108
7254
  /*
7109
7255
  * Copyright (c) Microsoft Corporation. All rights reserved.
7110
7256
  * Licensed under the MIT License.
@@ -7121,7 +7267,7 @@
7121
7267
  unexpectedError: unexpectedError
7122
7268
  });
7123
7269
 
7124
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7270
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7125
7271
 
7126
7272
  /*
7127
7273
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7382,7 +7528,7 @@
7382
7528
  }
7383
7529
  }
7384
7530
 
7385
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7531
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7386
7532
 
7387
7533
  /*
7388
7534
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7403,7 +7549,7 @@
7403
7549
  return new JoseHeaderError(code);
7404
7550
  }
7405
7551
 
7406
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7552
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7407
7553
  /*
7408
7554
  * Copyright (c) Microsoft Corporation. All rights reserved.
7409
7555
  * Licensed under the MIT License.
@@ -7411,7 +7557,7 @@
7411
7557
  const missingKidError = "missing_kid_error";
7412
7558
  const missingAlgError = "missing_alg_error";
7413
7559
 
7414
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7560
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7415
7561
 
7416
7562
  /*
7417
7563
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7451,7 +7597,7 @@
7451
7597
  }
7452
7598
  }
7453
7599
 
7454
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7600
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7455
7601
 
7456
7602
  /*
7457
7603
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10389,7 +10535,7 @@
10389
10535
 
10390
10536
  /* eslint-disable header/header */
10391
10537
  const name = "@azure/msal-browser";
10392
- const version = "5.10.0";
10538
+ const version = "5.10.1";
10393
10539
 
10394
10540
  /*
10395
10541
  * Copyright (c) Microsoft Corporation. All rights reserved.