@azure/msal-browser 5.10.0 → 5.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +1176 -1176
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +2 -2
- package/lib/custom-auth-path/msal-custom-auth.cjs +215 -70
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +215 -70
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +2 -2
- package/lib/msal-browser.cjs +218 -72
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +218 -72
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/packageMetadata.ts +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/packageMetadata.d.ts +1 -1
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.10.
|
|
1
|
+
/*! @azure/msal-browser v5.10.1 2026-05-11 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.6.
|
|
5
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
|
|
|
229
229
|
// Token renewal offset default in seconds
|
|
230
230
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
231
231
|
|
|
232
|
-
/*! @azure/msal-common v16.6.
|
|
232
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
233
233
|
/*
|
|
234
234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
235
235
|
* Licensed under the MIT License.
|
|
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
281
281
|
const RESOURCE = "resource";
|
|
282
282
|
const CLI_DATA = "clidata";
|
|
283
283
|
|
|
284
|
-
/*! @azure/msal-common v16.6.
|
|
284
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
285
285
|
/*
|
|
286
286
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
287
287
|
* Licensed under the MIT License.
|
|
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
312
312
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
313
313
|
}
|
|
314
314
|
|
|
315
|
-
/*! @azure/msal-common v16.6.
|
|
315
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
316
316
|
|
|
317
317
|
/*
|
|
318
318
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
332
332
|
return new ClientConfigurationError(errorCode);
|
|
333
333
|
}
|
|
334
334
|
|
|
335
|
-
/*! @azure/msal-common v16.6.
|
|
335
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
336
336
|
/*
|
|
337
337
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
338
338
|
* Licensed under the MIT License.
|
|
@@ -412,7 +412,7 @@ class StringUtils {
|
|
|
412
412
|
}
|
|
413
413
|
}
|
|
414
414
|
|
|
415
|
-
/*! @azure/msal-common v16.6.
|
|
415
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
416
416
|
|
|
417
417
|
/*
|
|
418
418
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
435
435
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
436
436
|
}
|
|
437
437
|
|
|
438
|
-
/*! @azure/msal-common v16.6.
|
|
438
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
439
439
|
/*
|
|
440
440
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
441
441
|
* Licensed under the MIT License.
|
|
@@ -457,9 +457,10 @@ const missingSshKid = "missing_ssh_kid";
|
|
|
457
457
|
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
458
458
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
459
459
|
const authorityMismatch = "authority_mismatch";
|
|
460
|
-
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
460
|
+
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
461
|
+
const issuerValidationFailed = "issuer_validation_failed";
|
|
461
462
|
|
|
462
|
-
/*! @azure/msal-common v16.6.
|
|
463
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
463
464
|
/*
|
|
464
465
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
465
466
|
* Licensed under the MIT License.
|
|
@@ -498,7 +499,7 @@ const methodNotImplemented = "method_not_implemented";
|
|
|
498
499
|
const resourceParameterRequired = "resource_parameter_required";
|
|
499
500
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
500
501
|
|
|
501
|
-
/*! @azure/msal-common v16.6.
|
|
502
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
502
503
|
|
|
503
504
|
/*
|
|
504
505
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -693,7 +694,7 @@ class ScopeSet {
|
|
|
693
694
|
}
|
|
694
695
|
}
|
|
695
696
|
|
|
696
|
-
/*! @azure/msal-common v16.6.
|
|
697
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
697
698
|
|
|
698
699
|
/*
|
|
699
700
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1082,7 +1083,7 @@ function addResource(parameters, resource) {
|
|
|
1082
1083
|
}
|
|
1083
1084
|
}
|
|
1084
1085
|
|
|
1085
|
-
/*! @azure/msal-common v16.6.
|
|
1086
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1086
1087
|
|
|
1087
1088
|
/*
|
|
1088
1089
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1191,7 +1192,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1191
1192
|
}
|
|
1192
1193
|
}
|
|
1193
1194
|
|
|
1194
|
-
/*! @azure/msal-common v16.6.
|
|
1195
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1195
1196
|
|
|
1196
1197
|
/*
|
|
1197
1198
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1230,7 +1231,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1230
1231
|
},
|
|
1231
1232
|
};
|
|
1232
1233
|
|
|
1233
|
-
/*! @azure/msal-common v16.6.
|
|
1234
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1234
1235
|
/*
|
|
1235
1236
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1236
1237
|
* Licensed under the MIT License.
|
|
@@ -1491,12 +1492,12 @@ class Logger {
|
|
|
1491
1492
|
}
|
|
1492
1493
|
}
|
|
1493
1494
|
|
|
1494
|
-
/*! @azure/msal-common v16.6.
|
|
1495
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1495
1496
|
/* eslint-disable header/header */
|
|
1496
1497
|
const name$1 = "@azure/msal-common";
|
|
1497
|
-
const version$1 = "16.6.
|
|
1498
|
+
const version$1 = "16.6.1";
|
|
1498
1499
|
|
|
1499
|
-
/*! @azure/msal-common v16.6.
|
|
1500
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1500
1501
|
/*
|
|
1501
1502
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1502
1503
|
* Licensed under the MIT License.
|
|
@@ -1505,7 +1506,7 @@ const AzureCloudInstance = {
|
|
|
1505
1506
|
// AzureCloudInstance is not specified.
|
|
1506
1507
|
None: "none"};
|
|
1507
1508
|
|
|
1508
|
-
/*! @azure/msal-common v16.6.
|
|
1509
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1509
1510
|
/*
|
|
1510
1511
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1511
1512
|
* Licensed under the MIT License.
|
|
@@ -1588,7 +1589,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1588
1589
|
return updatedAccountInfo;
|
|
1589
1590
|
}
|
|
1590
1591
|
|
|
1591
|
-
/*! @azure/msal-common v16.6.
|
|
1592
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1592
1593
|
|
|
1593
1594
|
/*
|
|
1594
1595
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1668,7 +1669,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1668
1669
|
}
|
|
1669
1670
|
}
|
|
1670
1671
|
|
|
1671
|
-
/*! @azure/msal-common v16.6.
|
|
1672
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1672
1673
|
|
|
1673
1674
|
/*
|
|
1674
1675
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1825,7 +1826,7 @@ class UrlString {
|
|
|
1825
1826
|
}
|
|
1826
1827
|
}
|
|
1827
1828
|
|
|
1828
|
-
/*! @azure/msal-common v16.6.
|
|
1829
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1829
1830
|
|
|
1830
1831
|
/*
|
|
1831
1832
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1911,6 +1912,15 @@ const rawMetdataJSON = {
|
|
|
1911
1912
|
preferred_cache: "login.sovcloud-identity.sg",
|
|
1912
1913
|
aliases: ["login.sovcloud-identity.sg"],
|
|
1913
1914
|
},
|
|
1915
|
+
{
|
|
1916
|
+
preferred_network: "login.windows-ppe.net",
|
|
1917
|
+
preferred_cache: "login.windows-ppe.net",
|
|
1918
|
+
aliases: [
|
|
1919
|
+
"login.windows-ppe.net",
|
|
1920
|
+
"sts.windows-ppe.net",
|
|
1921
|
+
"login.microsoft-ppe.com",
|
|
1922
|
+
],
|
|
1923
|
+
},
|
|
1914
1924
|
],
|
|
1915
1925
|
},
|
|
1916
1926
|
};
|
|
@@ -1982,7 +1992,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1982
1992
|
return null;
|
|
1983
1993
|
}
|
|
1984
1994
|
|
|
1985
|
-
/*! @azure/msal-common v16.6.
|
|
1995
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1986
1996
|
/*
|
|
1987
1997
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1988
1998
|
* Licensed under the MIT License.
|
|
@@ -1990,7 +2000,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1990
2000
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
1991
2001
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
1992
2002
|
|
|
1993
|
-
/*! @azure/msal-common v16.6.
|
|
2003
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1994
2004
|
|
|
1995
2005
|
/*
|
|
1996
2006
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2028,7 +2038,7 @@ function createCacheError(e) {
|
|
|
2028
2038
|
}
|
|
2029
2039
|
}
|
|
2030
2040
|
|
|
2031
|
-
/*! @azure/msal-common v16.6.
|
|
2041
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2032
2042
|
|
|
2033
2043
|
/*
|
|
2034
2044
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2066,7 +2076,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2066
2076
|
};
|
|
2067
2077
|
}
|
|
2068
2078
|
|
|
2069
|
-
/*! @azure/msal-common v16.6.
|
|
2079
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2070
2080
|
/*
|
|
2071
2081
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2072
2082
|
* Licensed under the MIT License.
|
|
@@ -2081,7 +2091,7 @@ const AuthorityType = {
|
|
|
2081
2091
|
Ciam: 3,
|
|
2082
2092
|
};
|
|
2083
2093
|
|
|
2084
|
-
/*! @azure/msal-common v16.6.
|
|
2094
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2085
2095
|
/*
|
|
2086
2096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2087
2097
|
* Licensed under the MIT License.
|
|
@@ -2103,7 +2113,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2103
2113
|
return null;
|
|
2104
2114
|
}
|
|
2105
2115
|
|
|
2106
|
-
/*! @azure/msal-common v16.6.
|
|
2116
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2107
2117
|
/*
|
|
2108
2118
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2109
2119
|
* Licensed under the MIT License.
|
|
@@ -2127,7 +2137,7 @@ const ProtocolMode = {
|
|
|
2127
2137
|
EAR: "EAR",
|
|
2128
2138
|
};
|
|
2129
2139
|
|
|
2130
|
-
/*! @azure/msal-common v16.6.
|
|
2140
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2131
2141
|
/**
|
|
2132
2142
|
* Returns the AccountInfo interface for this account.
|
|
2133
2143
|
*/
|
|
@@ -2302,7 +2312,7 @@ function isAccountEntity(entity) {
|
|
|
2302
2312
|
entity.hasOwnProperty("authorityType"));
|
|
2303
2313
|
}
|
|
2304
2314
|
|
|
2305
|
-
/*! @azure/msal-common v16.6.
|
|
2315
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2306
2316
|
|
|
2307
2317
|
/*
|
|
2308
2318
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3433,7 +3443,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3433
3443
|
}
|
|
3434
3444
|
}
|
|
3435
3445
|
|
|
3436
|
-
/*! @azure/msal-common v16.6.
|
|
3446
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3437
3447
|
/*
|
|
3438
3448
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3439
3449
|
* Licensed under the MIT License.
|
|
@@ -3447,7 +3457,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3447
3457
|
const PerformanceEventStatus = {
|
|
3448
3458
|
InProgress: 1};
|
|
3449
3459
|
|
|
3450
|
-
/*! @azure/msal-common v16.6.
|
|
3460
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3451
3461
|
|
|
3452
3462
|
/*
|
|
3453
3463
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3502,7 +3512,7 @@ class StubPerformanceClient {
|
|
|
3502
3512
|
}
|
|
3503
3513
|
}
|
|
3504
3514
|
|
|
3505
|
-
/*! @azure/msal-common v16.6.
|
|
3515
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3506
3516
|
|
|
3507
3517
|
/*
|
|
3508
3518
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3597,7 +3607,7 @@ function isOidcProtocolMode(config) {
|
|
|
3597
3607
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3598
3608
|
}
|
|
3599
3609
|
|
|
3600
|
-
/*! @azure/msal-common v16.6.
|
|
3610
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3601
3611
|
/*
|
|
3602
3612
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3603
3613
|
* Licensed under the MIT License.
|
|
@@ -3624,7 +3634,7 @@ function isOidcProtocolMode(config) {
|
|
|
3624
3634
|
}
|
|
3625
3635
|
}
|
|
3626
3636
|
|
|
3627
|
-
/*! @azure/msal-common v16.6.
|
|
3637
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3628
3638
|
/*
|
|
3629
3639
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3630
3640
|
* Licensed under the MIT License.
|
|
@@ -3689,7 +3699,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3689
3699
|
return cachedAtSec > nowSeconds();
|
|
3690
3700
|
}
|
|
3691
3701
|
|
|
3692
|
-
/*! @azure/msal-common v16.6.
|
|
3702
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3693
3703
|
|
|
3694
3704
|
/*
|
|
3695
3705
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3948,7 +3958,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
3948
3958
|
return metadata.expiresAt <= nowSeconds();
|
|
3949
3959
|
}
|
|
3950
3960
|
|
|
3951
|
-
/*! @azure/msal-common v16.6.
|
|
3961
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3952
3962
|
/*
|
|
3953
3963
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3954
3964
|
* Licensed under the MIT License.
|
|
@@ -4019,7 +4029,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4019
4029
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4020
4030
|
const SetUserData = "setUserData";
|
|
4021
4031
|
|
|
4022
|
-
/*! @azure/msal-common v16.6.
|
|
4032
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4023
4033
|
/*
|
|
4024
4034
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4025
4035
|
* Licensed under the MIT License.
|
|
@@ -4112,7 +4122,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4112
4122
|
};
|
|
4113
4123
|
};
|
|
4114
4124
|
|
|
4115
|
-
/*! @azure/msal-common v16.6.
|
|
4125
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4116
4126
|
|
|
4117
4127
|
/*
|
|
4118
4128
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4192,7 +4202,7 @@ class PopTokenGenerator {
|
|
|
4192
4202
|
}
|
|
4193
4203
|
}
|
|
4194
4204
|
|
|
4195
|
-
/*! @azure/msal-common v16.6.
|
|
4205
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4196
4206
|
/*
|
|
4197
4207
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4198
4208
|
* Licensed under the MIT License.
|
|
@@ -4243,7 +4253,7 @@ const badToken = "bad_token";
|
|
|
4243
4253
|
*/
|
|
4244
4254
|
const interruptedUser = "interrupted_user";
|
|
4245
4255
|
|
|
4246
|
-
/*! @azure/msal-common v16.6.
|
|
4256
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4247
4257
|
|
|
4248
4258
|
/*
|
|
4249
4259
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4311,7 +4321,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4311
4321
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4312
4322
|
}
|
|
4313
4323
|
|
|
4314
|
-
/*! @azure/msal-common v16.6.
|
|
4324
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4315
4325
|
|
|
4316
4326
|
/*
|
|
4317
4327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4330,7 +4340,7 @@ class ServerError extends AuthError {
|
|
|
4330
4340
|
}
|
|
4331
4341
|
}
|
|
4332
4342
|
|
|
4333
|
-
/*! @azure/msal-common v16.6.
|
|
4343
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4334
4344
|
|
|
4335
4345
|
/*
|
|
4336
4346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4398,7 +4408,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4398
4408
|
}
|
|
4399
4409
|
}
|
|
4400
4410
|
|
|
4401
|
-
/*! @azure/msal-common v16.6.
|
|
4411
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4402
4412
|
|
|
4403
4413
|
/*
|
|
4404
4414
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4746,7 +4756,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4746
4756
|
return baseAccount;
|
|
4747
4757
|
}
|
|
4748
4758
|
|
|
4749
|
-
/*! @azure/msal-common v16.6.
|
|
4759
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4750
4760
|
/*
|
|
4751
4761
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4752
4762
|
* Licensed under the MIT License.
|
|
@@ -4756,7 +4766,7 @@ const CcsCredentialType = {
|
|
|
4756
4766
|
UPN: "UPN",
|
|
4757
4767
|
};
|
|
4758
4768
|
|
|
4759
|
-
/*! @azure/msal-common v16.6.
|
|
4769
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4760
4770
|
/*
|
|
4761
4771
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4762
4772
|
* Licensed under the MIT License.
|
|
@@ -4774,7 +4784,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4774
4784
|
}
|
|
4775
4785
|
}
|
|
4776
4786
|
|
|
4777
|
-
/*! @azure/msal-common v16.6.
|
|
4787
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4778
4788
|
/*
|
|
4779
4789
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4780
4790
|
* Licensed under the MIT License.
|
|
@@ -4795,7 +4805,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4795
4805
|
};
|
|
4796
4806
|
}
|
|
4797
4807
|
|
|
4798
|
-
/*! @azure/msal-common v16.6.
|
|
4808
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4799
4809
|
|
|
4800
4810
|
/*
|
|
4801
4811
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4881,7 +4891,7 @@ class ThrottlingUtils {
|
|
|
4881
4891
|
}
|
|
4882
4892
|
}
|
|
4883
4893
|
|
|
4884
|
-
/*! @azure/msal-common v16.6.
|
|
4894
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4885
4895
|
|
|
4886
4896
|
/*
|
|
4887
4897
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4912,7 +4922,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
4912
4922
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4913
4923
|
}
|
|
4914
4924
|
|
|
4915
|
-
/*! @azure/msal-common v16.6.
|
|
4925
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4916
4926
|
|
|
4917
4927
|
/*
|
|
4918
4928
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5026,7 +5036,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5026
5036
|
return response;
|
|
5027
5037
|
}
|
|
5028
5038
|
|
|
5029
|
-
/*! @azure/msal-common v16.6.
|
|
5039
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5030
5040
|
/*
|
|
5031
5041
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5032
5042
|
* Licensed under the MIT License.
|
|
@@ -5038,7 +5048,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5038
5048
|
response.hasOwnProperty("jwks_uri"));
|
|
5039
5049
|
}
|
|
5040
5050
|
|
|
5041
|
-
/*! @azure/msal-common v16.6.
|
|
5051
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5042
5052
|
/*
|
|
5043
5053
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5044
5054
|
* Licensed under the MIT License.
|
|
@@ -5048,7 +5058,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5048
5058
|
response.hasOwnProperty("metadata"));
|
|
5049
5059
|
}
|
|
5050
5060
|
|
|
5051
|
-
/*! @azure/msal-common v16.6.
|
|
5061
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5052
5062
|
/*
|
|
5053
5063
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5054
5064
|
* Licensed under the MIT License.
|
|
@@ -5058,7 +5068,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5058
5068
|
response.hasOwnProperty("error_description"));
|
|
5059
5069
|
}
|
|
5060
5070
|
|
|
5061
|
-
/*! @azure/msal-common v16.6.
|
|
5071
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5062
5072
|
|
|
5063
5073
|
/*
|
|
5064
5074
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5163,7 +5173,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5163
5173
|
},
|
|
5164
5174
|
};
|
|
5165
5175
|
|
|
5166
|
-
/*! @azure/msal-common v16.6.
|
|
5176
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5167
5177
|
|
|
5168
5178
|
/*
|
|
5169
5179
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5418,7 +5428,7 @@ class Authority {
|
|
|
5418
5428
|
}, this.correlationId);
|
|
5419
5429
|
}
|
|
5420
5430
|
/**
|
|
5421
|
-
* Returns metadata entity from cache if it exists,
|
|
5431
|
+
* Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
|
|
5422
5432
|
* from the configured canonical authority
|
|
5423
5433
|
* @returns
|
|
5424
5434
|
*/
|
|
@@ -5487,6 +5497,8 @@ class Authority {
|
|
|
5487
5497
|
// Get metadata from network if local sources aren't available
|
|
5488
5498
|
let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
5489
5499
|
if (metadata) {
|
|
5500
|
+
// Validate the issuer returned by the OIDC discovery document.
|
|
5501
|
+
this.validateIssuer(metadata.issuer);
|
|
5490
5502
|
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
5491
5503
|
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
5492
5504
|
metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
|
|
@@ -5655,7 +5667,7 @@ class Authority {
|
|
|
5655
5667
|
throw createClientConfigurationError(untrustedAuthority);
|
|
5656
5668
|
}
|
|
5657
5669
|
updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
|
|
5658
|
-
this.logger.verbose("
|
|
5670
|
+
this.logger.verbose("1tpqlr", this.correlationId);
|
|
5659
5671
|
this.logger.verbosePii("1fy7uz", this.correlationId);
|
|
5660
5672
|
this.logger.verbosePii("08zabj", this.correlationId);
|
|
5661
5673
|
this.logger.verbosePii("1o1kv3", this.correlationId);
|
|
@@ -5852,6 +5864,139 @@ class Authority {
|
|
|
5852
5864
|
isAliasOfKnownMicrosoftAuthority(host) {
|
|
5853
5865
|
return InstanceDiscoveryMetadataAliases.has(host);
|
|
5854
5866
|
}
|
|
5867
|
+
/**
|
|
5868
|
+
* Validates the `issuer` returned by an OIDC discovery document against
|
|
5869
|
+
* this authority, per
|
|
5870
|
+
* https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
|
|
5871
|
+
*
|
|
5872
|
+
* The issuer is accepted when ANY of the following holds:
|
|
5873
|
+
* 1. The issuer scheme + host + port match the authority's (path may
|
|
5874
|
+
* differ). Applies to all authorities.
|
|
5875
|
+
* 2. The authority is a Microsoft cloud authority (public, sovereign,
|
|
5876
|
+
* or CIAM), the issuer is HTTPS, and the issuer host is in the known
|
|
5877
|
+
* Microsoft authority host set.
|
|
5878
|
+
* 3. Same as (2), but the issuer host is a single-label regional variant
|
|
5879
|
+
* of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
|
|
5880
|
+
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
5881
|
+
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
5882
|
+
* path.
|
|
5883
|
+
*
|
|
5884
|
+
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
5885
|
+
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
5886
|
+
*/
|
|
5887
|
+
validateIssuer(issuer) {
|
|
5888
|
+
if (!issuer) {
|
|
5889
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5890
|
+
}
|
|
5891
|
+
// Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
|
|
5892
|
+
let issuerUrl;
|
|
5893
|
+
try {
|
|
5894
|
+
issuerUrl = new URL(issuer);
|
|
5895
|
+
}
|
|
5896
|
+
catch {
|
|
5897
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5898
|
+
}
|
|
5899
|
+
const issuerScheme = issuerUrl.protocol;
|
|
5900
|
+
const issuerHost = issuerUrl.host;
|
|
5901
|
+
const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
|
|
5902
|
+
const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
|
|
5903
|
+
// Rule 1: Same scheme and host
|
|
5904
|
+
const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
|
|
5905
|
+
// Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
|
|
5906
|
+
const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
|
|
5907
|
+
this.isAliasOfKnownMicrosoftAuthority(issuerHost);
|
|
5908
|
+
/*
|
|
5909
|
+
* Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
|
|
5910
|
+
* (HTTPS only). E.g. westus2.login.microsoft.com
|
|
5911
|
+
*/
|
|
5912
|
+
const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
|
|
5913
|
+
this.matchesRegionalMicrosoftHost(issuerHost);
|
|
5914
|
+
/*
|
|
5915
|
+
* Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
|
|
5916
|
+
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
5917
|
+
*/
|
|
5918
|
+
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
5919
|
+
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
5920
|
+
if (matchesAuthorityOrigin ||
|
|
5921
|
+
matchesKnownMicrosoftHost ||
|
|
5922
|
+
matchesRegionalMicrosoftHost ||
|
|
5923
|
+
matchesCiamTenantPattern) {
|
|
5924
|
+
return;
|
|
5925
|
+
}
|
|
5926
|
+
// issuer validation fails if none of the above rules are satisfied
|
|
5927
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5928
|
+
}
|
|
5929
|
+
/**
|
|
5930
|
+
* Rule 1: The issuer scheme + host (and port) match the authority's. Path
|
|
5931
|
+
* may differ. Applies to all authorities.
|
|
5932
|
+
*/
|
|
5933
|
+
matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
|
|
5934
|
+
return issuerScheme === authorityScheme && issuerHost === authorityHost;
|
|
5935
|
+
}
|
|
5936
|
+
/**
|
|
5937
|
+
* Rule 3: The issuer host is a regional variant
|
|
5938
|
+
* (`{region}.{host}`) of a known Microsoft authority host.
|
|
5939
|
+
* E.g. `westus2.login.microsoft.com`.
|
|
5940
|
+
*/
|
|
5941
|
+
matchesRegionalMicrosoftHost(issuerHost) {
|
|
5942
|
+
const firstDot = issuerHost.indexOf(".");
|
|
5943
|
+
if (firstDot > 0 && firstDot < issuerHost.length - 1) {
|
|
5944
|
+
const hostWithoutRegion = issuerHost.substring(firstDot + 1);
|
|
5945
|
+
return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
|
|
5946
|
+
}
|
|
5947
|
+
return false;
|
|
5948
|
+
}
|
|
5949
|
+
/**
|
|
5950
|
+
* Rule 4: The issuer matches one of the well-known CIAM tenant patterns
|
|
5951
|
+
* (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
|
|
5952
|
+
*
|
|
5953
|
+
* The bare tenant name is extracted from the authority's first path segment
|
|
5954
|
+
* when available (stripping the `.onmicrosoft.com` suffix that
|
|
5955
|
+
* `transformCIAMAuthority` adds), or otherwise from the leftmost label of
|
|
5956
|
+
* the authority host (to support CIAM custom domain scenarios).
|
|
5957
|
+
*
|
|
5958
|
+
* Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
|
|
5959
|
+
* because the OIDC issuer may use either form depending on the authority URL
|
|
5960
|
+
* that was used to trigger discovery.
|
|
5961
|
+
*/
|
|
5962
|
+
matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
|
|
5963
|
+
/*
|
|
5964
|
+
* authorityPathSegments[0] is the first path segment of the *authority
|
|
5965
|
+
* URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
|
|
5966
|
+
* Additional CIAM issuer path segments such as "/v2.0" are part of the
|
|
5967
|
+
* issuer string, not the authority URL's PathSegments.
|
|
5968
|
+
*/
|
|
5969
|
+
const pathSegment = authorityPathSegments[0];
|
|
5970
|
+
/*
|
|
5971
|
+
* Extract the bare tenant name: strip the .onmicrosoft.com suffix when
|
|
5972
|
+
* present (introduced by transformCIAMAuthority), or fall back to the
|
|
5973
|
+
* first label of the authority hostname for non-transformed/custom-domain
|
|
5974
|
+
* CIAM authorities.
|
|
5975
|
+
*/
|
|
5976
|
+
const tenantName = pathSegment
|
|
5977
|
+
? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
|
|
5978
|
+
? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
|
|
5979
|
+
: pathSegment
|
|
5980
|
+
: authorityHost.split(".")[0];
|
|
5981
|
+
if (!tenantName) {
|
|
5982
|
+
return false;
|
|
5983
|
+
}
|
|
5984
|
+
const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
|
|
5985
|
+
const validCiamPatterns = [
|
|
5986
|
+
ciamBaseURL,
|
|
5987
|
+
`${ciamBaseURL}/${tenantName}`,
|
|
5988
|
+
`${ciamBaseURL}/${tenantName}/v2.0`,
|
|
5989
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
|
|
5990
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
|
|
5991
|
+
];
|
|
5992
|
+
/*
|
|
5993
|
+
* Compose the canonical issuer string from URL components and strip any
|
|
5994
|
+
* trailing slashes from the path so it can be compared to the pattern set.
|
|
5995
|
+
*/
|
|
5996
|
+
const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
|
|
5997
|
+
const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
|
|
5998
|
+
return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
|
|
5999
|
+
}
|
|
5855
6000
|
/**
|
|
5856
6001
|
* Checks whether the provided host is that of a public cloud authority
|
|
5857
6002
|
*
|
|
@@ -5983,7 +6128,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
5983
6128
|
};
|
|
5984
6129
|
}
|
|
5985
6130
|
|
|
5986
|
-
/*! @azure/msal-common v16.6.
|
|
6131
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5987
6132
|
|
|
5988
6133
|
/*
|
|
5989
6134
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6017,7 +6162,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6017
6162
|
}
|
|
6018
6163
|
}
|
|
6019
6164
|
|
|
6020
|
-
/*! @azure/msal-common v16.6.
|
|
6165
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6021
6166
|
|
|
6022
6167
|
/*
|
|
6023
6168
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6274,7 +6419,7 @@ class AuthorizationCodeClient {
|
|
|
6274
6419
|
}
|
|
6275
6420
|
}
|
|
6276
6421
|
|
|
6277
|
-
/*! @azure/msal-common v16.6.
|
|
6422
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6278
6423
|
|
|
6279
6424
|
/*
|
|
6280
6425
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6495,7 +6640,7 @@ class RefreshTokenClient {
|
|
|
6495
6640
|
}
|
|
6496
6641
|
}
|
|
6497
6642
|
|
|
6498
|
-
/*! @azure/msal-common v16.6.
|
|
6643
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6499
6644
|
|
|
6500
6645
|
/*
|
|
6501
6646
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6611,7 +6756,7 @@ class SilentFlowClient {
|
|
|
6611
6756
|
}
|
|
6612
6757
|
}
|
|
6613
6758
|
|
|
6614
|
-
/*! @azure/msal-common v16.6.
|
|
6759
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6615
6760
|
|
|
6616
6761
|
/*
|
|
6617
6762
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6626,7 +6771,7 @@ const StubbedNetworkModule = {
|
|
|
6626
6771
|
},
|
|
6627
6772
|
};
|
|
6628
6773
|
|
|
6629
|
-
/*! @azure/msal-common v16.6.
|
|
6774
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6630
6775
|
|
|
6631
6776
|
/*
|
|
6632
6777
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6849,7 +6994,7 @@ function extractLoginHint(account) {
|
|
|
6849
6994
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6850
6995
|
}
|
|
6851
6996
|
|
|
6852
|
-
/*! @azure/msal-common v16.6.
|
|
6997
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6853
6998
|
|
|
6854
6999
|
/*
|
|
6855
7000
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6882,7 +7027,7 @@ function containsResourceParam(params) {
|
|
|
6882
7027
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
6883
7028
|
}
|
|
6884
7029
|
|
|
6885
|
-
/*! @azure/msal-common v16.6.
|
|
7030
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6886
7031
|
/*
|
|
6887
7032
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6888
7033
|
* Licensed under the MIT License.
|
|
@@ -6892,7 +7037,7 @@ function containsResourceParam(params) {
|
|
|
6892
7037
|
*/
|
|
6893
7038
|
const unexpectedError = "unexpected_error";
|
|
6894
7039
|
|
|
6895
|
-
/*! @azure/msal-common v16.6.
|
|
7040
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6896
7041
|
|
|
6897
7042
|
/*
|
|
6898
7043
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7153,7 +7298,7 @@ class ServerTelemetryManager {
|
|
|
7153
7298
|
}
|
|
7154
7299
|
}
|
|
7155
7300
|
|
|
7156
|
-
/*! @azure/msal-common v16.6.
|
|
7301
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7157
7302
|
|
|
7158
7303
|
/*
|
|
7159
7304
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7174,7 +7319,7 @@ function createJoseHeaderError(code) {
|
|
|
7174
7319
|
return new JoseHeaderError(code);
|
|
7175
7320
|
}
|
|
7176
7321
|
|
|
7177
|
-
/*! @azure/msal-common v16.6.
|
|
7322
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7178
7323
|
/*
|
|
7179
7324
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7180
7325
|
* Licensed under the MIT License.
|
|
@@ -7182,7 +7327,7 @@ function createJoseHeaderError(code) {
|
|
|
7182
7327
|
const missingKidError = "missing_kid_error";
|
|
7183
7328
|
const missingAlgError = "missing_alg_error";
|
|
7184
7329
|
|
|
7185
|
-
/*! @azure/msal-common v16.6.
|
|
7330
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7186
7331
|
|
|
7187
7332
|
/*
|
|
7188
7333
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7617,7 +7762,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
|
|
|
7617
7762
|
|
|
7618
7763
|
/* eslint-disable header/header */
|
|
7619
7764
|
const name = "@azure/msal-browser";
|
|
7620
|
-
const version = "5.10.
|
|
7765
|
+
const version = "5.10.1";
|
|
7621
7766
|
|
|
7622
7767
|
/*
|
|
7623
7768
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|