@azure/msal-browser 5.10.0 → 5.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +1176 -1176
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +2 -2
- package/lib/custom-auth-path/msal-custom-auth.cjs +215 -70
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +215 -70
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +2 -2
- package/lib/msal-browser.cjs +218 -72
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +218 -72
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/packageMetadata.ts +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/packageMetadata.d.ts +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.10.
|
|
1
|
+
/*! @azure/msal-browser v5.10.1 2026-05-11 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.6.
|
|
9
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -233,7 +233,7 @@
|
|
|
233
233
|
// Token renewal offset default in seconds
|
|
234
234
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
235
235
|
|
|
236
|
-
/*! @azure/msal-common v16.6.
|
|
236
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
237
237
|
/*
|
|
238
238
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
239
239
|
* Licensed under the MIT License.
|
|
@@ -285,7 +285,7 @@
|
|
|
285
285
|
const RESOURCE = "resource";
|
|
286
286
|
const CLI_DATA = "clidata";
|
|
287
287
|
|
|
288
|
-
/*! @azure/msal-common v16.6.
|
|
288
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
289
289
|
/*
|
|
290
290
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
291
291
|
* Licensed under the MIT License.
|
|
@@ -316,7 +316,7 @@
|
|
|
316
316
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
317
317
|
}
|
|
318
318
|
|
|
319
|
-
/*! @azure/msal-common v16.6.
|
|
319
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
320
320
|
|
|
321
321
|
/*
|
|
322
322
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -336,7 +336,7 @@
|
|
|
336
336
|
return new ClientConfigurationError(errorCode);
|
|
337
337
|
}
|
|
338
338
|
|
|
339
|
-
/*! @azure/msal-common v16.6.
|
|
339
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
340
340
|
/*
|
|
341
341
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
342
342
|
* Licensed under the MIT License.
|
|
@@ -416,7 +416,7 @@
|
|
|
416
416
|
}
|
|
417
417
|
}
|
|
418
418
|
|
|
419
|
-
/*! @azure/msal-common v16.6.
|
|
419
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
420
420
|
|
|
421
421
|
/*
|
|
422
422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -439,7 +439,7 @@
|
|
|
439
439
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
440
440
|
}
|
|
441
441
|
|
|
442
|
-
/*! @azure/msal-common v16.6.
|
|
442
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
443
443
|
/*
|
|
444
444
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
445
445
|
* Licensed under the MIT License.
|
|
@@ -461,9 +461,10 @@
|
|
|
461
461
|
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
462
462
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
463
463
|
const authorityMismatch = "authority_mismatch";
|
|
464
|
-
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
464
|
+
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
465
|
+
const issuerValidationFailed = "issuer_validation_failed";
|
|
465
466
|
|
|
466
|
-
/*! @azure/msal-common v16.6.
|
|
467
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
467
468
|
/*
|
|
468
469
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
469
470
|
* Licensed under the MIT License.
|
|
@@ -502,7 +503,7 @@
|
|
|
502
503
|
const resourceParameterRequired = "resource_parameter_required";
|
|
503
504
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
504
505
|
|
|
505
|
-
/*! @azure/msal-common v16.6.
|
|
506
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
506
507
|
|
|
507
508
|
/*
|
|
508
509
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -697,7 +698,7 @@
|
|
|
697
698
|
}
|
|
698
699
|
}
|
|
699
700
|
|
|
700
|
-
/*! @azure/msal-common v16.6.
|
|
701
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
701
702
|
|
|
702
703
|
/*
|
|
703
704
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1086,7 +1087,7 @@
|
|
|
1086
1087
|
}
|
|
1087
1088
|
}
|
|
1088
1089
|
|
|
1089
|
-
/*! @azure/msal-common v16.6.
|
|
1090
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1090
1091
|
|
|
1091
1092
|
/*
|
|
1092
1093
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1195,7 +1196,7 @@
|
|
|
1195
1196
|
}
|
|
1196
1197
|
}
|
|
1197
1198
|
|
|
1198
|
-
/*! @azure/msal-common v16.6.
|
|
1199
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1199
1200
|
|
|
1200
1201
|
/*
|
|
1201
1202
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1234,7 +1235,7 @@
|
|
|
1234
1235
|
},
|
|
1235
1236
|
};
|
|
1236
1237
|
|
|
1237
|
-
/*! @azure/msal-common v16.6.
|
|
1238
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1238
1239
|
/*
|
|
1239
1240
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1240
1241
|
* Licensed under the MIT License.
|
|
@@ -1495,12 +1496,12 @@
|
|
|
1495
1496
|
}
|
|
1496
1497
|
}
|
|
1497
1498
|
|
|
1498
|
-
/*! @azure/msal-common v16.6.
|
|
1499
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1499
1500
|
/* eslint-disable header/header */
|
|
1500
1501
|
const name$1 = "@azure/msal-common";
|
|
1501
|
-
const version$1 = "16.6.
|
|
1502
|
+
const version$1 = "16.6.1";
|
|
1502
1503
|
|
|
1503
|
-
/*! @azure/msal-common v16.6.
|
|
1504
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1504
1505
|
/*
|
|
1505
1506
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1506
1507
|
* Licensed under the MIT License.
|
|
@@ -1509,7 +1510,7 @@
|
|
|
1509
1510
|
// AzureCloudInstance is not specified.
|
|
1510
1511
|
None: "none"};
|
|
1511
1512
|
|
|
1512
|
-
/*! @azure/msal-common v16.6.
|
|
1513
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1513
1514
|
/*
|
|
1514
1515
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1515
1516
|
* Licensed under the MIT License.
|
|
@@ -1592,7 +1593,7 @@
|
|
|
1592
1593
|
return updatedAccountInfo;
|
|
1593
1594
|
}
|
|
1594
1595
|
|
|
1595
|
-
/*! @azure/msal-common v16.6.
|
|
1596
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1596
1597
|
|
|
1597
1598
|
/*
|
|
1598
1599
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1672,7 +1673,7 @@
|
|
|
1672
1673
|
}
|
|
1673
1674
|
}
|
|
1674
1675
|
|
|
1675
|
-
/*! @azure/msal-common v16.6.
|
|
1676
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1676
1677
|
|
|
1677
1678
|
/*
|
|
1678
1679
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1829,7 +1830,7 @@
|
|
|
1829
1830
|
}
|
|
1830
1831
|
}
|
|
1831
1832
|
|
|
1832
|
-
/*! @azure/msal-common v16.6.
|
|
1833
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1833
1834
|
|
|
1834
1835
|
/*
|
|
1835
1836
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1915,6 +1916,15 @@
|
|
|
1915
1916
|
preferred_cache: "login.sovcloud-identity.sg",
|
|
1916
1917
|
aliases: ["login.sovcloud-identity.sg"],
|
|
1917
1918
|
},
|
|
1919
|
+
{
|
|
1920
|
+
preferred_network: "login.windows-ppe.net",
|
|
1921
|
+
preferred_cache: "login.windows-ppe.net",
|
|
1922
|
+
aliases: [
|
|
1923
|
+
"login.windows-ppe.net",
|
|
1924
|
+
"sts.windows-ppe.net",
|
|
1925
|
+
"login.microsoft-ppe.com",
|
|
1926
|
+
],
|
|
1927
|
+
},
|
|
1918
1928
|
],
|
|
1919
1929
|
},
|
|
1920
1930
|
};
|
|
@@ -1986,7 +1996,7 @@
|
|
|
1986
1996
|
return null;
|
|
1987
1997
|
}
|
|
1988
1998
|
|
|
1989
|
-
/*! @azure/msal-common v16.6.
|
|
1999
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1990
2000
|
/*
|
|
1991
2001
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1992
2002
|
* Licensed under the MIT License.
|
|
@@ -1994,7 +2004,7 @@
|
|
|
1994
2004
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
1995
2005
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
1996
2006
|
|
|
1997
|
-
/*! @azure/msal-common v16.6.
|
|
2007
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
1998
2008
|
|
|
1999
2009
|
/*
|
|
2000
2010
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2032,7 +2042,7 @@
|
|
|
2032
2042
|
}
|
|
2033
2043
|
}
|
|
2034
2044
|
|
|
2035
|
-
/*! @azure/msal-common v16.6.
|
|
2045
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2036
2046
|
|
|
2037
2047
|
/*
|
|
2038
2048
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2070,7 +2080,7 @@
|
|
|
2070
2080
|
};
|
|
2071
2081
|
}
|
|
2072
2082
|
|
|
2073
|
-
/*! @azure/msal-common v16.6.
|
|
2083
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2074
2084
|
/*
|
|
2075
2085
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2076
2086
|
* Licensed under the MIT License.
|
|
@@ -2085,7 +2095,7 @@
|
|
|
2085
2095
|
Ciam: 3,
|
|
2086
2096
|
};
|
|
2087
2097
|
|
|
2088
|
-
/*! @azure/msal-common v16.6.
|
|
2098
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2089
2099
|
/*
|
|
2090
2100
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2091
2101
|
* Licensed under the MIT License.
|
|
@@ -2107,7 +2117,7 @@
|
|
|
2107
2117
|
return null;
|
|
2108
2118
|
}
|
|
2109
2119
|
|
|
2110
|
-
/*! @azure/msal-common v16.6.
|
|
2120
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2111
2121
|
/*
|
|
2112
2122
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2113
2123
|
* Licensed under the MIT License.
|
|
@@ -2131,7 +2141,7 @@
|
|
|
2131
2141
|
EAR: "EAR",
|
|
2132
2142
|
};
|
|
2133
2143
|
|
|
2134
|
-
/*! @azure/msal-common v16.6.
|
|
2144
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2135
2145
|
/**
|
|
2136
2146
|
* Returns the AccountInfo interface for this account.
|
|
2137
2147
|
*/
|
|
@@ -2306,7 +2316,7 @@
|
|
|
2306
2316
|
entity.hasOwnProperty("authorityType"));
|
|
2307
2317
|
}
|
|
2308
2318
|
|
|
2309
|
-
/*! @azure/msal-common v16.6.
|
|
2319
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
2310
2320
|
|
|
2311
2321
|
/*
|
|
2312
2322
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3437,7 +3447,7 @@
|
|
|
3437
3447
|
}
|
|
3438
3448
|
}
|
|
3439
3449
|
|
|
3440
|
-
/*! @azure/msal-common v16.6.
|
|
3450
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3441
3451
|
/*
|
|
3442
3452
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3443
3453
|
* Licensed under the MIT License.
|
|
@@ -3451,7 +3461,7 @@
|
|
|
3451
3461
|
const PerformanceEventStatus = {
|
|
3452
3462
|
InProgress: 1};
|
|
3453
3463
|
|
|
3454
|
-
/*! @azure/msal-common v16.6.
|
|
3464
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3455
3465
|
|
|
3456
3466
|
/*
|
|
3457
3467
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3506,7 +3516,7 @@
|
|
|
3506
3516
|
}
|
|
3507
3517
|
}
|
|
3508
3518
|
|
|
3509
|
-
/*! @azure/msal-common v16.6.
|
|
3519
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3510
3520
|
|
|
3511
3521
|
/*
|
|
3512
3522
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3601,7 +3611,7 @@
|
|
|
3601
3611
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3602
3612
|
}
|
|
3603
3613
|
|
|
3604
|
-
/*! @azure/msal-common v16.6.
|
|
3614
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3605
3615
|
/*
|
|
3606
3616
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3607
3617
|
* Licensed under the MIT License.
|
|
@@ -3628,7 +3638,7 @@
|
|
|
3628
3638
|
}
|
|
3629
3639
|
}
|
|
3630
3640
|
|
|
3631
|
-
/*! @azure/msal-common v16.6.
|
|
3641
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3632
3642
|
/*
|
|
3633
3643
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3634
3644
|
* Licensed under the MIT License.
|
|
@@ -3693,7 +3703,7 @@
|
|
|
3693
3703
|
return cachedAtSec > nowSeconds();
|
|
3694
3704
|
}
|
|
3695
3705
|
|
|
3696
|
-
/*! @azure/msal-common v16.6.
|
|
3706
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3697
3707
|
|
|
3698
3708
|
/*
|
|
3699
3709
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3952,7 +3962,7 @@
|
|
|
3952
3962
|
return metadata.expiresAt <= nowSeconds();
|
|
3953
3963
|
}
|
|
3954
3964
|
|
|
3955
|
-
/*! @azure/msal-common v16.6.
|
|
3965
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
3956
3966
|
/*
|
|
3957
3967
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3958
3968
|
* Licensed under the MIT License.
|
|
@@ -4023,7 +4033,7 @@
|
|
|
4023
4033
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4024
4034
|
const SetUserData = "setUserData";
|
|
4025
4035
|
|
|
4026
|
-
/*! @azure/msal-common v16.6.
|
|
4036
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4027
4037
|
/*
|
|
4028
4038
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4029
4039
|
* Licensed under the MIT License.
|
|
@@ -4116,7 +4126,7 @@
|
|
|
4116
4126
|
};
|
|
4117
4127
|
};
|
|
4118
4128
|
|
|
4119
|
-
/*! @azure/msal-common v16.6.
|
|
4129
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4120
4130
|
|
|
4121
4131
|
/*
|
|
4122
4132
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4196,7 +4206,7 @@
|
|
|
4196
4206
|
}
|
|
4197
4207
|
}
|
|
4198
4208
|
|
|
4199
|
-
/*! @azure/msal-common v16.6.
|
|
4209
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4200
4210
|
/*
|
|
4201
4211
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4202
4212
|
* Licensed under the MIT License.
|
|
@@ -4247,7 +4257,7 @@
|
|
|
4247
4257
|
*/
|
|
4248
4258
|
const interruptedUser = "interrupted_user";
|
|
4249
4259
|
|
|
4250
|
-
/*! @azure/msal-common v16.6.
|
|
4260
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4251
4261
|
|
|
4252
4262
|
/*
|
|
4253
4263
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4315,7 +4325,7 @@
|
|
|
4315
4325
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4316
4326
|
}
|
|
4317
4327
|
|
|
4318
|
-
/*! @azure/msal-common v16.6.
|
|
4328
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4319
4329
|
|
|
4320
4330
|
/*
|
|
4321
4331
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4334,7 +4344,7 @@
|
|
|
4334
4344
|
}
|
|
4335
4345
|
}
|
|
4336
4346
|
|
|
4337
|
-
/*! @azure/msal-common v16.6.
|
|
4347
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4338
4348
|
|
|
4339
4349
|
/*
|
|
4340
4350
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4402,7 +4412,7 @@
|
|
|
4402
4412
|
}
|
|
4403
4413
|
}
|
|
4404
4414
|
|
|
4405
|
-
/*! @azure/msal-common v16.6.
|
|
4415
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4406
4416
|
|
|
4407
4417
|
/*
|
|
4408
4418
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4750,7 +4760,7 @@
|
|
|
4750
4760
|
return baseAccount;
|
|
4751
4761
|
}
|
|
4752
4762
|
|
|
4753
|
-
/*! @azure/msal-common v16.6.
|
|
4763
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4754
4764
|
/*
|
|
4755
4765
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4756
4766
|
* Licensed under the MIT License.
|
|
@@ -4760,7 +4770,7 @@
|
|
|
4760
4770
|
UPN: "UPN",
|
|
4761
4771
|
};
|
|
4762
4772
|
|
|
4763
|
-
/*! @azure/msal-common v16.6.
|
|
4773
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4764
4774
|
/*
|
|
4765
4775
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4766
4776
|
* Licensed under the MIT License.
|
|
@@ -4778,7 +4788,7 @@
|
|
|
4778
4788
|
}
|
|
4779
4789
|
}
|
|
4780
4790
|
|
|
4781
|
-
/*! @azure/msal-common v16.6.
|
|
4791
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4782
4792
|
/*
|
|
4783
4793
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4784
4794
|
* Licensed under the MIT License.
|
|
@@ -4799,7 +4809,7 @@
|
|
|
4799
4809
|
};
|
|
4800
4810
|
}
|
|
4801
4811
|
|
|
4802
|
-
/*! @azure/msal-common v16.6.
|
|
4812
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4803
4813
|
|
|
4804
4814
|
/*
|
|
4805
4815
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4885,7 +4895,7 @@
|
|
|
4885
4895
|
}
|
|
4886
4896
|
}
|
|
4887
4897
|
|
|
4888
|
-
/*! @azure/msal-common v16.6.
|
|
4898
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4889
4899
|
|
|
4890
4900
|
/*
|
|
4891
4901
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4916,7 +4926,7 @@
|
|
|
4916
4926
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4917
4927
|
}
|
|
4918
4928
|
|
|
4919
|
-
/*! @azure/msal-common v16.6.
|
|
4929
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
4920
4930
|
|
|
4921
4931
|
/*
|
|
4922
4932
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5030,7 +5040,7 @@
|
|
|
5030
5040
|
return response;
|
|
5031
5041
|
}
|
|
5032
5042
|
|
|
5033
|
-
/*! @azure/msal-common v16.6.
|
|
5043
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5034
5044
|
/*
|
|
5035
5045
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5036
5046
|
* Licensed under the MIT License.
|
|
@@ -5042,7 +5052,7 @@
|
|
|
5042
5052
|
response.hasOwnProperty("jwks_uri"));
|
|
5043
5053
|
}
|
|
5044
5054
|
|
|
5045
|
-
/*! @azure/msal-common v16.6.
|
|
5055
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5046
5056
|
/*
|
|
5047
5057
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5048
5058
|
* Licensed under the MIT License.
|
|
@@ -5052,7 +5062,7 @@
|
|
|
5052
5062
|
response.hasOwnProperty("metadata"));
|
|
5053
5063
|
}
|
|
5054
5064
|
|
|
5055
|
-
/*! @azure/msal-common v16.6.
|
|
5065
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5056
5066
|
/*
|
|
5057
5067
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5058
5068
|
* Licensed under the MIT License.
|
|
@@ -5062,7 +5072,7 @@
|
|
|
5062
5072
|
response.hasOwnProperty("error_description"));
|
|
5063
5073
|
}
|
|
5064
5074
|
|
|
5065
|
-
/*! @azure/msal-common v16.6.
|
|
5075
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5066
5076
|
|
|
5067
5077
|
/*
|
|
5068
5078
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5167,7 +5177,7 @@
|
|
|
5167
5177
|
},
|
|
5168
5178
|
};
|
|
5169
5179
|
|
|
5170
|
-
/*! @azure/msal-common v16.6.
|
|
5180
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5171
5181
|
|
|
5172
5182
|
/*
|
|
5173
5183
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5422,7 +5432,7 @@
|
|
|
5422
5432
|
}, this.correlationId);
|
|
5423
5433
|
}
|
|
5424
5434
|
/**
|
|
5425
|
-
* Returns metadata entity from cache if it exists,
|
|
5435
|
+
* Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
|
|
5426
5436
|
* from the configured canonical authority
|
|
5427
5437
|
* @returns
|
|
5428
5438
|
*/
|
|
@@ -5491,6 +5501,8 @@
|
|
|
5491
5501
|
// Get metadata from network if local sources aren't available
|
|
5492
5502
|
let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
5493
5503
|
if (metadata) {
|
|
5504
|
+
// Validate the issuer returned by the OIDC discovery document.
|
|
5505
|
+
this.validateIssuer(metadata.issuer);
|
|
5494
5506
|
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
5495
5507
|
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
5496
5508
|
metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
|
|
@@ -5659,7 +5671,7 @@
|
|
|
5659
5671
|
throw createClientConfigurationError(untrustedAuthority);
|
|
5660
5672
|
}
|
|
5661
5673
|
updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
|
|
5662
|
-
this.logger.verbose("
|
|
5674
|
+
this.logger.verbose("1tpqlr", this.correlationId);
|
|
5663
5675
|
this.logger.verbosePii("1fy7uz", this.correlationId);
|
|
5664
5676
|
this.logger.verbosePii("08zabj", this.correlationId);
|
|
5665
5677
|
this.logger.verbosePii("1o1kv3", this.correlationId);
|
|
@@ -5856,6 +5868,139 @@
|
|
|
5856
5868
|
isAliasOfKnownMicrosoftAuthority(host) {
|
|
5857
5869
|
return InstanceDiscoveryMetadataAliases.has(host);
|
|
5858
5870
|
}
|
|
5871
|
+
/**
|
|
5872
|
+
* Validates the `issuer` returned by an OIDC discovery document against
|
|
5873
|
+
* this authority, per
|
|
5874
|
+
* https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
|
|
5875
|
+
*
|
|
5876
|
+
* The issuer is accepted when ANY of the following holds:
|
|
5877
|
+
* 1. The issuer scheme + host + port match the authority's (path may
|
|
5878
|
+
* differ). Applies to all authorities.
|
|
5879
|
+
* 2. The authority is a Microsoft cloud authority (public, sovereign,
|
|
5880
|
+
* or CIAM), the issuer is HTTPS, and the issuer host is in the known
|
|
5881
|
+
* Microsoft authority host set.
|
|
5882
|
+
* 3. Same as (2), but the issuer host is a single-label regional variant
|
|
5883
|
+
* of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
|
|
5884
|
+
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
5885
|
+
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
5886
|
+
* path.
|
|
5887
|
+
*
|
|
5888
|
+
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
5889
|
+
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
5890
|
+
*/
|
|
5891
|
+
validateIssuer(issuer) {
|
|
5892
|
+
if (!issuer) {
|
|
5893
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5894
|
+
}
|
|
5895
|
+
// Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
|
|
5896
|
+
let issuerUrl;
|
|
5897
|
+
try {
|
|
5898
|
+
issuerUrl = new URL(issuer);
|
|
5899
|
+
}
|
|
5900
|
+
catch {
|
|
5901
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5902
|
+
}
|
|
5903
|
+
const issuerScheme = issuerUrl.protocol;
|
|
5904
|
+
const issuerHost = issuerUrl.host;
|
|
5905
|
+
const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
|
|
5906
|
+
const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
|
|
5907
|
+
// Rule 1: Same scheme and host
|
|
5908
|
+
const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
|
|
5909
|
+
// Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
|
|
5910
|
+
const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
|
|
5911
|
+
this.isAliasOfKnownMicrosoftAuthority(issuerHost);
|
|
5912
|
+
/*
|
|
5913
|
+
* Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
|
|
5914
|
+
* (HTTPS only). E.g. westus2.login.microsoft.com
|
|
5915
|
+
*/
|
|
5916
|
+
const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
|
|
5917
|
+
this.matchesRegionalMicrosoftHost(issuerHost);
|
|
5918
|
+
/*
|
|
5919
|
+
* Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
|
|
5920
|
+
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
5921
|
+
*/
|
|
5922
|
+
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
5923
|
+
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
5924
|
+
if (matchesAuthorityOrigin ||
|
|
5925
|
+
matchesKnownMicrosoftHost ||
|
|
5926
|
+
matchesRegionalMicrosoftHost ||
|
|
5927
|
+
matchesCiamTenantPattern) {
|
|
5928
|
+
return;
|
|
5929
|
+
}
|
|
5930
|
+
// issuer validation fails if none of the above rules are satisfied
|
|
5931
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5932
|
+
}
|
|
5933
|
+
/**
|
|
5934
|
+
* Rule 1: The issuer scheme + host (and port) match the authority's. Path
|
|
5935
|
+
* may differ. Applies to all authorities.
|
|
5936
|
+
*/
|
|
5937
|
+
matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
|
|
5938
|
+
return issuerScheme === authorityScheme && issuerHost === authorityHost;
|
|
5939
|
+
}
|
|
5940
|
+
/**
|
|
5941
|
+
* Rule 3: The issuer host is a regional variant
|
|
5942
|
+
* (`{region}.{host}`) of a known Microsoft authority host.
|
|
5943
|
+
* E.g. `westus2.login.microsoft.com`.
|
|
5944
|
+
*/
|
|
5945
|
+
matchesRegionalMicrosoftHost(issuerHost) {
|
|
5946
|
+
const firstDot = issuerHost.indexOf(".");
|
|
5947
|
+
if (firstDot > 0 && firstDot < issuerHost.length - 1) {
|
|
5948
|
+
const hostWithoutRegion = issuerHost.substring(firstDot + 1);
|
|
5949
|
+
return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
|
|
5950
|
+
}
|
|
5951
|
+
return false;
|
|
5952
|
+
}
|
|
5953
|
+
/**
|
|
5954
|
+
* Rule 4: The issuer matches one of the well-known CIAM tenant patterns
|
|
5955
|
+
* (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
|
|
5956
|
+
*
|
|
5957
|
+
* The bare tenant name is extracted from the authority's first path segment
|
|
5958
|
+
* when available (stripping the `.onmicrosoft.com` suffix that
|
|
5959
|
+
* `transformCIAMAuthority` adds), or otherwise from the leftmost label of
|
|
5960
|
+
* the authority host (to support CIAM custom domain scenarios).
|
|
5961
|
+
*
|
|
5962
|
+
* Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
|
|
5963
|
+
* because the OIDC issuer may use either form depending on the authority URL
|
|
5964
|
+
* that was used to trigger discovery.
|
|
5965
|
+
*/
|
|
5966
|
+
matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
|
|
5967
|
+
/*
|
|
5968
|
+
* authorityPathSegments[0] is the first path segment of the *authority
|
|
5969
|
+
* URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
|
|
5970
|
+
* Additional CIAM issuer path segments such as "/v2.0" are part of the
|
|
5971
|
+
* issuer string, not the authority URL's PathSegments.
|
|
5972
|
+
*/
|
|
5973
|
+
const pathSegment = authorityPathSegments[0];
|
|
5974
|
+
/*
|
|
5975
|
+
* Extract the bare tenant name: strip the .onmicrosoft.com suffix when
|
|
5976
|
+
* present (introduced by transformCIAMAuthority), or fall back to the
|
|
5977
|
+
* first label of the authority hostname for non-transformed/custom-domain
|
|
5978
|
+
* CIAM authorities.
|
|
5979
|
+
*/
|
|
5980
|
+
const tenantName = pathSegment
|
|
5981
|
+
? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
|
|
5982
|
+
? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
|
|
5983
|
+
: pathSegment
|
|
5984
|
+
: authorityHost.split(".")[0];
|
|
5985
|
+
if (!tenantName) {
|
|
5986
|
+
return false;
|
|
5987
|
+
}
|
|
5988
|
+
const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
|
|
5989
|
+
const validCiamPatterns = [
|
|
5990
|
+
ciamBaseURL,
|
|
5991
|
+
`${ciamBaseURL}/${tenantName}`,
|
|
5992
|
+
`${ciamBaseURL}/${tenantName}/v2.0`,
|
|
5993
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
|
|
5994
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
|
|
5995
|
+
];
|
|
5996
|
+
/*
|
|
5997
|
+
* Compose the canonical issuer string from URL components and strip any
|
|
5998
|
+
* trailing slashes from the path so it can be compared to the pattern set.
|
|
5999
|
+
*/
|
|
6000
|
+
const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
|
|
6001
|
+
const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
|
|
6002
|
+
return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
|
|
6003
|
+
}
|
|
5859
6004
|
/**
|
|
5860
6005
|
* Checks whether the provided host is that of a public cloud authority
|
|
5861
6006
|
*
|
|
@@ -5987,7 +6132,7 @@
|
|
|
5987
6132
|
};
|
|
5988
6133
|
}
|
|
5989
6134
|
|
|
5990
|
-
/*! @azure/msal-common v16.6.
|
|
6135
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
5991
6136
|
|
|
5992
6137
|
/*
|
|
5993
6138
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6021,7 +6166,7 @@
|
|
|
6021
6166
|
}
|
|
6022
6167
|
}
|
|
6023
6168
|
|
|
6024
|
-
/*! @azure/msal-common v16.6.
|
|
6169
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6025
6170
|
|
|
6026
6171
|
/*
|
|
6027
6172
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6278,7 +6423,7 @@
|
|
|
6278
6423
|
}
|
|
6279
6424
|
}
|
|
6280
6425
|
|
|
6281
|
-
/*! @azure/msal-common v16.6.
|
|
6426
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6282
6427
|
|
|
6283
6428
|
/*
|
|
6284
6429
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6499,7 +6644,7 @@
|
|
|
6499
6644
|
}
|
|
6500
6645
|
}
|
|
6501
6646
|
|
|
6502
|
-
/*! @azure/msal-common v16.6.
|
|
6647
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6503
6648
|
|
|
6504
6649
|
/*
|
|
6505
6650
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6615,7 +6760,7 @@
|
|
|
6615
6760
|
}
|
|
6616
6761
|
}
|
|
6617
6762
|
|
|
6618
|
-
/*! @azure/msal-common v16.6.
|
|
6763
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6619
6764
|
|
|
6620
6765
|
/*
|
|
6621
6766
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6630,7 +6775,7 @@
|
|
|
6630
6775
|
},
|
|
6631
6776
|
};
|
|
6632
6777
|
|
|
6633
|
-
/*! @azure/msal-common v16.6.
|
|
6778
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6634
6779
|
|
|
6635
6780
|
/*
|
|
6636
6781
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6853,7 +6998,7 @@
|
|
|
6853
6998
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6854
6999
|
}
|
|
6855
7000
|
|
|
6856
|
-
/*! @azure/msal-common v16.6.
|
|
7001
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6857
7002
|
|
|
6858
7003
|
/*
|
|
6859
7004
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6886,7 +7031,7 @@
|
|
|
6886
7031
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
6887
7032
|
}
|
|
6888
7033
|
|
|
6889
|
-
/*! @azure/msal-common v16.6.
|
|
7034
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6890
7035
|
/*
|
|
6891
7036
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6892
7037
|
* Licensed under the MIT License.
|
|
@@ -6896,7 +7041,7 @@
|
|
|
6896
7041
|
*/
|
|
6897
7042
|
const unexpectedError = "unexpected_error";
|
|
6898
7043
|
|
|
6899
|
-
/*! @azure/msal-common v16.6.
|
|
7044
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
6900
7045
|
|
|
6901
7046
|
/*
|
|
6902
7047
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7157,7 +7302,7 @@
|
|
|
7157
7302
|
}
|
|
7158
7303
|
}
|
|
7159
7304
|
|
|
7160
|
-
/*! @azure/msal-common v16.6.
|
|
7305
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7161
7306
|
|
|
7162
7307
|
/*
|
|
7163
7308
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7178,7 +7323,7 @@
|
|
|
7178
7323
|
return new JoseHeaderError(code);
|
|
7179
7324
|
}
|
|
7180
7325
|
|
|
7181
|
-
/*! @azure/msal-common v16.6.
|
|
7326
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7182
7327
|
/*
|
|
7183
7328
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7184
7329
|
* Licensed under the MIT License.
|
|
@@ -7186,7 +7331,7 @@
|
|
|
7186
7331
|
const missingKidError = "missing_kid_error";
|
|
7187
7332
|
const missingAlgError = "missing_alg_error";
|
|
7188
7333
|
|
|
7189
|
-
/*! @azure/msal-common v16.6.
|
|
7334
|
+
/*! @azure/msal-common v16.6.1 2026-05-11 */
|
|
7190
7335
|
|
|
7191
7336
|
/*
|
|
7192
7337
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7621,7 +7766,7 @@
|
|
|
7621
7766
|
|
|
7622
7767
|
/* eslint-disable header/header */
|
|
7623
7768
|
const name = "@azure/msal-browser";
|
|
7624
|
-
const version = "5.10.
|
|
7769
|
+
const version = "5.10.1";
|
|
7625
7770
|
|
|
7626
7771
|
/*
|
|
7627
7772
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|