@azure/msal-browser 5.10.0 → 5.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (200) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.mjs +1 -1
  19. package/dist/config/Configuration.mjs +1 -1
  20. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  21. package/dist/controllers/StandardController.mjs +1 -1
  22. package/dist/crypto/BrowserCrypto.mjs +1 -1
  23. package/dist/crypto/CryptoOps.mjs +1 -1
  24. package/dist/crypto/PkceGenerator.mjs +1 -1
  25. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  26. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  27. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  28. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  29. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  30. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  31. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  32. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  33. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  34. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  46. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  47. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  48. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  49. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  50. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  51. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  52. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  53. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  54. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  55. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  56. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  57. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  58. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  59. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  60. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  61. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  62. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  63. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  64. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  65. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  66. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  68. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  69. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  70. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  71. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  72. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  79. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  80. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  81. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  82. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  83. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  84. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  85. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  86. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  87. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  90. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  91. package/dist/custom_auth/index.mjs +1 -1
  92. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  93. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  94. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  95. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  96. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  97. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  98. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  103. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  104. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  105. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  106. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  107. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  108. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  109. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  116. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  117. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  118. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  119. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  120. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  121. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  122. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  123. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  130. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  131. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  132. package/dist/encode/Base64Decode.mjs +1 -1
  133. package/dist/encode/Base64Encode.mjs +1 -1
  134. package/dist/error/BrowserAuthError.mjs +1 -1
  135. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  136. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  137. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  138. package/dist/error/NativeAuthError.mjs +1 -1
  139. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  140. package/dist/error/NestedAppAuthError.mjs +1 -1
  141. package/dist/event/EventHandler.mjs +1 -1
  142. package/dist/event/EventMessage.mjs +1 -1
  143. package/dist/event/EventType.mjs +1 -1
  144. package/dist/index.mjs +1 -1
  145. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  146. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  147. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  148. package/dist/interaction_client/PopupClient.mjs +1 -1
  149. package/dist/interaction_client/RedirectClient.mjs +1 -1
  150. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  151. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  152. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  153. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  154. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  155. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  156. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  157. package/dist/log-strings-mapping.json +1176 -1176
  158. package/dist/naa/BridgeError.mjs +1 -1
  159. package/dist/naa/BridgeProxy.mjs +1 -1
  160. package/dist/naa/BridgeStatusCode.mjs +1 -1
  161. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  162. package/dist/navigation/NavigationClient.mjs +1 -1
  163. package/dist/network/FetchClient.mjs +1 -1
  164. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  165. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  166. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  167. package/dist/packageMetadata.mjs +2 -2
  168. package/dist/protocol/Authorize.mjs +1 -1
  169. package/dist/redirect_bridge/index.mjs +1 -1
  170. package/dist/request/RequestHelpers.mjs +1 -1
  171. package/dist/response/ResponseHandler.mjs +1 -1
  172. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  173. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  174. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  175. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  176. package/dist/utils/BrowserConstants.mjs +1 -1
  177. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  178. package/dist/utils/BrowserUtils.mjs +1 -1
  179. package/dist/utils/Helpers.mjs +1 -1
  180. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  181. package/lib/custom-auth-path/log-strings-mapping.json +2 -2
  182. package/lib/custom-auth-path/msal-custom-auth.cjs +215 -70
  183. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  184. package/lib/custom-auth-path/msal-custom-auth.js +215 -70
  185. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  186. package/lib/log-strings-mapping.json +2 -2
  187. package/lib/msal-browser.cjs +218 -72
  188. package/lib/msal-browser.cjs.map +1 -1
  189. package/lib/msal-browser.js +218 -72
  190. package/lib/msal-browser.js.map +1 -1
  191. package/lib/msal-browser.min.js +2 -2
  192. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  193. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  194. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  195. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  196. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  197. package/package.json +2 -2
  198. package/src/packageMetadata.ts +1 -1
  199. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  200. package/types/packageMetadata.d.ts +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.10.0 2026-05-07 */
1
+ /*! @azure/msal-browser v5.10.1 2026-05-11 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.6.0 2026-05-07 */
9
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -233,7 +233,7 @@
233
233
  // Token renewal offset default in seconds
234
234
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
235
235
 
236
- /*! @azure/msal-common v16.6.0 2026-05-07 */
236
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
237
237
  /*
238
238
  * Copyright (c) Microsoft Corporation. All rights reserved.
239
239
  * Licensed under the MIT License.
@@ -285,7 +285,7 @@
285
285
  const RESOURCE = "resource";
286
286
  const CLI_DATA = "clidata";
287
287
 
288
- /*! @azure/msal-common v16.6.0 2026-05-07 */
288
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
289
289
  /*
290
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
291
291
  * Licensed under the MIT License.
@@ -316,7 +316,7 @@
316
316
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
317
317
  }
318
318
 
319
- /*! @azure/msal-common v16.6.0 2026-05-07 */
319
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
320
320
 
321
321
  /*
322
322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -336,7 +336,7 @@
336
336
  return new ClientConfigurationError(errorCode);
337
337
  }
338
338
 
339
- /*! @azure/msal-common v16.6.0 2026-05-07 */
339
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
340
340
  /*
341
341
  * Copyright (c) Microsoft Corporation. All rights reserved.
342
342
  * Licensed under the MIT License.
@@ -416,7 +416,7 @@
416
416
  }
417
417
  }
418
418
 
419
- /*! @azure/msal-common v16.6.0 2026-05-07 */
419
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
420
420
 
421
421
  /*
422
422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -439,7 +439,7 @@
439
439
  return new ClientAuthError(errorCode, additionalMessage);
440
440
  }
441
441
 
442
- /*! @azure/msal-common v16.6.0 2026-05-07 */
442
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
443
443
  /*
444
444
  * Copyright (c) Microsoft Corporation. All rights reserved.
445
445
  * Licensed under the MIT License.
@@ -461,9 +461,10 @@
461
461
  const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
462
462
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
463
463
  const authorityMismatch = "authority_mismatch";
464
- const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
464
+ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
465
+ const issuerValidationFailed = "issuer_validation_failed";
465
466
 
466
- /*! @azure/msal-common v16.6.0 2026-05-07 */
467
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
467
468
  /*
468
469
  * Copyright (c) Microsoft Corporation. All rights reserved.
469
470
  * Licensed under the MIT License.
@@ -502,7 +503,7 @@
502
503
  const resourceParameterRequired = "resource_parameter_required";
503
504
  const misplacedResourceParam = "misplaced_resource_parameter";
504
505
 
505
- /*! @azure/msal-common v16.6.0 2026-05-07 */
506
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
506
507
 
507
508
  /*
508
509
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -697,7 +698,7 @@
697
698
  }
698
699
  }
699
700
 
700
- /*! @azure/msal-common v16.6.0 2026-05-07 */
701
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
701
702
 
702
703
  /*
703
704
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1086,7 +1087,7 @@
1086
1087
  }
1087
1088
  }
1088
1089
 
1089
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1090
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1090
1091
 
1091
1092
  /*
1092
1093
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1195,7 +1196,7 @@
1195
1196
  }
1196
1197
  }
1197
1198
 
1198
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1199
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1199
1200
 
1200
1201
  /*
1201
1202
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1234,7 +1235,7 @@
1234
1235
  },
1235
1236
  };
1236
1237
 
1237
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1238
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1238
1239
  /*
1239
1240
  * Copyright (c) Microsoft Corporation. All rights reserved.
1240
1241
  * Licensed under the MIT License.
@@ -1495,12 +1496,12 @@
1495
1496
  }
1496
1497
  }
1497
1498
 
1498
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1499
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1499
1500
  /* eslint-disable header/header */
1500
1501
  const name$1 = "@azure/msal-common";
1501
- const version$1 = "16.6.0";
1502
+ const version$1 = "16.6.1";
1502
1503
 
1503
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1504
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1504
1505
  /*
1505
1506
  * Copyright (c) Microsoft Corporation. All rights reserved.
1506
1507
  * Licensed under the MIT License.
@@ -1509,7 +1510,7 @@
1509
1510
  // AzureCloudInstance is not specified.
1510
1511
  None: "none"};
1511
1512
 
1512
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1513
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1513
1514
  /*
1514
1515
  * Copyright (c) Microsoft Corporation. All rights reserved.
1515
1516
  * Licensed under the MIT License.
@@ -1592,7 +1593,7 @@
1592
1593
  return updatedAccountInfo;
1593
1594
  }
1594
1595
 
1595
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1596
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1596
1597
 
1597
1598
  /*
1598
1599
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1672,7 +1673,7 @@
1672
1673
  }
1673
1674
  }
1674
1675
 
1675
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1676
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1676
1677
 
1677
1678
  /*
1678
1679
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1829,7 +1830,7 @@
1829
1830
  }
1830
1831
  }
1831
1832
 
1832
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1833
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1833
1834
 
1834
1835
  /*
1835
1836
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1915,6 +1916,15 @@
1915
1916
  preferred_cache: "login.sovcloud-identity.sg",
1916
1917
  aliases: ["login.sovcloud-identity.sg"],
1917
1918
  },
1919
+ {
1920
+ preferred_network: "login.windows-ppe.net",
1921
+ preferred_cache: "login.windows-ppe.net",
1922
+ aliases: [
1923
+ "login.windows-ppe.net",
1924
+ "sts.windows-ppe.net",
1925
+ "login.microsoft-ppe.com",
1926
+ ],
1927
+ },
1918
1928
  ],
1919
1929
  },
1920
1930
  };
@@ -1986,7 +1996,7 @@
1986
1996
  return null;
1987
1997
  }
1988
1998
 
1989
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1999
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1990
2000
  /*
1991
2001
  * Copyright (c) Microsoft Corporation. All rights reserved.
1992
2002
  * Licensed under the MIT License.
@@ -1994,7 +2004,7 @@
1994
2004
  const cacheQuotaExceeded = "cache_quota_exceeded";
1995
2005
  const cacheErrorUnknown = "cache_error_unknown";
1996
2006
 
1997
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2007
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
1998
2008
 
1999
2009
  /*
2000
2010
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2032,7 +2042,7 @@
2032
2042
  }
2033
2043
  }
2034
2044
 
2035
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2045
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2036
2046
 
2037
2047
  /*
2038
2048
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2070,7 +2080,7 @@
2070
2080
  };
2071
2081
  }
2072
2082
 
2073
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2083
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2074
2084
  /*
2075
2085
  * Copyright (c) Microsoft Corporation. All rights reserved.
2076
2086
  * Licensed under the MIT License.
@@ -2085,7 +2095,7 @@
2085
2095
  Ciam: 3,
2086
2096
  };
2087
2097
 
2088
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2098
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2089
2099
  /*
2090
2100
  * Copyright (c) Microsoft Corporation. All rights reserved.
2091
2101
  * Licensed under the MIT License.
@@ -2107,7 +2117,7 @@
2107
2117
  return null;
2108
2118
  }
2109
2119
 
2110
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2120
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2111
2121
  /*
2112
2122
  * Copyright (c) Microsoft Corporation. All rights reserved.
2113
2123
  * Licensed under the MIT License.
@@ -2131,7 +2141,7 @@
2131
2141
  EAR: "EAR",
2132
2142
  };
2133
2143
 
2134
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2144
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2135
2145
  /**
2136
2146
  * Returns the AccountInfo interface for this account.
2137
2147
  */
@@ -2306,7 +2316,7 @@
2306
2316
  entity.hasOwnProperty("authorityType"));
2307
2317
  }
2308
2318
 
2309
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2319
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
2310
2320
 
2311
2321
  /*
2312
2322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3437,7 +3447,7 @@
3437
3447
  }
3438
3448
  }
3439
3449
 
3440
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3450
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3441
3451
  /*
3442
3452
  * Copyright (c) Microsoft Corporation. All rights reserved.
3443
3453
  * Licensed under the MIT License.
@@ -3451,7 +3461,7 @@
3451
3461
  const PerformanceEventStatus = {
3452
3462
  InProgress: 1};
3453
3463
 
3454
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3464
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3455
3465
 
3456
3466
  /*
3457
3467
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3506,7 +3516,7 @@
3506
3516
  }
3507
3517
  }
3508
3518
 
3509
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3519
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3510
3520
 
3511
3521
  /*
3512
3522
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3601,7 +3611,7 @@
3601
3611
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3602
3612
  }
3603
3613
 
3604
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3614
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3605
3615
  /*
3606
3616
  * Copyright (c) Microsoft Corporation. All rights reserved.
3607
3617
  * Licensed under the MIT License.
@@ -3628,7 +3638,7 @@
3628
3638
  }
3629
3639
  }
3630
3640
 
3631
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3641
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3632
3642
  /*
3633
3643
  * Copyright (c) Microsoft Corporation. All rights reserved.
3634
3644
  * Licensed under the MIT License.
@@ -3693,7 +3703,7 @@
3693
3703
  return cachedAtSec > nowSeconds();
3694
3704
  }
3695
3705
 
3696
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3706
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3697
3707
 
3698
3708
  /*
3699
3709
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3952,7 +3962,7 @@
3952
3962
  return metadata.expiresAt <= nowSeconds();
3953
3963
  }
3954
3964
 
3955
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3965
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
3956
3966
  /*
3957
3967
  * Copyright (c) Microsoft Corporation. All rights reserved.
3958
3968
  * Licensed under the MIT License.
@@ -4023,7 +4033,7 @@
4023
4033
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4024
4034
  const SetUserData = "setUserData";
4025
4035
 
4026
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4036
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4027
4037
  /*
4028
4038
  * Copyright (c) Microsoft Corporation. All rights reserved.
4029
4039
  * Licensed under the MIT License.
@@ -4116,7 +4126,7 @@
4116
4126
  };
4117
4127
  };
4118
4128
 
4119
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4129
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4120
4130
 
4121
4131
  /*
4122
4132
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4196,7 +4206,7 @@
4196
4206
  }
4197
4207
  }
4198
4208
 
4199
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4209
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4200
4210
  /*
4201
4211
  * Copyright (c) Microsoft Corporation. All rights reserved.
4202
4212
  * Licensed under the MIT License.
@@ -4247,7 +4257,7 @@
4247
4257
  */
4248
4258
  const interruptedUser = "interrupted_user";
4249
4259
 
4250
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4260
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4251
4261
 
4252
4262
  /*
4253
4263
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4315,7 +4325,7 @@
4315
4325
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4316
4326
  }
4317
4327
 
4318
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4328
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4319
4329
 
4320
4330
  /*
4321
4331
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4334,7 +4344,7 @@
4334
4344
  }
4335
4345
  }
4336
4346
 
4337
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4347
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4338
4348
 
4339
4349
  /*
4340
4350
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4402,7 +4412,7 @@
4402
4412
  }
4403
4413
  }
4404
4414
 
4405
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4415
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4406
4416
 
4407
4417
  /*
4408
4418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4750,7 +4760,7 @@
4750
4760
  return baseAccount;
4751
4761
  }
4752
4762
 
4753
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4763
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4754
4764
  /*
4755
4765
  * Copyright (c) Microsoft Corporation. All rights reserved.
4756
4766
  * Licensed under the MIT License.
@@ -4760,7 +4770,7 @@
4760
4770
  UPN: "UPN",
4761
4771
  };
4762
4772
 
4763
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4773
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4764
4774
  /*
4765
4775
  * Copyright (c) Microsoft Corporation. All rights reserved.
4766
4776
  * Licensed under the MIT License.
@@ -4778,7 +4788,7 @@
4778
4788
  }
4779
4789
  }
4780
4790
 
4781
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4791
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4782
4792
  /*
4783
4793
  * Copyright (c) Microsoft Corporation. All rights reserved.
4784
4794
  * Licensed under the MIT License.
@@ -4799,7 +4809,7 @@
4799
4809
  };
4800
4810
  }
4801
4811
 
4802
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4812
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4803
4813
 
4804
4814
  /*
4805
4815
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4885,7 +4895,7 @@
4885
4895
  }
4886
4896
  }
4887
4897
 
4888
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4898
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4889
4899
 
4890
4900
  /*
4891
4901
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4916,7 +4926,7 @@
4916
4926
  return new NetworkError(error, httpStatus, responseHeaders);
4917
4927
  }
4918
4928
 
4919
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4929
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
4920
4930
 
4921
4931
  /*
4922
4932
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5030,7 +5040,7 @@
5030
5040
  return response;
5031
5041
  }
5032
5042
 
5033
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5043
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5034
5044
  /*
5035
5045
  * Copyright (c) Microsoft Corporation. All rights reserved.
5036
5046
  * Licensed under the MIT License.
@@ -5042,7 +5052,7 @@
5042
5052
  response.hasOwnProperty("jwks_uri"));
5043
5053
  }
5044
5054
 
5045
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5055
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5046
5056
  /*
5047
5057
  * Copyright (c) Microsoft Corporation. All rights reserved.
5048
5058
  * Licensed under the MIT License.
@@ -5052,7 +5062,7 @@
5052
5062
  response.hasOwnProperty("metadata"));
5053
5063
  }
5054
5064
 
5055
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5065
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5056
5066
  /*
5057
5067
  * Copyright (c) Microsoft Corporation. All rights reserved.
5058
5068
  * Licensed under the MIT License.
@@ -5062,7 +5072,7 @@
5062
5072
  response.hasOwnProperty("error_description"));
5063
5073
  }
5064
5074
 
5065
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5075
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5066
5076
 
5067
5077
  /*
5068
5078
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5167,7 +5177,7 @@
5167
5177
  },
5168
5178
  };
5169
5179
 
5170
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5180
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5171
5181
 
5172
5182
  /*
5173
5183
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5422,7 +5432,7 @@
5422
5432
  }, this.correlationId);
5423
5433
  }
5424
5434
  /**
5425
- * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
5435
+ * Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
5426
5436
  * from the configured canonical authority
5427
5437
  * @returns
5428
5438
  */
@@ -5491,6 +5501,8 @@
5491
5501
  // Get metadata from network if local sources aren't available
5492
5502
  let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
5493
5503
  if (metadata) {
5504
+ // Validate the issuer returned by the OIDC discovery document.
5505
+ this.validateIssuer(metadata.issuer);
5494
5506
  // If the user prefers to use an azure region replace the global endpoints with regional information.
5495
5507
  if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
5496
5508
  metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
@@ -5659,7 +5671,7 @@
5659
5671
  throw createClientConfigurationError(untrustedAuthority);
5660
5672
  }
5661
5673
  updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
5662
- this.logger.verbose("0jhlgt", this.correlationId);
5674
+ this.logger.verbose("1tpqlr", this.correlationId);
5663
5675
  this.logger.verbosePii("1fy7uz", this.correlationId);
5664
5676
  this.logger.verbosePii("08zabj", this.correlationId);
5665
5677
  this.logger.verbosePii("1o1kv3", this.correlationId);
@@ -5856,6 +5868,139 @@
5856
5868
  isAliasOfKnownMicrosoftAuthority(host) {
5857
5869
  return InstanceDiscoveryMetadataAliases.has(host);
5858
5870
  }
5871
+ /**
5872
+ * Validates the `issuer` returned by an OIDC discovery document against
5873
+ * this authority, per
5874
+ * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
5875
+ *
5876
+ * The issuer is accepted when ANY of the following holds:
5877
+ * 1. The issuer scheme + host + port match the authority's (path may
5878
+ * differ). Applies to all authorities.
5879
+ * 2. The authority is a Microsoft cloud authority (public, sovereign,
5880
+ * or CIAM), the issuer is HTTPS, and the issuer host is in the known
5881
+ * Microsoft authority host set.
5882
+ * 3. Same as (2), but the issuer host is a single-label regional variant
5883
+ * of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
5884
+ * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
5885
+ * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
5886
+ * path.
5887
+ *
5888
+ * @param issuer The `issuer` value returned in the OIDC discovery document.
5889
+ * @throws ClientConfigurationError("issuer_validation_failed") on failure.
5890
+ */
5891
+ validateIssuer(issuer) {
5892
+ if (!issuer) {
5893
+ throw createClientConfigurationError(issuerValidationFailed);
5894
+ }
5895
+ // Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
5896
+ let issuerUrl;
5897
+ try {
5898
+ issuerUrl = new URL(issuer);
5899
+ }
5900
+ catch {
5901
+ throw createClientConfigurationError(issuerValidationFailed);
5902
+ }
5903
+ const issuerScheme = issuerUrl.protocol;
5904
+ const issuerHost = issuerUrl.host;
5905
+ const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
5906
+ const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
5907
+ // Rule 1: Same scheme and host
5908
+ const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
5909
+ // Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
5910
+ const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
5911
+ this.isAliasOfKnownMicrosoftAuthority(issuerHost);
5912
+ /*
5913
+ * Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
5914
+ * (HTTPS only). E.g. westus2.login.microsoft.com
5915
+ */
5916
+ const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
5917
+ this.matchesRegionalMicrosoftHost(issuerHost);
5918
+ /*
5919
+ * Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
5920
+ * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
5921
+ */
5922
+ const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
5923
+ // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
5924
+ if (matchesAuthorityOrigin ||
5925
+ matchesKnownMicrosoftHost ||
5926
+ matchesRegionalMicrosoftHost ||
5927
+ matchesCiamTenantPattern) {
5928
+ return;
5929
+ }
5930
+ // issuer validation fails if none of the above rules are satisfied
5931
+ throw createClientConfigurationError(issuerValidationFailed);
5932
+ }
5933
+ /**
5934
+ * Rule 1: The issuer scheme + host (and port) match the authority's. Path
5935
+ * may differ. Applies to all authorities.
5936
+ */
5937
+ matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
5938
+ return issuerScheme === authorityScheme && issuerHost === authorityHost;
5939
+ }
5940
+ /**
5941
+ * Rule 3: The issuer host is a regional variant
5942
+ * (`{region}.{host}`) of a known Microsoft authority host.
5943
+ * E.g. `westus2.login.microsoft.com`.
5944
+ */
5945
+ matchesRegionalMicrosoftHost(issuerHost) {
5946
+ const firstDot = issuerHost.indexOf(".");
5947
+ if (firstDot > 0 && firstDot < issuerHost.length - 1) {
5948
+ const hostWithoutRegion = issuerHost.substring(firstDot + 1);
5949
+ return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
5950
+ }
5951
+ return false;
5952
+ }
5953
+ /**
5954
+ * Rule 4: The issuer matches one of the well-known CIAM tenant patterns
5955
+ * (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
5956
+ *
5957
+ * The bare tenant name is extracted from the authority's first path segment
5958
+ * when available (stripping the `.onmicrosoft.com` suffix that
5959
+ * `transformCIAMAuthority` adds), or otherwise from the leftmost label of
5960
+ * the authority host (to support CIAM custom domain scenarios).
5961
+ *
5962
+ * Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
5963
+ * because the OIDC issuer may use either form depending on the authority URL
5964
+ * that was used to trigger discovery.
5965
+ */
5966
+ matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
5967
+ /*
5968
+ * authorityPathSegments[0] is the first path segment of the *authority
5969
+ * URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
5970
+ * Additional CIAM issuer path segments such as "/v2.0" are part of the
5971
+ * issuer string, not the authority URL's PathSegments.
5972
+ */
5973
+ const pathSegment = authorityPathSegments[0];
5974
+ /*
5975
+ * Extract the bare tenant name: strip the .onmicrosoft.com suffix when
5976
+ * present (introduced by transformCIAMAuthority), or fall back to the
5977
+ * first label of the authority hostname for non-transformed/custom-domain
5978
+ * CIAM authorities.
5979
+ */
5980
+ const tenantName = pathSegment
5981
+ ? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
5982
+ ? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
5983
+ : pathSegment
5984
+ : authorityHost.split(".")[0];
5985
+ if (!tenantName) {
5986
+ return false;
5987
+ }
5988
+ const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
5989
+ const validCiamPatterns = [
5990
+ ciamBaseURL,
5991
+ `${ciamBaseURL}/${tenantName}`,
5992
+ `${ciamBaseURL}/${tenantName}/v2.0`,
5993
+ `${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
5994
+ `${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
5995
+ ];
5996
+ /*
5997
+ * Compose the canonical issuer string from URL components and strip any
5998
+ * trailing slashes from the path so it can be compared to the pattern set.
5999
+ */
6000
+ const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
6001
+ const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
6002
+ return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
6003
+ }
5859
6004
  /**
5860
6005
  * Checks whether the provided host is that of a public cloud authority
5861
6006
  *
@@ -5987,7 +6132,7 @@
5987
6132
  };
5988
6133
  }
5989
6134
 
5990
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6135
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
5991
6136
 
5992
6137
  /*
5993
6138
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6021,7 +6166,7 @@
6021
6166
  }
6022
6167
  }
6023
6168
 
6024
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6169
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6025
6170
 
6026
6171
  /*
6027
6172
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6278,7 +6423,7 @@
6278
6423
  }
6279
6424
  }
6280
6425
 
6281
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6426
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6282
6427
 
6283
6428
  /*
6284
6429
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6499,7 +6644,7 @@
6499
6644
  }
6500
6645
  }
6501
6646
 
6502
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6647
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6503
6648
 
6504
6649
  /*
6505
6650
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6615,7 +6760,7 @@
6615
6760
  }
6616
6761
  }
6617
6762
 
6618
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6763
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6619
6764
 
6620
6765
  /*
6621
6766
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6630,7 +6775,7 @@
6630
6775
  },
6631
6776
  };
6632
6777
 
6633
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6778
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6634
6779
 
6635
6780
  /*
6636
6781
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6853,7 +6998,7 @@
6853
6998
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6854
6999
  }
6855
7000
 
6856
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7001
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6857
7002
 
6858
7003
  /*
6859
7004
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6886,7 +7031,7 @@
6886
7031
  return Object.prototype.hasOwnProperty.call(params, "resource");
6887
7032
  }
6888
7033
 
6889
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7034
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6890
7035
  /*
6891
7036
  * Copyright (c) Microsoft Corporation. All rights reserved.
6892
7037
  * Licensed under the MIT License.
@@ -6896,7 +7041,7 @@
6896
7041
  */
6897
7042
  const unexpectedError = "unexpected_error";
6898
7043
 
6899
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7044
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
6900
7045
 
6901
7046
  /*
6902
7047
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7157,7 +7302,7 @@
7157
7302
  }
7158
7303
  }
7159
7304
 
7160
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7305
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7161
7306
 
7162
7307
  /*
7163
7308
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7178,7 +7323,7 @@
7178
7323
  return new JoseHeaderError(code);
7179
7324
  }
7180
7325
 
7181
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7326
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7182
7327
  /*
7183
7328
  * Copyright (c) Microsoft Corporation. All rights reserved.
7184
7329
  * Licensed under the MIT License.
@@ -7186,7 +7331,7 @@
7186
7331
  const missingKidError = "missing_kid_error";
7187
7332
  const missingAlgError = "missing_alg_error";
7188
7333
 
7189
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7334
+ /*! @azure/msal-common v16.6.1 2026-05-11 */
7190
7335
 
7191
7336
  /*
7192
7337
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7621,7 +7766,7 @@
7621
7766
 
7622
7767
  /* eslint-disable header/header */
7623
7768
  const name = "@azure/msal-browser";
7624
- const version = "5.10.0";
7769
+ const version = "5.10.1";
7625
7770
 
7626
7771
  /*
7627
7772
  * Copyright (c) Microsoft Corporation. All rights reserved.