@azure/msal-browser 5.10.0 → 5.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +2 -3
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +2 -2
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +21 -9
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +21 -9
- package/lib/custom-auth-path/msal-custom-auth.cjs +319 -107
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +319 -107
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +8 -8
- package/lib/msal-browser.cjs +241 -104
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +241 -104
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/StandardController.ts +2 -1
- package/src/custom_auth/CustomAuthConstants.ts +10 -0
- package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
- package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
- package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
- package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
- package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
- package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
- package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
- package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
- package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
- package/src/custom_auth/index.ts +4 -0
- package/src/interaction_client/StandardInteractionClient.ts +11 -5
- package/src/packageMetadata.ts +1 -1
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +4 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
- package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
- package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
- package/types/custom_auth/index.d.ts +1 -0
- package/types/custom_auth/index.d.ts.map +1 -1
- package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.11.0 2026-05-19 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.6.
|
|
5
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
|
|
|
234
234
|
// Token renewal offset default in seconds
|
|
235
235
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
236
236
|
|
|
237
|
-
/*! @azure/msal-common v16.6.
|
|
237
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
238
238
|
/*
|
|
239
239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
240
240
|
* Licensed under the MIT License.
|
|
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
286
286
|
const RESOURCE = "resource";
|
|
287
287
|
const CLI_DATA = "clidata";
|
|
288
288
|
|
|
289
|
-
/*! @azure/msal-common v16.6.
|
|
289
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
290
290
|
/*
|
|
291
291
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
292
292
|
* Licensed under the MIT License.
|
|
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
317
317
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
318
318
|
}
|
|
319
319
|
|
|
320
|
-
/*! @azure/msal-common v16.6.
|
|
320
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
321
321
|
|
|
322
322
|
/*
|
|
323
323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
337
337
|
return new ClientConfigurationError(errorCode);
|
|
338
338
|
}
|
|
339
339
|
|
|
340
|
-
/*! @azure/msal-common v16.6.
|
|
340
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
341
341
|
/*
|
|
342
342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
343
343
|
* Licensed under the MIT License.
|
|
@@ -417,7 +417,7 @@ class StringUtils {
|
|
|
417
417
|
}
|
|
418
418
|
}
|
|
419
419
|
|
|
420
|
-
/*! @azure/msal-common v16.6.
|
|
420
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
421
421
|
|
|
422
422
|
/*
|
|
423
423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
440
440
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
441
441
|
}
|
|
442
442
|
|
|
443
|
-
/*! @azure/msal-common v16.6.
|
|
443
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
444
444
|
/*
|
|
445
445
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
446
446
|
* Licensed under the MIT License.
|
|
@@ -466,7 +466,9 @@ const invalidAuthenticationHeader = "invalid_authentication_header";
|
|
|
466
466
|
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
467
467
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
468
468
|
const authorityMismatch = "authority_mismatch";
|
|
469
|
-
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
469
|
+
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
470
|
+
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
471
|
+
const issuerValidationFailed = "issuer_validation_failed";
|
|
470
472
|
|
|
471
473
|
var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
472
474
|
__proto__: null,
|
|
@@ -481,7 +483,9 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
481
483
|
invalidClaims: invalidClaims,
|
|
482
484
|
invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
|
|
483
485
|
invalidCodeChallengeMethod: invalidCodeChallengeMethod,
|
|
486
|
+
invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration,
|
|
484
487
|
invalidRequestMethodForEAR: invalidRequestMethodForEAR,
|
|
488
|
+
issuerValidationFailed: issuerValidationFailed,
|
|
485
489
|
logoutRequestEmpty: logoutRequestEmpty,
|
|
486
490
|
missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
|
|
487
491
|
missingSshJwk: missingSshJwk,
|
|
@@ -494,7 +498,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
494
498
|
urlParseError: urlParseError
|
|
495
499
|
});
|
|
496
500
|
|
|
497
|
-
/*! @azure/msal-common v16.6.
|
|
501
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
498
502
|
/*
|
|
499
503
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
500
504
|
* Licensed under the MIT License.
|
|
@@ -582,7 +586,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
582
586
|
userCanceled: userCanceled
|
|
583
587
|
});
|
|
584
588
|
|
|
585
|
-
/*! @azure/msal-common v16.6.
|
|
589
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
586
590
|
|
|
587
591
|
/*
|
|
588
592
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -777,7 +781,7 @@ class ScopeSet {
|
|
|
777
781
|
}
|
|
778
782
|
}
|
|
779
783
|
|
|
780
|
-
/*! @azure/msal-common v16.6.
|
|
784
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
781
785
|
|
|
782
786
|
/*
|
|
783
787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1166,7 +1170,7 @@ function addResource(parameters, resource) {
|
|
|
1166
1170
|
}
|
|
1167
1171
|
}
|
|
1168
1172
|
|
|
1169
|
-
/*! @azure/msal-common v16.6.
|
|
1173
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1170
1174
|
|
|
1171
1175
|
/*
|
|
1172
1176
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1275,7 +1279,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1275
1279
|
}
|
|
1276
1280
|
}
|
|
1277
1281
|
|
|
1278
|
-
/*! @azure/msal-common v16.6.
|
|
1282
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1279
1283
|
|
|
1280
1284
|
/*
|
|
1281
1285
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1314,7 +1318,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1314
1318
|
},
|
|
1315
1319
|
};
|
|
1316
1320
|
|
|
1317
|
-
/*! @azure/msal-common v16.6.
|
|
1321
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1318
1322
|
/*
|
|
1319
1323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1320
1324
|
* Licensed under the MIT License.
|
|
@@ -1589,12 +1593,12 @@ class Logger {
|
|
|
1589
1593
|
}
|
|
1590
1594
|
}
|
|
1591
1595
|
|
|
1592
|
-
/*! @azure/msal-common v16.6.
|
|
1596
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1593
1597
|
/* eslint-disable header/header */
|
|
1594
1598
|
const name$1 = "@azure/msal-common";
|
|
1595
|
-
const version$1 = "16.6.
|
|
1599
|
+
const version$1 = "16.6.2";
|
|
1596
1600
|
|
|
1597
|
-
/*! @azure/msal-common v16.6.
|
|
1601
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1598
1602
|
/*
|
|
1599
1603
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1600
1604
|
* Licensed under the MIT License.
|
|
@@ -1614,7 +1618,7 @@ const AzureCloudInstance = {
|
|
|
1614
1618
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1615
1619
|
};
|
|
1616
1620
|
|
|
1617
|
-
/*! @azure/msal-common v16.6.
|
|
1621
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1618
1622
|
/*
|
|
1619
1623
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1620
1624
|
* Licensed under the MIT License.
|
|
@@ -1697,7 +1701,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1697
1701
|
return updatedAccountInfo;
|
|
1698
1702
|
}
|
|
1699
1703
|
|
|
1700
|
-
/*! @azure/msal-common v16.6.
|
|
1704
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1701
1705
|
|
|
1702
1706
|
/*
|
|
1703
1707
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1777,7 +1781,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1777
1781
|
}
|
|
1778
1782
|
}
|
|
1779
1783
|
|
|
1780
|
-
/*! @azure/msal-common v16.6.
|
|
1784
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1781
1785
|
|
|
1782
1786
|
/*
|
|
1783
1787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1934,7 +1938,7 @@ class UrlString {
|
|
|
1934
1938
|
}
|
|
1935
1939
|
}
|
|
1936
1940
|
|
|
1937
|
-
/*! @azure/msal-common v16.6.
|
|
1941
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1938
1942
|
|
|
1939
1943
|
/*
|
|
1940
1944
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2020,6 +2024,15 @@ const rawMetdataJSON = {
|
|
|
2020
2024
|
preferred_cache: "login.sovcloud-identity.sg",
|
|
2021
2025
|
aliases: ["login.sovcloud-identity.sg"],
|
|
2022
2026
|
},
|
|
2027
|
+
{
|
|
2028
|
+
preferred_network: "login.windows-ppe.net",
|
|
2029
|
+
preferred_cache: "login.windows-ppe.net",
|
|
2030
|
+
aliases: [
|
|
2031
|
+
"login.windows-ppe.net",
|
|
2032
|
+
"sts.windows-ppe.net",
|
|
2033
|
+
"login.microsoft-ppe.com",
|
|
2034
|
+
],
|
|
2035
|
+
},
|
|
2023
2036
|
],
|
|
2024
2037
|
},
|
|
2025
2038
|
};
|
|
@@ -2091,7 +2104,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2091
2104
|
return null;
|
|
2092
2105
|
}
|
|
2093
2106
|
|
|
2094
|
-
/*! @azure/msal-common v16.6.
|
|
2107
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2095
2108
|
/*
|
|
2096
2109
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2097
2110
|
* Licensed under the MIT License.
|
|
@@ -2099,7 +2112,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2099
2112
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2100
2113
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2101
2114
|
|
|
2102
|
-
/*! @azure/msal-common v16.6.
|
|
2115
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2103
2116
|
|
|
2104
2117
|
/*
|
|
2105
2118
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2137,7 +2150,7 @@ function createCacheError(e) {
|
|
|
2137
2150
|
}
|
|
2138
2151
|
}
|
|
2139
2152
|
|
|
2140
|
-
/*! @azure/msal-common v16.6.
|
|
2153
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2141
2154
|
|
|
2142
2155
|
/*
|
|
2143
2156
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2175,7 +2188,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2175
2188
|
};
|
|
2176
2189
|
}
|
|
2177
2190
|
|
|
2178
|
-
/*! @azure/msal-common v16.6.
|
|
2191
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2179
2192
|
/*
|
|
2180
2193
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2181
2194
|
* Licensed under the MIT License.
|
|
@@ -2190,7 +2203,7 @@ const AuthorityType = {
|
|
|
2190
2203
|
Ciam: 3,
|
|
2191
2204
|
};
|
|
2192
2205
|
|
|
2193
|
-
/*! @azure/msal-common v16.6.
|
|
2206
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2194
2207
|
/*
|
|
2195
2208
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2196
2209
|
* Licensed under the MIT License.
|
|
@@ -2212,7 +2225,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2212
2225
|
return null;
|
|
2213
2226
|
}
|
|
2214
2227
|
|
|
2215
|
-
/*! @azure/msal-common v16.6.
|
|
2228
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2216
2229
|
/*
|
|
2217
2230
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2218
2231
|
* Licensed under the MIT License.
|
|
@@ -2236,7 +2249,7 @@ const ProtocolMode = {
|
|
|
2236
2249
|
EAR: "EAR",
|
|
2237
2250
|
};
|
|
2238
2251
|
|
|
2239
|
-
/*! @azure/msal-common v16.6.
|
|
2252
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2240
2253
|
/**
|
|
2241
2254
|
* Returns the AccountInfo interface for this account.
|
|
2242
2255
|
*/
|
|
@@ -2411,7 +2424,7 @@ function isAccountEntity(entity) {
|
|
|
2411
2424
|
entity.hasOwnProperty("authorityType"));
|
|
2412
2425
|
}
|
|
2413
2426
|
|
|
2414
|
-
/*! @azure/msal-common v16.6.
|
|
2427
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2415
2428
|
|
|
2416
2429
|
/*
|
|
2417
2430
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3543,7 +3556,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3543
3556
|
}
|
|
3544
3557
|
}
|
|
3545
3558
|
|
|
3546
|
-
/*! @azure/msal-common v16.6.
|
|
3559
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3547
3560
|
/*
|
|
3548
3561
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3549
3562
|
* Licensed under the MIT License.
|
|
@@ -3594,7 +3607,7 @@ const IntFields = new Set([
|
|
|
3594
3607
|
"redirectBridgeMessageVersion",
|
|
3595
3608
|
]);
|
|
3596
3609
|
|
|
3597
|
-
/*! @azure/msal-common v16.6.
|
|
3610
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3598
3611
|
|
|
3599
3612
|
/*
|
|
3600
3613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3649,7 +3662,7 @@ class StubPerformanceClient {
|
|
|
3649
3662
|
}
|
|
3650
3663
|
}
|
|
3651
3664
|
|
|
3652
|
-
/*! @azure/msal-common v16.6.
|
|
3665
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3653
3666
|
|
|
3654
3667
|
/*
|
|
3655
3668
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3744,7 +3757,7 @@ function isOidcProtocolMode(config) {
|
|
|
3744
3757
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3745
3758
|
}
|
|
3746
3759
|
|
|
3747
|
-
/*! @azure/msal-common v16.6.
|
|
3760
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3748
3761
|
/*
|
|
3749
3762
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3750
3763
|
* Licensed under the MIT License.
|
|
@@ -3771,7 +3784,7 @@ function isOidcProtocolMode(config) {
|
|
|
3771
3784
|
}
|
|
3772
3785
|
}
|
|
3773
3786
|
|
|
3774
|
-
/*! @azure/msal-common v16.6.
|
|
3787
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3775
3788
|
/*
|
|
3776
3789
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3777
3790
|
* Licensed under the MIT License.
|
|
@@ -3836,7 +3849,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3836
3849
|
return cachedAtSec > nowSeconds();
|
|
3837
3850
|
}
|
|
3838
3851
|
|
|
3839
|
-
/*! @azure/msal-common v16.6.
|
|
3852
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3840
3853
|
|
|
3841
3854
|
/*
|
|
3842
3855
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4095,7 +4108,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
4095
4108
|
return metadata.expiresAt <= nowSeconds();
|
|
4096
4109
|
}
|
|
4097
4110
|
|
|
4098
|
-
/*! @azure/msal-common v16.6.
|
|
4111
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4099
4112
|
/*
|
|
4100
4113
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4101
4114
|
* Licensed under the MIT License.
|
|
@@ -4166,7 +4179,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4166
4179
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4167
4180
|
const SetUserData = "setUserData";
|
|
4168
4181
|
|
|
4169
|
-
/*! @azure/msal-common v16.6.
|
|
4182
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4170
4183
|
/*
|
|
4171
4184
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4172
4185
|
* Licensed under the MIT License.
|
|
@@ -4259,7 +4272,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4259
4272
|
};
|
|
4260
4273
|
};
|
|
4261
4274
|
|
|
4262
|
-
/*! @azure/msal-common v16.6.
|
|
4275
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4263
4276
|
|
|
4264
4277
|
/*
|
|
4265
4278
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4339,7 +4352,7 @@ class PopTokenGenerator {
|
|
|
4339
4352
|
}
|
|
4340
4353
|
}
|
|
4341
4354
|
|
|
4342
|
-
/*! @azure/msal-common v16.6.
|
|
4355
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4343
4356
|
/*
|
|
4344
4357
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4345
4358
|
* Licensed under the MIT License.
|
|
@@ -4403,7 +4416,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
4403
4416
|
uxNotAllowed: uxNotAllowed
|
|
4404
4417
|
});
|
|
4405
4418
|
|
|
4406
|
-
/*! @azure/msal-common v16.6.
|
|
4419
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4407
4420
|
|
|
4408
4421
|
/*
|
|
4409
4422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4471,7 +4484,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4471
4484
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4472
4485
|
}
|
|
4473
4486
|
|
|
4474
|
-
/*! @azure/msal-common v16.6.
|
|
4487
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4475
4488
|
|
|
4476
4489
|
/*
|
|
4477
4490
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4490,7 +4503,7 @@ class ServerError extends AuthError {
|
|
|
4490
4503
|
}
|
|
4491
4504
|
}
|
|
4492
4505
|
|
|
4493
|
-
/*! @azure/msal-common v16.6.
|
|
4506
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4494
4507
|
|
|
4495
4508
|
/*
|
|
4496
4509
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4558,7 +4571,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4558
4571
|
}
|
|
4559
4572
|
}
|
|
4560
4573
|
|
|
4561
|
-
/*! @azure/msal-common v16.6.
|
|
4574
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4562
4575
|
|
|
4563
4576
|
/*
|
|
4564
4577
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4906,7 +4919,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4906
4919
|
return baseAccount;
|
|
4907
4920
|
}
|
|
4908
4921
|
|
|
4909
|
-
/*! @azure/msal-common v16.6.
|
|
4922
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4910
4923
|
/*
|
|
4911
4924
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4912
4925
|
* Licensed under the MIT License.
|
|
@@ -4916,7 +4929,7 @@ const CcsCredentialType = {
|
|
|
4916
4929
|
UPN: "UPN",
|
|
4917
4930
|
};
|
|
4918
4931
|
|
|
4919
|
-
/*! @azure/msal-common v16.6.
|
|
4932
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4920
4933
|
/*
|
|
4921
4934
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4922
4935
|
* Licensed under the MIT License.
|
|
@@ -4934,7 +4947,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4934
4947
|
}
|
|
4935
4948
|
}
|
|
4936
4949
|
|
|
4937
|
-
/*! @azure/msal-common v16.6.
|
|
4950
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4938
4951
|
/*
|
|
4939
4952
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4940
4953
|
* Licensed under the MIT License.
|
|
@@ -4955,7 +4968,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4955
4968
|
};
|
|
4956
4969
|
}
|
|
4957
4970
|
|
|
4958
|
-
/*! @azure/msal-common v16.6.
|
|
4971
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4959
4972
|
|
|
4960
4973
|
/*
|
|
4961
4974
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5041,7 +5054,7 @@ class ThrottlingUtils {
|
|
|
5041
5054
|
}
|
|
5042
5055
|
}
|
|
5043
5056
|
|
|
5044
|
-
/*! @azure/msal-common v16.6.
|
|
5057
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5045
5058
|
|
|
5046
5059
|
/*
|
|
5047
5060
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5072,7 +5085,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
5072
5085
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5073
5086
|
}
|
|
5074
5087
|
|
|
5075
|
-
/*! @azure/msal-common v16.6.
|
|
5088
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5076
5089
|
|
|
5077
5090
|
/*
|
|
5078
5091
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5186,7 +5199,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5186
5199
|
return response;
|
|
5187
5200
|
}
|
|
5188
5201
|
|
|
5189
|
-
/*! @azure/msal-common v16.6.
|
|
5202
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5190
5203
|
/*
|
|
5191
5204
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5192
5205
|
* Licensed under the MIT License.
|
|
@@ -5198,7 +5211,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5198
5211
|
response.hasOwnProperty("jwks_uri"));
|
|
5199
5212
|
}
|
|
5200
5213
|
|
|
5201
|
-
/*! @azure/msal-common v16.6.
|
|
5214
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5202
5215
|
/*
|
|
5203
5216
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5204
5217
|
* Licensed under the MIT License.
|
|
@@ -5208,7 +5221,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5208
5221
|
response.hasOwnProperty("metadata"));
|
|
5209
5222
|
}
|
|
5210
5223
|
|
|
5211
|
-
/*! @azure/msal-common v16.6.
|
|
5224
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5212
5225
|
/*
|
|
5213
5226
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5214
5227
|
* Licensed under the MIT License.
|
|
@@ -5218,7 +5231,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5218
5231
|
response.hasOwnProperty("error_description"));
|
|
5219
5232
|
}
|
|
5220
5233
|
|
|
5221
|
-
/*! @azure/msal-common v16.6.
|
|
5234
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5222
5235
|
|
|
5223
5236
|
/*
|
|
5224
5237
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5323,7 +5336,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5323
5336
|
},
|
|
5324
5337
|
};
|
|
5325
5338
|
|
|
5326
|
-
/*! @azure/msal-common v16.6.
|
|
5339
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5327
5340
|
|
|
5328
5341
|
/*
|
|
5329
5342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5578,7 +5591,7 @@ class Authority {
|
|
|
5578
5591
|
}, this.correlationId);
|
|
5579
5592
|
}
|
|
5580
5593
|
/**
|
|
5581
|
-
* Returns metadata entity from cache if it exists,
|
|
5594
|
+
* Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
|
|
5582
5595
|
* from the configured canonical authority
|
|
5583
5596
|
* @returns
|
|
5584
5597
|
*/
|
|
@@ -5647,6 +5660,8 @@ class Authority {
|
|
|
5647
5660
|
// Get metadata from network if local sources aren't available
|
|
5648
5661
|
let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
5649
5662
|
if (metadata) {
|
|
5663
|
+
// Validate the issuer returned by the OIDC discovery document.
|
|
5664
|
+
this.validateIssuer(metadata.issuer);
|
|
5650
5665
|
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
5651
5666
|
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
5652
5667
|
metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
|
|
@@ -5815,7 +5830,7 @@ class Authority {
|
|
|
5815
5830
|
throw createClientConfigurationError(untrustedAuthority);
|
|
5816
5831
|
}
|
|
5817
5832
|
updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
|
|
5818
|
-
this.logger.verbose("
|
|
5833
|
+
this.logger.verbose("1tpqlr", this.correlationId);
|
|
5819
5834
|
this.logger.verbosePii("1fy7uz", this.correlationId);
|
|
5820
5835
|
this.logger.verbosePii("08zabj", this.correlationId);
|
|
5821
5836
|
this.logger.verbosePii("1o1kv3", this.correlationId);
|
|
@@ -6012,6 +6027,139 @@ class Authority {
|
|
|
6012
6027
|
isAliasOfKnownMicrosoftAuthority(host) {
|
|
6013
6028
|
return InstanceDiscoveryMetadataAliases.has(host);
|
|
6014
6029
|
}
|
|
6030
|
+
/**
|
|
6031
|
+
* Validates the `issuer` returned by an OIDC discovery document against
|
|
6032
|
+
* this authority, per
|
|
6033
|
+
* https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
|
|
6034
|
+
*
|
|
6035
|
+
* The issuer is accepted when ANY of the following holds:
|
|
6036
|
+
* 1. The issuer scheme + host + port match the authority's (path may
|
|
6037
|
+
* differ). Applies to all authorities.
|
|
6038
|
+
* 2. The authority is a Microsoft cloud authority (public, sovereign,
|
|
6039
|
+
* or CIAM), the issuer is HTTPS, and the issuer host is in the known
|
|
6040
|
+
* Microsoft authority host set.
|
|
6041
|
+
* 3. Same as (2), but the issuer host is a single-label regional variant
|
|
6042
|
+
* of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
|
|
6043
|
+
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
6044
|
+
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
6045
|
+
* path.
|
|
6046
|
+
*
|
|
6047
|
+
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
6048
|
+
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
6049
|
+
*/
|
|
6050
|
+
validateIssuer(issuer) {
|
|
6051
|
+
if (!issuer) {
|
|
6052
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6053
|
+
}
|
|
6054
|
+
// Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
|
|
6055
|
+
let issuerUrl;
|
|
6056
|
+
try {
|
|
6057
|
+
issuerUrl = new URL(issuer);
|
|
6058
|
+
}
|
|
6059
|
+
catch {
|
|
6060
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6061
|
+
}
|
|
6062
|
+
const issuerScheme = issuerUrl.protocol;
|
|
6063
|
+
const issuerHost = issuerUrl.host;
|
|
6064
|
+
const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
|
|
6065
|
+
const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
|
|
6066
|
+
// Rule 1: Same scheme and host
|
|
6067
|
+
const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
|
|
6068
|
+
// Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
|
|
6069
|
+
const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
|
|
6070
|
+
this.isAliasOfKnownMicrosoftAuthority(issuerHost);
|
|
6071
|
+
/*
|
|
6072
|
+
* Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
|
|
6073
|
+
* (HTTPS only). E.g. westus2.login.microsoft.com
|
|
6074
|
+
*/
|
|
6075
|
+
const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
|
|
6076
|
+
this.matchesRegionalMicrosoftHost(issuerHost);
|
|
6077
|
+
/*
|
|
6078
|
+
* Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
|
|
6079
|
+
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
6080
|
+
*/
|
|
6081
|
+
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
6082
|
+
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
6083
|
+
if (matchesAuthorityOrigin ||
|
|
6084
|
+
matchesKnownMicrosoftHost ||
|
|
6085
|
+
matchesRegionalMicrosoftHost ||
|
|
6086
|
+
matchesCiamTenantPattern) {
|
|
6087
|
+
return;
|
|
6088
|
+
}
|
|
6089
|
+
// issuer validation fails if none of the above rules are satisfied
|
|
6090
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
6091
|
+
}
|
|
6092
|
+
/**
|
|
6093
|
+
* Rule 1: The issuer scheme + host (and port) match the authority's. Path
|
|
6094
|
+
* may differ. Applies to all authorities.
|
|
6095
|
+
*/
|
|
6096
|
+
matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
|
|
6097
|
+
return issuerScheme === authorityScheme && issuerHost === authorityHost;
|
|
6098
|
+
}
|
|
6099
|
+
/**
|
|
6100
|
+
* Rule 3: The issuer host is a regional variant
|
|
6101
|
+
* (`{region}.{host}`) of a known Microsoft authority host.
|
|
6102
|
+
* E.g. `westus2.login.microsoft.com`.
|
|
6103
|
+
*/
|
|
6104
|
+
matchesRegionalMicrosoftHost(issuerHost) {
|
|
6105
|
+
const firstDot = issuerHost.indexOf(".");
|
|
6106
|
+
if (firstDot > 0 && firstDot < issuerHost.length - 1) {
|
|
6107
|
+
const hostWithoutRegion = issuerHost.substring(firstDot + 1);
|
|
6108
|
+
return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
|
|
6109
|
+
}
|
|
6110
|
+
return false;
|
|
6111
|
+
}
|
|
6112
|
+
/**
|
|
6113
|
+
* Rule 4: The issuer matches one of the well-known CIAM tenant patterns
|
|
6114
|
+
* (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
|
|
6115
|
+
*
|
|
6116
|
+
* The bare tenant name is extracted from the authority's first path segment
|
|
6117
|
+
* when available (stripping the `.onmicrosoft.com` suffix that
|
|
6118
|
+
* `transformCIAMAuthority` adds), or otherwise from the leftmost label of
|
|
6119
|
+
* the authority host (to support CIAM custom domain scenarios).
|
|
6120
|
+
*
|
|
6121
|
+
* Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
|
|
6122
|
+
* because the OIDC issuer may use either form depending on the authority URL
|
|
6123
|
+
* that was used to trigger discovery.
|
|
6124
|
+
*/
|
|
6125
|
+
matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
|
|
6126
|
+
/*
|
|
6127
|
+
* authorityPathSegments[0] is the first path segment of the *authority
|
|
6128
|
+
* URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
|
|
6129
|
+
* Additional CIAM issuer path segments such as "/v2.0" are part of the
|
|
6130
|
+
* issuer string, not the authority URL's PathSegments.
|
|
6131
|
+
*/
|
|
6132
|
+
const pathSegment = authorityPathSegments[0];
|
|
6133
|
+
/*
|
|
6134
|
+
* Extract the bare tenant name: strip the .onmicrosoft.com suffix when
|
|
6135
|
+
* present (introduced by transformCIAMAuthority), or fall back to the
|
|
6136
|
+
* first label of the authority hostname for non-transformed/custom-domain
|
|
6137
|
+
* CIAM authorities.
|
|
6138
|
+
*/
|
|
6139
|
+
const tenantName = pathSegment
|
|
6140
|
+
? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
|
|
6141
|
+
? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
|
|
6142
|
+
: pathSegment
|
|
6143
|
+
: authorityHost.split(".")[0];
|
|
6144
|
+
if (!tenantName) {
|
|
6145
|
+
return false;
|
|
6146
|
+
}
|
|
6147
|
+
const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
|
|
6148
|
+
const validCiamPatterns = [
|
|
6149
|
+
ciamBaseURL,
|
|
6150
|
+
`${ciamBaseURL}/${tenantName}`,
|
|
6151
|
+
`${ciamBaseURL}/${tenantName}/v2.0`,
|
|
6152
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
|
|
6153
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
|
|
6154
|
+
];
|
|
6155
|
+
/*
|
|
6156
|
+
* Compose the canonical issuer string from URL components and strip any
|
|
6157
|
+
* trailing slashes from the path so it can be compared to the pattern set.
|
|
6158
|
+
*/
|
|
6159
|
+
const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
|
|
6160
|
+
const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
|
|
6161
|
+
return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
|
|
6162
|
+
}
|
|
6015
6163
|
/**
|
|
6016
6164
|
* Checks whether the provided host is that of a public cloud authority
|
|
6017
6165
|
*
|
|
@@ -6143,7 +6291,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6143
6291
|
};
|
|
6144
6292
|
}
|
|
6145
6293
|
|
|
6146
|
-
/*! @azure/msal-common v16.6.
|
|
6294
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6147
6295
|
|
|
6148
6296
|
/*
|
|
6149
6297
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6177,7 +6325,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6177
6325
|
}
|
|
6178
6326
|
}
|
|
6179
6327
|
|
|
6180
|
-
/*! @azure/msal-common v16.6.
|
|
6328
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6181
6329
|
|
|
6182
6330
|
/*
|
|
6183
6331
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6434,7 +6582,7 @@ class AuthorizationCodeClient {
|
|
|
6434
6582
|
}
|
|
6435
6583
|
}
|
|
6436
6584
|
|
|
6437
|
-
/*! @azure/msal-common v16.6.
|
|
6585
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6438
6586
|
|
|
6439
6587
|
/*
|
|
6440
6588
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6655,7 +6803,7 @@ class RefreshTokenClient {
|
|
|
6655
6803
|
}
|
|
6656
6804
|
}
|
|
6657
6805
|
|
|
6658
|
-
/*! @azure/msal-common v16.6.
|
|
6806
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6659
6807
|
|
|
6660
6808
|
/*
|
|
6661
6809
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6771,7 +6919,7 @@ class SilentFlowClient {
|
|
|
6771
6919
|
}
|
|
6772
6920
|
}
|
|
6773
6921
|
|
|
6774
|
-
/*! @azure/msal-common v16.6.
|
|
6922
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6775
6923
|
|
|
6776
6924
|
/*
|
|
6777
6925
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6786,7 +6934,7 @@ const StubbedNetworkModule = {
|
|
|
6786
6934
|
},
|
|
6787
6935
|
};
|
|
6788
6936
|
|
|
6789
|
-
/*! @azure/msal-common v16.6.
|
|
6937
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6790
6938
|
|
|
6791
6939
|
/*
|
|
6792
6940
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7009,7 +7157,7 @@ function extractLoginHint(account) {
|
|
|
7009
7157
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7010
7158
|
}
|
|
7011
7159
|
|
|
7012
|
-
/*! @azure/msal-common v16.6.
|
|
7160
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7013
7161
|
|
|
7014
7162
|
/*
|
|
7015
7163
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7042,7 +7190,7 @@ function containsResourceParam(params) {
|
|
|
7042
7190
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7043
7191
|
}
|
|
7044
7192
|
|
|
7045
|
-
/*! @azure/msal-common v16.6.
|
|
7193
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7046
7194
|
|
|
7047
7195
|
/*
|
|
7048
7196
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7100,7 +7248,7 @@ class AuthenticationHeaderParser {
|
|
|
7100
7248
|
}
|
|
7101
7249
|
}
|
|
7102
7250
|
|
|
7103
|
-
/*! @azure/msal-common v16.6.
|
|
7251
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7104
7252
|
/*
|
|
7105
7253
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7106
7254
|
* Licensed under the MIT License.
|
|
@@ -7117,7 +7265,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
7117
7265
|
unexpectedError: unexpectedError
|
|
7118
7266
|
});
|
|
7119
7267
|
|
|
7120
|
-
/*! @azure/msal-common v16.6.
|
|
7268
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7121
7269
|
|
|
7122
7270
|
/*
|
|
7123
7271
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7378,7 +7526,7 @@ class ServerTelemetryManager {
|
|
|
7378
7526
|
}
|
|
7379
7527
|
}
|
|
7380
7528
|
|
|
7381
|
-
/*! @azure/msal-common v16.6.
|
|
7529
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7382
7530
|
|
|
7383
7531
|
/*
|
|
7384
7532
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7399,7 +7547,7 @@ function createJoseHeaderError(code) {
|
|
|
7399
7547
|
return new JoseHeaderError(code);
|
|
7400
7548
|
}
|
|
7401
7549
|
|
|
7402
|
-
/*! @azure/msal-common v16.6.
|
|
7550
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7403
7551
|
/*
|
|
7404
7552
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7405
7553
|
* Licensed under the MIT License.
|
|
@@ -7407,7 +7555,7 @@ function createJoseHeaderError(code) {
|
|
|
7407
7555
|
const missingKidError = "missing_kid_error";
|
|
7408
7556
|
const missingAlgError = "missing_alg_error";
|
|
7409
7557
|
|
|
7410
|
-
/*! @azure/msal-common v16.6.
|
|
7558
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7411
7559
|
|
|
7412
7560
|
/*
|
|
7413
7561
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7447,7 +7595,7 @@ class JoseHeader {
|
|
|
7447
7595
|
}
|
|
7448
7596
|
}
|
|
7449
7597
|
|
|
7450
|
-
/*! @azure/msal-common v16.6.
|
|
7598
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7451
7599
|
|
|
7452
7600
|
/*
|
|
7453
7601
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -9869,7 +10017,6 @@ const ACCOUNT_SCHEMA_VERSION = 3;
|
|
|
9869
10017
|
const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
|
|
9870
10018
|
const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
|
|
9871
10019
|
const BROWSER_PERF_ENABLED_KEY = `${PREFIX}.${BROWSER_PREFIX}.performance.enabled`;
|
|
9872
|
-
const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
|
|
9873
10020
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
9874
10021
|
const ACCOUNT_KEYS = "account.keys";
|
|
9875
10022
|
const TOKEN_KEYS = "token.keys";
|
|
@@ -10385,7 +10532,7 @@ const EventType = {
|
|
|
10385
10532
|
|
|
10386
10533
|
/* eslint-disable header/header */
|
|
10387
10534
|
const name = "@azure/msal-browser";
|
|
10388
|
-
const version = "5.
|
|
10535
|
+
const version = "5.11.0";
|
|
10389
10536
|
|
|
10390
10537
|
/*
|
|
10391
10538
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12133,12 +12280,13 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
12133
12280
|
* and logoutHint attribute wasn't manually set in logout request
|
|
12134
12281
|
*/
|
|
12135
12282
|
if (logoutRequest) {
|
|
12136
|
-
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
|
|
12283
|
+
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
|
|
12137
12284
|
if (!logoutRequest.logoutHint) {
|
|
12138
12285
|
if (logoutRequest.account) {
|
|
12139
|
-
const logoutHint =
|
|
12286
|
+
const logoutHint = logoutRequest.account.loginHint ||
|
|
12287
|
+
this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
|
|
12140
12288
|
if (logoutHint) {
|
|
12141
|
-
this.logger.verbose("
|
|
12289
|
+
this.logger.verbose("0d7s8p", this.correlationId);
|
|
12142
12290
|
validLogoutRequest.logoutHint = logoutHint;
|
|
12143
12291
|
}
|
|
12144
12292
|
}
|
|
@@ -12191,6 +12339,7 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
12191
12339
|
const idTokenClaims = account.idTokenClaims;
|
|
12192
12340
|
if (idTokenClaims) {
|
|
12193
12341
|
if (idTokenClaims.login_hint) {
|
|
12342
|
+
this.logger.verbose("0u5bmc", this.correlationId);
|
|
12194
12343
|
return idTokenClaims.login_hint;
|
|
12195
12344
|
}
|
|
12196
12345
|
else {
|
|
@@ -13819,6 +13968,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13819
13968
|
};
|
|
13820
13969
|
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
13821
13970
|
iframeTimeoutTelemetry: false,
|
|
13971
|
+
allowPlatformBrokerWithDOM: false,
|
|
13822
13972
|
};
|
|
13823
13973
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
13824
13974
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
@@ -14265,25 +14415,23 @@ class PlatformAuthDOMHandler {
|
|
|
14265
14415
|
*/
|
|
14266
14416
|
/**
|
|
14267
14417
|
* Checks if the platform broker is available in the current environment.
|
|
14268
|
-
* @param
|
|
14269
|
-
* @param
|
|
14270
|
-
* @param
|
|
14271
|
-
* @
|
|
14418
|
+
* @param domConfig - Whether to enable platform broker DOM API support (required)
|
|
14419
|
+
* @param loggerOptions - Optional logger options
|
|
14420
|
+
* @param perfClient - Optional performance client
|
|
14421
|
+
* @param correlationId - Optional correlation ID
|
|
14422
|
+
* @returns Promise<boolean> indicating if platform broker is available
|
|
14272
14423
|
*/
|
|
14273
|
-
async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationId) {
|
|
14424
|
+
async function isPlatformBrokerAvailable(domConfig, loggerOptions, perfClient, correlationId) {
|
|
14274
14425
|
const logger = new Logger(loggerOptions || {}, name, version);
|
|
14275
|
-
const cid = correlationId || "";
|
|
14276
|
-
logger.trace("07660b", cid);
|
|
14277
14426
|
const performanceClient = perfClient || new StubPerformanceClient();
|
|
14278
14427
|
if (typeof window === "undefined") {
|
|
14279
|
-
logger.trace("082ed3",
|
|
14428
|
+
logger.trace("082ed3", correlationId || createNewGuid());
|
|
14280
14429
|
return false;
|
|
14281
14430
|
}
|
|
14282
|
-
return !!(await getPlatformAuthProvider(logger, performanceClient,
|
|
14431
|
+
return !!(await getPlatformAuthProvider(logger, performanceClient, correlationId || createNewGuid(), undefined, domConfig));
|
|
14283
14432
|
}
|
|
14284
|
-
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
|
|
14433
|
+
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
|
|
14285
14434
|
logger.trace("134j0v", correlationId);
|
|
14286
|
-
const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
|
|
14287
14435
|
logger.trace("04c81g", correlationId);
|
|
14288
14436
|
let platformAuthProvider;
|
|
14289
14437
|
try {
|
|
@@ -14307,22 +14455,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
|
|
|
14307
14455
|
}
|
|
14308
14456
|
return platformAuthProvider;
|
|
14309
14457
|
}
|
|
14310
|
-
/**
|
|
14311
|
-
* Returns true if the DOM API support for platform auth is enabled in session storage
|
|
14312
|
-
* @returns boolean
|
|
14313
|
-
* @deprecated
|
|
14314
|
-
*/
|
|
14315
|
-
function isDomEnabledForPlatformAuth() {
|
|
14316
|
-
let sessionStorage;
|
|
14317
|
-
try {
|
|
14318
|
-
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
14319
|
-
// Mute errors if it's a non-browser environment or cookies are blocked.
|
|
14320
|
-
return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
|
|
14321
|
-
}
|
|
14322
|
-
catch (e) {
|
|
14323
|
-
return false;
|
|
14324
|
-
}
|
|
14325
|
-
}
|
|
14326
14458
|
/**
|
|
14327
14459
|
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
14328
14460
|
* @param logger
|
|
@@ -14333,6 +14465,11 @@ function isDomEnabledForPlatformAuth() {
|
|
|
14333
14465
|
*/
|
|
14334
14466
|
function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
|
|
14335
14467
|
logger.trace("0uko3r", correlationId);
|
|
14468
|
+
// throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
|
|
14469
|
+
if (!config.system.allowPlatformBroker &&
|
|
14470
|
+
config.experimental.allowPlatformBrokerWithDOM) {
|
|
14471
|
+
throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
|
|
14472
|
+
}
|
|
14336
14473
|
if (!config.system.allowPlatformBroker) {
|
|
14337
14474
|
logger.trace("04hozs", correlationId);
|
|
14338
14475
|
// Developer disabled WAM
|
|
@@ -15792,7 +15929,7 @@ class StandardController {
|
|
|
15792
15929
|
if (allowPlatformBroker) {
|
|
15793
15930
|
try {
|
|
15794
15931
|
// check if platform authentication is available via DOM or browser extension and create relevant handlers
|
|
15795
|
-
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
|
|
15932
|
+
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
|
|
15796
15933
|
}
|
|
15797
15934
|
catch (e) {
|
|
15798
15935
|
this.logger.verbose(e, correlationId);
|