@azure/msal-browser 5.10.0 → 5.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (255) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CacheKeys.mjs +2 -3
  13. package/dist/cache/CacheKeys.mjs.map +1 -1
  14. package/dist/cache/CookieStorage.mjs +1 -1
  15. package/dist/cache/DatabaseStorage.mjs +1 -1
  16. package/dist/cache/EncryptedData.mjs +1 -1
  17. package/dist/cache/LocalStorage.mjs +1 -1
  18. package/dist/cache/MemoryStorage.mjs +1 -1
  19. package/dist/cache/SessionStorage.mjs +1 -1
  20. package/dist/cache/TokenCache.mjs +1 -1
  21. package/dist/config/Configuration.mjs +2 -1
  22. package/dist/config/Configuration.mjs.map +1 -1
  23. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  24. package/dist/controllers/StandardController.mjs +2 -2
  25. package/dist/controllers/StandardController.mjs.map +1 -1
  26. package/dist/crypto/BrowserCrypto.mjs +1 -1
  27. package/dist/crypto/CryptoOps.mjs +1 -1
  28. package/dist/crypto/PkceGenerator.mjs +1 -1
  29. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  30. package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
  31. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  32. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  33. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
  34. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  35. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  51. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  52. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  53. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  54. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  55. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  57. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  58. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  59. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  60. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  61. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  62. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  63. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  64. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  66. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  67. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  73. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
  75. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
  77. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
  81. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  82. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
  83. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  84. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
  85. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  86. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  87. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  88. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  89. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  90. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  91. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  92. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
  93. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
  94. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  95. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  96. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  97. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  98. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  99. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  100. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  101. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  102. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  103. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  104. package/dist/custom_auth/index.mjs +1 -1
  105. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  109. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  110. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  111. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  112. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  113. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  114. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  115. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  116. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  122. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  123. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  124. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  125. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  126. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  127. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  128. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  129. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  130. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  136. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  137. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  138. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  139. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  140. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  141. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  142. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  143. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  144. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  145. package/dist/encode/Base64Decode.mjs +1 -1
  146. package/dist/encode/Base64Encode.mjs +1 -1
  147. package/dist/error/BrowserAuthError.mjs +1 -1
  148. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  149. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  150. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  151. package/dist/error/NativeAuthError.mjs +1 -1
  152. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  153. package/dist/error/NestedAppAuthError.mjs +1 -1
  154. package/dist/event/EventHandler.mjs +1 -1
  155. package/dist/event/EventMessage.mjs +1 -1
  156. package/dist/event/EventType.mjs +1 -1
  157. package/dist/index.mjs +1 -1
  158. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  159. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  160. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  161. package/dist/interaction_client/PopupClient.mjs +1 -1
  162. package/dist/interaction_client/RedirectClient.mjs +1 -1
  163. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  164. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  165. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  166. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  167. package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
  168. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  169. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  170. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  171. package/dist/log-strings-mapping.json +21 -9
  172. package/dist/naa/BridgeError.mjs +1 -1
  173. package/dist/naa/BridgeProxy.mjs +1 -1
  174. package/dist/naa/BridgeStatusCode.mjs +1 -1
  175. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  176. package/dist/navigation/NavigationClient.mjs +1 -1
  177. package/dist/network/FetchClient.mjs +1 -1
  178. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  180. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  181. package/dist/packageMetadata.mjs +2 -2
  182. package/dist/protocol/Authorize.mjs +1 -1
  183. package/dist/redirect_bridge/index.mjs +1 -1
  184. package/dist/request/RequestHelpers.mjs +1 -1
  185. package/dist/response/ResponseHandler.mjs +1 -1
  186. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  187. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  188. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  189. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  190. package/dist/utils/BrowserConstants.mjs +1 -1
  191. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  192. package/dist/utils/BrowserUtils.mjs +1 -1
  193. package/dist/utils/Helpers.mjs +1 -1
  194. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  195. package/lib/custom-auth-path/log-strings-mapping.json +21 -9
  196. package/lib/custom-auth-path/msal-custom-auth.cjs +319 -107
  197. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  198. package/lib/custom-auth-path/msal-custom-auth.js +319 -107
  199. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  200. package/lib/log-strings-mapping.json +8 -8
  201. package/lib/msal-browser.cjs +241 -104
  202. package/lib/msal-browser.cjs.map +1 -1
  203. package/lib/msal-browser.js +241 -104
  204. package/lib/msal-browser.js.map +1 -1
  205. package/lib/msal-browser.min.js +2 -2
  206. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  207. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  208. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  209. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  210. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  211. package/package.json +2 -2
  212. package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
  213. package/src/config/Configuration.ts +5 -0
  214. package/src/controllers/StandardController.ts +2 -1
  215. package/src/custom_auth/CustomAuthConstants.ts +10 -0
  216. package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
  217. package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
  218. package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
  219. package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
  220. package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
  221. package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
  222. package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
  223. package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
  224. package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
  225. package/src/custom_auth/index.ts +4 -0
  226. package/src/interaction_client/StandardInteractionClient.ts +11 -5
  227. package/src/packageMetadata.ts +1 -1
  228. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
  229. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  230. package/types/config/Configuration.d.ts +4 -0
  231. package/types/config/Configuration.d.ts.map +1 -1
  232. package/types/controllers/StandardController.d.ts.map +1 -1
  233. package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
  234. package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
  235. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
  236. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
  237. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
  238. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
  239. package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  240. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
  241. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
  242. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
  243. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  244. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
  245. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
  246. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
  247. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  248. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
  249. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
  250. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
  251. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
  252. package/types/custom_auth/index.d.ts +1 -0
  253. package/types/custom_auth/index.d.ts.map +1 -1
  254. package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  255. package/types/packageMetadata.d.ts +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.10.0 2026-05-07 */
1
+ /*! @azure/msal-browser v5.11.0 2026-05-19 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.6.0 2026-05-07 */
237
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
286
  const RESOURCE = "resource";
287
287
  const CLI_DATA = "clidata";
288
288
 
289
- /*! @azure/msal-common v16.6.0 2026-05-07 */
289
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
290
290
  /*
291
291
  * Copyright (c) Microsoft Corporation. All rights reserved.
292
292
  * Licensed under the MIT License.
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
317
317
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
318
318
  }
319
319
 
320
- /*! @azure/msal-common v16.6.0 2026-05-07 */
320
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
321
321
 
322
322
  /*
323
323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
337
337
  return new ClientConfigurationError(errorCode);
338
338
  }
339
339
 
340
- /*! @azure/msal-common v16.6.0 2026-05-07 */
340
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
341
341
  /*
342
342
  * Copyright (c) Microsoft Corporation. All rights reserved.
343
343
  * Licensed under the MIT License.
@@ -417,7 +417,7 @@ class StringUtils {
417
417
  }
418
418
  }
419
419
 
420
- /*! @azure/msal-common v16.6.0 2026-05-07 */
420
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
421
421
 
422
422
  /*
423
423
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
440
440
  return new ClientAuthError(errorCode, additionalMessage);
441
441
  }
442
442
 
443
- /*! @azure/msal-common v16.6.0 2026-05-07 */
443
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
444
444
  /*
445
445
  * Copyright (c) Microsoft Corporation. All rights reserved.
446
446
  * Licensed under the MIT License.
@@ -466,7 +466,9 @@ const invalidAuthenticationHeader = "invalid_authentication_header";
466
466
  const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
467
467
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
468
468
  const authorityMismatch = "authority_mismatch";
469
- const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
469
+ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
470
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
471
+ const issuerValidationFailed = "issuer_validation_failed";
470
472
 
471
473
  var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
472
474
  __proto__: null,
@@ -481,7 +483,9 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
481
483
  invalidClaims: invalidClaims,
482
484
  invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
483
485
  invalidCodeChallengeMethod: invalidCodeChallengeMethod,
486
+ invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration,
484
487
  invalidRequestMethodForEAR: invalidRequestMethodForEAR,
488
+ issuerValidationFailed: issuerValidationFailed,
485
489
  logoutRequestEmpty: logoutRequestEmpty,
486
490
  missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
487
491
  missingSshJwk: missingSshJwk,
@@ -494,7 +498,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
494
498
  urlParseError: urlParseError
495
499
  });
496
500
 
497
- /*! @azure/msal-common v16.6.0 2026-05-07 */
501
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
498
502
  /*
499
503
  * Copyright (c) Microsoft Corporation. All rights reserved.
500
504
  * Licensed under the MIT License.
@@ -582,7 +586,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
582
586
  userCanceled: userCanceled
583
587
  });
584
588
 
585
- /*! @azure/msal-common v16.6.0 2026-05-07 */
589
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
586
590
 
587
591
  /*
588
592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -777,7 +781,7 @@ class ScopeSet {
777
781
  }
778
782
  }
779
783
 
780
- /*! @azure/msal-common v16.6.0 2026-05-07 */
784
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
781
785
 
782
786
  /*
783
787
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1166,7 +1170,7 @@ function addResource(parameters, resource) {
1166
1170
  }
1167
1171
  }
1168
1172
 
1169
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1173
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1170
1174
 
1171
1175
  /*
1172
1176
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1275,7 +1279,7 @@ function normalizeUrlForComparison(url) {
1275
1279
  }
1276
1280
  }
1277
1281
 
1278
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1282
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1279
1283
 
1280
1284
  /*
1281
1285
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1314,7 +1318,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1314
1318
  },
1315
1319
  };
1316
1320
 
1317
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1321
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1318
1322
  /*
1319
1323
  * Copyright (c) Microsoft Corporation. All rights reserved.
1320
1324
  * Licensed under the MIT License.
@@ -1589,12 +1593,12 @@ class Logger {
1589
1593
  }
1590
1594
  }
1591
1595
 
1592
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1596
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1593
1597
  /* eslint-disable header/header */
1594
1598
  const name$1 = "@azure/msal-common";
1595
- const version$1 = "16.6.0";
1599
+ const version$1 = "16.6.2";
1596
1600
 
1597
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1601
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1598
1602
  /*
1599
1603
  * Copyright (c) Microsoft Corporation. All rights reserved.
1600
1604
  * Licensed under the MIT License.
@@ -1614,7 +1618,7 @@ const AzureCloudInstance = {
1614
1618
  AzureUsGovernment: "https://login.microsoftonline.us",
1615
1619
  };
1616
1620
 
1617
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1621
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1618
1622
  /*
1619
1623
  * Copyright (c) Microsoft Corporation. All rights reserved.
1620
1624
  * Licensed under the MIT License.
@@ -1697,7 +1701,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1697
1701
  return updatedAccountInfo;
1698
1702
  }
1699
1703
 
1700
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1704
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1701
1705
 
1702
1706
  /*
1703
1707
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1777,7 +1781,7 @@ function checkMaxAge(authTime, maxAge) {
1777
1781
  }
1778
1782
  }
1779
1783
 
1780
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1784
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1781
1785
 
1782
1786
  /*
1783
1787
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1934,7 +1938,7 @@ class UrlString {
1934
1938
  }
1935
1939
  }
1936
1940
 
1937
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1941
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1938
1942
 
1939
1943
  /*
1940
1944
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2020,6 +2024,15 @@ const rawMetdataJSON = {
2020
2024
  preferred_cache: "login.sovcloud-identity.sg",
2021
2025
  aliases: ["login.sovcloud-identity.sg"],
2022
2026
  },
2027
+ {
2028
+ preferred_network: "login.windows-ppe.net",
2029
+ preferred_cache: "login.windows-ppe.net",
2030
+ aliases: [
2031
+ "login.windows-ppe.net",
2032
+ "sts.windows-ppe.net",
2033
+ "login.microsoft-ppe.com",
2034
+ ],
2035
+ },
2023
2036
  ],
2024
2037
  },
2025
2038
  };
@@ -2091,7 +2104,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2091
2104
  return null;
2092
2105
  }
2093
2106
 
2094
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2107
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2095
2108
  /*
2096
2109
  * Copyright (c) Microsoft Corporation. All rights reserved.
2097
2110
  * Licensed under the MIT License.
@@ -2099,7 +2112,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2099
2112
  const cacheQuotaExceeded = "cache_quota_exceeded";
2100
2113
  const cacheErrorUnknown = "cache_error_unknown";
2101
2114
 
2102
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2115
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2103
2116
 
2104
2117
  /*
2105
2118
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2137,7 +2150,7 @@ function createCacheError(e) {
2137
2150
  }
2138
2151
  }
2139
2152
 
2140
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2153
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2141
2154
 
2142
2155
  /*
2143
2156
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2175,7 +2188,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2175
2188
  };
2176
2189
  }
2177
2190
 
2178
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2191
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2179
2192
  /*
2180
2193
  * Copyright (c) Microsoft Corporation. All rights reserved.
2181
2194
  * Licensed under the MIT License.
@@ -2190,7 +2203,7 @@ const AuthorityType = {
2190
2203
  Ciam: 3,
2191
2204
  };
2192
2205
 
2193
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2206
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2194
2207
  /*
2195
2208
  * Copyright (c) Microsoft Corporation. All rights reserved.
2196
2209
  * Licensed under the MIT License.
@@ -2212,7 +2225,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2212
2225
  return null;
2213
2226
  }
2214
2227
 
2215
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2228
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2216
2229
  /*
2217
2230
  * Copyright (c) Microsoft Corporation. All rights reserved.
2218
2231
  * Licensed under the MIT License.
@@ -2236,7 +2249,7 @@ const ProtocolMode = {
2236
2249
  EAR: "EAR",
2237
2250
  };
2238
2251
 
2239
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2252
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2240
2253
  /**
2241
2254
  * Returns the AccountInfo interface for this account.
2242
2255
  */
@@ -2411,7 +2424,7 @@ function isAccountEntity(entity) {
2411
2424
  entity.hasOwnProperty("authorityType"));
2412
2425
  }
2413
2426
 
2414
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2427
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2415
2428
 
2416
2429
  /*
2417
2430
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3543,7 +3556,7 @@ class DefaultStorageClass extends CacheManager {
3543
3556
  }
3544
3557
  }
3545
3558
 
3546
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3559
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3547
3560
  /*
3548
3561
  * Copyright (c) Microsoft Corporation. All rights reserved.
3549
3562
  * Licensed under the MIT License.
@@ -3594,7 +3607,7 @@ const IntFields = new Set([
3594
3607
  "redirectBridgeMessageVersion",
3595
3608
  ]);
3596
3609
 
3597
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3610
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3598
3611
 
3599
3612
  /*
3600
3613
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3649,7 +3662,7 @@ class StubPerformanceClient {
3649
3662
  }
3650
3663
  }
3651
3664
 
3652
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3665
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3653
3666
 
3654
3667
  /*
3655
3668
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3744,7 +3757,7 @@ function isOidcProtocolMode(config) {
3744
3757
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3745
3758
  }
3746
3759
 
3747
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3760
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3748
3761
  /*
3749
3762
  * Copyright (c) Microsoft Corporation. All rights reserved.
3750
3763
  * Licensed under the MIT License.
@@ -3771,7 +3784,7 @@ function isOidcProtocolMode(config) {
3771
3784
  }
3772
3785
  }
3773
3786
 
3774
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3787
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3775
3788
  /*
3776
3789
  * Copyright (c) Microsoft Corporation. All rights reserved.
3777
3790
  * Licensed under the MIT License.
@@ -3836,7 +3849,7 @@ function wasClockTurnedBack(cachedAt) {
3836
3849
  return cachedAtSec > nowSeconds();
3837
3850
  }
3838
3851
 
3839
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3852
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3840
3853
 
3841
3854
  /*
3842
3855
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4095,7 +4108,7 @@ function isAuthorityMetadataExpired(metadata) {
4095
4108
  return metadata.expiresAt <= nowSeconds();
4096
4109
  }
4097
4110
 
4098
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4111
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4099
4112
  /*
4100
4113
  * Copyright (c) Microsoft Corporation. All rights reserved.
4101
4114
  * Licensed under the MIT License.
@@ -4166,7 +4179,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4166
4179
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4167
4180
  const SetUserData = "setUserData";
4168
4181
 
4169
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4182
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4170
4183
  /*
4171
4184
  * Copyright (c) Microsoft Corporation. All rights reserved.
4172
4185
  * Licensed under the MIT License.
@@ -4259,7 +4272,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4259
4272
  };
4260
4273
  };
4261
4274
 
4262
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4275
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4263
4276
 
4264
4277
  /*
4265
4278
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4339,7 +4352,7 @@ class PopTokenGenerator {
4339
4352
  }
4340
4353
  }
4341
4354
 
4342
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4355
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4343
4356
  /*
4344
4357
  * Copyright (c) Microsoft Corporation. All rights reserved.
4345
4358
  * Licensed under the MIT License.
@@ -4403,7 +4416,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
4403
4416
  uxNotAllowed: uxNotAllowed
4404
4417
  });
4405
4418
 
4406
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4419
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4407
4420
 
4408
4421
  /*
4409
4422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4471,7 +4484,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4471
4484
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4472
4485
  }
4473
4486
 
4474
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4487
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4475
4488
 
4476
4489
  /*
4477
4490
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4490,7 +4503,7 @@ class ServerError extends AuthError {
4490
4503
  }
4491
4504
  }
4492
4505
 
4493
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4506
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4494
4507
 
4495
4508
  /*
4496
4509
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4558,7 +4571,7 @@ function parseRequestState(base64Decode, state) {
4558
4571
  }
4559
4572
  }
4560
4573
 
4561
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4574
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4562
4575
 
4563
4576
  /*
4564
4577
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4906,7 +4919,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4906
4919
  return baseAccount;
4907
4920
  }
4908
4921
 
4909
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4922
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4910
4923
  /*
4911
4924
  * Copyright (c) Microsoft Corporation. All rights reserved.
4912
4925
  * Licensed under the MIT License.
@@ -4916,7 +4929,7 @@ const CcsCredentialType = {
4916
4929
  UPN: "UPN",
4917
4930
  };
4918
4931
 
4919
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4932
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4920
4933
  /*
4921
4934
  * Copyright (c) Microsoft Corporation. All rights reserved.
4922
4935
  * Licensed under the MIT License.
@@ -4934,7 +4947,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4934
4947
  }
4935
4948
  }
4936
4949
 
4937
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4950
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4938
4951
  /*
4939
4952
  * Copyright (c) Microsoft Corporation. All rights reserved.
4940
4953
  * Licensed under the MIT License.
@@ -4955,7 +4968,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4955
4968
  };
4956
4969
  }
4957
4970
 
4958
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4971
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4959
4972
 
4960
4973
  /*
4961
4974
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5041,7 +5054,7 @@ class ThrottlingUtils {
5041
5054
  }
5042
5055
  }
5043
5056
 
5044
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5057
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5045
5058
 
5046
5059
  /*
5047
5060
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5072,7 +5085,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5072
5085
  return new NetworkError(error, httpStatus, responseHeaders);
5073
5086
  }
5074
5087
 
5075
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5088
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5076
5089
 
5077
5090
  /*
5078
5091
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5186,7 +5199,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5186
5199
  return response;
5187
5200
  }
5188
5201
 
5189
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5202
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5190
5203
  /*
5191
5204
  * Copyright (c) Microsoft Corporation. All rights reserved.
5192
5205
  * Licensed under the MIT License.
@@ -5198,7 +5211,7 @@ function isOpenIdConfigResponse(response) {
5198
5211
  response.hasOwnProperty("jwks_uri"));
5199
5212
  }
5200
5213
 
5201
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5214
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5202
5215
  /*
5203
5216
  * Copyright (c) Microsoft Corporation. All rights reserved.
5204
5217
  * Licensed under the MIT License.
@@ -5208,7 +5221,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5208
5221
  response.hasOwnProperty("metadata"));
5209
5222
  }
5210
5223
 
5211
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5224
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5212
5225
  /*
5213
5226
  * Copyright (c) Microsoft Corporation. All rights reserved.
5214
5227
  * Licensed under the MIT License.
@@ -5218,7 +5231,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5218
5231
  response.hasOwnProperty("error_description"));
5219
5232
  }
5220
5233
 
5221
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5234
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5222
5235
 
5223
5236
  /*
5224
5237
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5323,7 +5336,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5323
5336
  },
5324
5337
  };
5325
5338
 
5326
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5339
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5327
5340
 
5328
5341
  /*
5329
5342
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5578,7 +5591,7 @@ class Authority {
5578
5591
  }, this.correlationId);
5579
5592
  }
5580
5593
  /**
5581
- * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
5594
+ * Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
5582
5595
  * from the configured canonical authority
5583
5596
  * @returns
5584
5597
  */
@@ -5647,6 +5660,8 @@ class Authority {
5647
5660
  // Get metadata from network if local sources aren't available
5648
5661
  let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
5649
5662
  if (metadata) {
5663
+ // Validate the issuer returned by the OIDC discovery document.
5664
+ this.validateIssuer(metadata.issuer);
5650
5665
  // If the user prefers to use an azure region replace the global endpoints with regional information.
5651
5666
  if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
5652
5667
  metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
@@ -5815,7 +5830,7 @@ class Authority {
5815
5830
  throw createClientConfigurationError(untrustedAuthority);
5816
5831
  }
5817
5832
  updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
5818
- this.logger.verbose("0jhlgt", this.correlationId);
5833
+ this.logger.verbose("1tpqlr", this.correlationId);
5819
5834
  this.logger.verbosePii("1fy7uz", this.correlationId);
5820
5835
  this.logger.verbosePii("08zabj", this.correlationId);
5821
5836
  this.logger.verbosePii("1o1kv3", this.correlationId);
@@ -6012,6 +6027,139 @@ class Authority {
6012
6027
  isAliasOfKnownMicrosoftAuthority(host) {
6013
6028
  return InstanceDiscoveryMetadataAliases.has(host);
6014
6029
  }
6030
+ /**
6031
+ * Validates the `issuer` returned by an OIDC discovery document against
6032
+ * this authority, per
6033
+ * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
6034
+ *
6035
+ * The issuer is accepted when ANY of the following holds:
6036
+ * 1. The issuer scheme + host + port match the authority's (path may
6037
+ * differ). Applies to all authorities.
6038
+ * 2. The authority is a Microsoft cloud authority (public, sovereign,
6039
+ * or CIAM), the issuer is HTTPS, and the issuer host is in the known
6040
+ * Microsoft authority host set.
6041
+ * 3. Same as (2), but the issuer host is a single-label regional variant
6042
+ * of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
6043
+ * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
6044
+ * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
6045
+ * path.
6046
+ *
6047
+ * @param issuer The `issuer` value returned in the OIDC discovery document.
6048
+ * @throws ClientConfigurationError("issuer_validation_failed") on failure.
6049
+ */
6050
+ validateIssuer(issuer) {
6051
+ if (!issuer) {
6052
+ throw createClientConfigurationError(issuerValidationFailed);
6053
+ }
6054
+ // Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
6055
+ let issuerUrl;
6056
+ try {
6057
+ issuerUrl = new URL(issuer);
6058
+ }
6059
+ catch {
6060
+ throw createClientConfigurationError(issuerValidationFailed);
6061
+ }
6062
+ const issuerScheme = issuerUrl.protocol;
6063
+ const issuerHost = issuerUrl.host;
6064
+ const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
6065
+ const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
6066
+ // Rule 1: Same scheme and host
6067
+ const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
6068
+ // Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
6069
+ const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
6070
+ this.isAliasOfKnownMicrosoftAuthority(issuerHost);
6071
+ /*
6072
+ * Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
6073
+ * (HTTPS only). E.g. westus2.login.microsoft.com
6074
+ */
6075
+ const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
6076
+ this.matchesRegionalMicrosoftHost(issuerHost);
6077
+ /*
6078
+ * Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
6079
+ * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
6080
+ */
6081
+ const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
6082
+ // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
6083
+ if (matchesAuthorityOrigin ||
6084
+ matchesKnownMicrosoftHost ||
6085
+ matchesRegionalMicrosoftHost ||
6086
+ matchesCiamTenantPattern) {
6087
+ return;
6088
+ }
6089
+ // issuer validation fails if none of the above rules are satisfied
6090
+ throw createClientConfigurationError(issuerValidationFailed);
6091
+ }
6092
+ /**
6093
+ * Rule 1: The issuer scheme + host (and port) match the authority's. Path
6094
+ * may differ. Applies to all authorities.
6095
+ */
6096
+ matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
6097
+ return issuerScheme === authorityScheme && issuerHost === authorityHost;
6098
+ }
6099
+ /**
6100
+ * Rule 3: The issuer host is a regional variant
6101
+ * (`{region}.{host}`) of a known Microsoft authority host.
6102
+ * E.g. `westus2.login.microsoft.com`.
6103
+ */
6104
+ matchesRegionalMicrosoftHost(issuerHost) {
6105
+ const firstDot = issuerHost.indexOf(".");
6106
+ if (firstDot > 0 && firstDot < issuerHost.length - 1) {
6107
+ const hostWithoutRegion = issuerHost.substring(firstDot + 1);
6108
+ return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
6109
+ }
6110
+ return false;
6111
+ }
6112
+ /**
6113
+ * Rule 4: The issuer matches one of the well-known CIAM tenant patterns
6114
+ * (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
6115
+ *
6116
+ * The bare tenant name is extracted from the authority's first path segment
6117
+ * when available (stripping the `.onmicrosoft.com` suffix that
6118
+ * `transformCIAMAuthority` adds), or otherwise from the leftmost label of
6119
+ * the authority host (to support CIAM custom domain scenarios).
6120
+ *
6121
+ * Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
6122
+ * because the OIDC issuer may use either form depending on the authority URL
6123
+ * that was used to trigger discovery.
6124
+ */
6125
+ matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
6126
+ /*
6127
+ * authorityPathSegments[0] is the first path segment of the *authority
6128
+ * URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
6129
+ * Additional CIAM issuer path segments such as "/v2.0" are part of the
6130
+ * issuer string, not the authority URL's PathSegments.
6131
+ */
6132
+ const pathSegment = authorityPathSegments[0];
6133
+ /*
6134
+ * Extract the bare tenant name: strip the .onmicrosoft.com suffix when
6135
+ * present (introduced by transformCIAMAuthority), or fall back to the
6136
+ * first label of the authority hostname for non-transformed/custom-domain
6137
+ * CIAM authorities.
6138
+ */
6139
+ const tenantName = pathSegment
6140
+ ? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
6141
+ ? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
6142
+ : pathSegment
6143
+ : authorityHost.split(".")[0];
6144
+ if (!tenantName) {
6145
+ return false;
6146
+ }
6147
+ const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
6148
+ const validCiamPatterns = [
6149
+ ciamBaseURL,
6150
+ `${ciamBaseURL}/${tenantName}`,
6151
+ `${ciamBaseURL}/${tenantName}/v2.0`,
6152
+ `${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
6153
+ `${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
6154
+ ];
6155
+ /*
6156
+ * Compose the canonical issuer string from URL components and strip any
6157
+ * trailing slashes from the path so it can be compared to the pattern set.
6158
+ */
6159
+ const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
6160
+ const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
6161
+ return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
6162
+ }
6015
6163
  /**
6016
6164
  * Checks whether the provided host is that of a public cloud authority
6017
6165
  *
@@ -6143,7 +6291,7 @@ function buildStaticAuthorityOptions(authOptions) {
6143
6291
  };
6144
6292
  }
6145
6293
 
6146
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6294
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6147
6295
 
6148
6296
  /*
6149
6297
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6177,7 +6325,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6177
6325
  }
6178
6326
  }
6179
6327
 
6180
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6328
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6181
6329
 
6182
6330
  /*
6183
6331
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6434,7 +6582,7 @@ class AuthorizationCodeClient {
6434
6582
  }
6435
6583
  }
6436
6584
 
6437
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6585
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6438
6586
 
6439
6587
  /*
6440
6588
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6655,7 +6803,7 @@ class RefreshTokenClient {
6655
6803
  }
6656
6804
  }
6657
6805
 
6658
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6806
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6659
6807
 
6660
6808
  /*
6661
6809
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6771,7 +6919,7 @@ class SilentFlowClient {
6771
6919
  }
6772
6920
  }
6773
6921
 
6774
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6922
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6775
6923
 
6776
6924
  /*
6777
6925
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6786,7 +6934,7 @@ const StubbedNetworkModule = {
6786
6934
  },
6787
6935
  };
6788
6936
 
6789
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6937
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6790
6938
 
6791
6939
  /*
6792
6940
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7009,7 +7157,7 @@ function extractLoginHint(account) {
7009
7157
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7010
7158
  }
7011
7159
 
7012
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7160
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7013
7161
 
7014
7162
  /*
7015
7163
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7042,7 +7190,7 @@ function containsResourceParam(params) {
7042
7190
  return Object.prototype.hasOwnProperty.call(params, "resource");
7043
7191
  }
7044
7192
 
7045
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7193
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7046
7194
 
7047
7195
  /*
7048
7196
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7100,7 +7248,7 @@ class AuthenticationHeaderParser {
7100
7248
  }
7101
7249
  }
7102
7250
 
7103
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7251
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7104
7252
  /*
7105
7253
  * Copyright (c) Microsoft Corporation. All rights reserved.
7106
7254
  * Licensed under the MIT License.
@@ -7117,7 +7265,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7117
7265
  unexpectedError: unexpectedError
7118
7266
  });
7119
7267
 
7120
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7268
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7121
7269
 
7122
7270
  /*
7123
7271
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7378,7 +7526,7 @@ class ServerTelemetryManager {
7378
7526
  }
7379
7527
  }
7380
7528
 
7381
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7529
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7382
7530
 
7383
7531
  /*
7384
7532
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7399,7 +7547,7 @@ function createJoseHeaderError(code) {
7399
7547
  return new JoseHeaderError(code);
7400
7548
  }
7401
7549
 
7402
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7550
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7403
7551
  /*
7404
7552
  * Copyright (c) Microsoft Corporation. All rights reserved.
7405
7553
  * Licensed under the MIT License.
@@ -7407,7 +7555,7 @@ function createJoseHeaderError(code) {
7407
7555
  const missingKidError = "missing_kid_error";
7408
7556
  const missingAlgError = "missing_alg_error";
7409
7557
 
7410
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7558
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7411
7559
 
7412
7560
  /*
7413
7561
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7447,7 +7595,7 @@ class JoseHeader {
7447
7595
  }
7448
7596
  }
7449
7597
 
7450
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7598
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7451
7599
 
7452
7600
  /*
7453
7601
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9869,7 +10017,6 @@ const ACCOUNT_SCHEMA_VERSION = 3;
9869
10017
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
9870
10018
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
9871
10019
  const BROWSER_PERF_ENABLED_KEY = `${PREFIX}.${BROWSER_PREFIX}.performance.enabled`;
9872
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
9873
10020
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
9874
10021
  const ACCOUNT_KEYS = "account.keys";
9875
10022
  const TOKEN_KEYS = "token.keys";
@@ -10385,7 +10532,7 @@ const EventType = {
10385
10532
 
10386
10533
  /* eslint-disable header/header */
10387
10534
  const name = "@azure/msal-browser";
10388
- const version = "5.10.0";
10535
+ const version = "5.11.0";
10389
10536
 
10390
10537
  /*
10391
10538
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12133,12 +12280,13 @@ class StandardInteractionClient extends BaseInteractionClient {
12133
12280
  * and logoutHint attribute wasn't manually set in logout request
12134
12281
  */
12135
12282
  if (logoutRequest) {
12136
- // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
12283
+ // If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
12137
12284
  if (!logoutRequest.logoutHint) {
12138
12285
  if (logoutRequest.account) {
12139
- const logoutHint = this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
12286
+ const logoutHint = logoutRequest.account.loginHint ||
12287
+ this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
12140
12288
  if (logoutHint) {
12141
- this.logger.verbose("0st5di", this.correlationId);
12289
+ this.logger.verbose("0d7s8p", this.correlationId);
12142
12290
  validLogoutRequest.logoutHint = logoutHint;
12143
12291
  }
12144
12292
  }
@@ -12191,6 +12339,7 @@ class StandardInteractionClient extends BaseInteractionClient {
12191
12339
  const idTokenClaims = account.idTokenClaims;
12192
12340
  if (idTokenClaims) {
12193
12341
  if (idTokenClaims.login_hint) {
12342
+ this.logger.verbose("0u5bmc", this.correlationId);
12194
12343
  return idTokenClaims.login_hint;
12195
12344
  }
12196
12345
  else {
@@ -13819,6 +13968,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
13819
13968
  };
13820
13969
  const DEFAULT_EXPERIMENTAL_OPTIONS = {
13821
13970
  iframeTimeoutTelemetry: false,
13971
+ allowPlatformBrokerWithDOM: false,
13822
13972
  };
13823
13973
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
13824
13974
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
@@ -14265,25 +14415,23 @@ class PlatformAuthDOMHandler {
14265
14415
  */
14266
14416
  /**
14267
14417
  * Checks if the platform broker is available in the current environment.
14268
- * @param loggerOptions
14269
- * @param perfClient
14270
- * @param correlationId
14271
- * @returns
14418
+ * @param domConfig - Whether to enable platform broker DOM API support (required)
14419
+ * @param loggerOptions - Optional logger options
14420
+ * @param perfClient - Optional performance client
14421
+ * @param correlationId - Optional correlation ID
14422
+ * @returns Promise<boolean> indicating if platform broker is available
14272
14423
  */
14273
- async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationId) {
14424
+ async function isPlatformBrokerAvailable(domConfig, loggerOptions, perfClient, correlationId) {
14274
14425
  const logger = new Logger(loggerOptions || {}, name, version);
14275
- const cid = correlationId || "";
14276
- logger.trace("07660b", cid);
14277
14426
  const performanceClient = perfClient || new StubPerformanceClient();
14278
14427
  if (typeof window === "undefined") {
14279
- logger.trace("082ed3", cid);
14428
+ logger.trace("082ed3", correlationId || createNewGuid());
14280
14429
  return false;
14281
14430
  }
14282
- return !!(await getPlatformAuthProvider(logger, performanceClient, cid));
14431
+ return !!(await getPlatformAuthProvider(logger, performanceClient, correlationId || createNewGuid(), undefined, domConfig));
14283
14432
  }
14284
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
14433
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
14285
14434
  logger.trace("134j0v", correlationId);
14286
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
14287
14435
  logger.trace("04c81g", correlationId);
14288
14436
  let platformAuthProvider;
14289
14437
  try {
@@ -14307,22 +14455,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
14307
14455
  }
14308
14456
  return platformAuthProvider;
14309
14457
  }
14310
- /**
14311
- * Returns true if the DOM API support for platform auth is enabled in session storage
14312
- * @returns boolean
14313
- * @deprecated
14314
- */
14315
- function isDomEnabledForPlatformAuth() {
14316
- let sessionStorage;
14317
- try {
14318
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
14319
- // Mute errors if it's a non-browser environment or cookies are blocked.
14320
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
14321
- }
14322
- catch (e) {
14323
- return false;
14324
- }
14325
- }
14326
14458
  /**
14327
14459
  * Returns boolean indicating whether or not the request should attempt to use platform broker
14328
14460
  * @param logger
@@ -14333,6 +14465,11 @@ function isDomEnabledForPlatformAuth() {
14333
14465
  */
14334
14466
  function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
14335
14467
  logger.trace("0uko3r", correlationId);
14468
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
14469
+ if (!config.system.allowPlatformBroker &&
14470
+ config.experimental.allowPlatformBrokerWithDOM) {
14471
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
14472
+ }
14336
14473
  if (!config.system.allowPlatformBroker) {
14337
14474
  logger.trace("04hozs", correlationId);
14338
14475
  // Developer disabled WAM
@@ -15792,7 +15929,7 @@ class StandardController {
15792
15929
  if (allowPlatformBroker) {
15793
15930
  try {
15794
15931
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
15795
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
15932
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
15796
15933
  }
15797
15934
  catch (e) {
15798
15935
  this.logger.verbose(e, correlationId);