@azure/msal-browser 5.10.0 → 5.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (255) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CacheKeys.mjs +2 -3
  13. package/dist/cache/CacheKeys.mjs.map +1 -1
  14. package/dist/cache/CookieStorage.mjs +1 -1
  15. package/dist/cache/DatabaseStorage.mjs +1 -1
  16. package/dist/cache/EncryptedData.mjs +1 -1
  17. package/dist/cache/LocalStorage.mjs +1 -1
  18. package/dist/cache/MemoryStorage.mjs +1 -1
  19. package/dist/cache/SessionStorage.mjs +1 -1
  20. package/dist/cache/TokenCache.mjs +1 -1
  21. package/dist/config/Configuration.mjs +2 -1
  22. package/dist/config/Configuration.mjs.map +1 -1
  23. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  24. package/dist/controllers/StandardController.mjs +2 -2
  25. package/dist/controllers/StandardController.mjs.map +1 -1
  26. package/dist/crypto/BrowserCrypto.mjs +1 -1
  27. package/dist/crypto/CryptoOps.mjs +1 -1
  28. package/dist/crypto/PkceGenerator.mjs +1 -1
  29. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  30. package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
  31. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  32. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  33. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
  34. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  35. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  51. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  52. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  53. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  54. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  55. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  57. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  58. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  59. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  60. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  61. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  62. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  63. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  64. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  66. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  67. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  73. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
  75. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
  77. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
  81. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  82. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
  83. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  84. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
  85. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  86. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  87. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  88. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  89. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  90. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  91. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  92. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
  93. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
  94. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  95. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  96. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  97. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  98. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  99. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  100. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  101. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  102. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  103. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  104. package/dist/custom_auth/index.mjs +1 -1
  105. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  109. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  110. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  111. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  112. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  113. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  114. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  115. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  116. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  122. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  123. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  124. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  125. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  126. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  127. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  128. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  129. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  130. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  136. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  137. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  138. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  139. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  140. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  141. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  142. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  143. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  144. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  145. package/dist/encode/Base64Decode.mjs +1 -1
  146. package/dist/encode/Base64Encode.mjs +1 -1
  147. package/dist/error/BrowserAuthError.mjs +1 -1
  148. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  149. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  150. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  151. package/dist/error/NativeAuthError.mjs +1 -1
  152. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  153. package/dist/error/NestedAppAuthError.mjs +1 -1
  154. package/dist/event/EventHandler.mjs +1 -1
  155. package/dist/event/EventMessage.mjs +1 -1
  156. package/dist/event/EventType.mjs +1 -1
  157. package/dist/index.mjs +1 -1
  158. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  159. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  160. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  161. package/dist/interaction_client/PopupClient.mjs +1 -1
  162. package/dist/interaction_client/RedirectClient.mjs +1 -1
  163. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  164. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  165. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  166. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  167. package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
  168. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  169. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  170. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  171. package/dist/log-strings-mapping.json +21 -9
  172. package/dist/naa/BridgeError.mjs +1 -1
  173. package/dist/naa/BridgeProxy.mjs +1 -1
  174. package/dist/naa/BridgeStatusCode.mjs +1 -1
  175. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  176. package/dist/navigation/NavigationClient.mjs +1 -1
  177. package/dist/network/FetchClient.mjs +1 -1
  178. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  180. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  181. package/dist/packageMetadata.mjs +2 -2
  182. package/dist/protocol/Authorize.mjs +1 -1
  183. package/dist/redirect_bridge/index.mjs +1 -1
  184. package/dist/request/RequestHelpers.mjs +1 -1
  185. package/dist/response/ResponseHandler.mjs +1 -1
  186. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  187. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  188. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  189. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  190. package/dist/utils/BrowserConstants.mjs +1 -1
  191. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  192. package/dist/utils/BrowserUtils.mjs +1 -1
  193. package/dist/utils/Helpers.mjs +1 -1
  194. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  195. package/lib/custom-auth-path/log-strings-mapping.json +21 -9
  196. package/lib/custom-auth-path/msal-custom-auth.cjs +319 -107
  197. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  198. package/lib/custom-auth-path/msal-custom-auth.js +319 -107
  199. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  200. package/lib/log-strings-mapping.json +8 -8
  201. package/lib/msal-browser.cjs +241 -104
  202. package/lib/msal-browser.cjs.map +1 -1
  203. package/lib/msal-browser.js +241 -104
  204. package/lib/msal-browser.js.map +1 -1
  205. package/lib/msal-browser.min.js +2 -2
  206. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  207. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  208. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  209. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  210. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  211. package/package.json +2 -2
  212. package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
  213. package/src/config/Configuration.ts +5 -0
  214. package/src/controllers/StandardController.ts +2 -1
  215. package/src/custom_auth/CustomAuthConstants.ts +10 -0
  216. package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
  217. package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
  218. package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
  219. package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
  220. package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
  221. package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
  222. package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
  223. package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
  224. package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
  225. package/src/custom_auth/index.ts +4 -0
  226. package/src/interaction_client/StandardInteractionClient.ts +11 -5
  227. package/src/packageMetadata.ts +1 -1
  228. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
  229. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  230. package/types/config/Configuration.d.ts +4 -0
  231. package/types/config/Configuration.d.ts.map +1 -1
  232. package/types/controllers/StandardController.d.ts.map +1 -1
  233. package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
  234. package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
  235. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
  236. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
  237. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
  238. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
  239. package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  240. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
  241. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
  242. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
  243. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  244. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
  245. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
  246. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
  247. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  248. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
  249. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
  250. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
  251. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
  252. package/types/custom_auth/index.d.ts +1 -0
  253. package/types/custom_auth/index.d.ts.map +1 -1
  254. package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  255. package/types/packageMetadata.d.ts +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.10.0 2026-05-07 */
1
+ /*! @azure/msal-browser v5.11.0 2026-05-19 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.6.0 2026-05-07 */
9
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -238,7 +238,7 @@
238
238
  // Token renewal offset default in seconds
239
239
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
240
240
 
241
- /*! @azure/msal-common v16.6.0 2026-05-07 */
241
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
242
242
  /*
243
243
  * Copyright (c) Microsoft Corporation. All rights reserved.
244
244
  * Licensed under the MIT License.
@@ -290,7 +290,7 @@
290
290
  const RESOURCE = "resource";
291
291
  const CLI_DATA = "clidata";
292
292
 
293
- /*! @azure/msal-common v16.6.0 2026-05-07 */
293
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
294
294
  /*
295
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
296
296
  * Licensed under the MIT License.
@@ -321,7 +321,7 @@
321
321
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
322
322
  }
323
323
 
324
- /*! @azure/msal-common v16.6.0 2026-05-07 */
324
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
325
325
 
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -341,7 +341,7 @@
341
341
  return new ClientConfigurationError(errorCode);
342
342
  }
343
343
 
344
- /*! @azure/msal-common v16.6.0 2026-05-07 */
344
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
345
345
  /*
346
346
  * Copyright (c) Microsoft Corporation. All rights reserved.
347
347
  * Licensed under the MIT License.
@@ -421,7 +421,7 @@
421
421
  }
422
422
  }
423
423
 
424
- /*! @azure/msal-common v16.6.0 2026-05-07 */
424
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
425
425
 
426
426
  /*
427
427
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -444,7 +444,7 @@
444
444
  return new ClientAuthError(errorCode, additionalMessage);
445
445
  }
446
446
 
447
- /*! @azure/msal-common v16.6.0 2026-05-07 */
447
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
448
448
  /*
449
449
  * Copyright (c) Microsoft Corporation. All rights reserved.
450
450
  * Licensed under the MIT License.
@@ -470,7 +470,9 @@
470
470
  const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
471
471
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
472
472
  const authorityMismatch = "authority_mismatch";
473
- const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
473
+ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
474
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
475
+ const issuerValidationFailed = "issuer_validation_failed";
474
476
 
475
477
  var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
476
478
  __proto__: null,
@@ -485,7 +487,9 @@
485
487
  invalidClaims: invalidClaims,
486
488
  invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
487
489
  invalidCodeChallengeMethod: invalidCodeChallengeMethod,
490
+ invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration,
488
491
  invalidRequestMethodForEAR: invalidRequestMethodForEAR,
492
+ issuerValidationFailed: issuerValidationFailed,
489
493
  logoutRequestEmpty: logoutRequestEmpty,
490
494
  missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
491
495
  missingSshJwk: missingSshJwk,
@@ -498,7 +502,7 @@
498
502
  urlParseError: urlParseError
499
503
  });
500
504
 
501
- /*! @azure/msal-common v16.6.0 2026-05-07 */
505
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
502
506
  /*
503
507
  * Copyright (c) Microsoft Corporation. All rights reserved.
504
508
  * Licensed under the MIT License.
@@ -586,7 +590,7 @@
586
590
  userCanceled: userCanceled
587
591
  });
588
592
 
589
- /*! @azure/msal-common v16.6.0 2026-05-07 */
593
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
590
594
 
591
595
  /*
592
596
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -781,7 +785,7 @@
781
785
  }
782
786
  }
783
787
 
784
- /*! @azure/msal-common v16.6.0 2026-05-07 */
788
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
785
789
 
786
790
  /*
787
791
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1170,7 +1174,7 @@
1170
1174
  }
1171
1175
  }
1172
1176
 
1173
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1177
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1174
1178
 
1175
1179
  /*
1176
1180
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1279,7 +1283,7 @@
1279
1283
  }
1280
1284
  }
1281
1285
 
1282
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1286
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1283
1287
 
1284
1288
  /*
1285
1289
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1318,7 +1322,7 @@
1318
1322
  },
1319
1323
  };
1320
1324
 
1321
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1325
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1322
1326
  /*
1323
1327
  * Copyright (c) Microsoft Corporation. All rights reserved.
1324
1328
  * Licensed under the MIT License.
@@ -1593,12 +1597,12 @@
1593
1597
  }
1594
1598
  }
1595
1599
 
1596
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1600
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1597
1601
  /* eslint-disable header/header */
1598
1602
  const name$1 = "@azure/msal-common";
1599
- const version$1 = "16.6.0";
1603
+ const version$1 = "16.6.2";
1600
1604
 
1601
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1605
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1602
1606
  /*
1603
1607
  * Copyright (c) Microsoft Corporation. All rights reserved.
1604
1608
  * Licensed under the MIT License.
@@ -1618,7 +1622,7 @@
1618
1622
  AzureUsGovernment: "https://login.microsoftonline.us",
1619
1623
  };
1620
1624
 
1621
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1625
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1622
1626
  /*
1623
1627
  * Copyright (c) Microsoft Corporation. All rights reserved.
1624
1628
  * Licensed under the MIT License.
@@ -1701,7 +1705,7 @@
1701
1705
  return updatedAccountInfo;
1702
1706
  }
1703
1707
 
1704
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1708
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1705
1709
 
1706
1710
  /*
1707
1711
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1781,7 +1785,7 @@
1781
1785
  }
1782
1786
  }
1783
1787
 
1784
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1788
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1785
1789
 
1786
1790
  /*
1787
1791
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1938,7 +1942,7 @@
1938
1942
  }
1939
1943
  }
1940
1944
 
1941
- /*! @azure/msal-common v16.6.0 2026-05-07 */
1945
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1942
1946
 
1943
1947
  /*
1944
1948
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2024,6 +2028,15 @@
2024
2028
  preferred_cache: "login.sovcloud-identity.sg",
2025
2029
  aliases: ["login.sovcloud-identity.sg"],
2026
2030
  },
2031
+ {
2032
+ preferred_network: "login.windows-ppe.net",
2033
+ preferred_cache: "login.windows-ppe.net",
2034
+ aliases: [
2035
+ "login.windows-ppe.net",
2036
+ "sts.windows-ppe.net",
2037
+ "login.microsoft-ppe.com",
2038
+ ],
2039
+ },
2027
2040
  ],
2028
2041
  },
2029
2042
  };
@@ -2095,7 +2108,7 @@
2095
2108
  return null;
2096
2109
  }
2097
2110
 
2098
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2111
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2099
2112
  /*
2100
2113
  * Copyright (c) Microsoft Corporation. All rights reserved.
2101
2114
  * Licensed under the MIT License.
@@ -2103,7 +2116,7 @@
2103
2116
  const cacheQuotaExceeded = "cache_quota_exceeded";
2104
2117
  const cacheErrorUnknown = "cache_error_unknown";
2105
2118
 
2106
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2119
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2107
2120
 
2108
2121
  /*
2109
2122
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2141,7 +2154,7 @@
2141
2154
  }
2142
2155
  }
2143
2156
 
2144
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2157
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2145
2158
 
2146
2159
  /*
2147
2160
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2179,7 +2192,7 @@
2179
2192
  };
2180
2193
  }
2181
2194
 
2182
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2195
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2183
2196
  /*
2184
2197
  * Copyright (c) Microsoft Corporation. All rights reserved.
2185
2198
  * Licensed under the MIT License.
@@ -2194,7 +2207,7 @@
2194
2207
  Ciam: 3,
2195
2208
  };
2196
2209
 
2197
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2210
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2198
2211
  /*
2199
2212
  * Copyright (c) Microsoft Corporation. All rights reserved.
2200
2213
  * Licensed under the MIT License.
@@ -2216,7 +2229,7 @@
2216
2229
  return null;
2217
2230
  }
2218
2231
 
2219
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2232
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2220
2233
  /*
2221
2234
  * Copyright (c) Microsoft Corporation. All rights reserved.
2222
2235
  * Licensed under the MIT License.
@@ -2240,7 +2253,7 @@
2240
2253
  EAR: "EAR",
2241
2254
  };
2242
2255
 
2243
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2256
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2244
2257
  /**
2245
2258
  * Returns the AccountInfo interface for this account.
2246
2259
  */
@@ -2415,7 +2428,7 @@
2415
2428
  entity.hasOwnProperty("authorityType"));
2416
2429
  }
2417
2430
 
2418
- /*! @azure/msal-common v16.6.0 2026-05-07 */
2431
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2419
2432
 
2420
2433
  /*
2421
2434
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3547,7 +3560,7 @@
3547
3560
  }
3548
3561
  }
3549
3562
 
3550
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3563
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3551
3564
  /*
3552
3565
  * Copyright (c) Microsoft Corporation. All rights reserved.
3553
3566
  * Licensed under the MIT License.
@@ -3598,7 +3611,7 @@
3598
3611
  "redirectBridgeMessageVersion",
3599
3612
  ]);
3600
3613
 
3601
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3614
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3602
3615
 
3603
3616
  /*
3604
3617
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3653,7 +3666,7 @@
3653
3666
  }
3654
3667
  }
3655
3668
 
3656
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3669
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3657
3670
 
3658
3671
  /*
3659
3672
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3748,7 +3761,7 @@
3748
3761
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3749
3762
  }
3750
3763
 
3751
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3764
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3752
3765
  /*
3753
3766
  * Copyright (c) Microsoft Corporation. All rights reserved.
3754
3767
  * Licensed under the MIT License.
@@ -3775,7 +3788,7 @@
3775
3788
  }
3776
3789
  }
3777
3790
 
3778
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3791
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3779
3792
  /*
3780
3793
  * Copyright (c) Microsoft Corporation. All rights reserved.
3781
3794
  * Licensed under the MIT License.
@@ -3840,7 +3853,7 @@
3840
3853
  return cachedAtSec > nowSeconds();
3841
3854
  }
3842
3855
 
3843
- /*! @azure/msal-common v16.6.0 2026-05-07 */
3856
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3844
3857
 
3845
3858
  /*
3846
3859
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4099,7 +4112,7 @@
4099
4112
  return metadata.expiresAt <= nowSeconds();
4100
4113
  }
4101
4114
 
4102
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4115
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4103
4116
  /*
4104
4117
  * Copyright (c) Microsoft Corporation. All rights reserved.
4105
4118
  * Licensed under the MIT License.
@@ -4170,7 +4183,7 @@
4170
4183
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4171
4184
  const SetUserData = "setUserData";
4172
4185
 
4173
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4186
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4174
4187
  /*
4175
4188
  * Copyright (c) Microsoft Corporation. All rights reserved.
4176
4189
  * Licensed under the MIT License.
@@ -4263,7 +4276,7 @@
4263
4276
  };
4264
4277
  };
4265
4278
 
4266
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4279
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4267
4280
 
4268
4281
  /*
4269
4282
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4343,7 +4356,7 @@
4343
4356
  }
4344
4357
  }
4345
4358
 
4346
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4359
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4347
4360
  /*
4348
4361
  * Copyright (c) Microsoft Corporation. All rights reserved.
4349
4362
  * Licensed under the MIT License.
@@ -4407,7 +4420,7 @@
4407
4420
  uxNotAllowed: uxNotAllowed
4408
4421
  });
4409
4422
 
4410
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4423
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4411
4424
 
4412
4425
  /*
4413
4426
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4475,7 +4488,7 @@
4475
4488
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4476
4489
  }
4477
4490
 
4478
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4491
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4479
4492
 
4480
4493
  /*
4481
4494
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4494,7 +4507,7 @@
4494
4507
  }
4495
4508
  }
4496
4509
 
4497
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4510
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4498
4511
 
4499
4512
  /*
4500
4513
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4562,7 +4575,7 @@
4562
4575
  }
4563
4576
  }
4564
4577
 
4565
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4578
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4566
4579
 
4567
4580
  /*
4568
4581
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4910,7 +4923,7 @@
4910
4923
  return baseAccount;
4911
4924
  }
4912
4925
 
4913
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4926
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4914
4927
  /*
4915
4928
  * Copyright (c) Microsoft Corporation. All rights reserved.
4916
4929
  * Licensed under the MIT License.
@@ -4920,7 +4933,7 @@
4920
4933
  UPN: "UPN",
4921
4934
  };
4922
4935
 
4923
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4936
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4924
4937
  /*
4925
4938
  * Copyright (c) Microsoft Corporation. All rights reserved.
4926
4939
  * Licensed under the MIT License.
@@ -4938,7 +4951,7 @@
4938
4951
  }
4939
4952
  }
4940
4953
 
4941
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4954
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4942
4955
  /*
4943
4956
  * Copyright (c) Microsoft Corporation. All rights reserved.
4944
4957
  * Licensed under the MIT License.
@@ -4959,7 +4972,7 @@
4959
4972
  };
4960
4973
  }
4961
4974
 
4962
- /*! @azure/msal-common v16.6.0 2026-05-07 */
4975
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4963
4976
 
4964
4977
  /*
4965
4978
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5045,7 +5058,7 @@
5045
5058
  }
5046
5059
  }
5047
5060
 
5048
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5061
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5049
5062
 
5050
5063
  /*
5051
5064
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5076,7 +5089,7 @@
5076
5089
  return new NetworkError(error, httpStatus, responseHeaders);
5077
5090
  }
5078
5091
 
5079
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5092
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5080
5093
 
5081
5094
  /*
5082
5095
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5190,7 +5203,7 @@
5190
5203
  return response;
5191
5204
  }
5192
5205
 
5193
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5206
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5194
5207
  /*
5195
5208
  * Copyright (c) Microsoft Corporation. All rights reserved.
5196
5209
  * Licensed under the MIT License.
@@ -5202,7 +5215,7 @@
5202
5215
  response.hasOwnProperty("jwks_uri"));
5203
5216
  }
5204
5217
 
5205
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5218
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5206
5219
  /*
5207
5220
  * Copyright (c) Microsoft Corporation. All rights reserved.
5208
5221
  * Licensed under the MIT License.
@@ -5212,7 +5225,7 @@
5212
5225
  response.hasOwnProperty("metadata"));
5213
5226
  }
5214
5227
 
5215
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5228
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5216
5229
  /*
5217
5230
  * Copyright (c) Microsoft Corporation. All rights reserved.
5218
5231
  * Licensed under the MIT License.
@@ -5222,7 +5235,7 @@
5222
5235
  response.hasOwnProperty("error_description"));
5223
5236
  }
5224
5237
 
5225
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5238
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5226
5239
 
5227
5240
  /*
5228
5241
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5327,7 +5340,7 @@
5327
5340
  },
5328
5341
  };
5329
5342
 
5330
- /*! @azure/msal-common v16.6.0 2026-05-07 */
5343
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5331
5344
 
5332
5345
  /*
5333
5346
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5582,7 +5595,7 @@
5582
5595
  }, this.correlationId);
5583
5596
  }
5584
5597
  /**
5585
- * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built
5598
+ * Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
5586
5599
  * from the configured canonical authority
5587
5600
  * @returns
5588
5601
  */
@@ -5651,6 +5664,8 @@
5651
5664
  // Get metadata from network if local sources aren't available
5652
5665
  let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
5653
5666
  if (metadata) {
5667
+ // Validate the issuer returned by the OIDC discovery document.
5668
+ this.validateIssuer(metadata.issuer);
5654
5669
  // If the user prefers to use an azure region replace the global endpoints with regional information.
5655
5670
  if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
5656
5671
  metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
@@ -5819,7 +5834,7 @@
5819
5834
  throw createClientConfigurationError(untrustedAuthority);
5820
5835
  }
5821
5836
  updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
5822
- this.logger.verbose("0jhlgt", this.correlationId);
5837
+ this.logger.verbose("1tpqlr", this.correlationId);
5823
5838
  this.logger.verbosePii("1fy7uz", this.correlationId);
5824
5839
  this.logger.verbosePii("08zabj", this.correlationId);
5825
5840
  this.logger.verbosePii("1o1kv3", this.correlationId);
@@ -6016,6 +6031,139 @@
6016
6031
  isAliasOfKnownMicrosoftAuthority(host) {
6017
6032
  return InstanceDiscoveryMetadataAliases.has(host);
6018
6033
  }
6034
+ /**
6035
+ * Validates the `issuer` returned by an OIDC discovery document against
6036
+ * this authority, per
6037
+ * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
6038
+ *
6039
+ * The issuer is accepted when ANY of the following holds:
6040
+ * 1. The issuer scheme + host + port match the authority's (path may
6041
+ * differ). Applies to all authorities.
6042
+ * 2. The authority is a Microsoft cloud authority (public, sovereign,
6043
+ * or CIAM), the issuer is HTTPS, and the issuer host is in the known
6044
+ * Microsoft authority host set.
6045
+ * 3. Same as (2), but the issuer host is a single-label regional variant
6046
+ * of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
6047
+ * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
6048
+ * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
6049
+ * path.
6050
+ *
6051
+ * @param issuer The `issuer` value returned in the OIDC discovery document.
6052
+ * @throws ClientConfigurationError("issuer_validation_failed") on failure.
6053
+ */
6054
+ validateIssuer(issuer) {
6055
+ if (!issuer) {
6056
+ throw createClientConfigurationError(issuerValidationFailed);
6057
+ }
6058
+ // Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
6059
+ let issuerUrl;
6060
+ try {
6061
+ issuerUrl = new URL(issuer);
6062
+ }
6063
+ catch {
6064
+ throw createClientConfigurationError(issuerValidationFailed);
6065
+ }
6066
+ const issuerScheme = issuerUrl.protocol;
6067
+ const issuerHost = issuerUrl.host;
6068
+ const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
6069
+ const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
6070
+ // Rule 1: Same scheme and host
6071
+ const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
6072
+ // Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
6073
+ const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
6074
+ this.isAliasOfKnownMicrosoftAuthority(issuerHost);
6075
+ /*
6076
+ * Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
6077
+ * (HTTPS only). E.g. westus2.login.microsoft.com
6078
+ */
6079
+ const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
6080
+ this.matchesRegionalMicrosoftHost(issuerHost);
6081
+ /*
6082
+ * Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
6083
+ * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
6084
+ */
6085
+ const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
6086
+ // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
6087
+ if (matchesAuthorityOrigin ||
6088
+ matchesKnownMicrosoftHost ||
6089
+ matchesRegionalMicrosoftHost ||
6090
+ matchesCiamTenantPattern) {
6091
+ return;
6092
+ }
6093
+ // issuer validation fails if none of the above rules are satisfied
6094
+ throw createClientConfigurationError(issuerValidationFailed);
6095
+ }
6096
+ /**
6097
+ * Rule 1: The issuer scheme + host (and port) match the authority's. Path
6098
+ * may differ. Applies to all authorities.
6099
+ */
6100
+ matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
6101
+ return issuerScheme === authorityScheme && issuerHost === authorityHost;
6102
+ }
6103
+ /**
6104
+ * Rule 3: The issuer host is a regional variant
6105
+ * (`{region}.{host}`) of a known Microsoft authority host.
6106
+ * E.g. `westus2.login.microsoft.com`.
6107
+ */
6108
+ matchesRegionalMicrosoftHost(issuerHost) {
6109
+ const firstDot = issuerHost.indexOf(".");
6110
+ if (firstDot > 0 && firstDot < issuerHost.length - 1) {
6111
+ const hostWithoutRegion = issuerHost.substring(firstDot + 1);
6112
+ return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
6113
+ }
6114
+ return false;
6115
+ }
6116
+ /**
6117
+ * Rule 4: The issuer matches one of the well-known CIAM tenant patterns
6118
+ * (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
6119
+ *
6120
+ * The bare tenant name is extracted from the authority's first path segment
6121
+ * when available (stripping the `.onmicrosoft.com` suffix that
6122
+ * `transformCIAMAuthority` adds), or otherwise from the leftmost label of
6123
+ * the authority host (to support CIAM custom domain scenarios).
6124
+ *
6125
+ * Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
6126
+ * because the OIDC issuer may use either form depending on the authority URL
6127
+ * that was used to trigger discovery.
6128
+ */
6129
+ matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
6130
+ /*
6131
+ * authorityPathSegments[0] is the first path segment of the *authority
6132
+ * URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
6133
+ * Additional CIAM issuer path segments such as "/v2.0" are part of the
6134
+ * issuer string, not the authority URL's PathSegments.
6135
+ */
6136
+ const pathSegment = authorityPathSegments[0];
6137
+ /*
6138
+ * Extract the bare tenant name: strip the .onmicrosoft.com suffix when
6139
+ * present (introduced by transformCIAMAuthority), or fall back to the
6140
+ * first label of the authority hostname for non-transformed/custom-domain
6141
+ * CIAM authorities.
6142
+ */
6143
+ const tenantName = pathSegment
6144
+ ? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
6145
+ ? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
6146
+ : pathSegment
6147
+ : authorityHost.split(".")[0];
6148
+ if (!tenantName) {
6149
+ return false;
6150
+ }
6151
+ const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
6152
+ const validCiamPatterns = [
6153
+ ciamBaseURL,
6154
+ `${ciamBaseURL}/${tenantName}`,
6155
+ `${ciamBaseURL}/${tenantName}/v2.0`,
6156
+ `${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
6157
+ `${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
6158
+ ];
6159
+ /*
6160
+ * Compose the canonical issuer string from URL components and strip any
6161
+ * trailing slashes from the path so it can be compared to the pattern set.
6162
+ */
6163
+ const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
6164
+ const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
6165
+ return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
6166
+ }
6019
6167
  /**
6020
6168
  * Checks whether the provided host is that of a public cloud authority
6021
6169
  *
@@ -6147,7 +6295,7 @@
6147
6295
  };
6148
6296
  }
6149
6297
 
6150
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6298
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6151
6299
 
6152
6300
  /*
6153
6301
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6181,7 +6329,7 @@
6181
6329
  }
6182
6330
  }
6183
6331
 
6184
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6332
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6185
6333
 
6186
6334
  /*
6187
6335
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6438,7 +6586,7 @@
6438
6586
  }
6439
6587
  }
6440
6588
 
6441
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6589
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6442
6590
 
6443
6591
  /*
6444
6592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6659,7 +6807,7 @@
6659
6807
  }
6660
6808
  }
6661
6809
 
6662
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6810
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6663
6811
 
6664
6812
  /*
6665
6813
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6775,7 +6923,7 @@
6775
6923
  }
6776
6924
  }
6777
6925
 
6778
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6926
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6779
6927
 
6780
6928
  /*
6781
6929
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6790,7 +6938,7 @@
6790
6938
  },
6791
6939
  };
6792
6940
 
6793
- /*! @azure/msal-common v16.6.0 2026-05-07 */
6941
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6794
6942
 
6795
6943
  /*
6796
6944
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7013,7 +7161,7 @@
7013
7161
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7014
7162
  }
7015
7163
 
7016
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7164
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7017
7165
 
7018
7166
  /*
7019
7167
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7046,7 +7194,7 @@
7046
7194
  return Object.prototype.hasOwnProperty.call(params, "resource");
7047
7195
  }
7048
7196
 
7049
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7197
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7050
7198
 
7051
7199
  /*
7052
7200
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7104,7 +7252,7 @@
7104
7252
  }
7105
7253
  }
7106
7254
 
7107
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7255
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7108
7256
  /*
7109
7257
  * Copyright (c) Microsoft Corporation. All rights reserved.
7110
7258
  * Licensed under the MIT License.
@@ -7121,7 +7269,7 @@
7121
7269
  unexpectedError: unexpectedError
7122
7270
  });
7123
7271
 
7124
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7272
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7125
7273
 
7126
7274
  /*
7127
7275
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7382,7 +7530,7 @@
7382
7530
  }
7383
7531
  }
7384
7532
 
7385
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7533
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7386
7534
 
7387
7535
  /*
7388
7536
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7403,7 +7551,7 @@
7403
7551
  return new JoseHeaderError(code);
7404
7552
  }
7405
7553
 
7406
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7554
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7407
7555
  /*
7408
7556
  * Copyright (c) Microsoft Corporation. All rights reserved.
7409
7557
  * Licensed under the MIT License.
@@ -7411,7 +7559,7 @@
7411
7559
  const missingKidError = "missing_kid_error";
7412
7560
  const missingAlgError = "missing_alg_error";
7413
7561
 
7414
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7562
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7415
7563
 
7416
7564
  /*
7417
7565
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7451,7 +7599,7 @@
7451
7599
  }
7452
7600
  }
7453
7601
 
7454
- /*! @azure/msal-common v16.6.0 2026-05-07 */
7602
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7455
7603
 
7456
7604
  /*
7457
7605
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9873,7 +10021,6 @@
9873
10021
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
9874
10022
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
9875
10023
  const BROWSER_PERF_ENABLED_KEY = `${PREFIX}.${BROWSER_PREFIX}.performance.enabled`;
9876
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
9877
10024
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
9878
10025
  const ACCOUNT_KEYS = "account.keys";
9879
10026
  const TOKEN_KEYS = "token.keys";
@@ -10389,7 +10536,7 @@
10389
10536
 
10390
10537
  /* eslint-disable header/header */
10391
10538
  const name = "@azure/msal-browser";
10392
- const version = "5.10.0";
10539
+ const version = "5.11.0";
10393
10540
 
10394
10541
  /*
10395
10542
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12137,12 +12284,13 @@
12137
12284
  * and logoutHint attribute wasn't manually set in logout request
12138
12285
  */
12139
12286
  if (logoutRequest) {
12140
- // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
12287
+ // If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
12141
12288
  if (!logoutRequest.logoutHint) {
12142
12289
  if (logoutRequest.account) {
12143
- const logoutHint = this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
12290
+ const logoutHint = logoutRequest.account.loginHint ||
12291
+ this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
12144
12292
  if (logoutHint) {
12145
- this.logger.verbose("0st5di", this.correlationId);
12293
+ this.logger.verbose("0d7s8p", this.correlationId);
12146
12294
  validLogoutRequest.logoutHint = logoutHint;
12147
12295
  }
12148
12296
  }
@@ -12195,6 +12343,7 @@
12195
12343
  const idTokenClaims = account.idTokenClaims;
12196
12344
  if (idTokenClaims) {
12197
12345
  if (idTokenClaims.login_hint) {
12346
+ this.logger.verbose("0u5bmc", this.correlationId);
12198
12347
  return idTokenClaims.login_hint;
12199
12348
  }
12200
12349
  else {
@@ -13823,6 +13972,7 @@
13823
13972
  };
13824
13973
  const DEFAULT_EXPERIMENTAL_OPTIONS = {
13825
13974
  iframeTimeoutTelemetry: false,
13975
+ allowPlatformBrokerWithDOM: false,
13826
13976
  };
13827
13977
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
13828
13978
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
@@ -14269,25 +14419,23 @@
14269
14419
  */
14270
14420
  /**
14271
14421
  * Checks if the platform broker is available in the current environment.
14272
- * @param loggerOptions
14273
- * @param perfClient
14274
- * @param correlationId
14275
- * @returns
14422
+ * @param domConfig - Whether to enable platform broker DOM API support (required)
14423
+ * @param loggerOptions - Optional logger options
14424
+ * @param perfClient - Optional performance client
14425
+ * @param correlationId - Optional correlation ID
14426
+ * @returns Promise<boolean> indicating if platform broker is available
14276
14427
  */
14277
- async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationId) {
14428
+ async function isPlatformBrokerAvailable(domConfig, loggerOptions, perfClient, correlationId) {
14278
14429
  const logger = new Logger(loggerOptions || {}, name, version);
14279
- const cid = correlationId || "";
14280
- logger.trace("07660b", cid);
14281
14430
  const performanceClient = perfClient || new StubPerformanceClient();
14282
14431
  if (typeof window === "undefined") {
14283
- logger.trace("082ed3", cid);
14432
+ logger.trace("082ed3", correlationId || createNewGuid());
14284
14433
  return false;
14285
14434
  }
14286
- return !!(await getPlatformAuthProvider(logger, performanceClient, cid));
14435
+ return !!(await getPlatformAuthProvider(logger, performanceClient, correlationId || createNewGuid(), undefined, domConfig));
14287
14436
  }
14288
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
14437
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
14289
14438
  logger.trace("134j0v", correlationId);
14290
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
14291
14439
  logger.trace("04c81g", correlationId);
14292
14440
  let platformAuthProvider;
14293
14441
  try {
@@ -14311,22 +14459,6 @@
14311
14459
  }
14312
14460
  return platformAuthProvider;
14313
14461
  }
14314
- /**
14315
- * Returns true if the DOM API support for platform auth is enabled in session storage
14316
- * @returns boolean
14317
- * @deprecated
14318
- */
14319
- function isDomEnabledForPlatformAuth() {
14320
- let sessionStorage;
14321
- try {
14322
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
14323
- // Mute errors if it's a non-browser environment or cookies are blocked.
14324
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
14325
- }
14326
- catch (e) {
14327
- return false;
14328
- }
14329
- }
14330
14462
  /**
14331
14463
  * Returns boolean indicating whether or not the request should attempt to use platform broker
14332
14464
  * @param logger
@@ -14337,6 +14469,11 @@
14337
14469
  */
14338
14470
  function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
14339
14471
  logger.trace("0uko3r", correlationId);
14472
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
14473
+ if (!config.system.allowPlatformBroker &&
14474
+ config.experimental.allowPlatformBrokerWithDOM) {
14475
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
14476
+ }
14340
14477
  if (!config.system.allowPlatformBroker) {
14341
14478
  logger.trace("04hozs", correlationId);
14342
14479
  // Developer disabled WAM
@@ -15796,7 +15933,7 @@
15796
15933
  if (allowPlatformBroker) {
15797
15934
  try {
15798
15935
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
15799
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
15936
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
15800
15937
  }
15801
15938
  catch (e) {
15802
15939
  this.logger.verbose(e, correlationId);