@azure/msal-browser 5.10.0 → 5.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +2 -3
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +2 -2
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +21 -9
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +21 -9
- package/lib/custom-auth-path/msal-custom-auth.cjs +319 -107
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +319 -107
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +8 -8
- package/lib/msal-browser.cjs +241 -104
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +241 -104
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/StandardController.ts +2 -1
- package/src/custom_auth/CustomAuthConstants.ts +10 -0
- package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
- package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
- package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
- package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
- package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
- package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
- package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
- package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
- package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
- package/src/custom_auth/index.ts +4 -0
- package/src/interaction_client/StandardInteractionClient.ts +11 -5
- package/src/packageMetadata.ts +1 -1
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +4 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
- package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
- package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
- package/types/custom_auth/index.d.ts +1 -0
- package/types/custom_auth/index.d.ts.map +1 -1
- package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.11.0 2026-05-19 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.6.
|
|
5
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
|
|
|
229
229
|
// Token renewal offset default in seconds
|
|
230
230
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
231
231
|
|
|
232
|
-
/*! @azure/msal-common v16.6.
|
|
232
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
233
233
|
/*
|
|
234
234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
235
235
|
* Licensed under the MIT License.
|
|
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
281
281
|
const RESOURCE = "resource";
|
|
282
282
|
const CLI_DATA = "clidata";
|
|
283
283
|
|
|
284
|
-
/*! @azure/msal-common v16.6.
|
|
284
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
285
285
|
/*
|
|
286
286
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
287
287
|
* Licensed under the MIT License.
|
|
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
312
312
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
313
313
|
}
|
|
314
314
|
|
|
315
|
-
/*! @azure/msal-common v16.6.
|
|
315
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
316
316
|
|
|
317
317
|
/*
|
|
318
318
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
332
332
|
return new ClientConfigurationError(errorCode);
|
|
333
333
|
}
|
|
334
334
|
|
|
335
|
-
/*! @azure/msal-common v16.6.
|
|
335
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
336
336
|
/*
|
|
337
337
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
338
338
|
* Licensed under the MIT License.
|
|
@@ -412,7 +412,7 @@ class StringUtils {
|
|
|
412
412
|
}
|
|
413
413
|
}
|
|
414
414
|
|
|
415
|
-
/*! @azure/msal-common v16.6.
|
|
415
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
416
416
|
|
|
417
417
|
/*
|
|
418
418
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
435
435
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
436
436
|
}
|
|
437
437
|
|
|
438
|
-
/*! @azure/msal-common v16.6.
|
|
438
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
439
439
|
/*
|
|
440
440
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
441
441
|
* Licensed under the MIT License.
|
|
@@ -457,9 +457,11 @@ const missingSshKid = "missing_ssh_kid";
|
|
|
457
457
|
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
458
458
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
459
459
|
const authorityMismatch = "authority_mismatch";
|
|
460
|
-
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
460
|
+
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
461
|
+
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
462
|
+
const issuerValidationFailed = "issuer_validation_failed";
|
|
461
463
|
|
|
462
|
-
/*! @azure/msal-common v16.6.
|
|
464
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
463
465
|
/*
|
|
464
466
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
465
467
|
* Licensed under the MIT License.
|
|
@@ -498,7 +500,7 @@ const methodNotImplemented = "method_not_implemented";
|
|
|
498
500
|
const resourceParameterRequired = "resource_parameter_required";
|
|
499
501
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
500
502
|
|
|
501
|
-
/*! @azure/msal-common v16.6.
|
|
503
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
502
504
|
|
|
503
505
|
/*
|
|
504
506
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -693,7 +695,7 @@ class ScopeSet {
|
|
|
693
695
|
}
|
|
694
696
|
}
|
|
695
697
|
|
|
696
|
-
/*! @azure/msal-common v16.6.
|
|
698
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
697
699
|
|
|
698
700
|
/*
|
|
699
701
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1082,7 +1084,7 @@ function addResource(parameters, resource) {
|
|
|
1082
1084
|
}
|
|
1083
1085
|
}
|
|
1084
1086
|
|
|
1085
|
-
/*! @azure/msal-common v16.6.
|
|
1087
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1086
1088
|
|
|
1087
1089
|
/*
|
|
1088
1090
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1191,7 +1193,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1191
1193
|
}
|
|
1192
1194
|
}
|
|
1193
1195
|
|
|
1194
|
-
/*! @azure/msal-common v16.6.
|
|
1196
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1195
1197
|
|
|
1196
1198
|
/*
|
|
1197
1199
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1230,7 +1232,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1230
1232
|
},
|
|
1231
1233
|
};
|
|
1232
1234
|
|
|
1233
|
-
/*! @azure/msal-common v16.6.
|
|
1235
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1234
1236
|
/*
|
|
1235
1237
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1236
1238
|
* Licensed under the MIT License.
|
|
@@ -1491,12 +1493,12 @@ class Logger {
|
|
|
1491
1493
|
}
|
|
1492
1494
|
}
|
|
1493
1495
|
|
|
1494
|
-
/*! @azure/msal-common v16.6.
|
|
1496
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1495
1497
|
/* eslint-disable header/header */
|
|
1496
1498
|
const name$1 = "@azure/msal-common";
|
|
1497
|
-
const version$1 = "16.6.
|
|
1499
|
+
const version$1 = "16.6.2";
|
|
1498
1500
|
|
|
1499
|
-
/*! @azure/msal-common v16.6.
|
|
1501
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1500
1502
|
/*
|
|
1501
1503
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1502
1504
|
* Licensed under the MIT License.
|
|
@@ -1505,7 +1507,7 @@ const AzureCloudInstance = {
|
|
|
1505
1507
|
// AzureCloudInstance is not specified.
|
|
1506
1508
|
None: "none"};
|
|
1507
1509
|
|
|
1508
|
-
/*! @azure/msal-common v16.6.
|
|
1510
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1509
1511
|
/*
|
|
1510
1512
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1511
1513
|
* Licensed under the MIT License.
|
|
@@ -1588,7 +1590,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1588
1590
|
return updatedAccountInfo;
|
|
1589
1591
|
}
|
|
1590
1592
|
|
|
1591
|
-
/*! @azure/msal-common v16.6.
|
|
1593
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1592
1594
|
|
|
1593
1595
|
/*
|
|
1594
1596
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1668,7 +1670,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1668
1670
|
}
|
|
1669
1671
|
}
|
|
1670
1672
|
|
|
1671
|
-
/*! @azure/msal-common v16.6.
|
|
1673
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1672
1674
|
|
|
1673
1675
|
/*
|
|
1674
1676
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1825,7 +1827,7 @@ class UrlString {
|
|
|
1825
1827
|
}
|
|
1826
1828
|
}
|
|
1827
1829
|
|
|
1828
|
-
/*! @azure/msal-common v16.6.
|
|
1830
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1829
1831
|
|
|
1830
1832
|
/*
|
|
1831
1833
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1911,6 +1913,15 @@ const rawMetdataJSON = {
|
|
|
1911
1913
|
preferred_cache: "login.sovcloud-identity.sg",
|
|
1912
1914
|
aliases: ["login.sovcloud-identity.sg"],
|
|
1913
1915
|
},
|
|
1916
|
+
{
|
|
1917
|
+
preferred_network: "login.windows-ppe.net",
|
|
1918
|
+
preferred_cache: "login.windows-ppe.net",
|
|
1919
|
+
aliases: [
|
|
1920
|
+
"login.windows-ppe.net",
|
|
1921
|
+
"sts.windows-ppe.net",
|
|
1922
|
+
"login.microsoft-ppe.com",
|
|
1923
|
+
],
|
|
1924
|
+
},
|
|
1914
1925
|
],
|
|
1915
1926
|
},
|
|
1916
1927
|
};
|
|
@@ -1982,7 +1993,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1982
1993
|
return null;
|
|
1983
1994
|
}
|
|
1984
1995
|
|
|
1985
|
-
/*! @azure/msal-common v16.6.
|
|
1996
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1986
1997
|
/*
|
|
1987
1998
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1988
1999
|
* Licensed under the MIT License.
|
|
@@ -1990,7 +2001,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1990
2001
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
1991
2002
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
1992
2003
|
|
|
1993
|
-
/*! @azure/msal-common v16.6.
|
|
2004
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1994
2005
|
|
|
1995
2006
|
/*
|
|
1996
2007
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2028,7 +2039,7 @@ function createCacheError(e) {
|
|
|
2028
2039
|
}
|
|
2029
2040
|
}
|
|
2030
2041
|
|
|
2031
|
-
/*! @azure/msal-common v16.6.
|
|
2042
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2032
2043
|
|
|
2033
2044
|
/*
|
|
2034
2045
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2066,7 +2077,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2066
2077
|
};
|
|
2067
2078
|
}
|
|
2068
2079
|
|
|
2069
|
-
/*! @azure/msal-common v16.6.
|
|
2080
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2070
2081
|
/*
|
|
2071
2082
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2072
2083
|
* Licensed under the MIT License.
|
|
@@ -2081,7 +2092,7 @@ const AuthorityType = {
|
|
|
2081
2092
|
Ciam: 3,
|
|
2082
2093
|
};
|
|
2083
2094
|
|
|
2084
|
-
/*! @azure/msal-common v16.6.
|
|
2095
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2085
2096
|
/*
|
|
2086
2097
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2087
2098
|
* Licensed under the MIT License.
|
|
@@ -2103,7 +2114,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2103
2114
|
return null;
|
|
2104
2115
|
}
|
|
2105
2116
|
|
|
2106
|
-
/*! @azure/msal-common v16.6.
|
|
2117
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2107
2118
|
/*
|
|
2108
2119
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2109
2120
|
* Licensed under the MIT License.
|
|
@@ -2127,7 +2138,7 @@ const ProtocolMode = {
|
|
|
2127
2138
|
EAR: "EAR",
|
|
2128
2139
|
};
|
|
2129
2140
|
|
|
2130
|
-
/*! @azure/msal-common v16.6.
|
|
2141
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2131
2142
|
/**
|
|
2132
2143
|
* Returns the AccountInfo interface for this account.
|
|
2133
2144
|
*/
|
|
@@ -2302,7 +2313,7 @@ function isAccountEntity(entity) {
|
|
|
2302
2313
|
entity.hasOwnProperty("authorityType"));
|
|
2303
2314
|
}
|
|
2304
2315
|
|
|
2305
|
-
/*! @azure/msal-common v16.6.
|
|
2316
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2306
2317
|
|
|
2307
2318
|
/*
|
|
2308
2319
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3433,7 +3444,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3433
3444
|
}
|
|
3434
3445
|
}
|
|
3435
3446
|
|
|
3436
|
-
/*! @azure/msal-common v16.6.
|
|
3447
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3437
3448
|
/*
|
|
3438
3449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3439
3450
|
* Licensed under the MIT License.
|
|
@@ -3447,7 +3458,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3447
3458
|
const PerformanceEventStatus = {
|
|
3448
3459
|
InProgress: 1};
|
|
3449
3460
|
|
|
3450
|
-
/*! @azure/msal-common v16.6.
|
|
3461
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3451
3462
|
|
|
3452
3463
|
/*
|
|
3453
3464
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3502,7 +3513,7 @@ class StubPerformanceClient {
|
|
|
3502
3513
|
}
|
|
3503
3514
|
}
|
|
3504
3515
|
|
|
3505
|
-
/*! @azure/msal-common v16.6.
|
|
3516
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3506
3517
|
|
|
3507
3518
|
/*
|
|
3508
3519
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3597,7 +3608,7 @@ function isOidcProtocolMode(config) {
|
|
|
3597
3608
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3598
3609
|
}
|
|
3599
3610
|
|
|
3600
|
-
/*! @azure/msal-common v16.6.
|
|
3611
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3601
3612
|
/*
|
|
3602
3613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3603
3614
|
* Licensed under the MIT License.
|
|
@@ -3624,7 +3635,7 @@ function isOidcProtocolMode(config) {
|
|
|
3624
3635
|
}
|
|
3625
3636
|
}
|
|
3626
3637
|
|
|
3627
|
-
/*! @azure/msal-common v16.6.
|
|
3638
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3628
3639
|
/*
|
|
3629
3640
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3630
3641
|
* Licensed under the MIT License.
|
|
@@ -3689,7 +3700,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3689
3700
|
return cachedAtSec > nowSeconds();
|
|
3690
3701
|
}
|
|
3691
3702
|
|
|
3692
|
-
/*! @azure/msal-common v16.6.
|
|
3703
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3693
3704
|
|
|
3694
3705
|
/*
|
|
3695
3706
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3948,7 +3959,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
3948
3959
|
return metadata.expiresAt <= nowSeconds();
|
|
3949
3960
|
}
|
|
3950
3961
|
|
|
3951
|
-
/*! @azure/msal-common v16.6.
|
|
3962
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3952
3963
|
/*
|
|
3953
3964
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3954
3965
|
* Licensed under the MIT License.
|
|
@@ -4019,7 +4030,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4019
4030
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4020
4031
|
const SetUserData = "setUserData";
|
|
4021
4032
|
|
|
4022
|
-
/*! @azure/msal-common v16.6.
|
|
4033
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4023
4034
|
/*
|
|
4024
4035
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4025
4036
|
* Licensed under the MIT License.
|
|
@@ -4112,7 +4123,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4112
4123
|
};
|
|
4113
4124
|
};
|
|
4114
4125
|
|
|
4115
|
-
/*! @azure/msal-common v16.6.
|
|
4126
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4116
4127
|
|
|
4117
4128
|
/*
|
|
4118
4129
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4192,7 +4203,7 @@ class PopTokenGenerator {
|
|
|
4192
4203
|
}
|
|
4193
4204
|
}
|
|
4194
4205
|
|
|
4195
|
-
/*! @azure/msal-common v16.6.
|
|
4206
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4196
4207
|
/*
|
|
4197
4208
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4198
4209
|
* Licensed under the MIT License.
|
|
@@ -4243,7 +4254,7 @@ const badToken = "bad_token";
|
|
|
4243
4254
|
*/
|
|
4244
4255
|
const interruptedUser = "interrupted_user";
|
|
4245
4256
|
|
|
4246
|
-
/*! @azure/msal-common v16.6.
|
|
4257
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4247
4258
|
|
|
4248
4259
|
/*
|
|
4249
4260
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4311,7 +4322,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4311
4322
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4312
4323
|
}
|
|
4313
4324
|
|
|
4314
|
-
/*! @azure/msal-common v16.6.
|
|
4325
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4315
4326
|
|
|
4316
4327
|
/*
|
|
4317
4328
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4330,7 +4341,7 @@ class ServerError extends AuthError {
|
|
|
4330
4341
|
}
|
|
4331
4342
|
}
|
|
4332
4343
|
|
|
4333
|
-
/*! @azure/msal-common v16.6.
|
|
4344
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4334
4345
|
|
|
4335
4346
|
/*
|
|
4336
4347
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4398,7 +4409,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4398
4409
|
}
|
|
4399
4410
|
}
|
|
4400
4411
|
|
|
4401
|
-
/*! @azure/msal-common v16.6.
|
|
4412
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4402
4413
|
|
|
4403
4414
|
/*
|
|
4404
4415
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4746,7 +4757,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4746
4757
|
return baseAccount;
|
|
4747
4758
|
}
|
|
4748
4759
|
|
|
4749
|
-
/*! @azure/msal-common v16.6.
|
|
4760
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4750
4761
|
/*
|
|
4751
4762
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4752
4763
|
* Licensed under the MIT License.
|
|
@@ -4756,7 +4767,7 @@ const CcsCredentialType = {
|
|
|
4756
4767
|
UPN: "UPN",
|
|
4757
4768
|
};
|
|
4758
4769
|
|
|
4759
|
-
/*! @azure/msal-common v16.6.
|
|
4770
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4760
4771
|
/*
|
|
4761
4772
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4762
4773
|
* Licensed under the MIT License.
|
|
@@ -4774,7 +4785,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4774
4785
|
}
|
|
4775
4786
|
}
|
|
4776
4787
|
|
|
4777
|
-
/*! @azure/msal-common v16.6.
|
|
4788
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4778
4789
|
/*
|
|
4779
4790
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4780
4791
|
* Licensed under the MIT License.
|
|
@@ -4795,7 +4806,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4795
4806
|
};
|
|
4796
4807
|
}
|
|
4797
4808
|
|
|
4798
|
-
/*! @azure/msal-common v16.6.
|
|
4809
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4799
4810
|
|
|
4800
4811
|
/*
|
|
4801
4812
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4881,7 +4892,7 @@ class ThrottlingUtils {
|
|
|
4881
4892
|
}
|
|
4882
4893
|
}
|
|
4883
4894
|
|
|
4884
|
-
/*! @azure/msal-common v16.6.
|
|
4895
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4885
4896
|
|
|
4886
4897
|
/*
|
|
4887
4898
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4912,7 +4923,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
4912
4923
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4913
4924
|
}
|
|
4914
4925
|
|
|
4915
|
-
/*! @azure/msal-common v16.6.
|
|
4926
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4916
4927
|
|
|
4917
4928
|
/*
|
|
4918
4929
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5026,7 +5037,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5026
5037
|
return response;
|
|
5027
5038
|
}
|
|
5028
5039
|
|
|
5029
|
-
/*! @azure/msal-common v16.6.
|
|
5040
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5030
5041
|
/*
|
|
5031
5042
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5032
5043
|
* Licensed under the MIT License.
|
|
@@ -5038,7 +5049,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5038
5049
|
response.hasOwnProperty("jwks_uri"));
|
|
5039
5050
|
}
|
|
5040
5051
|
|
|
5041
|
-
/*! @azure/msal-common v16.6.
|
|
5052
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5042
5053
|
/*
|
|
5043
5054
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5044
5055
|
* Licensed under the MIT License.
|
|
@@ -5048,7 +5059,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5048
5059
|
response.hasOwnProperty("metadata"));
|
|
5049
5060
|
}
|
|
5050
5061
|
|
|
5051
|
-
/*! @azure/msal-common v16.6.
|
|
5062
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5052
5063
|
/*
|
|
5053
5064
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5054
5065
|
* Licensed under the MIT License.
|
|
@@ -5058,7 +5069,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5058
5069
|
response.hasOwnProperty("error_description"));
|
|
5059
5070
|
}
|
|
5060
5071
|
|
|
5061
|
-
/*! @azure/msal-common v16.6.
|
|
5072
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5062
5073
|
|
|
5063
5074
|
/*
|
|
5064
5075
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5163,7 +5174,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5163
5174
|
},
|
|
5164
5175
|
};
|
|
5165
5176
|
|
|
5166
|
-
/*! @azure/msal-common v16.6.
|
|
5177
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5167
5178
|
|
|
5168
5179
|
/*
|
|
5169
5180
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5418,7 +5429,7 @@ class Authority {
|
|
|
5418
5429
|
}, this.correlationId);
|
|
5419
5430
|
}
|
|
5420
5431
|
/**
|
|
5421
|
-
* Returns metadata entity from cache if it exists,
|
|
5432
|
+
* Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
|
|
5422
5433
|
* from the configured canonical authority
|
|
5423
5434
|
* @returns
|
|
5424
5435
|
*/
|
|
@@ -5487,6 +5498,8 @@ class Authority {
|
|
|
5487
5498
|
// Get metadata from network if local sources aren't available
|
|
5488
5499
|
let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
5489
5500
|
if (metadata) {
|
|
5501
|
+
// Validate the issuer returned by the OIDC discovery document.
|
|
5502
|
+
this.validateIssuer(metadata.issuer);
|
|
5490
5503
|
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
5491
5504
|
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
5492
5505
|
metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
|
|
@@ -5655,7 +5668,7 @@ class Authority {
|
|
|
5655
5668
|
throw createClientConfigurationError(untrustedAuthority);
|
|
5656
5669
|
}
|
|
5657
5670
|
updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
|
|
5658
|
-
this.logger.verbose("
|
|
5671
|
+
this.logger.verbose("1tpqlr", this.correlationId);
|
|
5659
5672
|
this.logger.verbosePii("1fy7uz", this.correlationId);
|
|
5660
5673
|
this.logger.verbosePii("08zabj", this.correlationId);
|
|
5661
5674
|
this.logger.verbosePii("1o1kv3", this.correlationId);
|
|
@@ -5852,6 +5865,139 @@ class Authority {
|
|
|
5852
5865
|
isAliasOfKnownMicrosoftAuthority(host) {
|
|
5853
5866
|
return InstanceDiscoveryMetadataAliases.has(host);
|
|
5854
5867
|
}
|
|
5868
|
+
/**
|
|
5869
|
+
* Validates the `issuer` returned by an OIDC discovery document against
|
|
5870
|
+
* this authority, per
|
|
5871
|
+
* https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
|
|
5872
|
+
*
|
|
5873
|
+
* The issuer is accepted when ANY of the following holds:
|
|
5874
|
+
* 1. The issuer scheme + host + port match the authority's (path may
|
|
5875
|
+
* differ). Applies to all authorities.
|
|
5876
|
+
* 2. The authority is a Microsoft cloud authority (public, sovereign,
|
|
5877
|
+
* or CIAM), the issuer is HTTPS, and the issuer host is in the known
|
|
5878
|
+
* Microsoft authority host set.
|
|
5879
|
+
* 3. Same as (2), but the issuer host is a single-label regional variant
|
|
5880
|
+
* of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
|
|
5881
|
+
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
5882
|
+
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
5883
|
+
* path.
|
|
5884
|
+
*
|
|
5885
|
+
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
5886
|
+
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
5887
|
+
*/
|
|
5888
|
+
validateIssuer(issuer) {
|
|
5889
|
+
if (!issuer) {
|
|
5890
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5891
|
+
}
|
|
5892
|
+
// Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
|
|
5893
|
+
let issuerUrl;
|
|
5894
|
+
try {
|
|
5895
|
+
issuerUrl = new URL(issuer);
|
|
5896
|
+
}
|
|
5897
|
+
catch {
|
|
5898
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5899
|
+
}
|
|
5900
|
+
const issuerScheme = issuerUrl.protocol;
|
|
5901
|
+
const issuerHost = issuerUrl.host;
|
|
5902
|
+
const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
|
|
5903
|
+
const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
|
|
5904
|
+
// Rule 1: Same scheme and host
|
|
5905
|
+
const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
|
|
5906
|
+
// Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
|
|
5907
|
+
const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
|
|
5908
|
+
this.isAliasOfKnownMicrosoftAuthority(issuerHost);
|
|
5909
|
+
/*
|
|
5910
|
+
* Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
|
|
5911
|
+
* (HTTPS only). E.g. westus2.login.microsoft.com
|
|
5912
|
+
*/
|
|
5913
|
+
const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
|
|
5914
|
+
this.matchesRegionalMicrosoftHost(issuerHost);
|
|
5915
|
+
/*
|
|
5916
|
+
* Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
|
|
5917
|
+
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
5918
|
+
*/
|
|
5919
|
+
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
5920
|
+
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
5921
|
+
if (matchesAuthorityOrigin ||
|
|
5922
|
+
matchesKnownMicrosoftHost ||
|
|
5923
|
+
matchesRegionalMicrosoftHost ||
|
|
5924
|
+
matchesCiamTenantPattern) {
|
|
5925
|
+
return;
|
|
5926
|
+
}
|
|
5927
|
+
// issuer validation fails if none of the above rules are satisfied
|
|
5928
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5929
|
+
}
|
|
5930
|
+
/**
|
|
5931
|
+
* Rule 1: The issuer scheme + host (and port) match the authority's. Path
|
|
5932
|
+
* may differ. Applies to all authorities.
|
|
5933
|
+
*/
|
|
5934
|
+
matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
|
|
5935
|
+
return issuerScheme === authorityScheme && issuerHost === authorityHost;
|
|
5936
|
+
}
|
|
5937
|
+
/**
|
|
5938
|
+
* Rule 3: The issuer host is a regional variant
|
|
5939
|
+
* (`{region}.{host}`) of a known Microsoft authority host.
|
|
5940
|
+
* E.g. `westus2.login.microsoft.com`.
|
|
5941
|
+
*/
|
|
5942
|
+
matchesRegionalMicrosoftHost(issuerHost) {
|
|
5943
|
+
const firstDot = issuerHost.indexOf(".");
|
|
5944
|
+
if (firstDot > 0 && firstDot < issuerHost.length - 1) {
|
|
5945
|
+
const hostWithoutRegion = issuerHost.substring(firstDot + 1);
|
|
5946
|
+
return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
|
|
5947
|
+
}
|
|
5948
|
+
return false;
|
|
5949
|
+
}
|
|
5950
|
+
/**
|
|
5951
|
+
* Rule 4: The issuer matches one of the well-known CIAM tenant patterns
|
|
5952
|
+
* (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
|
|
5953
|
+
*
|
|
5954
|
+
* The bare tenant name is extracted from the authority's first path segment
|
|
5955
|
+
* when available (stripping the `.onmicrosoft.com` suffix that
|
|
5956
|
+
* `transformCIAMAuthority` adds), or otherwise from the leftmost label of
|
|
5957
|
+
* the authority host (to support CIAM custom domain scenarios).
|
|
5958
|
+
*
|
|
5959
|
+
* Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
|
|
5960
|
+
* because the OIDC issuer may use either form depending on the authority URL
|
|
5961
|
+
* that was used to trigger discovery.
|
|
5962
|
+
*/
|
|
5963
|
+
matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
|
|
5964
|
+
/*
|
|
5965
|
+
* authorityPathSegments[0] is the first path segment of the *authority
|
|
5966
|
+
* URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
|
|
5967
|
+
* Additional CIAM issuer path segments such as "/v2.0" are part of the
|
|
5968
|
+
* issuer string, not the authority URL's PathSegments.
|
|
5969
|
+
*/
|
|
5970
|
+
const pathSegment = authorityPathSegments[0];
|
|
5971
|
+
/*
|
|
5972
|
+
* Extract the bare tenant name: strip the .onmicrosoft.com suffix when
|
|
5973
|
+
* present (introduced by transformCIAMAuthority), or fall back to the
|
|
5974
|
+
* first label of the authority hostname for non-transformed/custom-domain
|
|
5975
|
+
* CIAM authorities.
|
|
5976
|
+
*/
|
|
5977
|
+
const tenantName = pathSegment
|
|
5978
|
+
? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
|
|
5979
|
+
? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
|
|
5980
|
+
: pathSegment
|
|
5981
|
+
: authorityHost.split(".")[0];
|
|
5982
|
+
if (!tenantName) {
|
|
5983
|
+
return false;
|
|
5984
|
+
}
|
|
5985
|
+
const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
|
|
5986
|
+
const validCiamPatterns = [
|
|
5987
|
+
ciamBaseURL,
|
|
5988
|
+
`${ciamBaseURL}/${tenantName}`,
|
|
5989
|
+
`${ciamBaseURL}/${tenantName}/v2.0`,
|
|
5990
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
|
|
5991
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
|
|
5992
|
+
];
|
|
5993
|
+
/*
|
|
5994
|
+
* Compose the canonical issuer string from URL components and strip any
|
|
5995
|
+
* trailing slashes from the path so it can be compared to the pattern set.
|
|
5996
|
+
*/
|
|
5997
|
+
const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
|
|
5998
|
+
const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
|
|
5999
|
+
return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
|
|
6000
|
+
}
|
|
5855
6001
|
/**
|
|
5856
6002
|
* Checks whether the provided host is that of a public cloud authority
|
|
5857
6003
|
*
|
|
@@ -5983,7 +6129,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
5983
6129
|
};
|
|
5984
6130
|
}
|
|
5985
6131
|
|
|
5986
|
-
/*! @azure/msal-common v16.6.
|
|
6132
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5987
6133
|
|
|
5988
6134
|
/*
|
|
5989
6135
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6017,7 +6163,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6017
6163
|
}
|
|
6018
6164
|
}
|
|
6019
6165
|
|
|
6020
|
-
/*! @azure/msal-common v16.6.
|
|
6166
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6021
6167
|
|
|
6022
6168
|
/*
|
|
6023
6169
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6274,7 +6420,7 @@ class AuthorizationCodeClient {
|
|
|
6274
6420
|
}
|
|
6275
6421
|
}
|
|
6276
6422
|
|
|
6277
|
-
/*! @azure/msal-common v16.6.
|
|
6423
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6278
6424
|
|
|
6279
6425
|
/*
|
|
6280
6426
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6495,7 +6641,7 @@ class RefreshTokenClient {
|
|
|
6495
6641
|
}
|
|
6496
6642
|
}
|
|
6497
6643
|
|
|
6498
|
-
/*! @azure/msal-common v16.6.
|
|
6644
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6499
6645
|
|
|
6500
6646
|
/*
|
|
6501
6647
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6611,7 +6757,7 @@ class SilentFlowClient {
|
|
|
6611
6757
|
}
|
|
6612
6758
|
}
|
|
6613
6759
|
|
|
6614
|
-
/*! @azure/msal-common v16.6.
|
|
6760
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6615
6761
|
|
|
6616
6762
|
/*
|
|
6617
6763
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6626,7 +6772,7 @@ const StubbedNetworkModule = {
|
|
|
6626
6772
|
},
|
|
6627
6773
|
};
|
|
6628
6774
|
|
|
6629
|
-
/*! @azure/msal-common v16.6.
|
|
6775
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6630
6776
|
|
|
6631
6777
|
/*
|
|
6632
6778
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6849,7 +6995,7 @@ function extractLoginHint(account) {
|
|
|
6849
6995
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6850
6996
|
}
|
|
6851
6997
|
|
|
6852
|
-
/*! @azure/msal-common v16.6.
|
|
6998
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6853
6999
|
|
|
6854
7000
|
/*
|
|
6855
7001
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6882,7 +7028,7 @@ function containsResourceParam(params) {
|
|
|
6882
7028
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
6883
7029
|
}
|
|
6884
7030
|
|
|
6885
|
-
/*! @azure/msal-common v16.6.
|
|
7031
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6886
7032
|
/*
|
|
6887
7033
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6888
7034
|
* Licensed under the MIT License.
|
|
@@ -6892,7 +7038,7 @@ function containsResourceParam(params) {
|
|
|
6892
7038
|
*/
|
|
6893
7039
|
const unexpectedError = "unexpected_error";
|
|
6894
7040
|
|
|
6895
|
-
/*! @azure/msal-common v16.6.
|
|
7041
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6896
7042
|
|
|
6897
7043
|
/*
|
|
6898
7044
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7153,7 +7299,7 @@ class ServerTelemetryManager {
|
|
|
7153
7299
|
}
|
|
7154
7300
|
}
|
|
7155
7301
|
|
|
7156
|
-
/*! @azure/msal-common v16.6.
|
|
7302
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7157
7303
|
|
|
7158
7304
|
/*
|
|
7159
7305
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7174,7 +7320,7 @@ function createJoseHeaderError(code) {
|
|
|
7174
7320
|
return new JoseHeaderError(code);
|
|
7175
7321
|
}
|
|
7176
7322
|
|
|
7177
|
-
/*! @azure/msal-common v16.6.
|
|
7323
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7178
7324
|
/*
|
|
7179
7325
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7180
7326
|
* Licensed under the MIT License.
|
|
@@ -7182,7 +7328,7 @@ function createJoseHeaderError(code) {
|
|
|
7182
7328
|
const missingKidError = "missing_kid_error";
|
|
7183
7329
|
const missingAlgError = "missing_alg_error";
|
|
7184
7330
|
|
|
7185
|
-
/*! @azure/msal-common v16.6.
|
|
7331
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7186
7332
|
|
|
7187
7333
|
/*
|
|
7188
7334
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7617,7 +7763,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
|
|
|
7617
7763
|
|
|
7618
7764
|
/* eslint-disable header/header */
|
|
7619
7765
|
const name = "@azure/msal-browser";
|
|
7620
|
-
const version = "5.
|
|
7766
|
+
const version = "5.11.0";
|
|
7621
7767
|
|
|
7622
7768
|
/*
|
|
7623
7769
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7646,6 +7792,15 @@ const HttpHeaderKeys = {
|
|
|
7646
7792
|
CONTENT_TYPE: "Content-Type",
|
|
7647
7793
|
X_MS_REQUEST_ID: "x-ms-request-id",
|
|
7648
7794
|
};
|
|
7795
|
+
const CustomHeaderConstants = {
|
|
7796
|
+
REQUIRED_PREFIX: "x-",
|
|
7797
|
+
RESERVED_PREFIXES: [
|
|
7798
|
+
"x-client-",
|
|
7799
|
+
"x-ms-",
|
|
7800
|
+
"x-broker-",
|
|
7801
|
+
"x-app-",
|
|
7802
|
+
],
|
|
7803
|
+
};
|
|
7649
7804
|
const DefaultPackageInfo = {
|
|
7650
7805
|
SKU: "msal.browser",
|
|
7651
7806
|
VERSION: version,
|
|
@@ -9469,12 +9624,13 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
9469
9624
|
* and logoutHint attribute wasn't manually set in logout request
|
|
9470
9625
|
*/
|
|
9471
9626
|
if (logoutRequest) {
|
|
9472
|
-
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
|
|
9627
|
+
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
|
|
9473
9628
|
if (!logoutRequest.logoutHint) {
|
|
9474
9629
|
if (logoutRequest.account) {
|
|
9475
|
-
const logoutHint =
|
|
9630
|
+
const logoutHint = logoutRequest.account.loginHint ||
|
|
9631
|
+
this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
|
|
9476
9632
|
if (logoutHint) {
|
|
9477
|
-
this.logger.verbose("
|
|
9633
|
+
this.logger.verbose("0d7s8p", this.correlationId);
|
|
9478
9634
|
validLogoutRequest.logoutHint = logoutHint;
|
|
9479
9635
|
}
|
|
9480
9636
|
}
|
|
@@ -9527,6 +9683,7 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
9527
9683
|
const idTokenClaims = account.idTokenClaims;
|
|
9528
9684
|
if (idTokenClaims) {
|
|
9529
9685
|
if (idTokenClaims.login_hint) {
|
|
9686
|
+
this.logger.verbose("0u5bmc", this.correlationId);
|
|
9530
9687
|
return idTokenClaims.login_hint;
|
|
9531
9688
|
}
|
|
9532
9689
|
else {
|
|
@@ -10818,15 +10975,67 @@ class CustomAuthInterationClientFactory {
|
|
|
10818
10975
|
}
|
|
10819
10976
|
}
|
|
10820
10977
|
|
|
10978
|
+
/*
|
|
10979
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10980
|
+
* Licensed under the MIT License.
|
|
10981
|
+
*/
|
|
10982
|
+
/**
|
|
10983
|
+
* Filters the headers returned by a {@link CustomAuthRequestInterceptor},
|
|
10984
|
+
* keeping only those that conform to the custom-auth header naming rules.
|
|
10985
|
+
*
|
|
10986
|
+
* Rules (mirrors the iOS / Android native auth implementations):
|
|
10987
|
+
* - Header names must start with `x-` (case-insensitive); others are dropped.
|
|
10988
|
+
* - Header names that start with any reserved prefix (`x-client-`, `x-ms-`,
|
|
10989
|
+
* `x-broker-`, `x-app-`) are dropped.
|
|
10990
|
+
* - Headers with empty/whitespace-only names or null/undefined values are dropped.
|
|
10991
|
+
*
|
|
10992
|
+
* Dropped headers are logged as warnings (PII-safe) when a logger is provided.
|
|
10993
|
+
*
|
|
10994
|
+
* @param headers - Raw headers returned by the interceptor.
|
|
10995
|
+
* @param logger - Optional logger used to emit warnings for dropped headers.
|
|
10996
|
+
* @param correlationId - Optional correlation id forwarded to the logger.
|
|
10997
|
+
* @returns A new record containing only the headers that pass the filter,
|
|
10998
|
+
* preserving the original casing of header names.
|
|
10999
|
+
*/
|
|
11000
|
+
function filterCustomHeaders(headers, logger, correlationId) {
|
|
11001
|
+
const filtered = {};
|
|
11002
|
+
if (!headers) {
|
|
11003
|
+
return filtered;
|
|
11004
|
+
}
|
|
11005
|
+
for (const [name, value] of Object.entries(headers)) {
|
|
11006
|
+
if (!name || value === undefined || value === null) {
|
|
11007
|
+
continue;
|
|
11008
|
+
}
|
|
11009
|
+
const trimmedName = name.trim();
|
|
11010
|
+
if (!trimmedName) {
|
|
11011
|
+
continue;
|
|
11012
|
+
}
|
|
11013
|
+
const lowerName = trimmedName.toLowerCase();
|
|
11014
|
+
if (!lowerName.startsWith(CustomHeaderConstants.REQUIRED_PREFIX)) {
|
|
11015
|
+
logger?.warningPii("0vzpop", correlationId ?? "");
|
|
11016
|
+
continue;
|
|
11017
|
+
}
|
|
11018
|
+
const reservedPrefix = CustomHeaderConstants.RESERVED_PREFIXES.find((prefix) => lowerName.startsWith(prefix));
|
|
11019
|
+
if (reservedPrefix) {
|
|
11020
|
+
logger?.warningPii("1m3lhk", correlationId ?? "");
|
|
11021
|
+
continue;
|
|
11022
|
+
}
|
|
11023
|
+
filtered[trimmedName] = value;
|
|
11024
|
+
}
|
|
11025
|
+
return filtered;
|
|
11026
|
+
}
|
|
11027
|
+
|
|
10821
11028
|
/*
|
|
10822
11029
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10823
11030
|
* Licensed under the MIT License.
|
|
10824
11031
|
*/
|
|
10825
11032
|
class BaseApiClient {
|
|
10826
|
-
constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams) {
|
|
11033
|
+
constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
10827
11034
|
this.clientId = clientId;
|
|
10828
11035
|
this.httpClient = httpClient;
|
|
10829
11036
|
this.customAuthApiQueryParams = customAuthApiQueryParams;
|
|
11037
|
+
this.requestInterceptor = requestInterceptor;
|
|
11038
|
+
this.logger = logger;
|
|
10830
11039
|
this.baseRequestUrl = parseUrl(!baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl);
|
|
10831
11040
|
}
|
|
10832
11041
|
async request(endpoint, data, telemetryManager, correlationId) {
|
|
@@ -10834,8 +11043,10 @@ class BaseApiClient {
|
|
|
10834
11043
|
client_id: this.clientId,
|
|
10835
11044
|
...data,
|
|
10836
11045
|
});
|
|
10837
|
-
const
|
|
11046
|
+
const commonHeaders = this.getCommonHeaders(correlationId, telemetryManager);
|
|
10838
11047
|
const url = buildUrl(this.baseRequestUrl.href, endpoint, this.customAuthApiQueryParams);
|
|
11048
|
+
const additionalHeaders = await this.getAdditionalHeaders(url, correlationId);
|
|
11049
|
+
const headers = { ...commonHeaders, ...additionalHeaders };
|
|
10839
11050
|
let response;
|
|
10840
11051
|
try {
|
|
10841
11052
|
response = await this.httpClient.post(url, formData, headers);
|
|
@@ -10893,6 +11104,19 @@ class BaseApiClient {
|
|
|
10893
11104
|
: responseError.invalid_attributes ?? [];
|
|
10894
11105
|
throw new CustomAuthApiError(responseError.error, responseError.error_description, responseError.correlation_id, responseError.error_codes, responseError.suberror, attributes, responseError.continuation_token, responseError.trace_id, responseError.timestamp);
|
|
10895
11106
|
}
|
|
11107
|
+
async getAdditionalHeaders(url, correlationId) {
|
|
11108
|
+
if (!this.requestInterceptor) {
|
|
11109
|
+
return {};
|
|
11110
|
+
}
|
|
11111
|
+
try {
|
|
11112
|
+
const result = await Promise.resolve(this.requestInterceptor.addAdditionalHeaderFields(url));
|
|
11113
|
+
return filterCustomHeaders(result, this.logger, correlationId);
|
|
11114
|
+
}
|
|
11115
|
+
catch (e) {
|
|
11116
|
+
this.logger?.warningPii("1ptwx4", correlationId);
|
|
11117
|
+
return {};
|
|
11118
|
+
}
|
|
11119
|
+
}
|
|
10896
11120
|
}
|
|
10897
11121
|
|
|
10898
11122
|
/*
|
|
@@ -10900,8 +11124,8 @@ class BaseApiClient {
|
|
|
10900
11124
|
* Licensed under the MIT License.
|
|
10901
11125
|
*/
|
|
10902
11126
|
class ResetPasswordApiClient extends BaseApiClient {
|
|
10903
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
10904
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11127
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11128
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
10905
11129
|
this.capabilities = capabilities;
|
|
10906
11130
|
}
|
|
10907
11131
|
/**
|
|
@@ -10984,8 +11208,8 @@ class ResetPasswordApiClient extends BaseApiClient {
|
|
|
10984
11208
|
* Licensed under the MIT License.
|
|
10985
11209
|
*/
|
|
10986
11210
|
class SignupApiClient extends BaseApiClient {
|
|
10987
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
10988
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11211
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11212
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
10989
11213
|
this.capabilities = capabilities;
|
|
10990
11214
|
}
|
|
10991
11215
|
/**
|
|
@@ -11054,8 +11278,8 @@ class SignupApiClient extends BaseApiClient {
|
|
|
11054
11278
|
* Licensed under the MIT License.
|
|
11055
11279
|
*/
|
|
11056
11280
|
class SignInApiClient extends BaseApiClient {
|
|
11057
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11058
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11281
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11282
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11059
11283
|
this.capabilities = capabilities;
|
|
11060
11284
|
}
|
|
11061
11285
|
/**
|
|
@@ -11222,11 +11446,11 @@ class RegisterApiClient extends BaseApiClient {
|
|
|
11222
11446
|
* Licensed under the MIT License.
|
|
11223
11447
|
*/
|
|
11224
11448
|
class CustomAuthApiClient {
|
|
11225
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11226
|
-
this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11227
|
-
this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11228
|
-
this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11229
|
-
this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11449
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11450
|
+
this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11451
|
+
this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11452
|
+
this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11453
|
+
this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11230
11454
|
}
|
|
11231
11455
|
}
|
|
11232
11456
|
|
|
@@ -14237,7 +14461,6 @@ const CREDENTIAL_SCHEMA_VERSION = 3;
|
|
|
14237
14461
|
const ACCOUNT_SCHEMA_VERSION = 3;
|
|
14238
14462
|
const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
|
|
14239
14463
|
const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
|
|
14240
|
-
const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
|
|
14241
14464
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
14242
14465
|
const ACCOUNT_KEYS = "account.keys";
|
|
14243
14466
|
const TOKEN_KEYS = "token.keys";
|
|
@@ -17771,6 +17994,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
17771
17994
|
};
|
|
17772
17995
|
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
17773
17996
|
iframeTimeoutTelemetry: false,
|
|
17997
|
+
allowPlatformBrokerWithDOM: false,
|
|
17774
17998
|
};
|
|
17775
17999
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
17776
18000
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
@@ -18215,9 +18439,8 @@ class PlatformAuthDOMHandler {
|
|
|
18215
18439
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
18216
18440
|
* Licensed under the MIT License.
|
|
18217
18441
|
*/
|
|
18218
|
-
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
|
|
18442
|
+
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
|
|
18219
18443
|
logger.trace("134j0v", correlationId);
|
|
18220
|
-
const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
|
|
18221
18444
|
logger.trace("04c81g", correlationId);
|
|
18222
18445
|
let platformAuthProvider;
|
|
18223
18446
|
try {
|
|
@@ -18241,22 +18464,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
|
|
|
18241
18464
|
}
|
|
18242
18465
|
return platformAuthProvider;
|
|
18243
18466
|
}
|
|
18244
|
-
/**
|
|
18245
|
-
* Returns true if the DOM API support for platform auth is enabled in session storage
|
|
18246
|
-
* @returns boolean
|
|
18247
|
-
* @deprecated
|
|
18248
|
-
*/
|
|
18249
|
-
function isDomEnabledForPlatformAuth() {
|
|
18250
|
-
let sessionStorage;
|
|
18251
|
-
try {
|
|
18252
|
-
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
18253
|
-
// Mute errors if it's a non-browser environment or cookies are blocked.
|
|
18254
|
-
return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
|
|
18255
|
-
}
|
|
18256
|
-
catch (e) {
|
|
18257
|
-
return false;
|
|
18258
|
-
}
|
|
18259
|
-
}
|
|
18260
18467
|
/**
|
|
18261
18468
|
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
18262
18469
|
* @param logger
|
|
@@ -18267,6 +18474,11 @@ function isDomEnabledForPlatformAuth() {
|
|
|
18267
18474
|
*/
|
|
18268
18475
|
function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
|
|
18269
18476
|
logger.trace("0uko3r", correlationId);
|
|
18477
|
+
// throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
|
|
18478
|
+
if (!config.system.allowPlatformBroker &&
|
|
18479
|
+
config.experimental.allowPlatformBrokerWithDOM) {
|
|
18480
|
+
throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
|
|
18481
|
+
}
|
|
18270
18482
|
if (!config.system.allowPlatformBroker) {
|
|
18271
18483
|
logger.trace("04hozs", correlationId);
|
|
18272
18484
|
// Developer disabled WAM
|
|
@@ -19714,7 +19926,7 @@ class StandardController {
|
|
|
19714
19926
|
if (allowPlatformBroker) {
|
|
19715
19927
|
try {
|
|
19716
19928
|
// check if platform authentication is available via DOM or browser extension and create relevant handlers
|
|
19717
|
-
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
|
|
19929
|
+
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
|
|
19718
19930
|
}
|
|
19719
19931
|
catch (e) {
|
|
19720
19932
|
this.logger.verbose(e, correlationId);
|
|
@@ -21096,7 +21308,7 @@ class CustomAuthStandardController extends StandardController {
|
|
|
21096
21308
|
this.customAuthConfig = operatingContext.getCustomAuthConfig();
|
|
21097
21309
|
this.authority = new CustomAuthAuthority(this.customAuthConfig.auth.authority, this.customAuthConfig, this.networkClient, this.browserStorage, this.logger, this.performanceClient, this.customAuthConfig.customAuth?.authApiProxyUrl);
|
|
21098
21310
|
const interactionClientFactory = new CustomAuthInterationClientFactory(this.customAuthConfig, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, customAuthApiClient ??
|
|
21099
|
-
new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams), this.authority);
|
|
21311
|
+
new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams, this.customAuthConfig.customAuth?.requestInterceptor, this.logger), this.authority);
|
|
21100
21312
|
this.signInClient = interactionClientFactory.create(SignInClient);
|
|
21101
21313
|
this.signUpClient = interactionClientFactory.create(SignUpClient);
|
|
21102
21314
|
this.resetPasswordClient =
|