@azure/msal-browser 5.10.0 → 5.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +2 -3
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +2 -2
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +21 -9
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +21 -9
- package/lib/custom-auth-path/msal-custom-auth.cjs +319 -107
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +319 -107
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +8 -8
- package/lib/msal-browser.cjs +241 -104
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +241 -104
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/StandardController.ts +2 -1
- package/src/custom_auth/CustomAuthConstants.ts +10 -0
- package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
- package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
- package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
- package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
- package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
- package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
- package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
- package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
- package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
- package/src/custom_auth/index.ts +4 -0
- package/src/interaction_client/StandardInteractionClient.ts +11 -5
- package/src/packageMetadata.ts +1 -1
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +4 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
- package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
- package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
- package/types/custom_auth/index.d.ts +1 -0
- package/types/custom_auth/index.d.ts.map +1 -1
- package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.11.0 2026-05-19 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.6.
|
|
9
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -233,7 +233,7 @@
|
|
|
233
233
|
// Token renewal offset default in seconds
|
|
234
234
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
235
235
|
|
|
236
|
-
/*! @azure/msal-common v16.6.
|
|
236
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
237
237
|
/*
|
|
238
238
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
239
239
|
* Licensed under the MIT License.
|
|
@@ -285,7 +285,7 @@
|
|
|
285
285
|
const RESOURCE = "resource";
|
|
286
286
|
const CLI_DATA = "clidata";
|
|
287
287
|
|
|
288
|
-
/*! @azure/msal-common v16.6.
|
|
288
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
289
289
|
/*
|
|
290
290
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
291
291
|
* Licensed under the MIT License.
|
|
@@ -316,7 +316,7 @@
|
|
|
316
316
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
317
317
|
}
|
|
318
318
|
|
|
319
|
-
/*! @azure/msal-common v16.6.
|
|
319
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
320
320
|
|
|
321
321
|
/*
|
|
322
322
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -336,7 +336,7 @@
|
|
|
336
336
|
return new ClientConfigurationError(errorCode);
|
|
337
337
|
}
|
|
338
338
|
|
|
339
|
-
/*! @azure/msal-common v16.6.
|
|
339
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
340
340
|
/*
|
|
341
341
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
342
342
|
* Licensed under the MIT License.
|
|
@@ -416,7 +416,7 @@
|
|
|
416
416
|
}
|
|
417
417
|
}
|
|
418
418
|
|
|
419
|
-
/*! @azure/msal-common v16.6.
|
|
419
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
420
420
|
|
|
421
421
|
/*
|
|
422
422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -439,7 +439,7 @@
|
|
|
439
439
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
440
440
|
}
|
|
441
441
|
|
|
442
|
-
/*! @azure/msal-common v16.6.
|
|
442
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
443
443
|
/*
|
|
444
444
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
445
445
|
* Licensed under the MIT License.
|
|
@@ -461,9 +461,11 @@
|
|
|
461
461
|
const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
462
462
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
463
463
|
const authorityMismatch = "authority_mismatch";
|
|
464
|
-
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
464
|
+
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
465
|
+
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
466
|
+
const issuerValidationFailed = "issuer_validation_failed";
|
|
465
467
|
|
|
466
|
-
/*! @azure/msal-common v16.6.
|
|
468
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
467
469
|
/*
|
|
468
470
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
469
471
|
* Licensed under the MIT License.
|
|
@@ -502,7 +504,7 @@
|
|
|
502
504
|
const resourceParameterRequired = "resource_parameter_required";
|
|
503
505
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
504
506
|
|
|
505
|
-
/*! @azure/msal-common v16.6.
|
|
507
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
506
508
|
|
|
507
509
|
/*
|
|
508
510
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -697,7 +699,7 @@
|
|
|
697
699
|
}
|
|
698
700
|
}
|
|
699
701
|
|
|
700
|
-
/*! @azure/msal-common v16.6.
|
|
702
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
701
703
|
|
|
702
704
|
/*
|
|
703
705
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1086,7 +1088,7 @@
|
|
|
1086
1088
|
}
|
|
1087
1089
|
}
|
|
1088
1090
|
|
|
1089
|
-
/*! @azure/msal-common v16.6.
|
|
1091
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1090
1092
|
|
|
1091
1093
|
/*
|
|
1092
1094
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1195,7 +1197,7 @@
|
|
|
1195
1197
|
}
|
|
1196
1198
|
}
|
|
1197
1199
|
|
|
1198
|
-
/*! @azure/msal-common v16.6.
|
|
1200
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1199
1201
|
|
|
1200
1202
|
/*
|
|
1201
1203
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1234,7 +1236,7 @@
|
|
|
1234
1236
|
},
|
|
1235
1237
|
};
|
|
1236
1238
|
|
|
1237
|
-
/*! @azure/msal-common v16.6.
|
|
1239
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1238
1240
|
/*
|
|
1239
1241
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1240
1242
|
* Licensed under the MIT License.
|
|
@@ -1495,12 +1497,12 @@
|
|
|
1495
1497
|
}
|
|
1496
1498
|
}
|
|
1497
1499
|
|
|
1498
|
-
/*! @azure/msal-common v16.6.
|
|
1500
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1499
1501
|
/* eslint-disable header/header */
|
|
1500
1502
|
const name$1 = "@azure/msal-common";
|
|
1501
|
-
const version$1 = "16.6.
|
|
1503
|
+
const version$1 = "16.6.2";
|
|
1502
1504
|
|
|
1503
|
-
/*! @azure/msal-common v16.6.
|
|
1505
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1504
1506
|
/*
|
|
1505
1507
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1506
1508
|
* Licensed under the MIT License.
|
|
@@ -1509,7 +1511,7 @@
|
|
|
1509
1511
|
// AzureCloudInstance is not specified.
|
|
1510
1512
|
None: "none"};
|
|
1511
1513
|
|
|
1512
|
-
/*! @azure/msal-common v16.6.
|
|
1514
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1513
1515
|
/*
|
|
1514
1516
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1515
1517
|
* Licensed under the MIT License.
|
|
@@ -1592,7 +1594,7 @@
|
|
|
1592
1594
|
return updatedAccountInfo;
|
|
1593
1595
|
}
|
|
1594
1596
|
|
|
1595
|
-
/*! @azure/msal-common v16.6.
|
|
1597
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1596
1598
|
|
|
1597
1599
|
/*
|
|
1598
1600
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1672,7 +1674,7 @@
|
|
|
1672
1674
|
}
|
|
1673
1675
|
}
|
|
1674
1676
|
|
|
1675
|
-
/*! @azure/msal-common v16.6.
|
|
1677
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1676
1678
|
|
|
1677
1679
|
/*
|
|
1678
1680
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1829,7 +1831,7 @@
|
|
|
1829
1831
|
}
|
|
1830
1832
|
}
|
|
1831
1833
|
|
|
1832
|
-
/*! @azure/msal-common v16.6.
|
|
1834
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1833
1835
|
|
|
1834
1836
|
/*
|
|
1835
1837
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1915,6 +1917,15 @@
|
|
|
1915
1917
|
preferred_cache: "login.sovcloud-identity.sg",
|
|
1916
1918
|
aliases: ["login.sovcloud-identity.sg"],
|
|
1917
1919
|
},
|
|
1920
|
+
{
|
|
1921
|
+
preferred_network: "login.windows-ppe.net",
|
|
1922
|
+
preferred_cache: "login.windows-ppe.net",
|
|
1923
|
+
aliases: [
|
|
1924
|
+
"login.windows-ppe.net",
|
|
1925
|
+
"sts.windows-ppe.net",
|
|
1926
|
+
"login.microsoft-ppe.com",
|
|
1927
|
+
],
|
|
1928
|
+
},
|
|
1918
1929
|
],
|
|
1919
1930
|
},
|
|
1920
1931
|
};
|
|
@@ -1986,7 +1997,7 @@
|
|
|
1986
1997
|
return null;
|
|
1987
1998
|
}
|
|
1988
1999
|
|
|
1989
|
-
/*! @azure/msal-common v16.6.
|
|
2000
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1990
2001
|
/*
|
|
1991
2002
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1992
2003
|
* Licensed under the MIT License.
|
|
@@ -1994,7 +2005,7 @@
|
|
|
1994
2005
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
1995
2006
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
1996
2007
|
|
|
1997
|
-
/*! @azure/msal-common v16.6.
|
|
2008
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
1998
2009
|
|
|
1999
2010
|
/*
|
|
2000
2011
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2032,7 +2043,7 @@
|
|
|
2032
2043
|
}
|
|
2033
2044
|
}
|
|
2034
2045
|
|
|
2035
|
-
/*! @azure/msal-common v16.6.
|
|
2046
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2036
2047
|
|
|
2037
2048
|
/*
|
|
2038
2049
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2070,7 +2081,7 @@
|
|
|
2070
2081
|
};
|
|
2071
2082
|
}
|
|
2072
2083
|
|
|
2073
|
-
/*! @azure/msal-common v16.6.
|
|
2084
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2074
2085
|
/*
|
|
2075
2086
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2076
2087
|
* Licensed under the MIT License.
|
|
@@ -2085,7 +2096,7 @@
|
|
|
2085
2096
|
Ciam: 3,
|
|
2086
2097
|
};
|
|
2087
2098
|
|
|
2088
|
-
/*! @azure/msal-common v16.6.
|
|
2099
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2089
2100
|
/*
|
|
2090
2101
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2091
2102
|
* Licensed under the MIT License.
|
|
@@ -2107,7 +2118,7 @@
|
|
|
2107
2118
|
return null;
|
|
2108
2119
|
}
|
|
2109
2120
|
|
|
2110
|
-
/*! @azure/msal-common v16.6.
|
|
2121
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2111
2122
|
/*
|
|
2112
2123
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2113
2124
|
* Licensed under the MIT License.
|
|
@@ -2131,7 +2142,7 @@
|
|
|
2131
2142
|
EAR: "EAR",
|
|
2132
2143
|
};
|
|
2133
2144
|
|
|
2134
|
-
/*! @azure/msal-common v16.6.
|
|
2145
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2135
2146
|
/**
|
|
2136
2147
|
* Returns the AccountInfo interface for this account.
|
|
2137
2148
|
*/
|
|
@@ -2306,7 +2317,7 @@
|
|
|
2306
2317
|
entity.hasOwnProperty("authorityType"));
|
|
2307
2318
|
}
|
|
2308
2319
|
|
|
2309
|
-
/*! @azure/msal-common v16.6.
|
|
2320
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
2310
2321
|
|
|
2311
2322
|
/*
|
|
2312
2323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3437,7 +3448,7 @@
|
|
|
3437
3448
|
}
|
|
3438
3449
|
}
|
|
3439
3450
|
|
|
3440
|
-
/*! @azure/msal-common v16.6.
|
|
3451
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3441
3452
|
/*
|
|
3442
3453
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3443
3454
|
* Licensed under the MIT License.
|
|
@@ -3451,7 +3462,7 @@
|
|
|
3451
3462
|
const PerformanceEventStatus = {
|
|
3452
3463
|
InProgress: 1};
|
|
3453
3464
|
|
|
3454
|
-
/*! @azure/msal-common v16.6.
|
|
3465
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3455
3466
|
|
|
3456
3467
|
/*
|
|
3457
3468
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3506,7 +3517,7 @@
|
|
|
3506
3517
|
}
|
|
3507
3518
|
}
|
|
3508
3519
|
|
|
3509
|
-
/*! @azure/msal-common v16.6.
|
|
3520
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3510
3521
|
|
|
3511
3522
|
/*
|
|
3512
3523
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3601,7 +3612,7 @@
|
|
|
3601
3612
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3602
3613
|
}
|
|
3603
3614
|
|
|
3604
|
-
/*! @azure/msal-common v16.6.
|
|
3615
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3605
3616
|
/*
|
|
3606
3617
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3607
3618
|
* Licensed under the MIT License.
|
|
@@ -3628,7 +3639,7 @@
|
|
|
3628
3639
|
}
|
|
3629
3640
|
}
|
|
3630
3641
|
|
|
3631
|
-
/*! @azure/msal-common v16.6.
|
|
3642
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3632
3643
|
/*
|
|
3633
3644
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3634
3645
|
* Licensed under the MIT License.
|
|
@@ -3693,7 +3704,7 @@
|
|
|
3693
3704
|
return cachedAtSec > nowSeconds();
|
|
3694
3705
|
}
|
|
3695
3706
|
|
|
3696
|
-
/*! @azure/msal-common v16.6.
|
|
3707
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3697
3708
|
|
|
3698
3709
|
/*
|
|
3699
3710
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3952,7 +3963,7 @@
|
|
|
3952
3963
|
return metadata.expiresAt <= nowSeconds();
|
|
3953
3964
|
}
|
|
3954
3965
|
|
|
3955
|
-
/*! @azure/msal-common v16.6.
|
|
3966
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
3956
3967
|
/*
|
|
3957
3968
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3958
3969
|
* Licensed under the MIT License.
|
|
@@ -4023,7 +4034,7 @@
|
|
|
4023
4034
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4024
4035
|
const SetUserData = "setUserData";
|
|
4025
4036
|
|
|
4026
|
-
/*! @azure/msal-common v16.6.
|
|
4037
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4027
4038
|
/*
|
|
4028
4039
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4029
4040
|
* Licensed under the MIT License.
|
|
@@ -4116,7 +4127,7 @@
|
|
|
4116
4127
|
};
|
|
4117
4128
|
};
|
|
4118
4129
|
|
|
4119
|
-
/*! @azure/msal-common v16.6.
|
|
4130
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4120
4131
|
|
|
4121
4132
|
/*
|
|
4122
4133
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4196,7 +4207,7 @@
|
|
|
4196
4207
|
}
|
|
4197
4208
|
}
|
|
4198
4209
|
|
|
4199
|
-
/*! @azure/msal-common v16.6.
|
|
4210
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4200
4211
|
/*
|
|
4201
4212
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4202
4213
|
* Licensed under the MIT License.
|
|
@@ -4247,7 +4258,7 @@
|
|
|
4247
4258
|
*/
|
|
4248
4259
|
const interruptedUser = "interrupted_user";
|
|
4249
4260
|
|
|
4250
|
-
/*! @azure/msal-common v16.6.
|
|
4261
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4251
4262
|
|
|
4252
4263
|
/*
|
|
4253
4264
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4315,7 +4326,7 @@
|
|
|
4315
4326
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4316
4327
|
}
|
|
4317
4328
|
|
|
4318
|
-
/*! @azure/msal-common v16.6.
|
|
4329
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4319
4330
|
|
|
4320
4331
|
/*
|
|
4321
4332
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4334,7 +4345,7 @@
|
|
|
4334
4345
|
}
|
|
4335
4346
|
}
|
|
4336
4347
|
|
|
4337
|
-
/*! @azure/msal-common v16.6.
|
|
4348
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4338
4349
|
|
|
4339
4350
|
/*
|
|
4340
4351
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4402,7 +4413,7 @@
|
|
|
4402
4413
|
}
|
|
4403
4414
|
}
|
|
4404
4415
|
|
|
4405
|
-
/*! @azure/msal-common v16.6.
|
|
4416
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4406
4417
|
|
|
4407
4418
|
/*
|
|
4408
4419
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4750,7 +4761,7 @@
|
|
|
4750
4761
|
return baseAccount;
|
|
4751
4762
|
}
|
|
4752
4763
|
|
|
4753
|
-
/*! @azure/msal-common v16.6.
|
|
4764
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4754
4765
|
/*
|
|
4755
4766
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4756
4767
|
* Licensed under the MIT License.
|
|
@@ -4760,7 +4771,7 @@
|
|
|
4760
4771
|
UPN: "UPN",
|
|
4761
4772
|
};
|
|
4762
4773
|
|
|
4763
|
-
/*! @azure/msal-common v16.6.
|
|
4774
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4764
4775
|
/*
|
|
4765
4776
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4766
4777
|
* Licensed under the MIT License.
|
|
@@ -4778,7 +4789,7 @@
|
|
|
4778
4789
|
}
|
|
4779
4790
|
}
|
|
4780
4791
|
|
|
4781
|
-
/*! @azure/msal-common v16.6.
|
|
4792
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4782
4793
|
/*
|
|
4783
4794
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4784
4795
|
* Licensed under the MIT License.
|
|
@@ -4799,7 +4810,7 @@
|
|
|
4799
4810
|
};
|
|
4800
4811
|
}
|
|
4801
4812
|
|
|
4802
|
-
/*! @azure/msal-common v16.6.
|
|
4813
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4803
4814
|
|
|
4804
4815
|
/*
|
|
4805
4816
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4885,7 +4896,7 @@
|
|
|
4885
4896
|
}
|
|
4886
4897
|
}
|
|
4887
4898
|
|
|
4888
|
-
/*! @azure/msal-common v16.6.
|
|
4899
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4889
4900
|
|
|
4890
4901
|
/*
|
|
4891
4902
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4916,7 +4927,7 @@
|
|
|
4916
4927
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4917
4928
|
}
|
|
4918
4929
|
|
|
4919
|
-
/*! @azure/msal-common v16.6.
|
|
4930
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
4920
4931
|
|
|
4921
4932
|
/*
|
|
4922
4933
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5030,7 +5041,7 @@
|
|
|
5030
5041
|
return response;
|
|
5031
5042
|
}
|
|
5032
5043
|
|
|
5033
|
-
/*! @azure/msal-common v16.6.
|
|
5044
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5034
5045
|
/*
|
|
5035
5046
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5036
5047
|
* Licensed under the MIT License.
|
|
@@ -5042,7 +5053,7 @@
|
|
|
5042
5053
|
response.hasOwnProperty("jwks_uri"));
|
|
5043
5054
|
}
|
|
5044
5055
|
|
|
5045
|
-
/*! @azure/msal-common v16.6.
|
|
5056
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5046
5057
|
/*
|
|
5047
5058
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5048
5059
|
* Licensed under the MIT License.
|
|
@@ -5052,7 +5063,7 @@
|
|
|
5052
5063
|
response.hasOwnProperty("metadata"));
|
|
5053
5064
|
}
|
|
5054
5065
|
|
|
5055
|
-
/*! @azure/msal-common v16.6.
|
|
5066
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5056
5067
|
/*
|
|
5057
5068
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5058
5069
|
* Licensed under the MIT License.
|
|
@@ -5062,7 +5073,7 @@
|
|
|
5062
5073
|
response.hasOwnProperty("error_description"));
|
|
5063
5074
|
}
|
|
5064
5075
|
|
|
5065
|
-
/*! @azure/msal-common v16.6.
|
|
5076
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5066
5077
|
|
|
5067
5078
|
/*
|
|
5068
5079
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5167,7 +5178,7 @@
|
|
|
5167
5178
|
},
|
|
5168
5179
|
};
|
|
5169
5180
|
|
|
5170
|
-
/*! @azure/msal-common v16.6.
|
|
5181
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5171
5182
|
|
|
5172
5183
|
/*
|
|
5173
5184
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5422,7 +5433,7 @@
|
|
|
5422
5433
|
}, this.correlationId);
|
|
5423
5434
|
}
|
|
5424
5435
|
/**
|
|
5425
|
-
* Returns metadata entity from cache if it exists,
|
|
5436
|
+
* Returns metadata entity from cache if it exists, otherwise returns a new metadata entity built
|
|
5426
5437
|
* from the configured canonical authority
|
|
5427
5438
|
* @returns
|
|
5428
5439
|
*/
|
|
@@ -5491,6 +5502,8 @@
|
|
|
5491
5502
|
// Get metadata from network if local sources aren't available
|
|
5492
5503
|
let metadata = await invokeAsync(this.getEndpointMetadataFromNetwork.bind(this), AuthorityGetEndpointMetadataFromNetwork, this.logger, this.performanceClient, this.correlationId)();
|
|
5493
5504
|
if (metadata) {
|
|
5505
|
+
// Validate the issuer returned by the OIDC discovery document.
|
|
5506
|
+
this.validateIssuer(metadata.issuer);
|
|
5494
5507
|
// If the user prefers to use an azure region replace the global endpoints with regional information.
|
|
5495
5508
|
if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {
|
|
5496
5509
|
metadata = await invokeAsync(this.updateMetadataWithRegionalInformation.bind(this), AuthorityUpdateMetadataWithRegionalInformation, this.logger, this.performanceClient, this.correlationId)(metadata);
|
|
@@ -5659,7 +5672,7 @@
|
|
|
5659
5672
|
throw createClientConfigurationError(untrustedAuthority);
|
|
5660
5673
|
}
|
|
5661
5674
|
updateCloudDiscoveryMetadataFromLocalSources(metadataEntity) {
|
|
5662
|
-
this.logger.verbose("
|
|
5675
|
+
this.logger.verbose("1tpqlr", this.correlationId);
|
|
5663
5676
|
this.logger.verbosePii("1fy7uz", this.correlationId);
|
|
5664
5677
|
this.logger.verbosePii("08zabj", this.correlationId);
|
|
5665
5678
|
this.logger.verbosePii("1o1kv3", this.correlationId);
|
|
@@ -5856,6 +5869,139 @@
|
|
|
5856
5869
|
isAliasOfKnownMicrosoftAuthority(host) {
|
|
5857
5870
|
return InstanceDiscoveryMetadataAliases.has(host);
|
|
5858
5871
|
}
|
|
5872
|
+
/**
|
|
5873
|
+
* Validates the `issuer` returned by an OIDC discovery document against
|
|
5874
|
+
* this authority, per
|
|
5875
|
+
* https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
|
|
5876
|
+
*
|
|
5877
|
+
* The issuer is accepted when ANY of the following holds:
|
|
5878
|
+
* 1. The issuer scheme + host + port match the authority's (path may
|
|
5879
|
+
* differ). Applies to all authorities.
|
|
5880
|
+
* 2. The authority is a Microsoft cloud authority (public, sovereign,
|
|
5881
|
+
* or CIAM), the issuer is HTTPS, and the issuer host is in the known
|
|
5882
|
+
* Microsoft authority host set.
|
|
5883
|
+
* 3. Same as (2), but the issuer host is a single-label regional variant
|
|
5884
|
+
* of a known Microsoft host (e.g. `westus.login.microsoftonline.com`).
|
|
5885
|
+
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
5886
|
+
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
5887
|
+
* path.
|
|
5888
|
+
*
|
|
5889
|
+
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
5890
|
+
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
5891
|
+
*/
|
|
5892
|
+
validateIssuer(issuer) {
|
|
5893
|
+
if (!issuer) {
|
|
5894
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5895
|
+
}
|
|
5896
|
+
// Parse with the WHATWG URL API. URL normalizes scheme + host to lowercase per RFC 3986.
|
|
5897
|
+
let issuerUrl;
|
|
5898
|
+
try {
|
|
5899
|
+
issuerUrl = new URL(issuer);
|
|
5900
|
+
}
|
|
5901
|
+
catch {
|
|
5902
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5903
|
+
}
|
|
5904
|
+
const issuerScheme = issuerUrl.protocol;
|
|
5905
|
+
const issuerHost = issuerUrl.host;
|
|
5906
|
+
const authorityScheme = (this.canonicalAuthorityUrlComponents.Protocol || "").toLowerCase();
|
|
5907
|
+
const authorityHost = (this.canonicalAuthorityUrlComponents.HostNameAndPort || "").toLowerCase();
|
|
5908
|
+
// Rule 1: Same scheme and host
|
|
5909
|
+
const matchesAuthorityOrigin = this.matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost);
|
|
5910
|
+
// Rule 2: The issuer host is a well-known Microsoft authority host (HTTPS only)
|
|
5911
|
+
const matchesKnownMicrosoftHost = issuerScheme === "https:" &&
|
|
5912
|
+
this.isAliasOfKnownMicrosoftAuthority(issuerHost);
|
|
5913
|
+
/*
|
|
5914
|
+
* Rule 3: The issuer host is a regional variant ({region}.{host}) of a well-known host
|
|
5915
|
+
* (HTTPS only). E.g. westus2.login.microsoft.com
|
|
5916
|
+
*/
|
|
5917
|
+
const matchesRegionalMicrosoftHost = issuerScheme === "https:" &&
|
|
5918
|
+
this.matchesRegionalMicrosoftHost(issuerHost);
|
|
5919
|
+
/*
|
|
5920
|
+
* Rule 4: CIAM-specific validation. In a CIAM scenario the issuer is expected to
|
|
5921
|
+
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
5922
|
+
*/
|
|
5923
|
+
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
5924
|
+
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
5925
|
+
if (matchesAuthorityOrigin ||
|
|
5926
|
+
matchesKnownMicrosoftHost ||
|
|
5927
|
+
matchesRegionalMicrosoftHost ||
|
|
5928
|
+
matchesCiamTenantPattern) {
|
|
5929
|
+
return;
|
|
5930
|
+
}
|
|
5931
|
+
// issuer validation fails if none of the above rules are satisfied
|
|
5932
|
+
throw createClientConfigurationError(issuerValidationFailed);
|
|
5933
|
+
}
|
|
5934
|
+
/**
|
|
5935
|
+
* Rule 1: The issuer scheme + host (and port) match the authority's. Path
|
|
5936
|
+
* may differ. Applies to all authorities.
|
|
5937
|
+
*/
|
|
5938
|
+
matchesAuthorityOrigin(issuerScheme, issuerHost, authorityScheme, authorityHost) {
|
|
5939
|
+
return issuerScheme === authorityScheme && issuerHost === authorityHost;
|
|
5940
|
+
}
|
|
5941
|
+
/**
|
|
5942
|
+
* Rule 3: The issuer host is a regional variant
|
|
5943
|
+
* (`{region}.{host}`) of a known Microsoft authority host.
|
|
5944
|
+
* E.g. `westus2.login.microsoft.com`.
|
|
5945
|
+
*/
|
|
5946
|
+
matchesRegionalMicrosoftHost(issuerHost) {
|
|
5947
|
+
const firstDot = issuerHost.indexOf(".");
|
|
5948
|
+
if (firstDot > 0 && firstDot < issuerHost.length - 1) {
|
|
5949
|
+
const hostWithoutRegion = issuerHost.substring(firstDot + 1);
|
|
5950
|
+
return this.isAliasOfKnownMicrosoftAuthority(hostWithoutRegion);
|
|
5951
|
+
}
|
|
5952
|
+
return false;
|
|
5953
|
+
}
|
|
5954
|
+
/**
|
|
5955
|
+
* Rule 4: The issuer matches one of the well-known CIAM tenant patterns
|
|
5956
|
+
* (`https://{tenant}.ciamlogin.com[/{tenant}[.onmicrosoft.com][/v2.0]]`).
|
|
5957
|
+
*
|
|
5958
|
+
* The bare tenant name is extracted from the authority's first path segment
|
|
5959
|
+
* when available (stripping the `.onmicrosoft.com` suffix that
|
|
5960
|
+
* `transformCIAMAuthority` adds), or otherwise from the leftmost label of
|
|
5961
|
+
* the authority host (to support CIAM custom domain scenarios).
|
|
5962
|
+
*
|
|
5963
|
+
* Both `/{tenant}` and `/{tenant}.onmicrosoft.com` path forms are accepted
|
|
5964
|
+
* because the OIDC issuer may use either form depending on the authority URL
|
|
5965
|
+
* that was used to trigger discovery.
|
|
5966
|
+
*/
|
|
5967
|
+
matchesCiamTenantPattern(issuerUrl, authorityHost, authorityPathSegments) {
|
|
5968
|
+
/*
|
|
5969
|
+
* authorityPathSegments[0] is the first path segment of the *authority
|
|
5970
|
+
* URL* after transformCIAMAuthority runs (e.g. "contoso.onmicrosoft.com").
|
|
5971
|
+
* Additional CIAM issuer path segments such as "/v2.0" are part of the
|
|
5972
|
+
* issuer string, not the authority URL's PathSegments.
|
|
5973
|
+
*/
|
|
5974
|
+
const pathSegment = authorityPathSegments[0];
|
|
5975
|
+
/*
|
|
5976
|
+
* Extract the bare tenant name: strip the .onmicrosoft.com suffix when
|
|
5977
|
+
* present (introduced by transformCIAMAuthority), or fall back to the
|
|
5978
|
+
* first label of the authority hostname for non-transformed/custom-domain
|
|
5979
|
+
* CIAM authorities.
|
|
5980
|
+
*/
|
|
5981
|
+
const tenantName = pathSegment
|
|
5982
|
+
? pathSegment.endsWith(AAD_TENANT_DOMAIN_SUFFIX)
|
|
5983
|
+
? pathSegment.slice(0, -AAD_TENANT_DOMAIN_SUFFIX.length)
|
|
5984
|
+
: pathSegment
|
|
5985
|
+
: authorityHost.split(".")[0];
|
|
5986
|
+
if (!tenantName) {
|
|
5987
|
+
return false;
|
|
5988
|
+
}
|
|
5989
|
+
const ciamBaseURL = `https://${tenantName}${CIAM_AUTH_URL}`;
|
|
5990
|
+
const validCiamPatterns = [
|
|
5991
|
+
ciamBaseURL,
|
|
5992
|
+
`${ciamBaseURL}/${tenantName}`,
|
|
5993
|
+
`${ciamBaseURL}/${tenantName}/v2.0`,
|
|
5994
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}`,
|
|
5995
|
+
`${ciamBaseURL}/${tenantName}${AAD_TENANT_DOMAIN_SUFFIX}/v2.0`, // https://{tenant}.ciamlogin.com/{tenant}.onmicrosoft.com/v2.0
|
|
5996
|
+
];
|
|
5997
|
+
/*
|
|
5998
|
+
* Compose the canonical issuer string from URL components and strip any
|
|
5999
|
+
* trailing slashes from the path so it can be compared to the pattern set.
|
|
6000
|
+
*/
|
|
6001
|
+
const issuerPath = issuerUrl.pathname.replace(/\/+$/, "");
|
|
6002
|
+
const normalizedIssuer = `${issuerUrl.protocol}//${issuerUrl.host}${issuerPath}`;
|
|
6003
|
+
return validCiamPatterns.some((pattern) => pattern === normalizedIssuer);
|
|
6004
|
+
}
|
|
5859
6005
|
/**
|
|
5860
6006
|
* Checks whether the provided host is that of a public cloud authority
|
|
5861
6007
|
*
|
|
@@ -5987,7 +6133,7 @@
|
|
|
5987
6133
|
};
|
|
5988
6134
|
}
|
|
5989
6135
|
|
|
5990
|
-
/*! @azure/msal-common v16.6.
|
|
6136
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
5991
6137
|
|
|
5992
6138
|
/*
|
|
5993
6139
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6021,7 +6167,7 @@
|
|
|
6021
6167
|
}
|
|
6022
6168
|
}
|
|
6023
6169
|
|
|
6024
|
-
/*! @azure/msal-common v16.6.
|
|
6170
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6025
6171
|
|
|
6026
6172
|
/*
|
|
6027
6173
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6278,7 +6424,7 @@
|
|
|
6278
6424
|
}
|
|
6279
6425
|
}
|
|
6280
6426
|
|
|
6281
|
-
/*! @azure/msal-common v16.6.
|
|
6427
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6282
6428
|
|
|
6283
6429
|
/*
|
|
6284
6430
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6499,7 +6645,7 @@
|
|
|
6499
6645
|
}
|
|
6500
6646
|
}
|
|
6501
6647
|
|
|
6502
|
-
/*! @azure/msal-common v16.6.
|
|
6648
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6503
6649
|
|
|
6504
6650
|
/*
|
|
6505
6651
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6615,7 +6761,7 @@
|
|
|
6615
6761
|
}
|
|
6616
6762
|
}
|
|
6617
6763
|
|
|
6618
|
-
/*! @azure/msal-common v16.6.
|
|
6764
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6619
6765
|
|
|
6620
6766
|
/*
|
|
6621
6767
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6630,7 +6776,7 @@
|
|
|
6630
6776
|
},
|
|
6631
6777
|
};
|
|
6632
6778
|
|
|
6633
|
-
/*! @azure/msal-common v16.6.
|
|
6779
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6634
6780
|
|
|
6635
6781
|
/*
|
|
6636
6782
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6853,7 +6999,7 @@
|
|
|
6853
6999
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6854
7000
|
}
|
|
6855
7001
|
|
|
6856
|
-
/*! @azure/msal-common v16.6.
|
|
7002
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6857
7003
|
|
|
6858
7004
|
/*
|
|
6859
7005
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6886,7 +7032,7 @@
|
|
|
6886
7032
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
6887
7033
|
}
|
|
6888
7034
|
|
|
6889
|
-
/*! @azure/msal-common v16.6.
|
|
7035
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6890
7036
|
/*
|
|
6891
7037
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6892
7038
|
* Licensed under the MIT License.
|
|
@@ -6896,7 +7042,7 @@
|
|
|
6896
7042
|
*/
|
|
6897
7043
|
const unexpectedError = "unexpected_error";
|
|
6898
7044
|
|
|
6899
|
-
/*! @azure/msal-common v16.6.
|
|
7045
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
6900
7046
|
|
|
6901
7047
|
/*
|
|
6902
7048
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7157,7 +7303,7 @@
|
|
|
7157
7303
|
}
|
|
7158
7304
|
}
|
|
7159
7305
|
|
|
7160
|
-
/*! @azure/msal-common v16.6.
|
|
7306
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7161
7307
|
|
|
7162
7308
|
/*
|
|
7163
7309
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7178,7 +7324,7 @@
|
|
|
7178
7324
|
return new JoseHeaderError(code);
|
|
7179
7325
|
}
|
|
7180
7326
|
|
|
7181
|
-
/*! @azure/msal-common v16.6.
|
|
7327
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7182
7328
|
/*
|
|
7183
7329
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7184
7330
|
* Licensed under the MIT License.
|
|
@@ -7186,7 +7332,7 @@
|
|
|
7186
7332
|
const missingKidError = "missing_kid_error";
|
|
7187
7333
|
const missingAlgError = "missing_alg_error";
|
|
7188
7334
|
|
|
7189
|
-
/*! @azure/msal-common v16.6.
|
|
7335
|
+
/*! @azure/msal-common v16.6.2 2026-05-19 */
|
|
7190
7336
|
|
|
7191
7337
|
/*
|
|
7192
7338
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7621,7 +7767,7 @@
|
|
|
7621
7767
|
|
|
7622
7768
|
/* eslint-disable header/header */
|
|
7623
7769
|
const name = "@azure/msal-browser";
|
|
7624
|
-
const version = "5.
|
|
7770
|
+
const version = "5.11.0";
|
|
7625
7771
|
|
|
7626
7772
|
/*
|
|
7627
7773
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7650,6 +7796,15 @@
|
|
|
7650
7796
|
CONTENT_TYPE: "Content-Type",
|
|
7651
7797
|
X_MS_REQUEST_ID: "x-ms-request-id",
|
|
7652
7798
|
};
|
|
7799
|
+
const CustomHeaderConstants = {
|
|
7800
|
+
REQUIRED_PREFIX: "x-",
|
|
7801
|
+
RESERVED_PREFIXES: [
|
|
7802
|
+
"x-client-",
|
|
7803
|
+
"x-ms-",
|
|
7804
|
+
"x-broker-",
|
|
7805
|
+
"x-app-",
|
|
7806
|
+
],
|
|
7807
|
+
};
|
|
7653
7808
|
const DefaultPackageInfo = {
|
|
7654
7809
|
SKU: "msal.browser",
|
|
7655
7810
|
VERSION: version,
|
|
@@ -9473,12 +9628,13 @@
|
|
|
9473
9628
|
* and logoutHint attribute wasn't manually set in logout request
|
|
9474
9629
|
*/
|
|
9475
9630
|
if (logoutRequest) {
|
|
9476
|
-
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
|
|
9631
|
+
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
|
|
9477
9632
|
if (!logoutRequest.logoutHint) {
|
|
9478
9633
|
if (logoutRequest.account) {
|
|
9479
|
-
const logoutHint =
|
|
9634
|
+
const logoutHint = logoutRequest.account.loginHint ||
|
|
9635
|
+
this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
|
|
9480
9636
|
if (logoutHint) {
|
|
9481
|
-
this.logger.verbose("Setting logoutHint to
|
|
9637
|
+
this.logger.verbose("Setting logoutHint value to loginHint of the account provided", this.correlationId);
|
|
9482
9638
|
validLogoutRequest.logoutHint = logoutHint;
|
|
9483
9639
|
}
|
|
9484
9640
|
}
|
|
@@ -9531,6 +9687,7 @@
|
|
|
9531
9687
|
const idTokenClaims = account.idTokenClaims;
|
|
9532
9688
|
if (idTokenClaims) {
|
|
9533
9689
|
if (idTokenClaims.login_hint) {
|
|
9690
|
+
this.logger.verbose("Extracted login_hint claim from account ID Token Claims to be used as logoutHint", this.correlationId);
|
|
9534
9691
|
return idTokenClaims.login_hint;
|
|
9535
9692
|
}
|
|
9536
9693
|
else {
|
|
@@ -10822,15 +10979,67 @@
|
|
|
10822
10979
|
}
|
|
10823
10980
|
}
|
|
10824
10981
|
|
|
10982
|
+
/*
|
|
10983
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10984
|
+
* Licensed under the MIT License.
|
|
10985
|
+
*/
|
|
10986
|
+
/**
|
|
10987
|
+
* Filters the headers returned by a {@link CustomAuthRequestInterceptor},
|
|
10988
|
+
* keeping only those that conform to the custom-auth header naming rules.
|
|
10989
|
+
*
|
|
10990
|
+
* Rules (mirrors the iOS / Android native auth implementations):
|
|
10991
|
+
* - Header names must start with `x-` (case-insensitive); others are dropped.
|
|
10992
|
+
* - Header names that start with any reserved prefix (`x-client-`, `x-ms-`,
|
|
10993
|
+
* `x-broker-`, `x-app-`) are dropped.
|
|
10994
|
+
* - Headers with empty/whitespace-only names or null/undefined values are dropped.
|
|
10995
|
+
*
|
|
10996
|
+
* Dropped headers are logged as warnings (PII-safe) when a logger is provided.
|
|
10997
|
+
*
|
|
10998
|
+
* @param headers - Raw headers returned by the interceptor.
|
|
10999
|
+
* @param logger - Optional logger used to emit warnings for dropped headers.
|
|
11000
|
+
* @param correlationId - Optional correlation id forwarded to the logger.
|
|
11001
|
+
* @returns A new record containing only the headers that pass the filter,
|
|
11002
|
+
* preserving the original casing of header names.
|
|
11003
|
+
*/
|
|
11004
|
+
function filterCustomHeaders(headers, logger, correlationId) {
|
|
11005
|
+
const filtered = {};
|
|
11006
|
+
if (!headers) {
|
|
11007
|
+
return filtered;
|
|
11008
|
+
}
|
|
11009
|
+
for (const [name, value] of Object.entries(headers)) {
|
|
11010
|
+
if (!name || value === undefined || value === null) {
|
|
11011
|
+
continue;
|
|
11012
|
+
}
|
|
11013
|
+
const trimmedName = name.trim();
|
|
11014
|
+
if (!trimmedName) {
|
|
11015
|
+
continue;
|
|
11016
|
+
}
|
|
11017
|
+
const lowerName = trimmedName.toLowerCase();
|
|
11018
|
+
if (!lowerName.startsWith(CustomHeaderConstants.REQUIRED_PREFIX)) {
|
|
11019
|
+
logger?.warningPii(`Additional header field "${trimmedName}" must start with the "${CustomHeaderConstants.REQUIRED_PREFIX}" prefix. Ignoring.`, correlationId ?? "");
|
|
11020
|
+
continue;
|
|
11021
|
+
}
|
|
11022
|
+
const reservedPrefix = CustomHeaderConstants.RESERVED_PREFIXES.find((prefix) => lowerName.startsWith(prefix));
|
|
11023
|
+
if (reservedPrefix) {
|
|
11024
|
+
logger?.warningPii(`Additional header field "${trimmedName}" uses reserved prefix "${reservedPrefix}". Ignoring.`, correlationId ?? "");
|
|
11025
|
+
continue;
|
|
11026
|
+
}
|
|
11027
|
+
filtered[trimmedName] = value;
|
|
11028
|
+
}
|
|
11029
|
+
return filtered;
|
|
11030
|
+
}
|
|
11031
|
+
|
|
10825
11032
|
/*
|
|
10826
11033
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10827
11034
|
* Licensed under the MIT License.
|
|
10828
11035
|
*/
|
|
10829
11036
|
class BaseApiClient {
|
|
10830
|
-
constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams) {
|
|
11037
|
+
constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
10831
11038
|
this.clientId = clientId;
|
|
10832
11039
|
this.httpClient = httpClient;
|
|
10833
11040
|
this.customAuthApiQueryParams = customAuthApiQueryParams;
|
|
11041
|
+
this.requestInterceptor = requestInterceptor;
|
|
11042
|
+
this.logger = logger;
|
|
10834
11043
|
this.baseRequestUrl = parseUrl(!baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl);
|
|
10835
11044
|
}
|
|
10836
11045
|
async request(endpoint, data, telemetryManager, correlationId) {
|
|
@@ -10838,8 +11047,10 @@
|
|
|
10838
11047
|
client_id: this.clientId,
|
|
10839
11048
|
...data,
|
|
10840
11049
|
});
|
|
10841
|
-
const
|
|
11050
|
+
const commonHeaders = this.getCommonHeaders(correlationId, telemetryManager);
|
|
10842
11051
|
const url = buildUrl(this.baseRequestUrl.href, endpoint, this.customAuthApiQueryParams);
|
|
11052
|
+
const additionalHeaders = await this.getAdditionalHeaders(url, correlationId);
|
|
11053
|
+
const headers = { ...commonHeaders, ...additionalHeaders };
|
|
10843
11054
|
let response;
|
|
10844
11055
|
try {
|
|
10845
11056
|
response = await this.httpClient.post(url, formData, headers);
|
|
@@ -10897,6 +11108,19 @@
|
|
|
10897
11108
|
: responseError.invalid_attributes ?? [];
|
|
10898
11109
|
throw new CustomAuthApiError(responseError.error, responseError.error_description, responseError.correlation_id, responseError.error_codes, responseError.suberror, attributes, responseError.continuation_token, responseError.trace_id, responseError.timestamp);
|
|
10899
11110
|
}
|
|
11111
|
+
async getAdditionalHeaders(url, correlationId) {
|
|
11112
|
+
if (!this.requestInterceptor) {
|
|
11113
|
+
return {};
|
|
11114
|
+
}
|
|
11115
|
+
try {
|
|
11116
|
+
const result = await Promise.resolve(this.requestInterceptor.addAdditionalHeaderFields(url));
|
|
11117
|
+
return filterCustomHeaders(result, this.logger, correlationId);
|
|
11118
|
+
}
|
|
11119
|
+
catch (e) {
|
|
11120
|
+
this.logger?.warningPii(`CustomAuthRequestInterceptor.addAdditionalHeaderFields threw an error; continuing without additional headers: ${e}`, correlationId);
|
|
11121
|
+
return {};
|
|
11122
|
+
}
|
|
11123
|
+
}
|
|
10900
11124
|
}
|
|
10901
11125
|
|
|
10902
11126
|
/*
|
|
@@ -10904,8 +11128,8 @@
|
|
|
10904
11128
|
* Licensed under the MIT License.
|
|
10905
11129
|
*/
|
|
10906
11130
|
class ResetPasswordApiClient extends BaseApiClient {
|
|
10907
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
10908
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11131
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11132
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
10909
11133
|
this.capabilities = capabilities;
|
|
10910
11134
|
}
|
|
10911
11135
|
/**
|
|
@@ -10988,8 +11212,8 @@
|
|
|
10988
11212
|
* Licensed under the MIT License.
|
|
10989
11213
|
*/
|
|
10990
11214
|
class SignupApiClient extends BaseApiClient {
|
|
10991
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
10992
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11215
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11216
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
10993
11217
|
this.capabilities = capabilities;
|
|
10994
11218
|
}
|
|
10995
11219
|
/**
|
|
@@ -11058,8 +11282,8 @@
|
|
|
11058
11282
|
* Licensed under the MIT License.
|
|
11059
11283
|
*/
|
|
11060
11284
|
class SignInApiClient extends BaseApiClient {
|
|
11061
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11062
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11285
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11286
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11063
11287
|
this.capabilities = capabilities;
|
|
11064
11288
|
}
|
|
11065
11289
|
/**
|
|
@@ -11226,11 +11450,11 @@
|
|
|
11226
11450
|
* Licensed under the MIT License.
|
|
11227
11451
|
*/
|
|
11228
11452
|
class CustomAuthApiClient {
|
|
11229
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11230
|
-
this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11231
|
-
this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11232
|
-
this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11233
|
-
this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11453
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11454
|
+
this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11455
|
+
this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11456
|
+
this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11457
|
+
this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11234
11458
|
}
|
|
11235
11459
|
}
|
|
11236
11460
|
|
|
@@ -14241,7 +14465,6 @@
|
|
|
14241
14465
|
const ACCOUNT_SCHEMA_VERSION = 3;
|
|
14242
14466
|
const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
|
|
14243
14467
|
const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
|
|
14244
|
-
const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
|
|
14245
14468
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
14246
14469
|
const ACCOUNT_KEYS = "account.keys";
|
|
14247
14470
|
const TOKEN_KEYS = "token.keys";
|
|
@@ -17775,6 +17998,7 @@
|
|
|
17775
17998
|
};
|
|
17776
17999
|
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
17777
18000
|
iframeTimeoutTelemetry: false,
|
|
18001
|
+
allowPlatformBrokerWithDOM: false,
|
|
17778
18002
|
};
|
|
17779
18003
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
17780
18004
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
@@ -18219,9 +18443,8 @@
|
|
|
18219
18443
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
18220
18444
|
* Licensed under the MIT License.
|
|
18221
18445
|
*/
|
|
18222
|
-
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
|
|
18446
|
+
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
|
|
18223
18447
|
logger.trace("getPlatformAuthProvider called", correlationId);
|
|
18224
|
-
const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
|
|
18225
18448
|
logger.trace(`Has client allowed platform auth via DOM API: '${enablePlatformBrokerDOMSupport}'`, correlationId);
|
|
18226
18449
|
let platformAuthProvider;
|
|
18227
18450
|
try {
|
|
@@ -18245,22 +18468,6 @@
|
|
|
18245
18468
|
}
|
|
18246
18469
|
return platformAuthProvider;
|
|
18247
18470
|
}
|
|
18248
|
-
/**
|
|
18249
|
-
* Returns true if the DOM API support for platform auth is enabled in session storage
|
|
18250
|
-
* @returns boolean
|
|
18251
|
-
* @deprecated
|
|
18252
|
-
*/
|
|
18253
|
-
function isDomEnabledForPlatformAuth() {
|
|
18254
|
-
let sessionStorage;
|
|
18255
|
-
try {
|
|
18256
|
-
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
18257
|
-
// Mute errors if it's a non-browser environment or cookies are blocked.
|
|
18258
|
-
return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
|
|
18259
|
-
}
|
|
18260
|
-
catch (e) {
|
|
18261
|
-
return false;
|
|
18262
|
-
}
|
|
18263
|
-
}
|
|
18264
18471
|
/**
|
|
18265
18472
|
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
18266
18473
|
* @param logger
|
|
@@ -18271,6 +18478,11 @@
|
|
|
18271
18478
|
*/
|
|
18272
18479
|
function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
|
|
18273
18480
|
logger.trace("isPlatformAuthAllowed called", correlationId);
|
|
18481
|
+
// throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
|
|
18482
|
+
if (!config.system.allowPlatformBroker &&
|
|
18483
|
+
config.experimental.allowPlatformBrokerWithDOM) {
|
|
18484
|
+
throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
|
|
18485
|
+
}
|
|
18274
18486
|
if (!config.system.allowPlatformBroker) {
|
|
18275
18487
|
logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false", correlationId);
|
|
18276
18488
|
// Developer disabled WAM
|
|
@@ -19718,7 +19930,7 @@
|
|
|
19718
19930
|
if (allowPlatformBroker) {
|
|
19719
19931
|
try {
|
|
19720
19932
|
// check if platform authentication is available via DOM or browser extension and create relevant handlers
|
|
19721
|
-
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
|
|
19933
|
+
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
|
|
19722
19934
|
}
|
|
19723
19935
|
catch (e) {
|
|
19724
19936
|
this.logger.verbose(e, correlationId);
|
|
@@ -21100,7 +21312,7 @@
|
|
|
21100
21312
|
this.customAuthConfig = operatingContext.getCustomAuthConfig();
|
|
21101
21313
|
this.authority = new CustomAuthAuthority(this.customAuthConfig.auth.authority, this.customAuthConfig, this.networkClient, this.browserStorage, this.logger, this.performanceClient, this.customAuthConfig.customAuth?.authApiProxyUrl);
|
|
21102
21314
|
const interactionClientFactory = new CustomAuthInterationClientFactory(this.customAuthConfig, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, customAuthApiClient ??
|
|
21103
|
-
new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams), this.authority);
|
|
21315
|
+
new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams, this.customAuthConfig.customAuth?.requestInterceptor, this.logger), this.authority);
|
|
21104
21316
|
this.signInClient = interactionClientFactory.create(SignInClient);
|
|
21105
21317
|
this.signUpClient = interactionClientFactory.create(SignUpClient);
|
|
21106
21318
|
this.resetPasswordClient =
|