@azure/msal-browser 5.10.1 → 5.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (255) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CacheKeys.mjs +2 -3
  13. package/dist/cache/CacheKeys.mjs.map +1 -1
  14. package/dist/cache/CookieStorage.mjs +1 -1
  15. package/dist/cache/DatabaseStorage.mjs +1 -1
  16. package/dist/cache/EncryptedData.mjs +1 -1
  17. package/dist/cache/LocalStorage.mjs +1 -1
  18. package/dist/cache/MemoryStorage.mjs +1 -1
  19. package/dist/cache/SessionStorage.mjs +1 -1
  20. package/dist/cache/TokenCache.mjs +1 -1
  21. package/dist/config/Configuration.mjs +2 -1
  22. package/dist/config/Configuration.mjs.map +1 -1
  23. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  24. package/dist/controllers/StandardController.mjs +2 -2
  25. package/dist/controllers/StandardController.mjs.map +1 -1
  26. package/dist/crypto/BrowserCrypto.mjs +1 -1
  27. package/dist/crypto/CryptoOps.mjs +1 -1
  28. package/dist/crypto/PkceGenerator.mjs +1 -1
  29. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  30. package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
  31. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  32. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  33. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
  34. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  35. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  51. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  52. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  53. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  54. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  55. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  57. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  58. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  59. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  60. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  61. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  62. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  63. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  64. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  66. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  67. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  73. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
  75. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
  77. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
  81. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  82. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
  83. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  84. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
  85. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  86. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  87. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  88. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  89. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  90. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  91. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  92. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
  93. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
  94. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  95. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  96. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  97. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  98. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  99. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  100. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  101. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  102. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  103. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  104. package/dist/custom_auth/index.mjs +1 -1
  105. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  109. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  110. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  111. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  112. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  113. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  114. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  115. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  116. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  122. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  123. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  124. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  125. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  126. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  127. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  128. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  129. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  130. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  136. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  137. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  138. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  139. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  140. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  141. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  142. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  143. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  144. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  145. package/dist/encode/Base64Decode.mjs +1 -1
  146. package/dist/encode/Base64Encode.mjs +1 -1
  147. package/dist/error/BrowserAuthError.mjs +1 -1
  148. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  149. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  150. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  151. package/dist/error/NativeAuthError.mjs +1 -1
  152. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  153. package/dist/error/NestedAppAuthError.mjs +1 -1
  154. package/dist/event/EventHandler.mjs +1 -1
  155. package/dist/event/EventMessage.mjs +1 -1
  156. package/dist/event/EventType.mjs +1 -1
  157. package/dist/index.mjs +1 -1
  158. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  159. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  160. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  161. package/dist/interaction_client/PopupClient.mjs +1 -1
  162. package/dist/interaction_client/RedirectClient.mjs +1 -1
  163. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  164. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  165. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  166. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  167. package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
  168. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  169. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  170. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  171. package/dist/log-strings-mapping.json +1200 -1188
  172. package/dist/naa/BridgeError.mjs +1 -1
  173. package/dist/naa/BridgeProxy.mjs +1 -1
  174. package/dist/naa/BridgeStatusCode.mjs +1 -1
  175. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  176. package/dist/navigation/NavigationClient.mjs +1 -1
  177. package/dist/network/FetchClient.mjs +1 -1
  178. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  180. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  181. package/dist/packageMetadata.mjs +2 -2
  182. package/dist/protocol/Authorize.mjs +1 -1
  183. package/dist/redirect_bridge/index.mjs +1 -1
  184. package/dist/request/RequestHelpers.mjs +1 -1
  185. package/dist/response/ResponseHandler.mjs +1 -1
  186. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  187. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  188. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  189. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  190. package/dist/utils/BrowserConstants.mjs +1 -1
  191. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  192. package/dist/utils/BrowserUtils.mjs +1 -1
  193. package/dist/utils/Helpers.mjs +1 -1
  194. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  195. package/lib/custom-auth-path/log-strings-mapping.json +21 -9
  196. package/lib/custom-auth-path/msal-custom-auth.cjs +171 -104
  197. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  198. package/lib/custom-auth-path/msal-custom-auth.js +171 -104
  199. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  200. package/lib/log-strings-mapping.json +8 -8
  201. package/lib/msal-browser.cjs +92 -101
  202. package/lib/msal-browser.cjs.map +1 -1
  203. package/lib/msal-browser.js +92 -101
  204. package/lib/msal-browser.js.map +1 -1
  205. package/lib/msal-browser.min.js +2 -2
  206. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  207. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  208. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  209. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  210. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  211. package/package.json +2 -2
  212. package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
  213. package/src/config/Configuration.ts +5 -0
  214. package/src/controllers/StandardController.ts +2 -1
  215. package/src/custom_auth/CustomAuthConstants.ts +10 -0
  216. package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
  217. package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
  218. package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
  219. package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
  220. package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
  221. package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
  222. package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
  223. package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
  224. package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
  225. package/src/custom_auth/index.ts +4 -0
  226. package/src/interaction_client/StandardInteractionClient.ts +11 -5
  227. package/src/packageMetadata.ts +1 -1
  228. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
  229. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  230. package/types/config/Configuration.d.ts +4 -0
  231. package/types/config/Configuration.d.ts.map +1 -1
  232. package/types/controllers/StandardController.d.ts.map +1 -1
  233. package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
  234. package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
  235. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
  236. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
  237. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
  238. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
  239. package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  240. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
  241. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
  242. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
  243. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  244. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
  245. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
  246. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
  247. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  248. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
  249. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
  250. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
  251. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
  252. package/types/custom_auth/index.d.ts +1 -0
  253. package/types/custom_auth/index.d.ts.map +1 -1
  254. package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  255. package/types/packageMetadata.d.ts +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.10.1 2026-05-11 */
1
+ /*! @azure/msal-browser v5.11.0 2026-05-19 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.6.1 2026-05-11 */
9
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -233,7 +233,7 @@
233
233
  // Token renewal offset default in seconds
234
234
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
235
235
 
236
- /*! @azure/msal-common v16.6.1 2026-05-11 */
236
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
237
237
  /*
238
238
  * Copyright (c) Microsoft Corporation. All rights reserved.
239
239
  * Licensed under the MIT License.
@@ -285,7 +285,7 @@
285
285
  const RESOURCE = "resource";
286
286
  const CLI_DATA = "clidata";
287
287
 
288
- /*! @azure/msal-common v16.6.1 2026-05-11 */
288
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
289
289
  /*
290
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
291
291
  * Licensed under the MIT License.
@@ -316,7 +316,7 @@
316
316
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
317
317
  }
318
318
 
319
- /*! @azure/msal-common v16.6.1 2026-05-11 */
319
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
320
320
 
321
321
  /*
322
322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -336,7 +336,7 @@
336
336
  return new ClientConfigurationError(errorCode);
337
337
  }
338
338
 
339
- /*! @azure/msal-common v16.6.1 2026-05-11 */
339
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
340
340
  /*
341
341
  * Copyright (c) Microsoft Corporation. All rights reserved.
342
342
  * Licensed under the MIT License.
@@ -416,7 +416,7 @@
416
416
  }
417
417
  }
418
418
 
419
- /*! @azure/msal-common v16.6.1 2026-05-11 */
419
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
420
420
 
421
421
  /*
422
422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -439,7 +439,7 @@
439
439
  return new ClientAuthError(errorCode, additionalMessage);
440
440
  }
441
441
 
442
- /*! @azure/msal-common v16.6.1 2026-05-11 */
442
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
443
443
  /*
444
444
  * Copyright (c) Microsoft Corporation. All rights reserved.
445
445
  * Licensed under the MIT License.
@@ -462,9 +462,10 @@
462
462
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
463
463
  const authorityMismatch = "authority_mismatch";
464
464
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
465
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
465
466
  const issuerValidationFailed = "issuer_validation_failed";
466
467
 
467
- /*! @azure/msal-common v16.6.1 2026-05-11 */
468
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
468
469
  /*
469
470
  * Copyright (c) Microsoft Corporation. All rights reserved.
470
471
  * Licensed under the MIT License.
@@ -503,7 +504,7 @@
503
504
  const resourceParameterRequired = "resource_parameter_required";
504
505
  const misplacedResourceParam = "misplaced_resource_parameter";
505
506
 
506
- /*! @azure/msal-common v16.6.1 2026-05-11 */
507
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
507
508
 
508
509
  /*
509
510
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -698,7 +699,7 @@
698
699
  }
699
700
  }
700
701
 
701
- /*! @azure/msal-common v16.6.1 2026-05-11 */
702
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
702
703
 
703
704
  /*
704
705
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1087,7 +1088,7 @@
1087
1088
  }
1088
1089
  }
1089
1090
 
1090
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1091
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1091
1092
 
1092
1093
  /*
1093
1094
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1196,7 +1197,7 @@
1196
1197
  }
1197
1198
  }
1198
1199
 
1199
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1200
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1200
1201
 
1201
1202
  /*
1202
1203
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1235,7 +1236,7 @@
1235
1236
  },
1236
1237
  };
1237
1238
 
1238
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1239
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1239
1240
  /*
1240
1241
  * Copyright (c) Microsoft Corporation. All rights reserved.
1241
1242
  * Licensed under the MIT License.
@@ -1496,12 +1497,12 @@
1496
1497
  }
1497
1498
  }
1498
1499
 
1499
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1500
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1500
1501
  /* eslint-disable header/header */
1501
1502
  const name$1 = "@azure/msal-common";
1502
- const version$1 = "16.6.1";
1503
+ const version$1 = "16.6.2";
1503
1504
 
1504
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1505
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1505
1506
  /*
1506
1507
  * Copyright (c) Microsoft Corporation. All rights reserved.
1507
1508
  * Licensed under the MIT License.
@@ -1510,7 +1511,7 @@
1510
1511
  // AzureCloudInstance is not specified.
1511
1512
  None: "none"};
1512
1513
 
1513
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1514
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1514
1515
  /*
1515
1516
  * Copyright (c) Microsoft Corporation. All rights reserved.
1516
1517
  * Licensed under the MIT License.
@@ -1593,7 +1594,7 @@
1593
1594
  return updatedAccountInfo;
1594
1595
  }
1595
1596
 
1596
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1597
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1597
1598
 
1598
1599
  /*
1599
1600
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1673,7 +1674,7 @@
1673
1674
  }
1674
1675
  }
1675
1676
 
1676
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1677
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1677
1678
 
1678
1679
  /*
1679
1680
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1830,7 +1831,7 @@
1830
1831
  }
1831
1832
  }
1832
1833
 
1833
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1834
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
1834
1835
 
1835
1836
  /*
1836
1837
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1996,7 +1997,7 @@
1996
1997
  return null;
1997
1998
  }
1998
1999
 
1999
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2000
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2000
2001
  /*
2001
2002
  * Copyright (c) Microsoft Corporation. All rights reserved.
2002
2003
  * Licensed under the MIT License.
@@ -2004,7 +2005,7 @@
2004
2005
  const cacheQuotaExceeded = "cache_quota_exceeded";
2005
2006
  const cacheErrorUnknown = "cache_error_unknown";
2006
2007
 
2007
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2008
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2008
2009
 
2009
2010
  /*
2010
2011
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2042,7 +2043,7 @@
2042
2043
  }
2043
2044
  }
2044
2045
 
2045
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2046
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2046
2047
 
2047
2048
  /*
2048
2049
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2080,7 +2081,7 @@
2080
2081
  };
2081
2082
  }
2082
2083
 
2083
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2084
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2084
2085
  /*
2085
2086
  * Copyright (c) Microsoft Corporation. All rights reserved.
2086
2087
  * Licensed under the MIT License.
@@ -2095,7 +2096,7 @@
2095
2096
  Ciam: 3,
2096
2097
  };
2097
2098
 
2098
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2099
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2099
2100
  /*
2100
2101
  * Copyright (c) Microsoft Corporation. All rights reserved.
2101
2102
  * Licensed under the MIT License.
@@ -2117,7 +2118,7 @@
2117
2118
  return null;
2118
2119
  }
2119
2120
 
2120
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2121
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2121
2122
  /*
2122
2123
  * Copyright (c) Microsoft Corporation. All rights reserved.
2123
2124
  * Licensed under the MIT License.
@@ -2141,7 +2142,7 @@
2141
2142
  EAR: "EAR",
2142
2143
  };
2143
2144
 
2144
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2145
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2145
2146
  /**
2146
2147
  * Returns the AccountInfo interface for this account.
2147
2148
  */
@@ -2316,7 +2317,7 @@
2316
2317
  entity.hasOwnProperty("authorityType"));
2317
2318
  }
2318
2319
 
2319
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2320
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
2320
2321
 
2321
2322
  /*
2322
2323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3447,7 +3448,7 @@
3447
3448
  }
3448
3449
  }
3449
3450
 
3450
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3451
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3451
3452
  /*
3452
3453
  * Copyright (c) Microsoft Corporation. All rights reserved.
3453
3454
  * Licensed under the MIT License.
@@ -3461,7 +3462,7 @@
3461
3462
  const PerformanceEventStatus = {
3462
3463
  InProgress: 1};
3463
3464
 
3464
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3465
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3465
3466
 
3466
3467
  /*
3467
3468
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3516,7 +3517,7 @@
3516
3517
  }
3517
3518
  }
3518
3519
 
3519
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3520
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3520
3521
 
3521
3522
  /*
3522
3523
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3611,7 +3612,7 @@
3611
3612
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3612
3613
  }
3613
3614
 
3614
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3615
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3615
3616
  /*
3616
3617
  * Copyright (c) Microsoft Corporation. All rights reserved.
3617
3618
  * Licensed under the MIT License.
@@ -3638,7 +3639,7 @@
3638
3639
  }
3639
3640
  }
3640
3641
 
3641
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3642
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3642
3643
  /*
3643
3644
  * Copyright (c) Microsoft Corporation. All rights reserved.
3644
3645
  * Licensed under the MIT License.
@@ -3703,7 +3704,7 @@
3703
3704
  return cachedAtSec > nowSeconds();
3704
3705
  }
3705
3706
 
3706
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3707
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3707
3708
 
3708
3709
  /*
3709
3710
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3962,7 +3963,7 @@
3962
3963
  return metadata.expiresAt <= nowSeconds();
3963
3964
  }
3964
3965
 
3965
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3966
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
3966
3967
  /*
3967
3968
  * Copyright (c) Microsoft Corporation. All rights reserved.
3968
3969
  * Licensed under the MIT License.
@@ -4033,7 +4034,7 @@
4033
4034
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4034
4035
  const SetUserData = "setUserData";
4035
4036
 
4036
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4037
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4037
4038
  /*
4038
4039
  * Copyright (c) Microsoft Corporation. All rights reserved.
4039
4040
  * Licensed under the MIT License.
@@ -4126,7 +4127,7 @@
4126
4127
  };
4127
4128
  };
4128
4129
 
4129
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4130
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4130
4131
 
4131
4132
  /*
4132
4133
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4206,7 +4207,7 @@
4206
4207
  }
4207
4208
  }
4208
4209
 
4209
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4210
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4210
4211
  /*
4211
4212
  * Copyright (c) Microsoft Corporation. All rights reserved.
4212
4213
  * Licensed under the MIT License.
@@ -4257,7 +4258,7 @@
4257
4258
  */
4258
4259
  const interruptedUser = "interrupted_user";
4259
4260
 
4260
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4261
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4261
4262
 
4262
4263
  /*
4263
4264
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4325,7 +4326,7 @@
4325
4326
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4326
4327
  }
4327
4328
 
4328
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4329
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4329
4330
 
4330
4331
  /*
4331
4332
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4344,7 +4345,7 @@
4344
4345
  }
4345
4346
  }
4346
4347
 
4347
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4348
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4348
4349
 
4349
4350
  /*
4350
4351
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4412,7 +4413,7 @@
4412
4413
  }
4413
4414
  }
4414
4415
 
4415
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4416
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4416
4417
 
4417
4418
  /*
4418
4419
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4760,7 +4761,7 @@
4760
4761
  return baseAccount;
4761
4762
  }
4762
4763
 
4763
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4764
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4764
4765
  /*
4765
4766
  * Copyright (c) Microsoft Corporation. All rights reserved.
4766
4767
  * Licensed under the MIT License.
@@ -4770,7 +4771,7 @@
4770
4771
  UPN: "UPN",
4771
4772
  };
4772
4773
 
4773
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4774
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4774
4775
  /*
4775
4776
  * Copyright (c) Microsoft Corporation. All rights reserved.
4776
4777
  * Licensed under the MIT License.
@@ -4788,7 +4789,7 @@
4788
4789
  }
4789
4790
  }
4790
4791
 
4791
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4792
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4792
4793
  /*
4793
4794
  * Copyright (c) Microsoft Corporation. All rights reserved.
4794
4795
  * Licensed under the MIT License.
@@ -4809,7 +4810,7 @@
4809
4810
  };
4810
4811
  }
4811
4812
 
4812
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4813
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4813
4814
 
4814
4815
  /*
4815
4816
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4895,7 +4896,7 @@
4895
4896
  }
4896
4897
  }
4897
4898
 
4898
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4899
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4899
4900
 
4900
4901
  /*
4901
4902
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4926,7 +4927,7 @@
4926
4927
  return new NetworkError(error, httpStatus, responseHeaders);
4927
4928
  }
4928
4929
 
4929
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4930
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
4930
4931
 
4931
4932
  /*
4932
4933
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5040,7 +5041,7 @@
5040
5041
  return response;
5041
5042
  }
5042
5043
 
5043
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5044
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5044
5045
  /*
5045
5046
  * Copyright (c) Microsoft Corporation. All rights reserved.
5046
5047
  * Licensed under the MIT License.
@@ -5052,7 +5053,7 @@
5052
5053
  response.hasOwnProperty("jwks_uri"));
5053
5054
  }
5054
5055
 
5055
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5056
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5056
5057
  /*
5057
5058
  * Copyright (c) Microsoft Corporation. All rights reserved.
5058
5059
  * Licensed under the MIT License.
@@ -5062,7 +5063,7 @@
5062
5063
  response.hasOwnProperty("metadata"));
5063
5064
  }
5064
5065
 
5065
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5066
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5066
5067
  /*
5067
5068
  * Copyright (c) Microsoft Corporation. All rights reserved.
5068
5069
  * Licensed under the MIT License.
@@ -5072,7 +5073,7 @@
5072
5073
  response.hasOwnProperty("error_description"));
5073
5074
  }
5074
5075
 
5075
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5076
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5076
5077
 
5077
5078
  /*
5078
5079
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5177,7 +5178,7 @@
5177
5178
  },
5178
5179
  };
5179
5180
 
5180
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5181
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
5181
5182
 
5182
5183
  /*
5183
5184
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6132,7 +6133,7 @@
6132
6133
  };
6133
6134
  }
6134
6135
 
6135
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6136
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6136
6137
 
6137
6138
  /*
6138
6139
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6166,7 +6167,7 @@
6166
6167
  }
6167
6168
  }
6168
6169
 
6169
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6170
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6170
6171
 
6171
6172
  /*
6172
6173
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6423,7 +6424,7 @@
6423
6424
  }
6424
6425
  }
6425
6426
 
6426
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6427
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6427
6428
 
6428
6429
  /*
6429
6430
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6644,7 +6645,7 @@
6644
6645
  }
6645
6646
  }
6646
6647
 
6647
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6648
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6648
6649
 
6649
6650
  /*
6650
6651
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6760,7 +6761,7 @@
6760
6761
  }
6761
6762
  }
6762
6763
 
6763
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6764
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6764
6765
 
6765
6766
  /*
6766
6767
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6775,7 +6776,7 @@
6775
6776
  },
6776
6777
  };
6777
6778
 
6778
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6779
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
6779
6780
 
6780
6781
  /*
6781
6782
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6998,7 +6999,7 @@
6998
6999
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6999
7000
  }
7000
7001
 
7001
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7002
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7002
7003
 
7003
7004
  /*
7004
7005
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7031,7 +7032,7 @@
7031
7032
  return Object.prototype.hasOwnProperty.call(params, "resource");
7032
7033
  }
7033
7034
 
7034
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7035
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7035
7036
  /*
7036
7037
  * Copyright (c) Microsoft Corporation. All rights reserved.
7037
7038
  * Licensed under the MIT License.
@@ -7041,7 +7042,7 @@
7041
7042
  */
7042
7043
  const unexpectedError = "unexpected_error";
7043
7044
 
7044
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7045
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7045
7046
 
7046
7047
  /*
7047
7048
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7302,7 +7303,7 @@
7302
7303
  }
7303
7304
  }
7304
7305
 
7305
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7306
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7306
7307
 
7307
7308
  /*
7308
7309
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7323,7 +7324,7 @@
7323
7324
  return new JoseHeaderError(code);
7324
7325
  }
7325
7326
 
7326
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7327
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7327
7328
  /*
7328
7329
  * Copyright (c) Microsoft Corporation. All rights reserved.
7329
7330
  * Licensed under the MIT License.
@@ -7331,7 +7332,7 @@
7331
7332
  const missingKidError = "missing_kid_error";
7332
7333
  const missingAlgError = "missing_alg_error";
7333
7334
 
7334
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7335
+ /*! @azure/msal-common v16.6.2 2026-05-19 */
7335
7336
 
7336
7337
  /*
7337
7338
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7766,7 +7767,7 @@
7766
7767
 
7767
7768
  /* eslint-disable header/header */
7768
7769
  const name = "@azure/msal-browser";
7769
- const version = "5.10.1";
7770
+ const version = "5.11.0";
7770
7771
 
7771
7772
  /*
7772
7773
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7795,6 +7796,15 @@
7795
7796
  CONTENT_TYPE: "Content-Type",
7796
7797
  X_MS_REQUEST_ID: "x-ms-request-id",
7797
7798
  };
7799
+ const CustomHeaderConstants = {
7800
+ REQUIRED_PREFIX: "x-",
7801
+ RESERVED_PREFIXES: [
7802
+ "x-client-",
7803
+ "x-ms-",
7804
+ "x-broker-",
7805
+ "x-app-",
7806
+ ],
7807
+ };
7798
7808
  const DefaultPackageInfo = {
7799
7809
  SKU: "msal.browser",
7800
7810
  VERSION: version,
@@ -9618,12 +9628,13 @@
9618
9628
  * and logoutHint attribute wasn't manually set in logout request
9619
9629
  */
9620
9630
  if (logoutRequest) {
9621
- // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
9631
+ // If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
9622
9632
  if (!logoutRequest.logoutHint) {
9623
9633
  if (logoutRequest.account) {
9624
- const logoutHint = this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
9634
+ const logoutHint = logoutRequest.account.loginHint ||
9635
+ this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
9625
9636
  if (logoutHint) {
9626
- this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided", this.correlationId);
9637
+ this.logger.verbose("Setting logoutHint value to loginHint of the account provided", this.correlationId);
9627
9638
  validLogoutRequest.logoutHint = logoutHint;
9628
9639
  }
9629
9640
  }
@@ -9676,6 +9687,7 @@
9676
9687
  const idTokenClaims = account.idTokenClaims;
9677
9688
  if (idTokenClaims) {
9678
9689
  if (idTokenClaims.login_hint) {
9690
+ this.logger.verbose("Extracted login_hint claim from account ID Token Claims to be used as logoutHint", this.correlationId);
9679
9691
  return idTokenClaims.login_hint;
9680
9692
  }
9681
9693
  else {
@@ -10967,15 +10979,67 @@
10967
10979
  }
10968
10980
  }
10969
10981
 
10982
+ /*
10983
+ * Copyright (c) Microsoft Corporation. All rights reserved.
10984
+ * Licensed under the MIT License.
10985
+ */
10986
+ /**
10987
+ * Filters the headers returned by a {@link CustomAuthRequestInterceptor},
10988
+ * keeping only those that conform to the custom-auth header naming rules.
10989
+ *
10990
+ * Rules (mirrors the iOS / Android native auth implementations):
10991
+ * - Header names must start with `x-` (case-insensitive); others are dropped.
10992
+ * - Header names that start with any reserved prefix (`x-client-`, `x-ms-`,
10993
+ * `x-broker-`, `x-app-`) are dropped.
10994
+ * - Headers with empty/whitespace-only names or null/undefined values are dropped.
10995
+ *
10996
+ * Dropped headers are logged as warnings (PII-safe) when a logger is provided.
10997
+ *
10998
+ * @param headers - Raw headers returned by the interceptor.
10999
+ * @param logger - Optional logger used to emit warnings for dropped headers.
11000
+ * @param correlationId - Optional correlation id forwarded to the logger.
11001
+ * @returns A new record containing only the headers that pass the filter,
11002
+ * preserving the original casing of header names.
11003
+ */
11004
+ function filterCustomHeaders(headers, logger, correlationId) {
11005
+ const filtered = {};
11006
+ if (!headers) {
11007
+ return filtered;
11008
+ }
11009
+ for (const [name, value] of Object.entries(headers)) {
11010
+ if (!name || value === undefined || value === null) {
11011
+ continue;
11012
+ }
11013
+ const trimmedName = name.trim();
11014
+ if (!trimmedName) {
11015
+ continue;
11016
+ }
11017
+ const lowerName = trimmedName.toLowerCase();
11018
+ if (!lowerName.startsWith(CustomHeaderConstants.REQUIRED_PREFIX)) {
11019
+ logger?.warningPii(`Additional header field "${trimmedName}" must start with the "${CustomHeaderConstants.REQUIRED_PREFIX}" prefix. Ignoring.`, correlationId ?? "");
11020
+ continue;
11021
+ }
11022
+ const reservedPrefix = CustomHeaderConstants.RESERVED_PREFIXES.find((prefix) => lowerName.startsWith(prefix));
11023
+ if (reservedPrefix) {
11024
+ logger?.warningPii(`Additional header field "${trimmedName}" uses reserved prefix "${reservedPrefix}". Ignoring.`, correlationId ?? "");
11025
+ continue;
11026
+ }
11027
+ filtered[trimmedName] = value;
11028
+ }
11029
+ return filtered;
11030
+ }
11031
+
10970
11032
  /*
10971
11033
  * Copyright (c) Microsoft Corporation. All rights reserved.
10972
11034
  * Licensed under the MIT License.
10973
11035
  */
10974
11036
  class BaseApiClient {
10975
- constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams) {
11037
+ constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger) {
10976
11038
  this.clientId = clientId;
10977
11039
  this.httpClient = httpClient;
10978
11040
  this.customAuthApiQueryParams = customAuthApiQueryParams;
11041
+ this.requestInterceptor = requestInterceptor;
11042
+ this.logger = logger;
10979
11043
  this.baseRequestUrl = parseUrl(!baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl);
10980
11044
  }
10981
11045
  async request(endpoint, data, telemetryManager, correlationId) {
@@ -10983,8 +11047,10 @@
10983
11047
  client_id: this.clientId,
10984
11048
  ...data,
10985
11049
  });
10986
- const headers = this.getCommonHeaders(correlationId, telemetryManager);
11050
+ const commonHeaders = this.getCommonHeaders(correlationId, telemetryManager);
10987
11051
  const url = buildUrl(this.baseRequestUrl.href, endpoint, this.customAuthApiQueryParams);
11052
+ const additionalHeaders = await this.getAdditionalHeaders(url, correlationId);
11053
+ const headers = { ...commonHeaders, ...additionalHeaders };
10988
11054
  let response;
10989
11055
  try {
10990
11056
  response = await this.httpClient.post(url, formData, headers);
@@ -11042,6 +11108,19 @@
11042
11108
  : responseError.invalid_attributes ?? [];
11043
11109
  throw new CustomAuthApiError(responseError.error, responseError.error_description, responseError.correlation_id, responseError.error_codes, responseError.suberror, attributes, responseError.continuation_token, responseError.trace_id, responseError.timestamp);
11044
11110
  }
11111
+ async getAdditionalHeaders(url, correlationId) {
11112
+ if (!this.requestInterceptor) {
11113
+ return {};
11114
+ }
11115
+ try {
11116
+ const result = await Promise.resolve(this.requestInterceptor.addAdditionalHeaderFields(url));
11117
+ return filterCustomHeaders(result, this.logger, correlationId);
11118
+ }
11119
+ catch (e) {
11120
+ this.logger?.warningPii(`CustomAuthRequestInterceptor.addAdditionalHeaderFields threw an error; continuing without additional headers: ${e}`, correlationId);
11121
+ return {};
11122
+ }
11123
+ }
11045
11124
  }
11046
11125
 
11047
11126
  /*
@@ -11049,8 +11128,8 @@
11049
11128
  * Licensed under the MIT License.
11050
11129
  */
11051
11130
  class ResetPasswordApiClient extends BaseApiClient {
11052
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11053
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11131
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11132
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11054
11133
  this.capabilities = capabilities;
11055
11134
  }
11056
11135
  /**
@@ -11133,8 +11212,8 @@
11133
11212
  * Licensed under the MIT License.
11134
11213
  */
11135
11214
  class SignupApiClient extends BaseApiClient {
11136
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11137
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11215
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11216
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11138
11217
  this.capabilities = capabilities;
11139
11218
  }
11140
11219
  /**
@@ -11203,8 +11282,8 @@
11203
11282
  * Licensed under the MIT License.
11204
11283
  */
11205
11284
  class SignInApiClient extends BaseApiClient {
11206
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11207
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11285
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11286
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11208
11287
  this.capabilities = capabilities;
11209
11288
  }
11210
11289
  /**
@@ -11371,11 +11450,11 @@
11371
11450
  * Licensed under the MIT License.
11372
11451
  */
11373
11452
  class CustomAuthApiClient {
11374
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11375
- this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11376
- this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11377
- this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11378
- this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11453
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11454
+ this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11455
+ this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11456
+ this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11457
+ this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11379
11458
  }
11380
11459
  }
11381
11460
 
@@ -14386,7 +14465,6 @@
14386
14465
  const ACCOUNT_SCHEMA_VERSION = 3;
14387
14466
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
14388
14467
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
14389
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
14390
14468
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
14391
14469
  const ACCOUNT_KEYS = "account.keys";
14392
14470
  const TOKEN_KEYS = "token.keys";
@@ -17920,6 +17998,7 @@
17920
17998
  };
17921
17999
  const DEFAULT_EXPERIMENTAL_OPTIONS = {
17922
18000
  iframeTimeoutTelemetry: false,
18001
+ allowPlatformBrokerWithDOM: false,
17923
18002
  };
17924
18003
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
17925
18004
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
@@ -18364,9 +18443,8 @@
18364
18443
  * Copyright (c) Microsoft Corporation. All rights reserved.
18365
18444
  * Licensed under the MIT License.
18366
18445
  */
18367
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
18446
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
18368
18447
  logger.trace("getPlatformAuthProvider called", correlationId);
18369
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
18370
18448
  logger.trace(`Has client allowed platform auth via DOM API: '${enablePlatformBrokerDOMSupport}'`, correlationId);
18371
18449
  let platformAuthProvider;
18372
18450
  try {
@@ -18390,22 +18468,6 @@
18390
18468
  }
18391
18469
  return platformAuthProvider;
18392
18470
  }
18393
- /**
18394
- * Returns true if the DOM API support for platform auth is enabled in session storage
18395
- * @returns boolean
18396
- * @deprecated
18397
- */
18398
- function isDomEnabledForPlatformAuth() {
18399
- let sessionStorage;
18400
- try {
18401
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
18402
- // Mute errors if it's a non-browser environment or cookies are blocked.
18403
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
18404
- }
18405
- catch (e) {
18406
- return false;
18407
- }
18408
- }
18409
18471
  /**
18410
18472
  * Returns boolean indicating whether or not the request should attempt to use platform broker
18411
18473
  * @param logger
@@ -18416,6 +18478,11 @@
18416
18478
  */
18417
18479
  function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
18418
18480
  logger.trace("isPlatformAuthAllowed called", correlationId);
18481
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
18482
+ if (!config.system.allowPlatformBroker &&
18483
+ config.experimental.allowPlatformBrokerWithDOM) {
18484
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
18485
+ }
18419
18486
  if (!config.system.allowPlatformBroker) {
18420
18487
  logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false", correlationId);
18421
18488
  // Developer disabled WAM
@@ -19863,7 +19930,7 @@
19863
19930
  if (allowPlatformBroker) {
19864
19931
  try {
19865
19932
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
19866
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
19933
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
19867
19934
  }
19868
19935
  catch (e) {
19869
19936
  this.logger.verbose(e, correlationId);
@@ -21245,7 +21312,7 @@
21245
21312
  this.customAuthConfig = operatingContext.getCustomAuthConfig();
21246
21313
  this.authority = new CustomAuthAuthority(this.customAuthConfig.auth.authority, this.customAuthConfig, this.networkClient, this.browserStorage, this.logger, this.performanceClient, this.customAuthConfig.customAuth?.authApiProxyUrl);
21247
21314
  const interactionClientFactory = new CustomAuthInterationClientFactory(this.customAuthConfig, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, customAuthApiClient ??
21248
- new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams), this.authority);
21315
+ new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams, this.customAuthConfig.customAuth?.requestInterceptor, this.logger), this.authority);
21249
21316
  this.signInClient = interactionClientFactory.create(SignInClient);
21250
21317
  this.signUpClient = interactionClientFactory.create(SignUpClient);
21251
21318
  this.resetPasswordClient =