@azure/msal-browser 5.10.1 → 5.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +44 -2
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +12 -1
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +2 -3
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +3 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +4 -4
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +4 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -3
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +27 -7
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -1
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +11 -4
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +2 -1
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1203 -1187
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +4 -5
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +15 -5
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +33 -17
- package/lib/custom-auth-path/msal-custom-auth.cjs +342 -169
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +342 -169
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +13 -9
- package/lib/msal-browser.cjs +275 -167
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +275 -167
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +2 -2
- package/src/app/PublicClientApplication.ts +85 -1
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
- package/src/cache/BrowserCacheManager.ts +17 -0
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/StandardController.ts +6 -3
- package/src/custom_auth/CustomAuthConstants.ts +10 -0
- package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
- package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
- package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
- package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
- package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
- package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
- package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
- package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
- package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
- package/src/custom_auth/index.ts +4 -0
- package/src/error/NativeAuthError.ts +2 -2
- package/src/interaction_client/PlatformAuthInteractionClient.ts +5 -1
- package/src/interaction_client/PopupClient.ts +65 -27
- package/src/interaction_client/RedirectClient.ts +5 -0
- package/src/interaction_client/SilentIframeClient.ts +49 -19
- package/src/interaction_client/StandardInteractionClient.ts +11 -5
- package/src/interaction_handler/SilentHandler.ts +1 -0
- package/src/operatingcontext/BaseOperatingContext.ts +15 -1
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +3 -7
- package/src/utils/BrowserUtils.ts +28 -7
- package/types/app/PublicClientApplication.d.ts +37 -1
- package/types/app/PublicClientApplication.d.ts.map +1 -1
- package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +4 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
- package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
- package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
- package/types/custom_auth/index.d.ts +1 -0
- package/types/custom_auth/index.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +11 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts +20 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/redirect_bridge/index.d.ts.map +1 -1
- package/types/utils/BrowserUtils.d.ts +17 -2
- package/types/utils/BrowserUtils.d.ts.map +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.12.0 2026-06-05 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.
|
|
9
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -233,7 +233,7 @@
|
|
|
233
233
|
// Token renewal offset default in seconds
|
|
234
234
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
235
235
|
|
|
236
|
-
/*! @azure/msal-common v16.
|
|
236
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
237
237
|
/*
|
|
238
238
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
239
239
|
* Licensed under the MIT License.
|
|
@@ -285,7 +285,7 @@
|
|
|
285
285
|
const RESOURCE = "resource";
|
|
286
286
|
const CLI_DATA = "clidata";
|
|
287
287
|
|
|
288
|
-
/*! @azure/msal-common v16.
|
|
288
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
289
289
|
/*
|
|
290
290
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
291
291
|
* Licensed under the MIT License.
|
|
@@ -316,7 +316,7 @@
|
|
|
316
316
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
317
317
|
}
|
|
318
318
|
|
|
319
|
-
/*! @azure/msal-common v16.
|
|
319
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
320
320
|
|
|
321
321
|
/*
|
|
322
322
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -336,7 +336,7 @@
|
|
|
336
336
|
return new ClientConfigurationError(errorCode);
|
|
337
337
|
}
|
|
338
338
|
|
|
339
|
-
/*! @azure/msal-common v16.
|
|
339
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
340
340
|
/*
|
|
341
341
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
342
342
|
* Licensed under the MIT License.
|
|
@@ -416,7 +416,7 @@
|
|
|
416
416
|
}
|
|
417
417
|
}
|
|
418
418
|
|
|
419
|
-
/*! @azure/msal-common v16.
|
|
419
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
420
420
|
|
|
421
421
|
/*
|
|
422
422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -439,7 +439,7 @@
|
|
|
439
439
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
440
440
|
}
|
|
441
441
|
|
|
442
|
-
/*! @azure/msal-common v16.
|
|
442
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
443
443
|
/*
|
|
444
444
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
445
445
|
* Licensed under the MIT License.
|
|
@@ -462,9 +462,10 @@
|
|
|
462
462
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
463
463
|
const authorityMismatch = "authority_mismatch";
|
|
464
464
|
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
465
|
+
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
465
466
|
const issuerValidationFailed = "issuer_validation_failed";
|
|
466
467
|
|
|
467
|
-
/*! @azure/msal-common v16.
|
|
468
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
468
469
|
/*
|
|
469
470
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
470
471
|
* Licensed under the MIT License.
|
|
@@ -503,7 +504,7 @@
|
|
|
503
504
|
const resourceParameterRequired = "resource_parameter_required";
|
|
504
505
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
505
506
|
|
|
506
|
-
/*! @azure/msal-common v16.
|
|
507
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
507
508
|
|
|
508
509
|
/*
|
|
509
510
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -698,7 +699,7 @@
|
|
|
698
699
|
}
|
|
699
700
|
}
|
|
700
701
|
|
|
701
|
-
/*! @azure/msal-common v16.
|
|
702
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
702
703
|
|
|
703
704
|
/*
|
|
704
705
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1087,7 +1088,7 @@
|
|
|
1087
1088
|
}
|
|
1088
1089
|
}
|
|
1089
1090
|
|
|
1090
|
-
/*! @azure/msal-common v16.
|
|
1091
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1091
1092
|
|
|
1092
1093
|
/*
|
|
1093
1094
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1196,7 +1197,7 @@
|
|
|
1196
1197
|
}
|
|
1197
1198
|
}
|
|
1198
1199
|
|
|
1199
|
-
/*! @azure/msal-common v16.
|
|
1200
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1200
1201
|
|
|
1201
1202
|
/*
|
|
1202
1203
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1235,7 +1236,7 @@
|
|
|
1235
1236
|
},
|
|
1236
1237
|
};
|
|
1237
1238
|
|
|
1238
|
-
/*! @azure/msal-common v16.
|
|
1239
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1239
1240
|
/*
|
|
1240
1241
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1241
1242
|
* Licensed under the MIT License.
|
|
@@ -1496,12 +1497,12 @@
|
|
|
1496
1497
|
}
|
|
1497
1498
|
}
|
|
1498
1499
|
|
|
1499
|
-
/*! @azure/msal-common v16.
|
|
1500
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1500
1501
|
/* eslint-disable header/header */
|
|
1501
1502
|
const name$1 = "@azure/msal-common";
|
|
1502
|
-
const version$1 = "16.
|
|
1503
|
+
const version$1 = "16.7.0";
|
|
1503
1504
|
|
|
1504
|
-
/*! @azure/msal-common v16.
|
|
1505
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1505
1506
|
/*
|
|
1506
1507
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1507
1508
|
* Licensed under the MIT License.
|
|
@@ -1510,7 +1511,7 @@
|
|
|
1510
1511
|
// AzureCloudInstance is not specified.
|
|
1511
1512
|
None: "none"};
|
|
1512
1513
|
|
|
1513
|
-
/*! @azure/msal-common v16.
|
|
1514
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1514
1515
|
/*
|
|
1515
1516
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1516
1517
|
* Licensed under the MIT License.
|
|
@@ -1593,7 +1594,7 @@
|
|
|
1593
1594
|
return updatedAccountInfo;
|
|
1594
1595
|
}
|
|
1595
1596
|
|
|
1596
|
-
/*! @azure/msal-common v16.
|
|
1597
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1597
1598
|
|
|
1598
1599
|
/*
|
|
1599
1600
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1673,7 +1674,7 @@
|
|
|
1673
1674
|
}
|
|
1674
1675
|
}
|
|
1675
1676
|
|
|
1676
|
-
/*! @azure/msal-common v16.
|
|
1677
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1677
1678
|
|
|
1678
1679
|
/*
|
|
1679
1680
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1830,7 +1831,7 @@
|
|
|
1830
1831
|
}
|
|
1831
1832
|
}
|
|
1832
1833
|
|
|
1833
|
-
/*! @azure/msal-common v16.
|
|
1834
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1834
1835
|
|
|
1835
1836
|
/*
|
|
1836
1837
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1996,7 +1997,7 @@
|
|
|
1996
1997
|
return null;
|
|
1997
1998
|
}
|
|
1998
1999
|
|
|
1999
|
-
/*! @azure/msal-common v16.
|
|
2000
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2000
2001
|
/*
|
|
2001
2002
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2002
2003
|
* Licensed under the MIT License.
|
|
@@ -2004,7 +2005,7 @@
|
|
|
2004
2005
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2005
2006
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2006
2007
|
|
|
2007
|
-
/*! @azure/msal-common v16.
|
|
2008
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2008
2009
|
|
|
2009
2010
|
/*
|
|
2010
2011
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2042,7 +2043,7 @@
|
|
|
2042
2043
|
}
|
|
2043
2044
|
}
|
|
2044
2045
|
|
|
2045
|
-
/*! @azure/msal-common v16.
|
|
2046
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2046
2047
|
|
|
2047
2048
|
/*
|
|
2048
2049
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2080,7 +2081,7 @@
|
|
|
2080
2081
|
};
|
|
2081
2082
|
}
|
|
2082
2083
|
|
|
2083
|
-
/*! @azure/msal-common v16.
|
|
2084
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2084
2085
|
/*
|
|
2085
2086
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2086
2087
|
* Licensed under the MIT License.
|
|
@@ -2095,7 +2096,7 @@
|
|
|
2095
2096
|
Ciam: 3,
|
|
2096
2097
|
};
|
|
2097
2098
|
|
|
2098
|
-
/*! @azure/msal-common v16.
|
|
2099
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2099
2100
|
/*
|
|
2100
2101
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2101
2102
|
* Licensed under the MIT License.
|
|
@@ -2117,7 +2118,7 @@
|
|
|
2117
2118
|
return null;
|
|
2118
2119
|
}
|
|
2119
2120
|
|
|
2120
|
-
/*! @azure/msal-common v16.
|
|
2121
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2121
2122
|
/*
|
|
2122
2123
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2123
2124
|
* Licensed under the MIT License.
|
|
@@ -2141,7 +2142,7 @@
|
|
|
2141
2142
|
EAR: "EAR",
|
|
2142
2143
|
};
|
|
2143
2144
|
|
|
2144
|
-
/*! @azure/msal-common v16.
|
|
2145
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2145
2146
|
/**
|
|
2146
2147
|
* Returns the AccountInfo interface for this account.
|
|
2147
2148
|
*/
|
|
@@ -2316,7 +2317,7 @@
|
|
|
2316
2317
|
entity.hasOwnProperty("authorityType"));
|
|
2317
2318
|
}
|
|
2318
2319
|
|
|
2319
|
-
/*! @azure/msal-common v16.
|
|
2320
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2320
2321
|
|
|
2321
2322
|
/*
|
|
2322
2323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2456,8 +2457,8 @@
|
|
|
2456
2457
|
return false;
|
|
2457
2458
|
}
|
|
2458
2459
|
if (!!tenantProfileFilter.username &&
|
|
2459
|
-
!
|
|
2460
|
-
|
|
2460
|
+
!this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
|
|
2461
|
+
!this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
|
|
2461
2462
|
return false;
|
|
2462
2463
|
}
|
|
2463
2464
|
if (!!tenantProfileFilter.loginHint &&
|
|
@@ -3447,7 +3448,7 @@
|
|
|
3447
3448
|
}
|
|
3448
3449
|
}
|
|
3449
3450
|
|
|
3450
|
-
/*! @azure/msal-common v16.
|
|
3451
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3451
3452
|
/*
|
|
3452
3453
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3453
3454
|
* Licensed under the MIT License.
|
|
@@ -3461,7 +3462,7 @@
|
|
|
3461
3462
|
const PerformanceEventStatus = {
|
|
3462
3463
|
InProgress: 1};
|
|
3463
3464
|
|
|
3464
|
-
/*! @azure/msal-common v16.
|
|
3465
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3465
3466
|
|
|
3466
3467
|
/*
|
|
3467
3468
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3516,7 +3517,7 @@
|
|
|
3516
3517
|
}
|
|
3517
3518
|
}
|
|
3518
3519
|
|
|
3519
|
-
/*! @azure/msal-common v16.
|
|
3520
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3520
3521
|
|
|
3521
3522
|
/*
|
|
3522
3523
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3611,7 +3612,7 @@
|
|
|
3611
3612
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3612
3613
|
}
|
|
3613
3614
|
|
|
3614
|
-
/*! @azure/msal-common v16.
|
|
3615
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3615
3616
|
/*
|
|
3616
3617
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3617
3618
|
* Licensed under the MIT License.
|
|
@@ -3638,7 +3639,7 @@
|
|
|
3638
3639
|
}
|
|
3639
3640
|
}
|
|
3640
3641
|
|
|
3641
|
-
/*! @azure/msal-common v16.
|
|
3642
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3642
3643
|
/*
|
|
3643
3644
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3644
3645
|
* Licensed under the MIT License.
|
|
@@ -3703,7 +3704,7 @@
|
|
|
3703
3704
|
return cachedAtSec > nowSeconds();
|
|
3704
3705
|
}
|
|
3705
3706
|
|
|
3706
|
-
/*! @azure/msal-common v16.
|
|
3707
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3707
3708
|
|
|
3708
3709
|
/*
|
|
3709
3710
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3962,7 +3963,7 @@
|
|
|
3962
3963
|
return metadata.expiresAt <= nowSeconds();
|
|
3963
3964
|
}
|
|
3964
3965
|
|
|
3965
|
-
/*! @azure/msal-common v16.
|
|
3966
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3966
3967
|
/*
|
|
3967
3968
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3968
3969
|
* Licensed under the MIT License.
|
|
@@ -4033,7 +4034,7 @@
|
|
|
4033
4034
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4034
4035
|
const SetUserData = "setUserData";
|
|
4035
4036
|
|
|
4036
|
-
/*! @azure/msal-common v16.
|
|
4037
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4037
4038
|
/*
|
|
4038
4039
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4039
4040
|
* Licensed under the MIT License.
|
|
@@ -4126,7 +4127,7 @@
|
|
|
4126
4127
|
};
|
|
4127
4128
|
};
|
|
4128
4129
|
|
|
4129
|
-
/*! @azure/msal-common v16.
|
|
4130
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4130
4131
|
|
|
4131
4132
|
/*
|
|
4132
4133
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4206,7 +4207,7 @@
|
|
|
4206
4207
|
}
|
|
4207
4208
|
}
|
|
4208
4209
|
|
|
4209
|
-
/*! @azure/msal-common v16.
|
|
4210
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4210
4211
|
/*
|
|
4211
4212
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4212
4213
|
* Licensed under the MIT License.
|
|
@@ -4230,7 +4231,7 @@
|
|
|
4230
4231
|
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4231
4232
|
* @public
|
|
4232
4233
|
*/
|
|
4233
|
-
const
|
|
4234
|
+
const uiNotAllowed = "ui_not_allowed";
|
|
4234
4235
|
/**
|
|
4235
4236
|
* Server-originated error code indicating interaction is required to complete the request.
|
|
4236
4237
|
* @public
|
|
@@ -4257,7 +4258,7 @@
|
|
|
4257
4258
|
*/
|
|
4258
4259
|
const interruptedUser = "interrupted_user";
|
|
4259
4260
|
|
|
4260
|
-
/*! @azure/msal-common v16.
|
|
4261
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4261
4262
|
|
|
4262
4263
|
/*
|
|
4263
4264
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4271,7 +4272,7 @@
|
|
|
4271
4272
|
consentRequired,
|
|
4272
4273
|
loginRequired,
|
|
4273
4274
|
badToken,
|
|
4274
|
-
|
|
4275
|
+
uiNotAllowed,
|
|
4275
4276
|
interruptedUser,
|
|
4276
4277
|
];
|
|
4277
4278
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
@@ -4281,7 +4282,7 @@
|
|
|
4281
4282
|
"user_password_expired",
|
|
4282
4283
|
"consent_required",
|
|
4283
4284
|
"bad_token",
|
|
4284
|
-
"
|
|
4285
|
+
"ui_not_allowed",
|
|
4285
4286
|
"interrupted_user",
|
|
4286
4287
|
];
|
|
4287
4288
|
/**
|
|
@@ -4325,7 +4326,7 @@
|
|
|
4325
4326
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4326
4327
|
}
|
|
4327
4328
|
|
|
4328
|
-
/*! @azure/msal-common v16.
|
|
4329
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4329
4330
|
|
|
4330
4331
|
/*
|
|
4331
4332
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4344,7 +4345,7 @@
|
|
|
4344
4345
|
}
|
|
4345
4346
|
}
|
|
4346
4347
|
|
|
4347
|
-
/*! @azure/msal-common v16.
|
|
4348
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4348
4349
|
|
|
4349
4350
|
/*
|
|
4350
4351
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4412,7 +4413,7 @@
|
|
|
4412
4413
|
}
|
|
4413
4414
|
}
|
|
4414
4415
|
|
|
4415
|
-
/*! @azure/msal-common v16.
|
|
4416
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4416
4417
|
|
|
4417
4418
|
/*
|
|
4418
4419
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4760,7 +4761,7 @@
|
|
|
4760
4761
|
return baseAccount;
|
|
4761
4762
|
}
|
|
4762
4763
|
|
|
4763
|
-
/*! @azure/msal-common v16.
|
|
4764
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4764
4765
|
/*
|
|
4765
4766
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4766
4767
|
* Licensed under the MIT License.
|
|
@@ -4770,7 +4771,7 @@
|
|
|
4770
4771
|
UPN: "UPN",
|
|
4771
4772
|
};
|
|
4772
4773
|
|
|
4773
|
-
/*! @azure/msal-common v16.
|
|
4774
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4774
4775
|
/*
|
|
4775
4776
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4776
4777
|
* Licensed under the MIT License.
|
|
@@ -4788,7 +4789,7 @@
|
|
|
4788
4789
|
}
|
|
4789
4790
|
}
|
|
4790
4791
|
|
|
4791
|
-
/*! @azure/msal-common v16.
|
|
4792
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4792
4793
|
/*
|
|
4793
4794
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4794
4795
|
* Licensed under the MIT License.
|
|
@@ -4809,7 +4810,7 @@
|
|
|
4809
4810
|
};
|
|
4810
4811
|
}
|
|
4811
4812
|
|
|
4812
|
-
/*! @azure/msal-common v16.
|
|
4813
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4813
4814
|
|
|
4814
4815
|
/*
|
|
4815
4816
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4895,7 +4896,7 @@
|
|
|
4895
4896
|
}
|
|
4896
4897
|
}
|
|
4897
4898
|
|
|
4898
|
-
/*! @azure/msal-common v16.
|
|
4899
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4899
4900
|
|
|
4900
4901
|
/*
|
|
4901
4902
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4926,7 +4927,7 @@
|
|
|
4926
4927
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4927
4928
|
}
|
|
4928
4929
|
|
|
4929
|
-
/*! @azure/msal-common v16.
|
|
4930
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4930
4931
|
|
|
4931
4932
|
/*
|
|
4932
4933
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5040,7 +5041,7 @@
|
|
|
5040
5041
|
return response;
|
|
5041
5042
|
}
|
|
5042
5043
|
|
|
5043
|
-
/*! @azure/msal-common v16.
|
|
5044
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5044
5045
|
/*
|
|
5045
5046
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5046
5047
|
* Licensed under the MIT License.
|
|
@@ -5052,7 +5053,7 @@
|
|
|
5052
5053
|
response.hasOwnProperty("jwks_uri"));
|
|
5053
5054
|
}
|
|
5054
5055
|
|
|
5055
|
-
/*! @azure/msal-common v16.
|
|
5056
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5056
5057
|
/*
|
|
5057
5058
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5058
5059
|
* Licensed under the MIT License.
|
|
@@ -5062,7 +5063,7 @@
|
|
|
5062
5063
|
response.hasOwnProperty("metadata"));
|
|
5063
5064
|
}
|
|
5064
5065
|
|
|
5065
|
-
/*! @azure/msal-common v16.
|
|
5066
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5066
5067
|
/*
|
|
5067
5068
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5068
5069
|
* Licensed under the MIT License.
|
|
@@ -5072,7 +5073,7 @@
|
|
|
5072
5073
|
response.hasOwnProperty("error_description"));
|
|
5073
5074
|
}
|
|
5074
5075
|
|
|
5075
|
-
/*! @azure/msal-common v16.
|
|
5076
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5076
5077
|
|
|
5077
5078
|
/*
|
|
5078
5079
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5177,7 +5178,7 @@
|
|
|
5177
5178
|
},
|
|
5178
5179
|
};
|
|
5179
5180
|
|
|
5180
|
-
/*! @azure/msal-common v16.
|
|
5181
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5181
5182
|
|
|
5182
5183
|
/*
|
|
5183
5184
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5734,7 +5735,7 @@
|
|
|
5734
5735
|
}
|
|
5735
5736
|
}
|
|
5736
5737
|
// If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
|
|
5737
|
-
if (this.isInKnownAuthorities()) {
|
|
5738
|
+
if (this.isInKnownAuthorities(this.hostnameAndPort)) {
|
|
5738
5739
|
this.logger.verbose("0mt9al", this.correlationId);
|
|
5739
5740
|
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
5740
5741
|
}
|
|
@@ -5801,13 +5802,14 @@
|
|
|
5801
5802
|
return match;
|
|
5802
5803
|
}
|
|
5803
5804
|
/**
|
|
5804
|
-
* Helper function to determine if
|
|
5805
|
+
* Helper function to determine if a host is included in the knownAuthorities config option.
|
|
5805
5806
|
*/
|
|
5806
|
-
isInKnownAuthorities() {
|
|
5807
|
+
isInKnownAuthorities(host) {
|
|
5808
|
+
const normalizedHost = host.toLowerCase();
|
|
5807
5809
|
const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
|
|
5808
5810
|
return (authority &&
|
|
5809
5811
|
UrlString.getDomainFromUrl(authority).toLowerCase() ===
|
|
5810
|
-
|
|
5812
|
+
normalizedHost);
|
|
5811
5813
|
});
|
|
5812
5814
|
return matches.length > 0;
|
|
5813
5815
|
}
|
|
@@ -5884,6 +5886,10 @@
|
|
|
5884
5886
|
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
5885
5887
|
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
5886
5888
|
* path.
|
|
5889
|
+
* 5. The issuer host is HTTPS and is explicitly listed in the
|
|
5890
|
+
* developer-configured `knownAuthorities`. This covers scenarios where
|
|
5891
|
+
* the OIDC discovery document returns an issuer host that differs from
|
|
5892
|
+
* the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
|
|
5887
5893
|
*
|
|
5888
5894
|
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
5889
5895
|
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
@@ -5920,11 +5926,19 @@
|
|
|
5920
5926
|
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
5921
5927
|
*/
|
|
5922
5928
|
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
5929
|
+
/*
|
|
5930
|
+
* Rule 5: The issuer host is explicitly listed in the developer-configured
|
|
5931
|
+
* knownAuthorities. This covers scenarios where the OIDC discovery document
|
|
5932
|
+
* returns an issuer with a different host than the authority
|
|
5933
|
+
* (e.g., a GUID-based issuer for a name-based authority).
|
|
5934
|
+
*/
|
|
5935
|
+
const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
|
|
5923
5936
|
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
5924
5937
|
if (matchesAuthorityOrigin ||
|
|
5925
5938
|
matchesKnownMicrosoftHost ||
|
|
5926
5939
|
matchesRegionalMicrosoftHost ||
|
|
5927
|
-
matchesCiamTenantPattern
|
|
5940
|
+
matchesCiamTenantPattern ||
|
|
5941
|
+
matchesKnownAuthority) {
|
|
5928
5942
|
return;
|
|
5929
5943
|
}
|
|
5930
5944
|
// issuer validation fails if none of the above rules are satisfied
|
|
@@ -6132,7 +6146,7 @@
|
|
|
6132
6146
|
};
|
|
6133
6147
|
}
|
|
6134
6148
|
|
|
6135
|
-
/*! @azure/msal-common v16.
|
|
6149
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6136
6150
|
|
|
6137
6151
|
/*
|
|
6138
6152
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6166,7 +6180,7 @@
|
|
|
6166
6180
|
}
|
|
6167
6181
|
}
|
|
6168
6182
|
|
|
6169
|
-
/*! @azure/msal-common v16.
|
|
6183
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6170
6184
|
|
|
6171
6185
|
/*
|
|
6172
6186
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6423,7 +6437,7 @@
|
|
|
6423
6437
|
}
|
|
6424
6438
|
}
|
|
6425
6439
|
|
|
6426
|
-
/*! @azure/msal-common v16.
|
|
6440
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6427
6441
|
|
|
6428
6442
|
/*
|
|
6429
6443
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6644,7 +6658,7 @@
|
|
|
6644
6658
|
}
|
|
6645
6659
|
}
|
|
6646
6660
|
|
|
6647
|
-
/*! @azure/msal-common v16.
|
|
6661
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6648
6662
|
|
|
6649
6663
|
/*
|
|
6650
6664
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6760,7 +6774,7 @@
|
|
|
6760
6774
|
}
|
|
6761
6775
|
}
|
|
6762
6776
|
|
|
6763
|
-
/*! @azure/msal-common v16.
|
|
6777
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6764
6778
|
|
|
6765
6779
|
/*
|
|
6766
6780
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6775,7 +6789,7 @@
|
|
|
6775
6789
|
},
|
|
6776
6790
|
};
|
|
6777
6791
|
|
|
6778
|
-
/*! @azure/msal-common v16.
|
|
6792
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6779
6793
|
|
|
6780
6794
|
/*
|
|
6781
6795
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6998,7 +7012,7 @@
|
|
|
6998
7012
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6999
7013
|
}
|
|
7000
7014
|
|
|
7001
|
-
/*! @azure/msal-common v16.
|
|
7015
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7002
7016
|
|
|
7003
7017
|
/*
|
|
7004
7018
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7031,7 +7045,7 @@
|
|
|
7031
7045
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7032
7046
|
}
|
|
7033
7047
|
|
|
7034
|
-
/*! @azure/msal-common v16.
|
|
7048
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7035
7049
|
/*
|
|
7036
7050
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7037
7051
|
* Licensed under the MIT License.
|
|
@@ -7041,7 +7055,7 @@
|
|
|
7041
7055
|
*/
|
|
7042
7056
|
const unexpectedError = "unexpected_error";
|
|
7043
7057
|
|
|
7044
|
-
/*! @azure/msal-common v16.
|
|
7058
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7045
7059
|
|
|
7046
7060
|
/*
|
|
7047
7061
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7302,7 +7316,7 @@
|
|
|
7302
7316
|
}
|
|
7303
7317
|
}
|
|
7304
7318
|
|
|
7305
|
-
/*! @azure/msal-common v16.
|
|
7319
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7306
7320
|
|
|
7307
7321
|
/*
|
|
7308
7322
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7323,7 +7337,7 @@
|
|
|
7323
7337
|
return new JoseHeaderError(code);
|
|
7324
7338
|
}
|
|
7325
7339
|
|
|
7326
|
-
/*! @azure/msal-common v16.
|
|
7340
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7327
7341
|
/*
|
|
7328
7342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7329
7343
|
* Licensed under the MIT License.
|
|
@@ -7331,7 +7345,7 @@
|
|
|
7331
7345
|
const missingKidError = "missing_kid_error";
|
|
7332
7346
|
const missingAlgError = "missing_alg_error";
|
|
7333
7347
|
|
|
7334
|
-
/*! @azure/msal-common v16.
|
|
7348
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7335
7349
|
|
|
7336
7350
|
/*
|
|
7337
7351
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7766,7 +7780,7 @@
|
|
|
7766
7780
|
|
|
7767
7781
|
/* eslint-disable header/header */
|
|
7768
7782
|
const name = "@azure/msal-browser";
|
|
7769
|
-
const version = "5.
|
|
7783
|
+
const version = "5.12.0";
|
|
7770
7784
|
|
|
7771
7785
|
/*
|
|
7772
7786
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7795,6 +7809,15 @@
|
|
|
7795
7809
|
CONTENT_TYPE: "Content-Type",
|
|
7796
7810
|
X_MS_REQUEST_ID: "x-ms-request-id",
|
|
7797
7811
|
};
|
|
7812
|
+
const CustomHeaderConstants = {
|
|
7813
|
+
REQUIRED_PREFIX: "x-",
|
|
7814
|
+
RESERVED_PREFIXES: [
|
|
7815
|
+
"x-client-",
|
|
7816
|
+
"x-ms-",
|
|
7817
|
+
"x-broker-",
|
|
7818
|
+
"x-app-",
|
|
7819
|
+
],
|
|
7820
|
+
};
|
|
7798
7821
|
const DefaultPackageInfo = {
|
|
7799
7822
|
SKU: "msal.browser",
|
|
7800
7823
|
VERSION: version,
|
|
@@ -8651,6 +8674,43 @@
|
|
|
8651
8674
|
return new BrowserAuthError(errorCode, subError);
|
|
8652
8675
|
}
|
|
8653
8676
|
|
|
8677
|
+
/*
|
|
8678
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8679
|
+
* Licensed under the MIT License.
|
|
8680
|
+
*/
|
|
8681
|
+
/**
|
|
8682
|
+
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8683
|
+
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8684
|
+
*/
|
|
8685
|
+
/**
|
|
8686
|
+
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8687
|
+
* @param input
|
|
8688
|
+
*/
|
|
8689
|
+
function base64Decode(input) {
|
|
8690
|
+
return new TextDecoder().decode(base64DecToArr(input));
|
|
8691
|
+
}
|
|
8692
|
+
/**
|
|
8693
|
+
* Decodes base64 into Uint8Array
|
|
8694
|
+
* @param base64String
|
|
8695
|
+
*/
|
|
8696
|
+
function base64DecToArr(base64String) {
|
|
8697
|
+
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8698
|
+
switch (encodedString.length % 4) {
|
|
8699
|
+
case 0:
|
|
8700
|
+
break;
|
|
8701
|
+
case 2:
|
|
8702
|
+
encodedString += "==";
|
|
8703
|
+
break;
|
|
8704
|
+
case 3:
|
|
8705
|
+
encodedString += "=";
|
|
8706
|
+
break;
|
|
8707
|
+
default:
|
|
8708
|
+
throw createBrowserAuthError(invalidBase64String);
|
|
8709
|
+
}
|
|
8710
|
+
const binString = atob(encodedString);
|
|
8711
|
+
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8712
|
+
}
|
|
8713
|
+
|
|
8654
8714
|
/*
|
|
8655
8715
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8656
8716
|
* Licensed under the MIT License.
|
|
@@ -8695,43 +8755,6 @@
|
|
|
8695
8755
|
return btoa(binString);
|
|
8696
8756
|
}
|
|
8697
8757
|
|
|
8698
|
-
/*
|
|
8699
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8700
|
-
* Licensed under the MIT License.
|
|
8701
|
-
*/
|
|
8702
|
-
/**
|
|
8703
|
-
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8704
|
-
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8705
|
-
*/
|
|
8706
|
-
/**
|
|
8707
|
-
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8708
|
-
* @param input
|
|
8709
|
-
*/
|
|
8710
|
-
function base64Decode(input) {
|
|
8711
|
-
return new TextDecoder().decode(base64DecToArr(input));
|
|
8712
|
-
}
|
|
8713
|
-
/**
|
|
8714
|
-
* Decodes base64 into Uint8Array
|
|
8715
|
-
* @param base64String
|
|
8716
|
-
*/
|
|
8717
|
-
function base64DecToArr(base64String) {
|
|
8718
|
-
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8719
|
-
switch (encodedString.length % 4) {
|
|
8720
|
-
case 0:
|
|
8721
|
-
break;
|
|
8722
|
-
case 2:
|
|
8723
|
-
encodedString += "==";
|
|
8724
|
-
break;
|
|
8725
|
-
case 3:
|
|
8726
|
-
encodedString += "=";
|
|
8727
|
-
break;
|
|
8728
|
-
default:
|
|
8729
|
-
throw createBrowserAuthError(invalidBase64String);
|
|
8730
|
-
}
|
|
8731
|
-
const binString = atob(encodedString);
|
|
8732
|
-
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8733
|
-
}
|
|
8734
|
-
|
|
8735
8758
|
/*
|
|
8736
8759
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8737
8760
|
* Licensed under the MIT License.
|
|
@@ -9200,7 +9223,7 @@
|
|
|
9200
9223
|
activeBridgeMonitor = null;
|
|
9201
9224
|
}
|
|
9202
9225
|
}
|
|
9203
|
-
async function waitForBridgeResponse(timeoutMs, logger,
|
|
9226
|
+
async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
|
|
9204
9227
|
return new Promise((resolve, reject) => {
|
|
9205
9228
|
logger.verbose("BrowserUtils.waitForBridgeResponse - started", request.correlationId);
|
|
9206
9229
|
const correlationId = request.correlationId;
|
|
@@ -9208,7 +9231,7 @@
|
|
|
9208
9231
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9209
9232
|
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9210
9233
|
}, correlationId);
|
|
9211
|
-
const { libraryState } = parseRequestState(
|
|
9234
|
+
const { libraryState } = parseRequestState(base64Decode, request.state || "");
|
|
9212
9235
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9213
9236
|
let responseString = undefined;
|
|
9214
9237
|
let timedOut$1 = false;
|
|
@@ -9618,12 +9641,13 @@
|
|
|
9618
9641
|
* and logoutHint attribute wasn't manually set in logout request
|
|
9619
9642
|
*/
|
|
9620
9643
|
if (logoutRequest) {
|
|
9621
|
-
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
|
|
9644
|
+
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
|
|
9622
9645
|
if (!logoutRequest.logoutHint) {
|
|
9623
9646
|
if (logoutRequest.account) {
|
|
9624
|
-
const logoutHint =
|
|
9647
|
+
const logoutHint = logoutRequest.account.loginHint ||
|
|
9648
|
+
this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
|
|
9625
9649
|
if (logoutHint) {
|
|
9626
|
-
this.logger.verbose("Setting logoutHint to
|
|
9650
|
+
this.logger.verbose("Setting logoutHint value to loginHint of the account provided", this.correlationId);
|
|
9627
9651
|
validLogoutRequest.logoutHint = logoutHint;
|
|
9628
9652
|
}
|
|
9629
9653
|
}
|
|
@@ -9676,6 +9700,7 @@
|
|
|
9676
9700
|
const idTokenClaims = account.idTokenClaims;
|
|
9677
9701
|
if (idTokenClaims) {
|
|
9678
9702
|
if (idTokenClaims.login_hint) {
|
|
9703
|
+
this.logger.verbose("Extracted login_hint claim from account ID Token Claims to be used as logoutHint", this.correlationId);
|
|
9679
9704
|
return idTokenClaims.login_hint;
|
|
9680
9705
|
}
|
|
9681
9706
|
else {
|
|
@@ -10967,15 +10992,67 @@
|
|
|
10967
10992
|
}
|
|
10968
10993
|
}
|
|
10969
10994
|
|
|
10995
|
+
/*
|
|
10996
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10997
|
+
* Licensed under the MIT License.
|
|
10998
|
+
*/
|
|
10999
|
+
/**
|
|
11000
|
+
* Filters the headers returned by a {@link CustomAuthRequestInterceptor},
|
|
11001
|
+
* keeping only those that conform to the custom-auth header naming rules.
|
|
11002
|
+
*
|
|
11003
|
+
* Rules (mirrors the iOS / Android native auth implementations):
|
|
11004
|
+
* - Header names must start with `x-` (case-insensitive); others are dropped.
|
|
11005
|
+
* - Header names that start with any reserved prefix (`x-client-`, `x-ms-`,
|
|
11006
|
+
* `x-broker-`, `x-app-`) are dropped.
|
|
11007
|
+
* - Headers with empty/whitespace-only names or null/undefined values are dropped.
|
|
11008
|
+
*
|
|
11009
|
+
* Dropped headers are logged as warnings (PII-safe) when a logger is provided.
|
|
11010
|
+
*
|
|
11011
|
+
* @param headers - Raw headers returned by the interceptor.
|
|
11012
|
+
* @param logger - Optional logger used to emit warnings for dropped headers.
|
|
11013
|
+
* @param correlationId - Optional correlation id forwarded to the logger.
|
|
11014
|
+
* @returns A new record containing only the headers that pass the filter,
|
|
11015
|
+
* preserving the original casing of header names.
|
|
11016
|
+
*/
|
|
11017
|
+
function filterCustomHeaders(headers, logger, correlationId) {
|
|
11018
|
+
const filtered = {};
|
|
11019
|
+
if (!headers) {
|
|
11020
|
+
return filtered;
|
|
11021
|
+
}
|
|
11022
|
+
for (const [name, value] of Object.entries(headers)) {
|
|
11023
|
+
if (!name || value === undefined || value === null) {
|
|
11024
|
+
continue;
|
|
11025
|
+
}
|
|
11026
|
+
const trimmedName = name.trim();
|
|
11027
|
+
if (!trimmedName) {
|
|
11028
|
+
continue;
|
|
11029
|
+
}
|
|
11030
|
+
const lowerName = trimmedName.toLowerCase();
|
|
11031
|
+
if (!lowerName.startsWith(CustomHeaderConstants.REQUIRED_PREFIX)) {
|
|
11032
|
+
logger?.warningPii(`Additional header field "${trimmedName}" must start with the "${CustomHeaderConstants.REQUIRED_PREFIX}" prefix. Ignoring.`, correlationId ?? "");
|
|
11033
|
+
continue;
|
|
11034
|
+
}
|
|
11035
|
+
const reservedPrefix = CustomHeaderConstants.RESERVED_PREFIXES.find((prefix) => lowerName.startsWith(prefix));
|
|
11036
|
+
if (reservedPrefix) {
|
|
11037
|
+
logger?.warningPii(`Additional header field "${trimmedName}" uses reserved prefix "${reservedPrefix}". Ignoring.`, correlationId ?? "");
|
|
11038
|
+
continue;
|
|
11039
|
+
}
|
|
11040
|
+
filtered[trimmedName] = value;
|
|
11041
|
+
}
|
|
11042
|
+
return filtered;
|
|
11043
|
+
}
|
|
11044
|
+
|
|
10970
11045
|
/*
|
|
10971
11046
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10972
11047
|
* Licensed under the MIT License.
|
|
10973
11048
|
*/
|
|
10974
11049
|
class BaseApiClient {
|
|
10975
|
-
constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams) {
|
|
11050
|
+
constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
10976
11051
|
this.clientId = clientId;
|
|
10977
11052
|
this.httpClient = httpClient;
|
|
10978
11053
|
this.customAuthApiQueryParams = customAuthApiQueryParams;
|
|
11054
|
+
this.requestInterceptor = requestInterceptor;
|
|
11055
|
+
this.logger = logger;
|
|
10979
11056
|
this.baseRequestUrl = parseUrl(!baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl);
|
|
10980
11057
|
}
|
|
10981
11058
|
async request(endpoint, data, telemetryManager, correlationId) {
|
|
@@ -10983,8 +11060,10 @@
|
|
|
10983
11060
|
client_id: this.clientId,
|
|
10984
11061
|
...data,
|
|
10985
11062
|
});
|
|
10986
|
-
const
|
|
11063
|
+
const commonHeaders = this.getCommonHeaders(correlationId, telemetryManager);
|
|
10987
11064
|
const url = buildUrl(this.baseRequestUrl.href, endpoint, this.customAuthApiQueryParams);
|
|
11065
|
+
const additionalHeaders = await this.getAdditionalHeaders(url, correlationId);
|
|
11066
|
+
const headers = { ...commonHeaders, ...additionalHeaders };
|
|
10988
11067
|
let response;
|
|
10989
11068
|
try {
|
|
10990
11069
|
response = await this.httpClient.post(url, formData, headers);
|
|
@@ -11042,6 +11121,19 @@
|
|
|
11042
11121
|
: responseError.invalid_attributes ?? [];
|
|
11043
11122
|
throw new CustomAuthApiError(responseError.error, responseError.error_description, responseError.correlation_id, responseError.error_codes, responseError.suberror, attributes, responseError.continuation_token, responseError.trace_id, responseError.timestamp);
|
|
11044
11123
|
}
|
|
11124
|
+
async getAdditionalHeaders(url, correlationId) {
|
|
11125
|
+
if (!this.requestInterceptor) {
|
|
11126
|
+
return {};
|
|
11127
|
+
}
|
|
11128
|
+
try {
|
|
11129
|
+
const result = await Promise.resolve(this.requestInterceptor.addAdditionalHeaderFields(url));
|
|
11130
|
+
return filterCustomHeaders(result, this.logger, correlationId);
|
|
11131
|
+
}
|
|
11132
|
+
catch (e) {
|
|
11133
|
+
this.logger?.warningPii(`CustomAuthRequestInterceptor.addAdditionalHeaderFields threw an error; continuing without additional headers: ${e}`, correlationId);
|
|
11134
|
+
return {};
|
|
11135
|
+
}
|
|
11136
|
+
}
|
|
11045
11137
|
}
|
|
11046
11138
|
|
|
11047
11139
|
/*
|
|
@@ -11049,8 +11141,8 @@
|
|
|
11049
11141
|
* Licensed under the MIT License.
|
|
11050
11142
|
*/
|
|
11051
11143
|
class ResetPasswordApiClient extends BaseApiClient {
|
|
11052
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11053
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11144
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11145
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11054
11146
|
this.capabilities = capabilities;
|
|
11055
11147
|
}
|
|
11056
11148
|
/**
|
|
@@ -11133,8 +11225,8 @@
|
|
|
11133
11225
|
* Licensed under the MIT License.
|
|
11134
11226
|
*/
|
|
11135
11227
|
class SignupApiClient extends BaseApiClient {
|
|
11136
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11137
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11228
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11229
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11138
11230
|
this.capabilities = capabilities;
|
|
11139
11231
|
}
|
|
11140
11232
|
/**
|
|
@@ -11203,8 +11295,8 @@
|
|
|
11203
11295
|
* Licensed under the MIT License.
|
|
11204
11296
|
*/
|
|
11205
11297
|
class SignInApiClient extends BaseApiClient {
|
|
11206
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11207
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11298
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11299
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11208
11300
|
this.capabilities = capabilities;
|
|
11209
11301
|
}
|
|
11210
11302
|
/**
|
|
@@ -11371,11 +11463,11 @@
|
|
|
11371
11463
|
* Licensed under the MIT License.
|
|
11372
11464
|
*/
|
|
11373
11465
|
class CustomAuthApiClient {
|
|
11374
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11375
|
-
this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11376
|
-
this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11377
|
-
this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11378
|
-
this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11466
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11467
|
+
this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11468
|
+
this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11469
|
+
this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11470
|
+
this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11379
11471
|
}
|
|
11380
11472
|
}
|
|
11381
11473
|
|
|
@@ -14386,7 +14478,6 @@
|
|
|
14386
14478
|
const ACCOUNT_SCHEMA_VERSION = 3;
|
|
14387
14479
|
const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
|
|
14388
14480
|
const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
|
|
14389
|
-
const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
|
|
14390
14481
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
14391
14482
|
const ACCOUNT_KEYS = "account.keys";
|
|
14392
14483
|
const TOKEN_KEYS = "token.keys";
|
|
@@ -15005,6 +15096,7 @@
|
|
|
15005
15096
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
15006
15097
|
: parsedValue;
|
|
15007
15098
|
if (!decryptedData || !isCredentialEntity(decryptedData)) {
|
|
15099
|
+
this.browserStorage.removeItem(key);
|
|
15008
15100
|
this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
|
|
15009
15101
|
return null;
|
|
15010
15102
|
}
|
|
@@ -15035,6 +15127,7 @@
|
|
|
15035
15127
|
const rawValue = this.browserStorage.getItem(accountKey);
|
|
15036
15128
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
15037
15129
|
if (!parsedValue) {
|
|
15130
|
+
this.browserStorage.removeItem(accountKey);
|
|
15038
15131
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15039
15132
|
continue;
|
|
15040
15133
|
}
|
|
@@ -15049,6 +15142,15 @@
|
|
|
15049
15142
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
15050
15143
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15051
15144
|
}
|
|
15145
|
+
else if (isEncrypted(parsedValue)) {
|
|
15146
|
+
// Remove accounts encrypted with a different key (session cookie expired/changed)
|
|
15147
|
+
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
15148
|
+
if (!decrypted) {
|
|
15149
|
+
this.browserStorage.removeItem(accountKey);
|
|
15150
|
+
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
15151
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15152
|
+
}
|
|
15153
|
+
}
|
|
15052
15154
|
}
|
|
15053
15155
|
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
15054
15156
|
}
|
|
@@ -16578,7 +16680,7 @@
|
|
|
16578
16680
|
const NO_NETWORK = "NO_NETWORK";
|
|
16579
16681
|
const DISABLED = "DISABLED";
|
|
16580
16682
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
16581
|
-
const
|
|
16683
|
+
const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
|
|
16582
16684
|
|
|
16583
16685
|
/*
|
|
16584
16686
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -16633,8 +16735,8 @@
|
|
|
16633
16735
|
return createBrowserAuthError(userCancelled);
|
|
16634
16736
|
case NO_NETWORK:
|
|
16635
16737
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
16636
|
-
case
|
|
16637
|
-
return createInteractionRequiredAuthError(
|
|
16738
|
+
case UI_NOT_ALLOWED:
|
|
16739
|
+
return createInteractionRequiredAuthError(uiNotAllowed);
|
|
16638
16740
|
}
|
|
16639
16741
|
}
|
|
16640
16742
|
return new NativeAuthError(code, description, ext);
|
|
@@ -16865,7 +16967,7 @@
|
|
|
16865
16967
|
noHistory: false,
|
|
16866
16968
|
};
|
|
16867
16969
|
const redirectUri = navigateToLoginRequestUrl
|
|
16868
|
-
? window.location.href
|
|
16970
|
+
? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
|
|
16869
16971
|
: getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
16870
16972
|
rootMeasurement.end({ success: true });
|
|
16871
16973
|
await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
|
|
@@ -17920,6 +18022,7 @@
|
|
|
17920
18022
|
};
|
|
17921
18023
|
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
17922
18024
|
iframeTimeoutTelemetry: false,
|
|
18025
|
+
allowPlatformBrokerWithDOM: false,
|
|
17923
18026
|
};
|
|
17924
18027
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
17925
18028
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
@@ -18364,9 +18467,8 @@
|
|
|
18364
18467
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
18365
18468
|
* Licensed under the MIT License.
|
|
18366
18469
|
*/
|
|
18367
|
-
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
|
|
18470
|
+
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
|
|
18368
18471
|
logger.trace("getPlatformAuthProvider called", correlationId);
|
|
18369
|
-
const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
|
|
18370
18472
|
logger.trace(`Has client allowed platform auth via DOM API: '${enablePlatformBrokerDOMSupport}'`, correlationId);
|
|
18371
18473
|
let platformAuthProvider;
|
|
18372
18474
|
try {
|
|
@@ -18390,22 +18492,6 @@
|
|
|
18390
18492
|
}
|
|
18391
18493
|
return platformAuthProvider;
|
|
18392
18494
|
}
|
|
18393
|
-
/**
|
|
18394
|
-
* Returns true if the DOM API support for platform auth is enabled in session storage
|
|
18395
|
-
* @returns boolean
|
|
18396
|
-
* @deprecated
|
|
18397
|
-
*/
|
|
18398
|
-
function isDomEnabledForPlatformAuth() {
|
|
18399
|
-
let sessionStorage;
|
|
18400
|
-
try {
|
|
18401
|
-
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
18402
|
-
// Mute errors if it's a non-browser environment or cookies are blocked.
|
|
18403
|
-
return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
|
|
18404
|
-
}
|
|
18405
|
-
catch (e) {
|
|
18406
|
-
return false;
|
|
18407
|
-
}
|
|
18408
|
-
}
|
|
18409
18495
|
/**
|
|
18410
18496
|
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
18411
18497
|
* @param logger
|
|
@@ -18416,6 +18502,11 @@
|
|
|
18416
18502
|
*/
|
|
18417
18503
|
function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
|
|
18418
18504
|
logger.trace("isPlatformAuthAllowed called", correlationId);
|
|
18505
|
+
// throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
|
|
18506
|
+
if (!config.system.allowPlatformBroker &&
|
|
18507
|
+
config.experimental.allowPlatformBrokerWithDOM) {
|
|
18508
|
+
throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
|
|
18509
|
+
}
|
|
18419
18510
|
if (!config.system.allowPlatformBroker) {
|
|
18420
18511
|
logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false", correlationId);
|
|
18421
18512
|
// Developer disabled WAM
|
|
@@ -18445,10 +18536,11 @@
|
|
|
18445
18536
|
* Licensed under the MIT License.
|
|
18446
18537
|
*/
|
|
18447
18538
|
class PopupClient extends StandardInteractionClient {
|
|
18448
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
|
|
18539
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
|
|
18449
18540
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
|
|
18450
18541
|
this.nativeStorage = nativeStorageImpl;
|
|
18451
18542
|
this.eventHandler = eventHandler;
|
|
18543
|
+
this.waitForPopupResponseHook = waitForPopupResponseHook;
|
|
18452
18544
|
}
|
|
18453
18545
|
/**
|
|
18454
18546
|
* Acquires tokens by opening a popup window to the /authorize endpoint of the authority
|
|
@@ -18582,7 +18674,7 @@
|
|
|
18582
18674
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
18583
18675
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
|
|
18584
18676
|
// Wait for the redirect bridge response
|
|
18585
|
-
const responseString = await
|
|
18677
|
+
const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
|
|
18586
18678
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18587
18679
|
return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
18588
18680
|
}
|
|
@@ -18617,7 +18709,7 @@
|
|
|
18617
18709
|
const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
|
|
18618
18710
|
form.submit();
|
|
18619
18711
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
18620
|
-
const responseString = await invokeAsync(
|
|
18712
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
|
|
18621
18713
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18622
18714
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
18623
18715
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
@@ -18642,7 +18734,7 @@
|
|
|
18642
18734
|
const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
|
|
18643
18735
|
form.submit();
|
|
18644
18736
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
18645
|
-
const responseString = await invokeAsync(
|
|
18737
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
|
|
18646
18738
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18647
18739
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
18648
18740
|
}
|
|
@@ -18699,7 +18791,7 @@
|
|
|
18699
18791
|
// Open the popup window to requestUrl.
|
|
18700
18792
|
const popupWindow = this.openPopup(logoutUri, popupParams);
|
|
18701
18793
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
|
|
18702
|
-
await
|
|
18794
|
+
await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
|
|
18703
18795
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
18704
18796
|
});
|
|
18705
18797
|
if (mainWindowRedirectUri) {
|
|
@@ -18778,6 +18870,19 @@
|
|
|
18778
18870
|
if (!popupWindow) {
|
|
18779
18871
|
throw createBrowserAuthError(emptyWindowError);
|
|
18780
18872
|
}
|
|
18873
|
+
try {
|
|
18874
|
+
popupWindow.document.title = "Microsoft Authentication";
|
|
18875
|
+
}
|
|
18876
|
+
catch (e) {
|
|
18877
|
+
if (typeof DOMException !== "undefined" &&
|
|
18878
|
+
e instanceof DOMException &&
|
|
18879
|
+
e.name === "SecurityError") {
|
|
18880
|
+
// Cross-origin - title cannot be set
|
|
18881
|
+
}
|
|
18882
|
+
else {
|
|
18883
|
+
this.logger.verbose("Could not set document.title on popup window", this.correlationId);
|
|
18884
|
+
}
|
|
18885
|
+
}
|
|
18781
18886
|
if (popupWindow.focus) {
|
|
18782
18887
|
popupWindow.focus();
|
|
18783
18888
|
}
|
|
@@ -18856,6 +18961,12 @@
|
|
|
18856
18961
|
const homeAccountId = request.account && request.account.homeAccountId;
|
|
18857
18962
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
18858
18963
|
}
|
|
18964
|
+
async waitForPopupResponse(request, popupWindow, popupWindowParent) {
|
|
18965
|
+
if (this.waitForPopupResponseHook) {
|
|
18966
|
+
return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
|
|
18967
|
+
}
|
|
18968
|
+
return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
|
|
18969
|
+
}
|
|
18859
18970
|
}
|
|
18860
18971
|
|
|
18861
18972
|
/*
|
|
@@ -19009,6 +19120,8 @@
|
|
|
19009
19120
|
* @param options {HandleRedirectPromiseOptions} options for handling redirect promise
|
|
19010
19121
|
*/
|
|
19011
19122
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
19123
|
+
const originalTitle = document.title;
|
|
19124
|
+
document.title = "Microsoft Authentication";
|
|
19012
19125
|
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19013
19126
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
19014
19127
|
try {
|
|
@@ -19091,6 +19204,9 @@
|
|
|
19091
19204
|
}
|
|
19092
19205
|
throw e;
|
|
19093
19206
|
}
|
|
19207
|
+
finally {
|
|
19208
|
+
document.title = originalTitle;
|
|
19209
|
+
}
|
|
19094
19210
|
}
|
|
19095
19211
|
/**
|
|
19096
19212
|
* Gets the response hash for a redirect request
|
|
@@ -19346,6 +19462,7 @@
|
|
|
19346
19462
|
function createHiddenIframe() {
|
|
19347
19463
|
const authFrame = document.createElement("iframe");
|
|
19348
19464
|
authFrame.className = "msalSilentIframe";
|
|
19465
|
+
authFrame.title = "Microsoft Authentication";
|
|
19349
19466
|
authFrame.style.visibility = "hidden";
|
|
19350
19467
|
authFrame.style.position = "absolute";
|
|
19351
19468
|
authFrame.style.width = authFrame.style.height = "0";
|
|
@@ -19371,10 +19488,11 @@
|
|
|
19371
19488
|
* Licensed under the MIT License.
|
|
19372
19489
|
*/
|
|
19373
19490
|
class SilentIframeClient extends StandardInteractionClient {
|
|
19374
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
|
|
19491
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
|
|
19375
19492
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
|
|
19376
19493
|
this.apiId = apiId;
|
|
19377
19494
|
this.nativeStorage = nativeStorageImpl;
|
|
19495
|
+
this.waitForIframeResponseHook = waitForIframeResponseHook;
|
|
19378
19496
|
}
|
|
19379
19497
|
/**
|
|
19380
19498
|
* Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
|
|
@@ -19463,7 +19581,7 @@
|
|
|
19463
19581
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19464
19582
|
let responseString;
|
|
19465
19583
|
try {
|
|
19466
|
-
responseString = await invokeAsync(
|
|
19584
|
+
responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
19467
19585
|
}
|
|
19468
19586
|
finally {
|
|
19469
19587
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19561,7 +19679,7 @@
|
|
|
19561
19679
|
// Wait for response from the redirect bridge.
|
|
19562
19680
|
let responseString;
|
|
19563
19681
|
try {
|
|
19564
|
-
responseString = await invokeAsync(
|
|
19682
|
+
responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
19565
19683
|
}
|
|
19566
19684
|
finally {
|
|
19567
19685
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19569,6 +19687,12 @@
|
|
|
19569
19687
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
19570
19688
|
return { serverParams, pkceCodes, silentRequest };
|
|
19571
19689
|
}
|
|
19690
|
+
async waitForIframeResponse(iframe, request) {
|
|
19691
|
+
if (this.waitForIframeResponseHook) {
|
|
19692
|
+
return this.waitForIframeResponseHook(iframe, request);
|
|
19693
|
+
}
|
|
19694
|
+
return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
|
|
19695
|
+
}
|
|
19572
19696
|
}
|
|
19573
19697
|
|
|
19574
19698
|
/*
|
|
@@ -19863,7 +19987,7 @@
|
|
|
19863
19987
|
if (allowPlatformBroker) {
|
|
19864
19988
|
try {
|
|
19865
19989
|
// check if platform authentication is available via DOM or browser extension and create relevant handlers
|
|
19866
|
-
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
|
|
19990
|
+
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
|
|
19867
19991
|
}
|
|
19868
19992
|
catch (e) {
|
|
19869
19993
|
this.logger.verbose(e, correlationId);
|
|
@@ -20770,7 +20894,7 @@
|
|
|
20770
20894
|
* @param correlationId
|
|
20771
20895
|
*/
|
|
20772
20896
|
createPopupClient(correlationId) {
|
|
20773
|
-
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
20897
|
+
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
|
|
20774
20898
|
}
|
|
20775
20899
|
/**
|
|
20776
20900
|
* Returns new instance of the Redirect Interaction Client
|
|
@@ -20784,7 +20908,7 @@
|
|
|
20784
20908
|
* @param correlationId
|
|
20785
20909
|
*/
|
|
20786
20910
|
createSilentIframeClient(correlationId) {
|
|
20787
|
-
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
20911
|
+
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
|
|
20788
20912
|
}
|
|
20789
20913
|
/**
|
|
20790
20914
|
* Returns new instance of the Silent Cache Interaction Client
|
|
@@ -21245,7 +21369,7 @@
|
|
|
21245
21369
|
this.customAuthConfig = operatingContext.getCustomAuthConfig();
|
|
21246
21370
|
this.authority = new CustomAuthAuthority(this.customAuthConfig.auth.authority, this.customAuthConfig, this.networkClient, this.browserStorage, this.logger, this.performanceClient, this.customAuthConfig.customAuth?.authApiProxyUrl);
|
|
21247
21371
|
const interactionClientFactory = new CustomAuthInterationClientFactory(this.customAuthConfig, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, customAuthApiClient ??
|
|
21248
|
-
new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams), this.authority);
|
|
21372
|
+
new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams, this.customAuthConfig.customAuth?.requestInterceptor, this.logger), this.authority);
|
|
21249
21373
|
this.signInClient = interactionClientFactory.create(SignInClient);
|
|
21250
21374
|
this.signUpClient = interactionClientFactory.create(SignUpClient);
|
|
21251
21375
|
this.resetPasswordClient =
|
|
@@ -21557,7 +21681,7 @@
|
|
|
21557
21681
|
return;
|
|
21558
21682
|
}
|
|
21559
21683
|
}
|
|
21560
|
-
constructor(config) {
|
|
21684
|
+
constructor(config, responseHandlers) {
|
|
21561
21685
|
/*
|
|
21562
21686
|
* If loaded in an environment where window is not available,
|
|
21563
21687
|
* set internal flag to false so that further requests fail.
|
|
@@ -21565,6 +21689,7 @@
|
|
|
21565
21689
|
*/
|
|
21566
21690
|
this.browserEnvironment = typeof window !== "undefined";
|
|
21567
21691
|
this.config = buildConfiguration(config, this.browserEnvironment);
|
|
21692
|
+
this.responseHandlers = responseHandlers;
|
|
21568
21693
|
let sessionStorage;
|
|
21569
21694
|
try {
|
|
21570
21695
|
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
@@ -21601,6 +21726,13 @@
|
|
|
21601
21726
|
getConfig() {
|
|
21602
21727
|
return this.config;
|
|
21603
21728
|
}
|
|
21729
|
+
/**
|
|
21730
|
+
* Returns the internal response handlers supplied by PublicClientApplication, if any.
|
|
21731
|
+
* @returns AuthResponseHandlers | undefined
|
|
21732
|
+
*/
|
|
21733
|
+
getResponseHandlers() {
|
|
21734
|
+
return this.responseHandlers;
|
|
21735
|
+
}
|
|
21604
21736
|
/**
|
|
21605
21737
|
* Returns the MSAL Logger
|
|
21606
21738
|
* @returns Logger
|
|
@@ -21965,7 +22097,48 @@
|
|
|
21965
22097
|
constructor(configuration, controller) {
|
|
21966
22098
|
this.controller =
|
|
21967
22099
|
controller ||
|
|
21968
|
-
new StandardController(new StandardOperatingContext(configuration
|
|
22100
|
+
new StandardController(new StandardOperatingContext(configuration, {
|
|
22101
|
+
waitForPopupResponse: this.waitForPopupResponse.bind(this),
|
|
22102
|
+
waitForIframeResponse: this.waitForIframeResponse.bind(this),
|
|
22103
|
+
}));
|
|
22104
|
+
}
|
|
22105
|
+
/**
|
|
22106
|
+
* Waits for the auth response from a popup window opened by MSAL.
|
|
22107
|
+
*
|
|
22108
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
22109
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
22110
|
+
* with an `AuthError` on failure.
|
|
22111
|
+
*
|
|
22112
|
+
* @internal
|
|
22113
|
+
* @param request The in-flight authorization or end-session request.
|
|
22114
|
+
* @param popupWindow The popup window opened by MSAL.
|
|
22115
|
+
* @param popupWindowParent The parent window that opened the popup.
|
|
22116
|
+
*/
|
|
22117
|
+
async waitForPopupResponse(request,
|
|
22118
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22119
|
+
popupWindow,
|
|
22120
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22121
|
+
popupWindowParent) {
|
|
22122
|
+
const controller = this.controller;
|
|
22123
|
+
return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
|
|
22124
|
+
}
|
|
22125
|
+
/**
|
|
22126
|
+
* Waits for the auth response from a hidden iframe used by MSAL silent flows.
|
|
22127
|
+
*
|
|
22128
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
22129
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
22130
|
+
* with an `AuthError` on failure.
|
|
22131
|
+
*
|
|
22132
|
+
* @internal
|
|
22133
|
+
* @param iframe The hidden iframe MSAL attached to the document.
|
|
22134
|
+
* @param request The in-flight authorization request.
|
|
22135
|
+
*/
|
|
22136
|
+
async waitForIframeResponse(
|
|
22137
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22138
|
+
iframe, request) {
|
|
22139
|
+
const controller = this.controller;
|
|
22140
|
+
const config = controller.getConfiguration();
|
|
22141
|
+
return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
|
|
21969
22142
|
}
|
|
21970
22143
|
/**
|
|
21971
22144
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|