@azure/msal-browser 5.10.1 → 5.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (294) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +44 -2
  3. package/dist/app/PublicClientApplication.mjs.map +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  9. package/dist/cache/AccountManager.mjs +1 -1
  10. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  11. package/dist/cache/BrowserCacheManager.mjs +12 -1
  12. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.mjs +2 -3
  15. package/dist/cache/CacheKeys.mjs.map +1 -1
  16. package/dist/cache/CookieStorage.mjs +1 -1
  17. package/dist/cache/DatabaseStorage.mjs +1 -1
  18. package/dist/cache/EncryptedData.mjs +1 -1
  19. package/dist/cache/LocalStorage.mjs +1 -1
  20. package/dist/cache/MemoryStorage.mjs +1 -1
  21. package/dist/cache/SessionStorage.mjs +1 -1
  22. package/dist/cache/TokenCache.mjs +1 -1
  23. package/dist/config/Configuration.mjs +3 -2
  24. package/dist/config/Configuration.mjs.map +1 -1
  25. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  26. package/dist/controllers/StandardController.mjs +4 -4
  27. package/dist/controllers/StandardController.mjs.map +1 -1
  28. package/dist/crypto/BrowserCrypto.mjs +1 -1
  29. package/dist/crypto/CryptoOps.mjs +1 -1
  30. package/dist/crypto/PkceGenerator.mjs +1 -1
  31. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  32. package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
  33. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  34. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  35. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
  36. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  37. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  51. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  52. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  53. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  54. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  55. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  56. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  57. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  58. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  59. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  60. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  61. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  62. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  63. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  64. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  65. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  66. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  67. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  68. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  69. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  73. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  74. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  75. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
  77. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
  79. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
  83. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  84. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
  85. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  86. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
  87. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  88. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  89. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  90. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  91. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  92. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  93. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  94. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
  95. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
  96. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  97. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  98. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  99. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  100. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  101. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  102. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  103. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  104. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  105. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  106. package/dist/custom_auth/index.mjs +1 -1
  107. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  109. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  110. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  111. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  112. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  113. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  114. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  115. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  116. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  117. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  118. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  122. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  123. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  124. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  125. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  126. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  127. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  128. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  129. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  130. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  131. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  132. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  136. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  137. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  138. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  139. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  140. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  141. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  142. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  143. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  144. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  145. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  146. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  147. package/dist/encode/Base64Decode.mjs +1 -1
  148. package/dist/encode/Base64Encode.mjs +1 -1
  149. package/dist/error/BrowserAuthError.mjs +1 -1
  150. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  151. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  152. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  153. package/dist/error/NativeAuthError.mjs +4 -4
  154. package/dist/error/NativeAuthError.mjs.map +1 -1
  155. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  156. package/dist/error/NestedAppAuthError.mjs +1 -1
  157. package/dist/event/EventHandler.mjs +1 -1
  158. package/dist/event/EventMessage.mjs +1 -1
  159. package/dist/event/EventType.mjs +1 -1
  160. package/dist/index.mjs +1 -1
  161. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  162. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  163. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -3
  164. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  165. package/dist/interaction_client/PopupClient.mjs +27 -7
  166. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  167. package/dist/interaction_client/RedirectClient.mjs +6 -1
  168. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  169. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  170. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  171. package/dist/interaction_client/SilentIframeClient.mjs +11 -4
  172. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  173. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  174. package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
  175. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  176. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  177. package/dist/interaction_handler/SilentHandler.mjs +2 -1
  178. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  179. package/dist/log-strings-mapping.json +1203 -1187
  180. package/dist/naa/BridgeError.mjs +1 -1
  181. package/dist/naa/BridgeProxy.mjs +1 -1
  182. package/dist/naa/BridgeStatusCode.mjs +1 -1
  183. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  184. package/dist/navigation/NavigationClient.mjs +1 -1
  185. package/dist/network/FetchClient.mjs +1 -1
  186. package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
  187. package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
  188. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  189. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  190. package/dist/packageMetadata.mjs +2 -2
  191. package/dist/protocol/Authorize.mjs +1 -1
  192. package/dist/redirect_bridge/index.mjs +4 -5
  193. package/dist/redirect_bridge/index.mjs.map +1 -1
  194. package/dist/request/RequestHelpers.mjs +1 -1
  195. package/dist/response/ResponseHandler.mjs +1 -1
  196. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  197. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  198. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  199. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  200. package/dist/utils/BrowserConstants.mjs +1 -1
  201. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  202. package/dist/utils/BrowserUtils.mjs +15 -5
  203. package/dist/utils/BrowserUtils.mjs.map +1 -1
  204. package/dist/utils/Helpers.mjs +1 -1
  205. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  206. package/lib/custom-auth-path/log-strings-mapping.json +33 -17
  207. package/lib/custom-auth-path/msal-custom-auth.cjs +342 -169
  208. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  209. package/lib/custom-auth-path/msal-custom-auth.js +342 -169
  210. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  211. package/lib/log-strings-mapping.json +13 -9
  212. package/lib/msal-browser.cjs +275 -167
  213. package/lib/msal-browser.cjs.map +1 -1
  214. package/lib/msal-browser.js +275 -167
  215. package/lib/msal-browser.js.map +1 -1
  216. package/lib/msal-browser.min.js +2 -2
  217. package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
  218. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  219. package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
  220. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  221. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  222. package/package.json +2 -2
  223. package/src/app/PublicClientApplication.ts +85 -1
  224. package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
  225. package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
  226. package/src/cache/BrowserCacheManager.ts +17 -0
  227. package/src/config/Configuration.ts +5 -0
  228. package/src/controllers/StandardController.ts +6 -3
  229. package/src/custom_auth/CustomAuthConstants.ts +10 -0
  230. package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
  231. package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
  232. package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
  233. package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
  234. package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
  235. package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
  236. package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
  237. package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
  238. package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
  239. package/src/custom_auth/index.ts +4 -0
  240. package/src/error/NativeAuthError.ts +2 -2
  241. package/src/interaction_client/PlatformAuthInteractionClient.ts +5 -1
  242. package/src/interaction_client/PopupClient.ts +65 -27
  243. package/src/interaction_client/RedirectClient.ts +5 -0
  244. package/src/interaction_client/SilentIframeClient.ts +49 -19
  245. package/src/interaction_client/StandardInteractionClient.ts +11 -5
  246. package/src/interaction_handler/SilentHandler.ts +1 -0
  247. package/src/operatingcontext/BaseOperatingContext.ts +15 -1
  248. package/src/packageMetadata.ts +1 -1
  249. package/src/redirect_bridge/index.ts +3 -7
  250. package/src/utils/BrowserUtils.ts +28 -7
  251. package/types/app/PublicClientApplication.d.ts +37 -1
  252. package/types/app/PublicClientApplication.d.ts.map +1 -1
  253. package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
  254. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
  255. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  256. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  257. package/types/config/Configuration.d.ts +4 -0
  258. package/types/config/Configuration.d.ts.map +1 -1
  259. package/types/controllers/StandardController.d.ts.map +1 -1
  260. package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
  261. package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
  262. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
  263. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
  264. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
  265. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
  266. package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  267. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
  268. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
  269. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
  270. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  271. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
  272. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
  273. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
  274. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  275. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
  276. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
  277. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
  278. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
  279. package/types/custom_auth/index.d.ts +1 -0
  280. package/types/custom_auth/index.d.ts.map +1 -1
  281. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  282. package/types/interaction_client/PopupClient.d.ts +11 -1
  283. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  284. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  285. package/types/interaction_client/SilentIframeClient.d.ts +20 -1
  286. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  287. package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  288. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  289. package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
  290. package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
  291. package/types/packageMetadata.d.ts +1 -1
  292. package/types/redirect_bridge/index.d.ts.map +1 -1
  293. package/types/utils/BrowserUtils.d.ts +17 -2
  294. package/types/utils/BrowserUtils.d.ts.map +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.10.1 2026-05-11 */
1
+ /*! @azure/msal-browser v5.12.0 2026-06-05 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.6.1 2026-05-11 */
9
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -233,7 +233,7 @@
233
233
  // Token renewal offset default in seconds
234
234
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
235
235
 
236
- /*! @azure/msal-common v16.6.1 2026-05-11 */
236
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
237
237
  /*
238
238
  * Copyright (c) Microsoft Corporation. All rights reserved.
239
239
  * Licensed under the MIT License.
@@ -285,7 +285,7 @@
285
285
  const RESOURCE = "resource";
286
286
  const CLI_DATA = "clidata";
287
287
 
288
- /*! @azure/msal-common v16.6.1 2026-05-11 */
288
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
289
289
  /*
290
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
291
291
  * Licensed under the MIT License.
@@ -316,7 +316,7 @@
316
316
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
317
317
  }
318
318
 
319
- /*! @azure/msal-common v16.6.1 2026-05-11 */
319
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
320
320
 
321
321
  /*
322
322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -336,7 +336,7 @@
336
336
  return new ClientConfigurationError(errorCode);
337
337
  }
338
338
 
339
- /*! @azure/msal-common v16.6.1 2026-05-11 */
339
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
340
340
  /*
341
341
  * Copyright (c) Microsoft Corporation. All rights reserved.
342
342
  * Licensed under the MIT License.
@@ -416,7 +416,7 @@
416
416
  }
417
417
  }
418
418
 
419
- /*! @azure/msal-common v16.6.1 2026-05-11 */
419
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
420
420
 
421
421
  /*
422
422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -439,7 +439,7 @@
439
439
  return new ClientAuthError(errorCode, additionalMessage);
440
440
  }
441
441
 
442
- /*! @azure/msal-common v16.6.1 2026-05-11 */
442
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
443
443
  /*
444
444
  * Copyright (c) Microsoft Corporation. All rights reserved.
445
445
  * Licensed under the MIT License.
@@ -462,9 +462,10 @@
462
462
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
463
463
  const authorityMismatch = "authority_mismatch";
464
464
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
465
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
465
466
  const issuerValidationFailed = "issuer_validation_failed";
466
467
 
467
- /*! @azure/msal-common v16.6.1 2026-05-11 */
468
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
468
469
  /*
469
470
  * Copyright (c) Microsoft Corporation. All rights reserved.
470
471
  * Licensed under the MIT License.
@@ -503,7 +504,7 @@
503
504
  const resourceParameterRequired = "resource_parameter_required";
504
505
  const misplacedResourceParam = "misplaced_resource_parameter";
505
506
 
506
- /*! @azure/msal-common v16.6.1 2026-05-11 */
507
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
507
508
 
508
509
  /*
509
510
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -698,7 +699,7 @@
698
699
  }
699
700
  }
700
701
 
701
- /*! @azure/msal-common v16.6.1 2026-05-11 */
702
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
702
703
 
703
704
  /*
704
705
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1087,7 +1088,7 @@
1087
1088
  }
1088
1089
  }
1089
1090
 
1090
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1091
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1091
1092
 
1092
1093
  /*
1093
1094
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1196,7 +1197,7 @@
1196
1197
  }
1197
1198
  }
1198
1199
 
1199
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1200
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1200
1201
 
1201
1202
  /*
1202
1203
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1235,7 +1236,7 @@
1235
1236
  },
1236
1237
  };
1237
1238
 
1238
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1239
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1239
1240
  /*
1240
1241
  * Copyright (c) Microsoft Corporation. All rights reserved.
1241
1242
  * Licensed under the MIT License.
@@ -1496,12 +1497,12 @@
1496
1497
  }
1497
1498
  }
1498
1499
 
1499
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1500
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1500
1501
  /* eslint-disable header/header */
1501
1502
  const name$1 = "@azure/msal-common";
1502
- const version$1 = "16.6.1";
1503
+ const version$1 = "16.7.0";
1503
1504
 
1504
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1505
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1505
1506
  /*
1506
1507
  * Copyright (c) Microsoft Corporation. All rights reserved.
1507
1508
  * Licensed under the MIT License.
@@ -1510,7 +1511,7 @@
1510
1511
  // AzureCloudInstance is not specified.
1511
1512
  None: "none"};
1512
1513
 
1513
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1514
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1514
1515
  /*
1515
1516
  * Copyright (c) Microsoft Corporation. All rights reserved.
1516
1517
  * Licensed under the MIT License.
@@ -1593,7 +1594,7 @@
1593
1594
  return updatedAccountInfo;
1594
1595
  }
1595
1596
 
1596
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1597
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1597
1598
 
1598
1599
  /*
1599
1600
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1673,7 +1674,7 @@
1673
1674
  }
1674
1675
  }
1675
1676
 
1676
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1677
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1677
1678
 
1678
1679
  /*
1679
1680
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1830,7 +1831,7 @@
1830
1831
  }
1831
1832
  }
1832
1833
 
1833
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1834
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1834
1835
 
1835
1836
  /*
1836
1837
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1996,7 +1997,7 @@
1996
1997
  return null;
1997
1998
  }
1998
1999
 
1999
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2000
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2000
2001
  /*
2001
2002
  * Copyright (c) Microsoft Corporation. All rights reserved.
2002
2003
  * Licensed under the MIT License.
@@ -2004,7 +2005,7 @@
2004
2005
  const cacheQuotaExceeded = "cache_quota_exceeded";
2005
2006
  const cacheErrorUnknown = "cache_error_unknown";
2006
2007
 
2007
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2008
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2008
2009
 
2009
2010
  /*
2010
2011
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2042,7 +2043,7 @@
2042
2043
  }
2043
2044
  }
2044
2045
 
2045
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2046
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2046
2047
 
2047
2048
  /*
2048
2049
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2080,7 +2081,7 @@
2080
2081
  };
2081
2082
  }
2082
2083
 
2083
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2084
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2084
2085
  /*
2085
2086
  * Copyright (c) Microsoft Corporation. All rights reserved.
2086
2087
  * Licensed under the MIT License.
@@ -2095,7 +2096,7 @@
2095
2096
  Ciam: 3,
2096
2097
  };
2097
2098
 
2098
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2099
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2099
2100
  /*
2100
2101
  * Copyright (c) Microsoft Corporation. All rights reserved.
2101
2102
  * Licensed under the MIT License.
@@ -2117,7 +2118,7 @@
2117
2118
  return null;
2118
2119
  }
2119
2120
 
2120
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2121
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2121
2122
  /*
2122
2123
  * Copyright (c) Microsoft Corporation. All rights reserved.
2123
2124
  * Licensed under the MIT License.
@@ -2141,7 +2142,7 @@
2141
2142
  EAR: "EAR",
2142
2143
  };
2143
2144
 
2144
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2145
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2145
2146
  /**
2146
2147
  * Returns the AccountInfo interface for this account.
2147
2148
  */
@@ -2316,7 +2317,7 @@
2316
2317
  entity.hasOwnProperty("authorityType"));
2317
2318
  }
2318
2319
 
2319
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2320
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2320
2321
 
2321
2322
  /*
2322
2323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2456,8 +2457,8 @@
2456
2457
  return false;
2457
2458
  }
2458
2459
  if (!!tenantProfileFilter.username &&
2459
- !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
2460
- !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
2460
+ !this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
2461
+ !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
2461
2462
  return false;
2462
2463
  }
2463
2464
  if (!!tenantProfileFilter.loginHint &&
@@ -3447,7 +3448,7 @@
3447
3448
  }
3448
3449
  }
3449
3450
 
3450
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3451
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3451
3452
  /*
3452
3453
  * Copyright (c) Microsoft Corporation. All rights reserved.
3453
3454
  * Licensed under the MIT License.
@@ -3461,7 +3462,7 @@
3461
3462
  const PerformanceEventStatus = {
3462
3463
  InProgress: 1};
3463
3464
 
3464
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3465
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3465
3466
 
3466
3467
  /*
3467
3468
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3516,7 +3517,7 @@
3516
3517
  }
3517
3518
  }
3518
3519
 
3519
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3520
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3520
3521
 
3521
3522
  /*
3522
3523
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3611,7 +3612,7 @@
3611
3612
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3612
3613
  }
3613
3614
 
3614
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3615
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3615
3616
  /*
3616
3617
  * Copyright (c) Microsoft Corporation. All rights reserved.
3617
3618
  * Licensed under the MIT License.
@@ -3638,7 +3639,7 @@
3638
3639
  }
3639
3640
  }
3640
3641
 
3641
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3642
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3642
3643
  /*
3643
3644
  * Copyright (c) Microsoft Corporation. All rights reserved.
3644
3645
  * Licensed under the MIT License.
@@ -3703,7 +3704,7 @@
3703
3704
  return cachedAtSec > nowSeconds();
3704
3705
  }
3705
3706
 
3706
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3707
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3707
3708
 
3708
3709
  /*
3709
3710
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3962,7 +3963,7 @@
3962
3963
  return metadata.expiresAt <= nowSeconds();
3963
3964
  }
3964
3965
 
3965
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3966
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3966
3967
  /*
3967
3968
  * Copyright (c) Microsoft Corporation. All rights reserved.
3968
3969
  * Licensed under the MIT License.
@@ -4033,7 +4034,7 @@
4033
4034
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4034
4035
  const SetUserData = "setUserData";
4035
4036
 
4036
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4037
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4037
4038
  /*
4038
4039
  * Copyright (c) Microsoft Corporation. All rights reserved.
4039
4040
  * Licensed under the MIT License.
@@ -4126,7 +4127,7 @@
4126
4127
  };
4127
4128
  };
4128
4129
 
4129
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4130
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4130
4131
 
4131
4132
  /*
4132
4133
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4206,7 +4207,7 @@
4206
4207
  }
4207
4208
  }
4208
4209
 
4209
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4210
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4210
4211
  /*
4211
4212
  * Copyright (c) Microsoft Corporation. All rights reserved.
4212
4213
  * Licensed under the MIT License.
@@ -4230,7 +4231,7 @@
4230
4231
  * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4231
4232
  * @public
4232
4233
  */
4233
- const uxNotAllowed = "ux_not_allowed";
4234
+ const uiNotAllowed = "ui_not_allowed";
4234
4235
  /**
4235
4236
  * Server-originated error code indicating interaction is required to complete the request.
4236
4237
  * @public
@@ -4257,7 +4258,7 @@
4257
4258
  */
4258
4259
  const interruptedUser = "interrupted_user";
4259
4260
 
4260
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4261
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4261
4262
 
4262
4263
  /*
4263
4264
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4271,7 +4272,7 @@
4271
4272
  consentRequired,
4272
4273
  loginRequired,
4273
4274
  badToken,
4274
- uxNotAllowed,
4275
+ uiNotAllowed,
4275
4276
  interruptedUser,
4276
4277
  ];
4277
4278
  const InteractionRequiredAuthSubErrorMessage = [
@@ -4281,7 +4282,7 @@
4281
4282
  "user_password_expired",
4282
4283
  "consent_required",
4283
4284
  "bad_token",
4284
- "ux_not_allowed",
4285
+ "ui_not_allowed",
4285
4286
  "interrupted_user",
4286
4287
  ];
4287
4288
  /**
@@ -4325,7 +4326,7 @@
4325
4326
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4326
4327
  }
4327
4328
 
4328
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4329
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4329
4330
 
4330
4331
  /*
4331
4332
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4344,7 +4345,7 @@
4344
4345
  }
4345
4346
  }
4346
4347
 
4347
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4348
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4348
4349
 
4349
4350
  /*
4350
4351
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4412,7 +4413,7 @@
4412
4413
  }
4413
4414
  }
4414
4415
 
4415
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4416
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4416
4417
 
4417
4418
  /*
4418
4419
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4760,7 +4761,7 @@
4760
4761
  return baseAccount;
4761
4762
  }
4762
4763
 
4763
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4764
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4764
4765
  /*
4765
4766
  * Copyright (c) Microsoft Corporation. All rights reserved.
4766
4767
  * Licensed under the MIT License.
@@ -4770,7 +4771,7 @@
4770
4771
  UPN: "UPN",
4771
4772
  };
4772
4773
 
4773
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4774
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4774
4775
  /*
4775
4776
  * Copyright (c) Microsoft Corporation. All rights reserved.
4776
4777
  * Licensed under the MIT License.
@@ -4788,7 +4789,7 @@
4788
4789
  }
4789
4790
  }
4790
4791
 
4791
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4792
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4792
4793
  /*
4793
4794
  * Copyright (c) Microsoft Corporation. All rights reserved.
4794
4795
  * Licensed under the MIT License.
@@ -4809,7 +4810,7 @@
4809
4810
  };
4810
4811
  }
4811
4812
 
4812
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4813
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4813
4814
 
4814
4815
  /*
4815
4816
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4895,7 +4896,7 @@
4895
4896
  }
4896
4897
  }
4897
4898
 
4898
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4899
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4899
4900
 
4900
4901
  /*
4901
4902
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4926,7 +4927,7 @@
4926
4927
  return new NetworkError(error, httpStatus, responseHeaders);
4927
4928
  }
4928
4929
 
4929
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4930
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4930
4931
 
4931
4932
  /*
4932
4933
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5040,7 +5041,7 @@
5040
5041
  return response;
5041
5042
  }
5042
5043
 
5043
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5044
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5044
5045
  /*
5045
5046
  * Copyright (c) Microsoft Corporation. All rights reserved.
5046
5047
  * Licensed under the MIT License.
@@ -5052,7 +5053,7 @@
5052
5053
  response.hasOwnProperty("jwks_uri"));
5053
5054
  }
5054
5055
 
5055
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5056
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5056
5057
  /*
5057
5058
  * Copyright (c) Microsoft Corporation. All rights reserved.
5058
5059
  * Licensed under the MIT License.
@@ -5062,7 +5063,7 @@
5062
5063
  response.hasOwnProperty("metadata"));
5063
5064
  }
5064
5065
 
5065
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5066
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5066
5067
  /*
5067
5068
  * Copyright (c) Microsoft Corporation. All rights reserved.
5068
5069
  * Licensed under the MIT License.
@@ -5072,7 +5073,7 @@
5072
5073
  response.hasOwnProperty("error_description"));
5073
5074
  }
5074
5075
 
5075
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5076
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5076
5077
 
5077
5078
  /*
5078
5079
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5177,7 +5178,7 @@
5177
5178
  },
5178
5179
  };
5179
5180
 
5180
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5181
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5181
5182
 
5182
5183
  /*
5183
5184
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5734,7 +5735,7 @@
5734
5735
  }
5735
5736
  }
5736
5737
  // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
5737
- if (this.isInKnownAuthorities()) {
5738
+ if (this.isInKnownAuthorities(this.hostnameAndPort)) {
5738
5739
  this.logger.verbose("0mt9al", this.correlationId);
5739
5740
  return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
5740
5741
  }
@@ -5801,13 +5802,14 @@
5801
5802
  return match;
5802
5803
  }
5803
5804
  /**
5804
- * Helper function to determine if this host is included in the knownAuthorities config option
5805
+ * Helper function to determine if a host is included in the knownAuthorities config option.
5805
5806
  */
5806
- isInKnownAuthorities() {
5807
+ isInKnownAuthorities(host) {
5808
+ const normalizedHost = host.toLowerCase();
5807
5809
  const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
5808
5810
  return (authority &&
5809
5811
  UrlString.getDomainFromUrl(authority).toLowerCase() ===
5810
- this.hostnameAndPort);
5812
+ normalizedHost);
5811
5813
  });
5812
5814
  return matches.length > 0;
5813
5815
  }
@@ -5884,6 +5886,10 @@
5884
5886
  * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
5885
5887
  * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
5886
5888
  * path.
5889
+ * 5. The issuer host is HTTPS and is explicitly listed in the
5890
+ * developer-configured `knownAuthorities`. This covers scenarios where
5891
+ * the OIDC discovery document returns an issuer host that differs from
5892
+ * the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
5887
5893
  *
5888
5894
  * @param issuer The `issuer` value returned in the OIDC discovery document.
5889
5895
  * @throws ClientConfigurationError("issuer_validation_failed") on failure.
@@ -5920,11 +5926,19 @@
5920
5926
  * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
5921
5927
  */
5922
5928
  const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
5929
+ /*
5930
+ * Rule 5: The issuer host is explicitly listed in the developer-configured
5931
+ * knownAuthorities. This covers scenarios where the OIDC discovery document
5932
+ * returns an issuer with a different host than the authority
5933
+ * (e.g., a GUID-based issuer for a name-based authority).
5934
+ */
5935
+ const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
5923
5936
  // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
5924
5937
  if (matchesAuthorityOrigin ||
5925
5938
  matchesKnownMicrosoftHost ||
5926
5939
  matchesRegionalMicrosoftHost ||
5927
- matchesCiamTenantPattern) {
5940
+ matchesCiamTenantPattern ||
5941
+ matchesKnownAuthority) {
5928
5942
  return;
5929
5943
  }
5930
5944
  // issuer validation fails if none of the above rules are satisfied
@@ -6132,7 +6146,7 @@
6132
6146
  };
6133
6147
  }
6134
6148
 
6135
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6149
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6136
6150
 
6137
6151
  /*
6138
6152
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6166,7 +6180,7 @@
6166
6180
  }
6167
6181
  }
6168
6182
 
6169
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6183
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6170
6184
 
6171
6185
  /*
6172
6186
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6423,7 +6437,7 @@
6423
6437
  }
6424
6438
  }
6425
6439
 
6426
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6440
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6427
6441
 
6428
6442
  /*
6429
6443
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6644,7 +6658,7 @@
6644
6658
  }
6645
6659
  }
6646
6660
 
6647
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6661
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6648
6662
 
6649
6663
  /*
6650
6664
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6760,7 +6774,7 @@
6760
6774
  }
6761
6775
  }
6762
6776
 
6763
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6777
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6764
6778
 
6765
6779
  /*
6766
6780
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6775,7 +6789,7 @@
6775
6789
  },
6776
6790
  };
6777
6791
 
6778
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6792
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6779
6793
 
6780
6794
  /*
6781
6795
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6998,7 +7012,7 @@
6998
7012
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6999
7013
  }
7000
7014
 
7001
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7015
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7002
7016
 
7003
7017
  /*
7004
7018
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7031,7 +7045,7 @@
7031
7045
  return Object.prototype.hasOwnProperty.call(params, "resource");
7032
7046
  }
7033
7047
 
7034
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7048
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7035
7049
  /*
7036
7050
  * Copyright (c) Microsoft Corporation. All rights reserved.
7037
7051
  * Licensed under the MIT License.
@@ -7041,7 +7055,7 @@
7041
7055
  */
7042
7056
  const unexpectedError = "unexpected_error";
7043
7057
 
7044
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7058
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7045
7059
 
7046
7060
  /*
7047
7061
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7302,7 +7316,7 @@
7302
7316
  }
7303
7317
  }
7304
7318
 
7305
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7319
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7306
7320
 
7307
7321
  /*
7308
7322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7323,7 +7337,7 @@
7323
7337
  return new JoseHeaderError(code);
7324
7338
  }
7325
7339
 
7326
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7340
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7327
7341
  /*
7328
7342
  * Copyright (c) Microsoft Corporation. All rights reserved.
7329
7343
  * Licensed under the MIT License.
@@ -7331,7 +7345,7 @@
7331
7345
  const missingKidError = "missing_kid_error";
7332
7346
  const missingAlgError = "missing_alg_error";
7333
7347
 
7334
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7348
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7335
7349
 
7336
7350
  /*
7337
7351
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7766,7 +7780,7 @@
7766
7780
 
7767
7781
  /* eslint-disable header/header */
7768
7782
  const name = "@azure/msal-browser";
7769
- const version = "5.10.1";
7783
+ const version = "5.12.0";
7770
7784
 
7771
7785
  /*
7772
7786
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7795,6 +7809,15 @@
7795
7809
  CONTENT_TYPE: "Content-Type",
7796
7810
  X_MS_REQUEST_ID: "x-ms-request-id",
7797
7811
  };
7812
+ const CustomHeaderConstants = {
7813
+ REQUIRED_PREFIX: "x-",
7814
+ RESERVED_PREFIXES: [
7815
+ "x-client-",
7816
+ "x-ms-",
7817
+ "x-broker-",
7818
+ "x-app-",
7819
+ ],
7820
+ };
7798
7821
  const DefaultPackageInfo = {
7799
7822
  SKU: "msal.browser",
7800
7823
  VERSION: version,
@@ -8651,6 +8674,43 @@
8651
8674
  return new BrowserAuthError(errorCode, subError);
8652
8675
  }
8653
8676
 
8677
+ /*
8678
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8679
+ * Licensed under the MIT License.
8680
+ */
8681
+ /**
8682
+ * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
8683
+ * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
8684
+ */
8685
+ /**
8686
+ * Returns a URL-safe plaintext decoded string from b64 encoded input.
8687
+ * @param input
8688
+ */
8689
+ function base64Decode(input) {
8690
+ return new TextDecoder().decode(base64DecToArr(input));
8691
+ }
8692
+ /**
8693
+ * Decodes base64 into Uint8Array
8694
+ * @param base64String
8695
+ */
8696
+ function base64DecToArr(base64String) {
8697
+ let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
8698
+ switch (encodedString.length % 4) {
8699
+ case 0:
8700
+ break;
8701
+ case 2:
8702
+ encodedString += "==";
8703
+ break;
8704
+ case 3:
8705
+ encodedString += "=";
8706
+ break;
8707
+ default:
8708
+ throw createBrowserAuthError(invalidBase64String);
8709
+ }
8710
+ const binString = atob(encodedString);
8711
+ return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
8712
+ }
8713
+
8654
8714
  /*
8655
8715
  * Copyright (c) Microsoft Corporation. All rights reserved.
8656
8716
  * Licensed under the MIT License.
@@ -8695,43 +8755,6 @@
8695
8755
  return btoa(binString);
8696
8756
  }
8697
8757
 
8698
- /*
8699
- * Copyright (c) Microsoft Corporation. All rights reserved.
8700
- * Licensed under the MIT License.
8701
- */
8702
- /**
8703
- * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
8704
- * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
8705
- */
8706
- /**
8707
- * Returns a URL-safe plaintext decoded string from b64 encoded input.
8708
- * @param input
8709
- */
8710
- function base64Decode(input) {
8711
- return new TextDecoder().decode(base64DecToArr(input));
8712
- }
8713
- /**
8714
- * Decodes base64 into Uint8Array
8715
- * @param base64String
8716
- */
8717
- function base64DecToArr(base64String) {
8718
- let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
8719
- switch (encodedString.length % 4) {
8720
- case 0:
8721
- break;
8722
- case 2:
8723
- encodedString += "==";
8724
- break;
8725
- case 3:
8726
- encodedString += "=";
8727
- break;
8728
- default:
8729
- throw createBrowserAuthError(invalidBase64String);
8730
- }
8731
- const binString = atob(encodedString);
8732
- return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
8733
- }
8734
-
8735
8758
  /*
8736
8759
  * Copyright (c) Microsoft Corporation. All rights reserved.
8737
8760
  * Licensed under the MIT License.
@@ -9200,7 +9223,7 @@
9200
9223
  activeBridgeMonitor = null;
9201
9224
  }
9202
9225
  }
9203
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
9226
+ async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
9204
9227
  return new Promise((resolve, reject) => {
9205
9228
  logger.verbose("BrowserUtils.waitForBridgeResponse - started", request.correlationId);
9206
9229
  const correlationId = request.correlationId;
@@ -9208,7 +9231,7 @@
9208
9231
  redirectBridgeTimeoutMs: timeoutMs,
9209
9232
  lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
9210
9233
  }, correlationId);
9211
- const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
9234
+ const { libraryState } = parseRequestState(base64Decode, request.state || "");
9212
9235
  const channel = new BroadcastChannel(libraryState.id);
9213
9236
  let responseString = undefined;
9214
9237
  let timedOut$1 = false;
@@ -9618,12 +9641,13 @@
9618
9641
  * and logoutHint attribute wasn't manually set in logout request
9619
9642
  */
9620
9643
  if (logoutRequest) {
9621
- // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
9644
+ // If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
9622
9645
  if (!logoutRequest.logoutHint) {
9623
9646
  if (logoutRequest.account) {
9624
- const logoutHint = this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
9647
+ const logoutHint = logoutRequest.account.loginHint ||
9648
+ this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
9625
9649
  if (logoutHint) {
9626
- this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided", this.correlationId);
9650
+ this.logger.verbose("Setting logoutHint value to loginHint of the account provided", this.correlationId);
9627
9651
  validLogoutRequest.logoutHint = logoutHint;
9628
9652
  }
9629
9653
  }
@@ -9676,6 +9700,7 @@
9676
9700
  const idTokenClaims = account.idTokenClaims;
9677
9701
  if (idTokenClaims) {
9678
9702
  if (idTokenClaims.login_hint) {
9703
+ this.logger.verbose("Extracted login_hint claim from account ID Token Claims to be used as logoutHint", this.correlationId);
9679
9704
  return idTokenClaims.login_hint;
9680
9705
  }
9681
9706
  else {
@@ -10967,15 +10992,67 @@
10967
10992
  }
10968
10993
  }
10969
10994
 
10995
+ /*
10996
+ * Copyright (c) Microsoft Corporation. All rights reserved.
10997
+ * Licensed under the MIT License.
10998
+ */
10999
+ /**
11000
+ * Filters the headers returned by a {@link CustomAuthRequestInterceptor},
11001
+ * keeping only those that conform to the custom-auth header naming rules.
11002
+ *
11003
+ * Rules (mirrors the iOS / Android native auth implementations):
11004
+ * - Header names must start with `x-` (case-insensitive); others are dropped.
11005
+ * - Header names that start with any reserved prefix (`x-client-`, `x-ms-`,
11006
+ * `x-broker-`, `x-app-`) are dropped.
11007
+ * - Headers with empty/whitespace-only names or null/undefined values are dropped.
11008
+ *
11009
+ * Dropped headers are logged as warnings (PII-safe) when a logger is provided.
11010
+ *
11011
+ * @param headers - Raw headers returned by the interceptor.
11012
+ * @param logger - Optional logger used to emit warnings for dropped headers.
11013
+ * @param correlationId - Optional correlation id forwarded to the logger.
11014
+ * @returns A new record containing only the headers that pass the filter,
11015
+ * preserving the original casing of header names.
11016
+ */
11017
+ function filterCustomHeaders(headers, logger, correlationId) {
11018
+ const filtered = {};
11019
+ if (!headers) {
11020
+ return filtered;
11021
+ }
11022
+ for (const [name, value] of Object.entries(headers)) {
11023
+ if (!name || value === undefined || value === null) {
11024
+ continue;
11025
+ }
11026
+ const trimmedName = name.trim();
11027
+ if (!trimmedName) {
11028
+ continue;
11029
+ }
11030
+ const lowerName = trimmedName.toLowerCase();
11031
+ if (!lowerName.startsWith(CustomHeaderConstants.REQUIRED_PREFIX)) {
11032
+ logger?.warningPii(`Additional header field "${trimmedName}" must start with the "${CustomHeaderConstants.REQUIRED_PREFIX}" prefix. Ignoring.`, correlationId ?? "");
11033
+ continue;
11034
+ }
11035
+ const reservedPrefix = CustomHeaderConstants.RESERVED_PREFIXES.find((prefix) => lowerName.startsWith(prefix));
11036
+ if (reservedPrefix) {
11037
+ logger?.warningPii(`Additional header field "${trimmedName}" uses reserved prefix "${reservedPrefix}". Ignoring.`, correlationId ?? "");
11038
+ continue;
11039
+ }
11040
+ filtered[trimmedName] = value;
11041
+ }
11042
+ return filtered;
11043
+ }
11044
+
10970
11045
  /*
10971
11046
  * Copyright (c) Microsoft Corporation. All rights reserved.
10972
11047
  * Licensed under the MIT License.
10973
11048
  */
10974
11049
  class BaseApiClient {
10975
- constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams) {
11050
+ constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger) {
10976
11051
  this.clientId = clientId;
10977
11052
  this.httpClient = httpClient;
10978
11053
  this.customAuthApiQueryParams = customAuthApiQueryParams;
11054
+ this.requestInterceptor = requestInterceptor;
11055
+ this.logger = logger;
10979
11056
  this.baseRequestUrl = parseUrl(!baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl);
10980
11057
  }
10981
11058
  async request(endpoint, data, telemetryManager, correlationId) {
@@ -10983,8 +11060,10 @@
10983
11060
  client_id: this.clientId,
10984
11061
  ...data,
10985
11062
  });
10986
- const headers = this.getCommonHeaders(correlationId, telemetryManager);
11063
+ const commonHeaders = this.getCommonHeaders(correlationId, telemetryManager);
10987
11064
  const url = buildUrl(this.baseRequestUrl.href, endpoint, this.customAuthApiQueryParams);
11065
+ const additionalHeaders = await this.getAdditionalHeaders(url, correlationId);
11066
+ const headers = { ...commonHeaders, ...additionalHeaders };
10988
11067
  let response;
10989
11068
  try {
10990
11069
  response = await this.httpClient.post(url, formData, headers);
@@ -11042,6 +11121,19 @@
11042
11121
  : responseError.invalid_attributes ?? [];
11043
11122
  throw new CustomAuthApiError(responseError.error, responseError.error_description, responseError.correlation_id, responseError.error_codes, responseError.suberror, attributes, responseError.continuation_token, responseError.trace_id, responseError.timestamp);
11044
11123
  }
11124
+ async getAdditionalHeaders(url, correlationId) {
11125
+ if (!this.requestInterceptor) {
11126
+ return {};
11127
+ }
11128
+ try {
11129
+ const result = await Promise.resolve(this.requestInterceptor.addAdditionalHeaderFields(url));
11130
+ return filterCustomHeaders(result, this.logger, correlationId);
11131
+ }
11132
+ catch (e) {
11133
+ this.logger?.warningPii(`CustomAuthRequestInterceptor.addAdditionalHeaderFields threw an error; continuing without additional headers: ${e}`, correlationId);
11134
+ return {};
11135
+ }
11136
+ }
11045
11137
  }
11046
11138
 
11047
11139
  /*
@@ -11049,8 +11141,8 @@
11049
11141
  * Licensed under the MIT License.
11050
11142
  */
11051
11143
  class ResetPasswordApiClient extends BaseApiClient {
11052
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11053
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11144
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11145
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11054
11146
  this.capabilities = capabilities;
11055
11147
  }
11056
11148
  /**
@@ -11133,8 +11225,8 @@
11133
11225
  * Licensed under the MIT License.
11134
11226
  */
11135
11227
  class SignupApiClient extends BaseApiClient {
11136
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11137
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11228
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11229
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11138
11230
  this.capabilities = capabilities;
11139
11231
  }
11140
11232
  /**
@@ -11203,8 +11295,8 @@
11203
11295
  * Licensed under the MIT License.
11204
11296
  */
11205
11297
  class SignInApiClient extends BaseApiClient {
11206
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11207
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11298
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11299
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11208
11300
  this.capabilities = capabilities;
11209
11301
  }
11210
11302
  /**
@@ -11371,11 +11463,11 @@
11371
11463
  * Licensed under the MIT License.
11372
11464
  */
11373
11465
  class CustomAuthApiClient {
11374
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11375
- this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11376
- this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11377
- this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11378
- this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11466
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11467
+ this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11468
+ this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11469
+ this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11470
+ this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11379
11471
  }
11380
11472
  }
11381
11473
 
@@ -14386,7 +14478,6 @@
14386
14478
  const ACCOUNT_SCHEMA_VERSION = 3;
14387
14479
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
14388
14480
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
14389
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
14390
14481
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
14391
14482
  const ACCOUNT_KEYS = "account.keys";
14392
14483
  const TOKEN_KEYS = "token.keys";
@@ -15005,6 +15096,7 @@
15005
15096
  ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
15006
15097
  : parsedValue;
15007
15098
  if (!decryptedData || !isCredentialEntity(decryptedData)) {
15099
+ this.browserStorage.removeItem(key);
15008
15100
  this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
15009
15101
  return null;
15010
15102
  }
@@ -15035,6 +15127,7 @@
15035
15127
  const rawValue = this.browserStorage.getItem(accountKey);
15036
15128
  const parsedValue = this.validateAndParseJson(rawValue || "");
15037
15129
  if (!parsedValue) {
15130
+ this.browserStorage.removeItem(accountKey);
15038
15131
  removeElementFromArray(accountKeysToCheck, accountKey);
15039
15132
  continue;
15040
15133
  }
@@ -15049,6 +15142,15 @@
15049
15142
  await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
15050
15143
  removeElementFromArray(accountKeysToCheck, accountKey);
15051
15144
  }
15145
+ else if (isEncrypted(parsedValue)) {
15146
+ // Remove accounts encrypted with a different key (session cookie expired/changed)
15147
+ const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
15148
+ if (!decrypted) {
15149
+ this.browserStorage.removeItem(accountKey);
15150
+ this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
15151
+ removeElementFromArray(accountKeysToCheck, accountKey);
15152
+ }
15153
+ }
15052
15154
  }
15053
15155
  this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
15054
15156
  }
@@ -16578,7 +16680,7 @@
16578
16680
  const NO_NETWORK = "NO_NETWORK";
16579
16681
  const DISABLED = "DISABLED";
16580
16682
  const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
16581
- const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
16683
+ const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
16582
16684
 
16583
16685
  /*
16584
16686
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -16633,8 +16735,8 @@
16633
16735
  return createBrowserAuthError(userCancelled);
16634
16736
  case NO_NETWORK:
16635
16737
  return createBrowserAuthError(noNetworkConnectivity);
16636
- case UX_NOT_ALLOWED:
16637
- return createInteractionRequiredAuthError(uxNotAllowed);
16738
+ case UI_NOT_ALLOWED:
16739
+ return createInteractionRequiredAuthError(uiNotAllowed);
16638
16740
  }
16639
16741
  }
16640
16742
  return new NativeAuthError(code, description, ext);
@@ -16865,7 +16967,7 @@
16865
16967
  noHistory: false,
16866
16968
  };
16867
16969
  const redirectUri = navigateToLoginRequestUrl
16868
- ? window.location.href
16970
+ ? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
16869
16971
  : getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
16870
16972
  rootMeasurement.end({ success: true });
16871
16973
  await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
@@ -17920,6 +18022,7 @@
17920
18022
  };
17921
18023
  const DEFAULT_EXPERIMENTAL_OPTIONS = {
17922
18024
  iframeTimeoutTelemetry: false,
18025
+ allowPlatformBrokerWithDOM: false,
17923
18026
  };
17924
18027
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
17925
18028
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
@@ -18364,9 +18467,8 @@
18364
18467
  * Copyright (c) Microsoft Corporation. All rights reserved.
18365
18468
  * Licensed under the MIT License.
18366
18469
  */
18367
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
18470
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
18368
18471
  logger.trace("getPlatformAuthProvider called", correlationId);
18369
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
18370
18472
  logger.trace(`Has client allowed platform auth via DOM API: '${enablePlatformBrokerDOMSupport}'`, correlationId);
18371
18473
  let platformAuthProvider;
18372
18474
  try {
@@ -18390,22 +18492,6 @@
18390
18492
  }
18391
18493
  return platformAuthProvider;
18392
18494
  }
18393
- /**
18394
- * Returns true if the DOM API support for platform auth is enabled in session storage
18395
- * @returns boolean
18396
- * @deprecated
18397
- */
18398
- function isDomEnabledForPlatformAuth() {
18399
- let sessionStorage;
18400
- try {
18401
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
18402
- // Mute errors if it's a non-browser environment or cookies are blocked.
18403
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
18404
- }
18405
- catch (e) {
18406
- return false;
18407
- }
18408
- }
18409
18495
  /**
18410
18496
  * Returns boolean indicating whether or not the request should attempt to use platform broker
18411
18497
  * @param logger
@@ -18416,6 +18502,11 @@
18416
18502
  */
18417
18503
  function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
18418
18504
  logger.trace("isPlatformAuthAllowed called", correlationId);
18505
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
18506
+ if (!config.system.allowPlatformBroker &&
18507
+ config.experimental.allowPlatformBrokerWithDOM) {
18508
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
18509
+ }
18419
18510
  if (!config.system.allowPlatformBroker) {
18420
18511
  logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false", correlationId);
18421
18512
  // Developer disabled WAM
@@ -18445,10 +18536,11 @@
18445
18536
  * Licensed under the MIT License.
18446
18537
  */
18447
18538
  class PopupClient extends StandardInteractionClient {
18448
- constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
18539
+ constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
18449
18540
  super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
18450
18541
  this.nativeStorage = nativeStorageImpl;
18451
18542
  this.eventHandler = eventHandler;
18543
+ this.waitForPopupResponseHook = waitForPopupResponseHook;
18452
18544
  }
18453
18545
  /**
18454
18546
  * Acquires tokens by opening a popup window to the /authorize endpoint of the authority
@@ -18582,7 +18674,7 @@
18582
18674
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
18583
18675
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
18584
18676
  // Wait for the redirect bridge response
18585
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18677
+ const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
18586
18678
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18587
18679
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18588
18680
  }
@@ -18617,7 +18709,7 @@
18617
18709
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
18618
18710
  form.submit();
18619
18711
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18620
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
18712
+ const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
18621
18713
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18622
18714
  if (!serverParams.ear_jwe && serverParams.code) {
18623
18715
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -18642,7 +18734,7 @@
18642
18734
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
18643
18735
  form.submit();
18644
18736
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18645
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18737
+ const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
18646
18738
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18647
18739
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18648
18740
  }
@@ -18699,7 +18791,7 @@
18699
18791
  // Open the popup window to requestUrl.
18700
18792
  const popupWindow = this.openPopup(logoutUri, popupParams);
18701
18793
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
18702
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
18794
+ await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
18703
18795
  // Swallow any errors related to monitoring the window. Server logout is best effort
18704
18796
  });
18705
18797
  if (mainWindowRedirectUri) {
@@ -18778,6 +18870,19 @@
18778
18870
  if (!popupWindow) {
18779
18871
  throw createBrowserAuthError(emptyWindowError);
18780
18872
  }
18873
+ try {
18874
+ popupWindow.document.title = "Microsoft Authentication";
18875
+ }
18876
+ catch (e) {
18877
+ if (typeof DOMException !== "undefined" &&
18878
+ e instanceof DOMException &&
18879
+ e.name === "SecurityError") {
18880
+ // Cross-origin - title cannot be set
18881
+ }
18882
+ else {
18883
+ this.logger.verbose("Could not set document.title on popup window", this.correlationId);
18884
+ }
18885
+ }
18781
18886
  if (popupWindow.focus) {
18782
18887
  popupWindow.focus();
18783
18888
  }
@@ -18856,6 +18961,12 @@
18856
18961
  const homeAccountId = request.account && request.account.homeAccountId;
18857
18962
  return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
18858
18963
  }
18964
+ async waitForPopupResponse(request, popupWindow, popupWindowParent) {
18965
+ if (this.waitForPopupResponseHook) {
18966
+ return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
18967
+ }
18968
+ return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
18969
+ }
18859
18970
  }
18860
18971
 
18861
18972
  /*
@@ -19009,6 +19120,8 @@
19009
19120
  * @param options {HandleRedirectPromiseOptions} options for handling redirect promise
19010
19121
  */
19011
19122
  async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
19123
+ const originalTitle = document.title;
19124
+ document.title = "Microsoft Authentication";
19012
19125
  const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19013
19126
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
19014
19127
  try {
@@ -19091,6 +19204,9 @@
19091
19204
  }
19092
19205
  throw e;
19093
19206
  }
19207
+ finally {
19208
+ document.title = originalTitle;
19209
+ }
19094
19210
  }
19095
19211
  /**
19096
19212
  * Gets the response hash for a redirect request
@@ -19346,6 +19462,7 @@
19346
19462
  function createHiddenIframe() {
19347
19463
  const authFrame = document.createElement("iframe");
19348
19464
  authFrame.className = "msalSilentIframe";
19465
+ authFrame.title = "Microsoft Authentication";
19349
19466
  authFrame.style.visibility = "hidden";
19350
19467
  authFrame.style.position = "absolute";
19351
19468
  authFrame.style.width = authFrame.style.height = "0";
@@ -19371,10 +19488,11 @@
19371
19488
  * Licensed under the MIT License.
19372
19489
  */
19373
19490
  class SilentIframeClient extends StandardInteractionClient {
19374
- constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
19491
+ constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
19375
19492
  super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
19376
19493
  this.apiId = apiId;
19377
19494
  this.nativeStorage = nativeStorageImpl;
19495
+ this.waitForIframeResponseHook = waitForIframeResponseHook;
19378
19496
  }
19379
19497
  /**
19380
19498
  * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
@@ -19463,7 +19581,7 @@
19463
19581
  const responseType = this.config.auth.OIDCOptions.responseMode;
19464
19582
  let responseString;
19465
19583
  try {
19466
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
19584
+ responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19467
19585
  }
19468
19586
  finally {
19469
19587
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19561,7 +19679,7 @@
19561
19679
  // Wait for response from the redirect bridge.
19562
19680
  let responseString;
19563
19681
  try {
19564
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
19682
+ responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19565
19683
  }
19566
19684
  finally {
19567
19685
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19569,6 +19687,12 @@
19569
19687
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19570
19688
  return { serverParams, pkceCodes, silentRequest };
19571
19689
  }
19690
+ async waitForIframeResponse(iframe, request) {
19691
+ if (this.waitForIframeResponseHook) {
19692
+ return this.waitForIframeResponseHook(iframe, request);
19693
+ }
19694
+ return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
19695
+ }
19572
19696
  }
19573
19697
 
19574
19698
  /*
@@ -19863,7 +19987,7 @@
19863
19987
  if (allowPlatformBroker) {
19864
19988
  try {
19865
19989
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
19866
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
19990
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
19867
19991
  }
19868
19992
  catch (e) {
19869
19993
  this.logger.verbose(e, correlationId);
@@ -20770,7 +20894,7 @@
20770
20894
  * @param correlationId
20771
20895
  */
20772
20896
  createPopupClient(correlationId) {
20773
- return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
20897
+ return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
20774
20898
  }
20775
20899
  /**
20776
20900
  * Returns new instance of the Redirect Interaction Client
@@ -20784,7 +20908,7 @@
20784
20908
  * @param correlationId
20785
20909
  */
20786
20910
  createSilentIframeClient(correlationId) {
20787
- return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
20911
+ return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
20788
20912
  }
20789
20913
  /**
20790
20914
  * Returns new instance of the Silent Cache Interaction Client
@@ -21245,7 +21369,7 @@
21245
21369
  this.customAuthConfig = operatingContext.getCustomAuthConfig();
21246
21370
  this.authority = new CustomAuthAuthority(this.customAuthConfig.auth.authority, this.customAuthConfig, this.networkClient, this.browserStorage, this.logger, this.performanceClient, this.customAuthConfig.customAuth?.authApiProxyUrl);
21247
21371
  const interactionClientFactory = new CustomAuthInterationClientFactory(this.customAuthConfig, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, customAuthApiClient ??
21248
- new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams), this.authority);
21372
+ new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams, this.customAuthConfig.customAuth?.requestInterceptor, this.logger), this.authority);
21249
21373
  this.signInClient = interactionClientFactory.create(SignInClient);
21250
21374
  this.signUpClient = interactionClientFactory.create(SignUpClient);
21251
21375
  this.resetPasswordClient =
@@ -21557,7 +21681,7 @@
21557
21681
  return;
21558
21682
  }
21559
21683
  }
21560
- constructor(config) {
21684
+ constructor(config, responseHandlers) {
21561
21685
  /*
21562
21686
  * If loaded in an environment where window is not available,
21563
21687
  * set internal flag to false so that further requests fail.
@@ -21565,6 +21689,7 @@
21565
21689
  */
21566
21690
  this.browserEnvironment = typeof window !== "undefined";
21567
21691
  this.config = buildConfiguration(config, this.browserEnvironment);
21692
+ this.responseHandlers = responseHandlers;
21568
21693
  let sessionStorage;
21569
21694
  try {
21570
21695
  sessionStorage = window[BrowserCacheLocation.SessionStorage];
@@ -21601,6 +21726,13 @@
21601
21726
  getConfig() {
21602
21727
  return this.config;
21603
21728
  }
21729
+ /**
21730
+ * Returns the internal response handlers supplied by PublicClientApplication, if any.
21731
+ * @returns AuthResponseHandlers | undefined
21732
+ */
21733
+ getResponseHandlers() {
21734
+ return this.responseHandlers;
21735
+ }
21604
21736
  /**
21605
21737
  * Returns the MSAL Logger
21606
21738
  * @returns Logger
@@ -21965,7 +22097,48 @@
21965
22097
  constructor(configuration, controller) {
21966
22098
  this.controller =
21967
22099
  controller ||
21968
- new StandardController(new StandardOperatingContext(configuration));
22100
+ new StandardController(new StandardOperatingContext(configuration, {
22101
+ waitForPopupResponse: this.waitForPopupResponse.bind(this),
22102
+ waitForIframeResponse: this.waitForIframeResponse.bind(this),
22103
+ }));
22104
+ }
22105
+ /**
22106
+ * Waits for the auth response from a popup window opened by MSAL.
22107
+ *
22108
+ * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
22109
+ * Subclasses must return the raw response string (hash/query/fragment), or reject
22110
+ * with an `AuthError` on failure.
22111
+ *
22112
+ * @internal
22113
+ * @param request The in-flight authorization or end-session request.
22114
+ * @param popupWindow The popup window opened by MSAL.
22115
+ * @param popupWindowParent The parent window that opened the popup.
22116
+ */
22117
+ async waitForPopupResponse(request,
22118
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22119
+ popupWindow,
22120
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22121
+ popupWindowParent) {
22122
+ const controller = this.controller;
22123
+ return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
22124
+ }
22125
+ /**
22126
+ * Waits for the auth response from a hidden iframe used by MSAL silent flows.
22127
+ *
22128
+ * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
22129
+ * Subclasses must return the raw response string (hash/query/fragment), or reject
22130
+ * with an `AuthError` on failure.
22131
+ *
22132
+ * @internal
22133
+ * @param iframe The hidden iframe MSAL attached to the document.
22134
+ * @param request The in-flight authorization request.
22135
+ */
22136
+ async waitForIframeResponse(
22137
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22138
+ iframe, request) {
22139
+ const controller = this.controller;
22140
+ const config = controller.getConfiguration();
22141
+ return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
21969
22142
  }
21970
22143
  /**
21971
22144
  * Initializer function to perform async startup tasks such as connecting to WAM extension