@azure/msal-browser 5.10.1 → 5.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +44 -2
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +12 -1
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +2 -3
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +3 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +4 -4
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +4 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -3
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +27 -7
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -1
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +11 -4
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +2 -1
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1203 -1187
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +4 -5
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +15 -5
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +33 -17
- package/lib/custom-auth-path/msal-custom-auth.cjs +342 -169
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +342 -169
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +13 -9
- package/lib/msal-browser.cjs +275 -167
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +275 -167
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +2 -2
- package/src/app/PublicClientApplication.ts +85 -1
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
- package/src/cache/BrowserCacheManager.ts +17 -0
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/StandardController.ts +6 -3
- package/src/custom_auth/CustomAuthConstants.ts +10 -0
- package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
- package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
- package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
- package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
- package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
- package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
- package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
- package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
- package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
- package/src/custom_auth/index.ts +4 -0
- package/src/error/NativeAuthError.ts +2 -2
- package/src/interaction_client/PlatformAuthInteractionClient.ts +5 -1
- package/src/interaction_client/PopupClient.ts +65 -27
- package/src/interaction_client/RedirectClient.ts +5 -0
- package/src/interaction_client/SilentIframeClient.ts +49 -19
- package/src/interaction_client/StandardInteractionClient.ts +11 -5
- package/src/interaction_handler/SilentHandler.ts +1 -0
- package/src/operatingcontext/BaseOperatingContext.ts +15 -1
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +3 -7
- package/src/utils/BrowserUtils.ts +28 -7
- package/types/app/PublicClientApplication.d.ts +37 -1
- package/types/app/PublicClientApplication.d.ts.map +1 -1
- package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +4 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
- package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
- package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
- package/types/custom_auth/index.d.ts +1 -0
- package/types/custom_auth/index.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +11 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts +20 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/redirect_bridge/index.d.ts.map +1 -1
- package/types/utils/BrowserUtils.d.ts +17 -2
- package/types/utils/BrowserUtils.d.ts.map +1 -1
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.12.0 2026-06-05 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.
|
|
5
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
|
|
|
234
234
|
// Token renewal offset default in seconds
|
|
235
235
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
236
236
|
|
|
237
|
-
/*! @azure/msal-common v16.
|
|
237
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
238
238
|
/*
|
|
239
239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
240
240
|
* Licensed under the MIT License.
|
|
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
286
286
|
const RESOURCE = "resource";
|
|
287
287
|
const CLI_DATA = "clidata";
|
|
288
288
|
|
|
289
|
-
/*! @azure/msal-common v16.
|
|
289
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
290
290
|
/*
|
|
291
291
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
292
292
|
* Licensed under the MIT License.
|
|
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
317
317
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
318
318
|
}
|
|
319
319
|
|
|
320
|
-
/*! @azure/msal-common v16.
|
|
320
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
321
321
|
|
|
322
322
|
/*
|
|
323
323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
337
337
|
return new ClientConfigurationError(errorCode);
|
|
338
338
|
}
|
|
339
339
|
|
|
340
|
-
/*! @azure/msal-common v16.
|
|
340
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
341
341
|
/*
|
|
342
342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
343
343
|
* Licensed under the MIT License.
|
|
@@ -417,7 +417,7 @@ class StringUtils {
|
|
|
417
417
|
}
|
|
418
418
|
}
|
|
419
419
|
|
|
420
|
-
/*! @azure/msal-common v16.
|
|
420
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
421
421
|
|
|
422
422
|
/*
|
|
423
423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
440
440
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
441
441
|
}
|
|
442
442
|
|
|
443
|
-
/*! @azure/msal-common v16.
|
|
443
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
444
444
|
/*
|
|
445
445
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
446
446
|
* Licensed under the MIT License.
|
|
@@ -467,6 +467,7 @@ const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
|
467
467
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
468
468
|
const authorityMismatch = "authority_mismatch";
|
|
469
469
|
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
470
|
+
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
470
471
|
const issuerValidationFailed = "issuer_validation_failed";
|
|
471
472
|
|
|
472
473
|
var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
@@ -482,6 +483,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
482
483
|
invalidClaims: invalidClaims,
|
|
483
484
|
invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
|
|
484
485
|
invalidCodeChallengeMethod: invalidCodeChallengeMethod,
|
|
486
|
+
invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration,
|
|
485
487
|
invalidRequestMethodForEAR: invalidRequestMethodForEAR,
|
|
486
488
|
issuerValidationFailed: issuerValidationFailed,
|
|
487
489
|
logoutRequestEmpty: logoutRequestEmpty,
|
|
@@ -496,7 +498,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
496
498
|
urlParseError: urlParseError
|
|
497
499
|
});
|
|
498
500
|
|
|
499
|
-
/*! @azure/msal-common v16.
|
|
501
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
500
502
|
/*
|
|
501
503
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
502
504
|
* Licensed under the MIT License.
|
|
@@ -584,7 +586,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
584
586
|
userCanceled: userCanceled
|
|
585
587
|
});
|
|
586
588
|
|
|
587
|
-
/*! @azure/msal-common v16.
|
|
589
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
588
590
|
|
|
589
591
|
/*
|
|
590
592
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -779,7 +781,7 @@ class ScopeSet {
|
|
|
779
781
|
}
|
|
780
782
|
}
|
|
781
783
|
|
|
782
|
-
/*! @azure/msal-common v16.
|
|
784
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
783
785
|
|
|
784
786
|
/*
|
|
785
787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1168,7 +1170,7 @@ function addResource(parameters, resource) {
|
|
|
1168
1170
|
}
|
|
1169
1171
|
}
|
|
1170
1172
|
|
|
1171
|
-
/*! @azure/msal-common v16.
|
|
1173
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1172
1174
|
|
|
1173
1175
|
/*
|
|
1174
1176
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1277,7 +1279,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1277
1279
|
}
|
|
1278
1280
|
}
|
|
1279
1281
|
|
|
1280
|
-
/*! @azure/msal-common v16.
|
|
1282
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1281
1283
|
|
|
1282
1284
|
/*
|
|
1283
1285
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1316,7 +1318,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1316
1318
|
},
|
|
1317
1319
|
};
|
|
1318
1320
|
|
|
1319
|
-
/*! @azure/msal-common v16.
|
|
1321
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1320
1322
|
/*
|
|
1321
1323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1322
1324
|
* Licensed under the MIT License.
|
|
@@ -1591,12 +1593,12 @@ class Logger {
|
|
|
1591
1593
|
}
|
|
1592
1594
|
}
|
|
1593
1595
|
|
|
1594
|
-
/*! @azure/msal-common v16.
|
|
1596
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1595
1597
|
/* eslint-disable header/header */
|
|
1596
1598
|
const name$1 = "@azure/msal-common";
|
|
1597
|
-
const version$1 = "16.
|
|
1599
|
+
const version$1 = "16.7.0";
|
|
1598
1600
|
|
|
1599
|
-
/*! @azure/msal-common v16.
|
|
1601
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1600
1602
|
/*
|
|
1601
1603
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1602
1604
|
* Licensed under the MIT License.
|
|
@@ -1616,7 +1618,7 @@ const AzureCloudInstance = {
|
|
|
1616
1618
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1617
1619
|
};
|
|
1618
1620
|
|
|
1619
|
-
/*! @azure/msal-common v16.
|
|
1621
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1620
1622
|
/*
|
|
1621
1623
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1622
1624
|
* Licensed under the MIT License.
|
|
@@ -1699,7 +1701,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1699
1701
|
return updatedAccountInfo;
|
|
1700
1702
|
}
|
|
1701
1703
|
|
|
1702
|
-
/*! @azure/msal-common v16.
|
|
1704
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1703
1705
|
|
|
1704
1706
|
/*
|
|
1705
1707
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1779,7 +1781,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1779
1781
|
}
|
|
1780
1782
|
}
|
|
1781
1783
|
|
|
1782
|
-
/*! @azure/msal-common v16.
|
|
1784
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1783
1785
|
|
|
1784
1786
|
/*
|
|
1785
1787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1936,7 +1938,7 @@ class UrlString {
|
|
|
1936
1938
|
}
|
|
1937
1939
|
}
|
|
1938
1940
|
|
|
1939
|
-
/*! @azure/msal-common v16.
|
|
1941
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1940
1942
|
|
|
1941
1943
|
/*
|
|
1942
1944
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2102,7 +2104,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2102
2104
|
return null;
|
|
2103
2105
|
}
|
|
2104
2106
|
|
|
2105
|
-
/*! @azure/msal-common v16.
|
|
2107
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2106
2108
|
/*
|
|
2107
2109
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2108
2110
|
* Licensed under the MIT License.
|
|
@@ -2110,7 +2112,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2110
2112
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2111
2113
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2112
2114
|
|
|
2113
|
-
/*! @azure/msal-common v16.
|
|
2115
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2114
2116
|
|
|
2115
2117
|
/*
|
|
2116
2118
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2148,7 +2150,7 @@ function createCacheError(e) {
|
|
|
2148
2150
|
}
|
|
2149
2151
|
}
|
|
2150
2152
|
|
|
2151
|
-
/*! @azure/msal-common v16.
|
|
2153
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2152
2154
|
|
|
2153
2155
|
/*
|
|
2154
2156
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2186,7 +2188,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2186
2188
|
};
|
|
2187
2189
|
}
|
|
2188
2190
|
|
|
2189
|
-
/*! @azure/msal-common v16.
|
|
2191
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2190
2192
|
/*
|
|
2191
2193
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2192
2194
|
* Licensed under the MIT License.
|
|
@@ -2201,7 +2203,7 @@ const AuthorityType = {
|
|
|
2201
2203
|
Ciam: 3,
|
|
2202
2204
|
};
|
|
2203
2205
|
|
|
2204
|
-
/*! @azure/msal-common v16.
|
|
2206
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2205
2207
|
/*
|
|
2206
2208
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2207
2209
|
* Licensed under the MIT License.
|
|
@@ -2223,7 +2225,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2223
2225
|
return null;
|
|
2224
2226
|
}
|
|
2225
2227
|
|
|
2226
|
-
/*! @azure/msal-common v16.
|
|
2228
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2227
2229
|
/*
|
|
2228
2230
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2229
2231
|
* Licensed under the MIT License.
|
|
@@ -2247,7 +2249,7 @@ const ProtocolMode = {
|
|
|
2247
2249
|
EAR: "EAR",
|
|
2248
2250
|
};
|
|
2249
2251
|
|
|
2250
|
-
/*! @azure/msal-common v16.
|
|
2252
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2251
2253
|
/**
|
|
2252
2254
|
* Returns the AccountInfo interface for this account.
|
|
2253
2255
|
*/
|
|
@@ -2422,7 +2424,7 @@ function isAccountEntity(entity) {
|
|
|
2422
2424
|
entity.hasOwnProperty("authorityType"));
|
|
2423
2425
|
}
|
|
2424
2426
|
|
|
2425
|
-
/*! @azure/msal-common v16.
|
|
2427
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2426
2428
|
|
|
2427
2429
|
/*
|
|
2428
2430
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2562,8 +2564,8 @@ class CacheManager {
|
|
|
2562
2564
|
return false;
|
|
2563
2565
|
}
|
|
2564
2566
|
if (!!tenantProfileFilter.username &&
|
|
2565
|
-
!
|
|
2566
|
-
|
|
2567
|
+
!this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
|
|
2568
|
+
!this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
|
|
2567
2569
|
return false;
|
|
2568
2570
|
}
|
|
2569
2571
|
if (!!tenantProfileFilter.loginHint &&
|
|
@@ -3554,7 +3556,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3554
3556
|
}
|
|
3555
3557
|
}
|
|
3556
3558
|
|
|
3557
|
-
/*! @azure/msal-common v16.
|
|
3559
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3558
3560
|
/*
|
|
3559
3561
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3560
3562
|
* Licensed under the MIT License.
|
|
@@ -3605,7 +3607,7 @@ const IntFields = new Set([
|
|
|
3605
3607
|
"redirectBridgeMessageVersion",
|
|
3606
3608
|
]);
|
|
3607
3609
|
|
|
3608
|
-
/*! @azure/msal-common v16.
|
|
3610
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3609
3611
|
|
|
3610
3612
|
/*
|
|
3611
3613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3660,7 +3662,7 @@ class StubPerformanceClient {
|
|
|
3660
3662
|
}
|
|
3661
3663
|
}
|
|
3662
3664
|
|
|
3663
|
-
/*! @azure/msal-common v16.
|
|
3665
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3664
3666
|
|
|
3665
3667
|
/*
|
|
3666
3668
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3755,7 +3757,7 @@ function isOidcProtocolMode(config) {
|
|
|
3755
3757
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3756
3758
|
}
|
|
3757
3759
|
|
|
3758
|
-
/*! @azure/msal-common v16.
|
|
3760
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3759
3761
|
/*
|
|
3760
3762
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3761
3763
|
* Licensed under the MIT License.
|
|
@@ -3782,7 +3784,7 @@ function isOidcProtocolMode(config) {
|
|
|
3782
3784
|
}
|
|
3783
3785
|
}
|
|
3784
3786
|
|
|
3785
|
-
/*! @azure/msal-common v16.
|
|
3787
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3786
3788
|
/*
|
|
3787
3789
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3788
3790
|
* Licensed under the MIT License.
|
|
@@ -3847,7 +3849,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3847
3849
|
return cachedAtSec > nowSeconds();
|
|
3848
3850
|
}
|
|
3849
3851
|
|
|
3850
|
-
/*! @azure/msal-common v16.
|
|
3852
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3851
3853
|
|
|
3852
3854
|
/*
|
|
3853
3855
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4106,7 +4108,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
4106
4108
|
return metadata.expiresAt <= nowSeconds();
|
|
4107
4109
|
}
|
|
4108
4110
|
|
|
4109
|
-
/*! @azure/msal-common v16.
|
|
4111
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4110
4112
|
/*
|
|
4111
4113
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4112
4114
|
* Licensed under the MIT License.
|
|
@@ -4177,7 +4179,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4177
4179
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4178
4180
|
const SetUserData = "setUserData";
|
|
4179
4181
|
|
|
4180
|
-
/*! @azure/msal-common v16.
|
|
4182
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4181
4183
|
/*
|
|
4182
4184
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4183
4185
|
* Licensed under the MIT License.
|
|
@@ -4270,7 +4272,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4270
4272
|
};
|
|
4271
4273
|
};
|
|
4272
4274
|
|
|
4273
|
-
/*! @azure/msal-common v16.
|
|
4275
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4274
4276
|
|
|
4275
4277
|
/*
|
|
4276
4278
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4350,7 +4352,7 @@ class PopTokenGenerator {
|
|
|
4350
4352
|
}
|
|
4351
4353
|
}
|
|
4352
4354
|
|
|
4353
|
-
/*! @azure/msal-common v16.
|
|
4355
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4354
4356
|
/*
|
|
4355
4357
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4356
4358
|
* Licensed under the MIT License.
|
|
@@ -4374,7 +4376,7 @@ const refreshTokenExpired = "refresh_token_expired";
|
|
|
4374
4376
|
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4375
4377
|
* @public
|
|
4376
4378
|
*/
|
|
4377
|
-
const
|
|
4379
|
+
const uiNotAllowed = "ui_not_allowed";
|
|
4378
4380
|
/**
|
|
4379
4381
|
* Server-originated error code indicating interaction is required to complete the request.
|
|
4380
4382
|
* @public
|
|
@@ -4411,10 +4413,10 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
4411
4413
|
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
4412
4414
|
noTokensFound: noTokensFound,
|
|
4413
4415
|
refreshTokenExpired: refreshTokenExpired,
|
|
4414
|
-
|
|
4416
|
+
uiNotAllowed: uiNotAllowed
|
|
4415
4417
|
});
|
|
4416
4418
|
|
|
4417
|
-
/*! @azure/msal-common v16.
|
|
4419
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4418
4420
|
|
|
4419
4421
|
/*
|
|
4420
4422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4428,7 +4430,7 @@ const InteractionRequiredServerErrorMessage = [
|
|
|
4428
4430
|
consentRequired,
|
|
4429
4431
|
loginRequired,
|
|
4430
4432
|
badToken,
|
|
4431
|
-
|
|
4433
|
+
uiNotAllowed,
|
|
4432
4434
|
interruptedUser,
|
|
4433
4435
|
];
|
|
4434
4436
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
@@ -4438,7 +4440,7 @@ const InteractionRequiredAuthSubErrorMessage = [
|
|
|
4438
4440
|
"user_password_expired",
|
|
4439
4441
|
"consent_required",
|
|
4440
4442
|
"bad_token",
|
|
4441
|
-
"
|
|
4443
|
+
"ui_not_allowed",
|
|
4442
4444
|
"interrupted_user",
|
|
4443
4445
|
];
|
|
4444
4446
|
/**
|
|
@@ -4482,7 +4484,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4482
4484
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4483
4485
|
}
|
|
4484
4486
|
|
|
4485
|
-
/*! @azure/msal-common v16.
|
|
4487
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4486
4488
|
|
|
4487
4489
|
/*
|
|
4488
4490
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4501,7 +4503,7 @@ class ServerError extends AuthError {
|
|
|
4501
4503
|
}
|
|
4502
4504
|
}
|
|
4503
4505
|
|
|
4504
|
-
/*! @azure/msal-common v16.
|
|
4506
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4505
4507
|
|
|
4506
4508
|
/*
|
|
4507
4509
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4569,7 +4571,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4569
4571
|
}
|
|
4570
4572
|
}
|
|
4571
4573
|
|
|
4572
|
-
/*! @azure/msal-common v16.
|
|
4574
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4573
4575
|
|
|
4574
4576
|
/*
|
|
4575
4577
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4917,7 +4919,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4917
4919
|
return baseAccount;
|
|
4918
4920
|
}
|
|
4919
4921
|
|
|
4920
|
-
/*! @azure/msal-common v16.
|
|
4922
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4921
4923
|
/*
|
|
4922
4924
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4923
4925
|
* Licensed under the MIT License.
|
|
@@ -4927,7 +4929,7 @@ const CcsCredentialType = {
|
|
|
4927
4929
|
UPN: "UPN",
|
|
4928
4930
|
};
|
|
4929
4931
|
|
|
4930
|
-
/*! @azure/msal-common v16.
|
|
4932
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4931
4933
|
/*
|
|
4932
4934
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4933
4935
|
* Licensed under the MIT License.
|
|
@@ -4945,7 +4947,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4945
4947
|
}
|
|
4946
4948
|
}
|
|
4947
4949
|
|
|
4948
|
-
/*! @azure/msal-common v16.
|
|
4950
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4949
4951
|
/*
|
|
4950
4952
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4951
4953
|
* Licensed under the MIT License.
|
|
@@ -4966,7 +4968,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4966
4968
|
};
|
|
4967
4969
|
}
|
|
4968
4970
|
|
|
4969
|
-
/*! @azure/msal-common v16.
|
|
4971
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4970
4972
|
|
|
4971
4973
|
/*
|
|
4972
4974
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5052,7 +5054,7 @@ class ThrottlingUtils {
|
|
|
5052
5054
|
}
|
|
5053
5055
|
}
|
|
5054
5056
|
|
|
5055
|
-
/*! @azure/msal-common v16.
|
|
5057
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5056
5058
|
|
|
5057
5059
|
/*
|
|
5058
5060
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5083,7 +5085,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
5083
5085
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5084
5086
|
}
|
|
5085
5087
|
|
|
5086
|
-
/*! @azure/msal-common v16.
|
|
5088
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5087
5089
|
|
|
5088
5090
|
/*
|
|
5089
5091
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5197,7 +5199,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5197
5199
|
return response;
|
|
5198
5200
|
}
|
|
5199
5201
|
|
|
5200
|
-
/*! @azure/msal-common v16.
|
|
5202
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5201
5203
|
/*
|
|
5202
5204
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5203
5205
|
* Licensed under the MIT License.
|
|
@@ -5209,7 +5211,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5209
5211
|
response.hasOwnProperty("jwks_uri"));
|
|
5210
5212
|
}
|
|
5211
5213
|
|
|
5212
|
-
/*! @azure/msal-common v16.
|
|
5214
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5213
5215
|
/*
|
|
5214
5216
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5215
5217
|
* Licensed under the MIT License.
|
|
@@ -5219,7 +5221,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5219
5221
|
response.hasOwnProperty("metadata"));
|
|
5220
5222
|
}
|
|
5221
5223
|
|
|
5222
|
-
/*! @azure/msal-common v16.
|
|
5224
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5223
5225
|
/*
|
|
5224
5226
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5225
5227
|
* Licensed under the MIT License.
|
|
@@ -5229,7 +5231,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5229
5231
|
response.hasOwnProperty("error_description"));
|
|
5230
5232
|
}
|
|
5231
5233
|
|
|
5232
|
-
/*! @azure/msal-common v16.
|
|
5234
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5233
5235
|
|
|
5234
5236
|
/*
|
|
5235
5237
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5334,7 +5336,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5334
5336
|
},
|
|
5335
5337
|
};
|
|
5336
5338
|
|
|
5337
|
-
/*! @azure/msal-common v16.
|
|
5339
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5338
5340
|
|
|
5339
5341
|
/*
|
|
5340
5342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5891,7 +5893,7 @@ class Authority {
|
|
|
5891
5893
|
}
|
|
5892
5894
|
}
|
|
5893
5895
|
// If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
|
|
5894
|
-
if (this.isInKnownAuthorities()) {
|
|
5896
|
+
if (this.isInKnownAuthorities(this.hostnameAndPort)) {
|
|
5895
5897
|
this.logger.verbose("0mt9al", this.correlationId);
|
|
5896
5898
|
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
5897
5899
|
}
|
|
@@ -5958,13 +5960,14 @@ class Authority {
|
|
|
5958
5960
|
return match;
|
|
5959
5961
|
}
|
|
5960
5962
|
/**
|
|
5961
|
-
* Helper function to determine if
|
|
5963
|
+
* Helper function to determine if a host is included in the knownAuthorities config option.
|
|
5962
5964
|
*/
|
|
5963
|
-
isInKnownAuthorities() {
|
|
5965
|
+
isInKnownAuthorities(host) {
|
|
5966
|
+
const normalizedHost = host.toLowerCase();
|
|
5964
5967
|
const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
|
|
5965
5968
|
return (authority &&
|
|
5966
5969
|
UrlString.getDomainFromUrl(authority).toLowerCase() ===
|
|
5967
|
-
|
|
5970
|
+
normalizedHost);
|
|
5968
5971
|
});
|
|
5969
5972
|
return matches.length > 0;
|
|
5970
5973
|
}
|
|
@@ -6041,6 +6044,10 @@ class Authority {
|
|
|
6041
6044
|
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
6042
6045
|
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
6043
6046
|
* path.
|
|
6047
|
+
* 5. The issuer host is HTTPS and is explicitly listed in the
|
|
6048
|
+
* developer-configured `knownAuthorities`. This covers scenarios where
|
|
6049
|
+
* the OIDC discovery document returns an issuer host that differs from
|
|
6050
|
+
* the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
|
|
6044
6051
|
*
|
|
6045
6052
|
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
6046
6053
|
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
@@ -6077,11 +6084,19 @@ class Authority {
|
|
|
6077
6084
|
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
6078
6085
|
*/
|
|
6079
6086
|
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
6087
|
+
/*
|
|
6088
|
+
* Rule 5: The issuer host is explicitly listed in the developer-configured
|
|
6089
|
+
* knownAuthorities. This covers scenarios where the OIDC discovery document
|
|
6090
|
+
* returns an issuer with a different host than the authority
|
|
6091
|
+
* (e.g., a GUID-based issuer for a name-based authority).
|
|
6092
|
+
*/
|
|
6093
|
+
const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
|
|
6080
6094
|
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
6081
6095
|
if (matchesAuthorityOrigin ||
|
|
6082
6096
|
matchesKnownMicrosoftHost ||
|
|
6083
6097
|
matchesRegionalMicrosoftHost ||
|
|
6084
|
-
matchesCiamTenantPattern
|
|
6098
|
+
matchesCiamTenantPattern ||
|
|
6099
|
+
matchesKnownAuthority) {
|
|
6085
6100
|
return;
|
|
6086
6101
|
}
|
|
6087
6102
|
// issuer validation fails if none of the above rules are satisfied
|
|
@@ -6289,7 +6304,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6289
6304
|
};
|
|
6290
6305
|
}
|
|
6291
6306
|
|
|
6292
|
-
/*! @azure/msal-common v16.
|
|
6307
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6293
6308
|
|
|
6294
6309
|
/*
|
|
6295
6310
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6323,7 +6338,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6323
6338
|
}
|
|
6324
6339
|
}
|
|
6325
6340
|
|
|
6326
|
-
/*! @azure/msal-common v16.
|
|
6341
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6327
6342
|
|
|
6328
6343
|
/*
|
|
6329
6344
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6580,7 +6595,7 @@ class AuthorizationCodeClient {
|
|
|
6580
6595
|
}
|
|
6581
6596
|
}
|
|
6582
6597
|
|
|
6583
|
-
/*! @azure/msal-common v16.
|
|
6598
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6584
6599
|
|
|
6585
6600
|
/*
|
|
6586
6601
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6801,7 +6816,7 @@ class RefreshTokenClient {
|
|
|
6801
6816
|
}
|
|
6802
6817
|
}
|
|
6803
6818
|
|
|
6804
|
-
/*! @azure/msal-common v16.
|
|
6819
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6805
6820
|
|
|
6806
6821
|
/*
|
|
6807
6822
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6917,7 +6932,7 @@ class SilentFlowClient {
|
|
|
6917
6932
|
}
|
|
6918
6933
|
}
|
|
6919
6934
|
|
|
6920
|
-
/*! @azure/msal-common v16.
|
|
6935
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6921
6936
|
|
|
6922
6937
|
/*
|
|
6923
6938
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6932,7 +6947,7 @@ const StubbedNetworkModule = {
|
|
|
6932
6947
|
},
|
|
6933
6948
|
};
|
|
6934
6949
|
|
|
6935
|
-
/*! @azure/msal-common v16.
|
|
6950
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6936
6951
|
|
|
6937
6952
|
/*
|
|
6938
6953
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7155,7 +7170,7 @@ function extractLoginHint(account) {
|
|
|
7155
7170
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7156
7171
|
}
|
|
7157
7172
|
|
|
7158
|
-
/*! @azure/msal-common v16.
|
|
7173
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7159
7174
|
|
|
7160
7175
|
/*
|
|
7161
7176
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7188,7 +7203,7 @@ function containsResourceParam(params) {
|
|
|
7188
7203
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7189
7204
|
}
|
|
7190
7205
|
|
|
7191
|
-
/*! @azure/msal-common v16.
|
|
7206
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7192
7207
|
|
|
7193
7208
|
/*
|
|
7194
7209
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7246,7 +7261,7 @@ class AuthenticationHeaderParser {
|
|
|
7246
7261
|
}
|
|
7247
7262
|
}
|
|
7248
7263
|
|
|
7249
|
-
/*! @azure/msal-common v16.
|
|
7264
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7250
7265
|
/*
|
|
7251
7266
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7252
7267
|
* Licensed under the MIT License.
|
|
@@ -7263,7 +7278,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
7263
7278
|
unexpectedError: unexpectedError
|
|
7264
7279
|
});
|
|
7265
7280
|
|
|
7266
|
-
/*! @azure/msal-common v16.
|
|
7281
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7267
7282
|
|
|
7268
7283
|
/*
|
|
7269
7284
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7524,7 +7539,7 @@ class ServerTelemetryManager {
|
|
|
7524
7539
|
}
|
|
7525
7540
|
}
|
|
7526
7541
|
|
|
7527
|
-
/*! @azure/msal-common v16.
|
|
7542
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7528
7543
|
|
|
7529
7544
|
/*
|
|
7530
7545
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7545,7 +7560,7 @@ function createJoseHeaderError(code) {
|
|
|
7545
7560
|
return new JoseHeaderError(code);
|
|
7546
7561
|
}
|
|
7547
7562
|
|
|
7548
|
-
/*! @azure/msal-common v16.
|
|
7563
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7549
7564
|
/*
|
|
7550
7565
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7551
7566
|
* Licensed under the MIT License.
|
|
@@ -7553,7 +7568,7 @@ function createJoseHeaderError(code) {
|
|
|
7553
7568
|
const missingKidError = "missing_kid_error";
|
|
7554
7569
|
const missingAlgError = "missing_alg_error";
|
|
7555
7570
|
|
|
7556
|
-
/*! @azure/msal-common v16.
|
|
7571
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7557
7572
|
|
|
7558
7573
|
/*
|
|
7559
7574
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7593,7 +7608,7 @@ class JoseHeader {
|
|
|
7593
7608
|
}
|
|
7594
7609
|
}
|
|
7595
7610
|
|
|
7596
|
-
/*! @azure/msal-common v16.
|
|
7611
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7597
7612
|
|
|
7598
7613
|
/*
|
|
7599
7614
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8388,6 +8403,43 @@ function createBrowserAuthError(errorCode, subError) {
|
|
|
8388
8403
|
return new BrowserAuthError(errorCode, subError);
|
|
8389
8404
|
}
|
|
8390
8405
|
|
|
8406
|
+
/*
|
|
8407
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8408
|
+
* Licensed under the MIT License.
|
|
8409
|
+
*/
|
|
8410
|
+
/**
|
|
8411
|
+
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8412
|
+
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8413
|
+
*/
|
|
8414
|
+
/**
|
|
8415
|
+
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8416
|
+
* @param input
|
|
8417
|
+
*/
|
|
8418
|
+
function base64Decode(input) {
|
|
8419
|
+
return new TextDecoder().decode(base64DecToArr(input));
|
|
8420
|
+
}
|
|
8421
|
+
/**
|
|
8422
|
+
* Decodes base64 into Uint8Array
|
|
8423
|
+
* @param base64String
|
|
8424
|
+
*/
|
|
8425
|
+
function base64DecToArr(base64String) {
|
|
8426
|
+
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8427
|
+
switch (encodedString.length % 4) {
|
|
8428
|
+
case 0:
|
|
8429
|
+
break;
|
|
8430
|
+
case 2:
|
|
8431
|
+
encodedString += "==";
|
|
8432
|
+
break;
|
|
8433
|
+
case 3:
|
|
8434
|
+
encodedString += "=";
|
|
8435
|
+
break;
|
|
8436
|
+
default:
|
|
8437
|
+
throw createBrowserAuthError(invalidBase64String);
|
|
8438
|
+
}
|
|
8439
|
+
const binString = atob(encodedString);
|
|
8440
|
+
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8441
|
+
}
|
|
8442
|
+
|
|
8391
8443
|
/*
|
|
8392
8444
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8393
8445
|
* Licensed under the MIT License.
|
|
@@ -8647,43 +8699,6 @@ function base64EncArr(aBytes) {
|
|
|
8647
8699
|
return btoa(binString);
|
|
8648
8700
|
}
|
|
8649
8701
|
|
|
8650
|
-
/*
|
|
8651
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8652
|
-
* Licensed under the MIT License.
|
|
8653
|
-
*/
|
|
8654
|
-
/**
|
|
8655
|
-
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8656
|
-
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8657
|
-
*/
|
|
8658
|
-
/**
|
|
8659
|
-
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8660
|
-
* @param input
|
|
8661
|
-
*/
|
|
8662
|
-
function base64Decode(input) {
|
|
8663
|
-
return new TextDecoder().decode(base64DecToArr(input));
|
|
8664
|
-
}
|
|
8665
|
-
/**
|
|
8666
|
-
* Decodes base64 into Uint8Array
|
|
8667
|
-
* @param base64String
|
|
8668
|
-
*/
|
|
8669
|
-
function base64DecToArr(base64String) {
|
|
8670
|
-
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8671
|
-
switch (encodedString.length % 4) {
|
|
8672
|
-
case 0:
|
|
8673
|
-
break;
|
|
8674
|
-
case 2:
|
|
8675
|
-
encodedString += "==";
|
|
8676
|
-
break;
|
|
8677
|
-
case 3:
|
|
8678
|
-
encodedString += "=";
|
|
8679
|
-
break;
|
|
8680
|
-
default:
|
|
8681
|
-
throw createBrowserAuthError(invalidBase64String);
|
|
8682
|
-
}
|
|
8683
|
-
const binString = atob(encodedString);
|
|
8684
|
-
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8685
|
-
}
|
|
8686
|
-
|
|
8687
8702
|
/*
|
|
8688
8703
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8689
8704
|
* Licensed under the MIT License.
|
|
@@ -9102,6 +9117,16 @@ function clearHash(contentWindow) {
|
|
|
9102
9117
|
contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`);
|
|
9103
9118
|
}
|
|
9104
9119
|
}
|
|
9120
|
+
/**
|
|
9121
|
+
* Strips both hash and query string from the given window's URL by replacing
|
|
9122
|
+
* with origin + pathname only. Used to remove auth response parameters
|
|
9123
|
+
* (auth code, state, etc.) before the window is closed or navigated away.
|
|
9124
|
+
*/
|
|
9125
|
+
function clearAuthResponseFromUrl(contentWindow) {
|
|
9126
|
+
if (typeof contentWindow.history?.replaceState === "function") {
|
|
9127
|
+
contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}`);
|
|
9128
|
+
}
|
|
9129
|
+
}
|
|
9105
9130
|
/**
|
|
9106
9131
|
* Replaces current hash with hash from provided url
|
|
9107
9132
|
*/
|
|
@@ -9160,7 +9185,7 @@ function cancelPendingBridgeResponse(logger, correlationId) {
|
|
|
9160
9185
|
activeBridgeMonitor = null;
|
|
9161
9186
|
}
|
|
9162
9187
|
}
|
|
9163
|
-
async function waitForBridgeResponse(timeoutMs, logger,
|
|
9188
|
+
async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
|
|
9164
9189
|
return new Promise((resolve, reject) => {
|
|
9165
9190
|
logger.verbose("1rf6em", request.correlationId);
|
|
9166
9191
|
const correlationId = request.correlationId;
|
|
@@ -9168,7 +9193,7 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
|
|
|
9168
9193
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9169
9194
|
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9170
9195
|
}, correlationId);
|
|
9171
|
-
const { libraryState } = parseRequestState(
|
|
9196
|
+
const { libraryState } = parseRequestState(base64Decode, request.state || "");
|
|
9172
9197
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9173
9198
|
let responseString = undefined;
|
|
9174
9199
|
let timedOut$1 = false;
|
|
@@ -9356,6 +9381,7 @@ var BrowserUtils = /*#__PURE__*/Object.freeze({
|
|
|
9356
9381
|
blockRedirectInIframe: blockRedirectInIframe,
|
|
9357
9382
|
blockReloadInHiddenIframes: blockReloadInHiddenIframes,
|
|
9358
9383
|
cancelPendingBridgeResponse: cancelPendingBridgeResponse,
|
|
9384
|
+
clearAuthResponseFromUrl: clearAuthResponseFromUrl,
|
|
9359
9385
|
clearHash: clearHash,
|
|
9360
9386
|
createGuid: createGuid,
|
|
9361
9387
|
getCurrentUri: getCurrentUri,
|
|
@@ -10015,7 +10041,6 @@ const ACCOUNT_SCHEMA_VERSION = 3;
|
|
|
10015
10041
|
const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
|
|
10016
10042
|
const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
|
|
10017
10043
|
const BROWSER_PERF_ENABLED_KEY = `${PREFIX}.${BROWSER_PREFIX}.performance.enabled`;
|
|
10018
|
-
const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
|
|
10019
10044
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
10020
10045
|
const ACCOUNT_KEYS = "account.keys";
|
|
10021
10046
|
const TOKEN_KEYS = "token.keys";
|
|
@@ -10531,7 +10556,7 @@ const EventType = {
|
|
|
10531
10556
|
|
|
10532
10557
|
/* eslint-disable header/header */
|
|
10533
10558
|
const name = "@azure/msal-browser";
|
|
10534
|
-
const version = "5.
|
|
10559
|
+
const version = "5.12.0";
|
|
10535
10560
|
|
|
10536
10561
|
/*
|
|
10537
10562
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10638,6 +10663,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10638
10663
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
10639
10664
|
: parsedValue;
|
|
10640
10665
|
if (!decryptedData || !isCredentialEntity(decryptedData)) {
|
|
10666
|
+
this.browserStorage.removeItem(key);
|
|
10641
10667
|
this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
|
|
10642
10668
|
return null;
|
|
10643
10669
|
}
|
|
@@ -10668,6 +10694,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10668
10694
|
const rawValue = this.browserStorage.getItem(accountKey);
|
|
10669
10695
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10670
10696
|
if (!parsedValue) {
|
|
10697
|
+
this.browserStorage.removeItem(accountKey);
|
|
10671
10698
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10672
10699
|
continue;
|
|
10673
10700
|
}
|
|
@@ -10682,6 +10709,15 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10682
10709
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
10683
10710
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10684
10711
|
}
|
|
10712
|
+
else if (isEncrypted(parsedValue)) {
|
|
10713
|
+
// Remove accounts encrypted with a different key (session cookie expired/changed)
|
|
10714
|
+
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
10715
|
+
if (!decrypted) {
|
|
10716
|
+
this.browserStorage.removeItem(accountKey);
|
|
10717
|
+
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
10718
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10719
|
+
}
|
|
10720
|
+
}
|
|
10685
10721
|
}
|
|
10686
10722
|
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
10687
10723
|
}
|
|
@@ -12279,12 +12315,13 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
12279
12315
|
* and logoutHint attribute wasn't manually set in logout request
|
|
12280
12316
|
*/
|
|
12281
12317
|
if (logoutRequest) {
|
|
12282
|
-
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
|
|
12318
|
+
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
|
|
12283
12319
|
if (!logoutRequest.logoutHint) {
|
|
12284
12320
|
if (logoutRequest.account) {
|
|
12285
|
-
const logoutHint =
|
|
12321
|
+
const logoutHint = logoutRequest.account.loginHint ||
|
|
12322
|
+
this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
|
|
12286
12323
|
if (logoutHint) {
|
|
12287
|
-
this.logger.verbose("
|
|
12324
|
+
this.logger.verbose("0d7s8p", this.correlationId);
|
|
12288
12325
|
validLogoutRequest.logoutHint = logoutHint;
|
|
12289
12326
|
}
|
|
12290
12327
|
}
|
|
@@ -12337,6 +12374,7 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
12337
12374
|
const idTokenClaims = account.idTokenClaims;
|
|
12338
12375
|
if (idTokenClaims) {
|
|
12339
12376
|
if (idTokenClaims.login_hint) {
|
|
12377
|
+
this.logger.verbose("0u5bmc", this.correlationId);
|
|
12340
12378
|
return idTokenClaims.login_hint;
|
|
12341
12379
|
}
|
|
12342
12380
|
else {
|
|
@@ -12623,7 +12661,7 @@ const USER_CANCEL = "USER_CANCEL";
|
|
|
12623
12661
|
const NO_NETWORK = "NO_NETWORK";
|
|
12624
12662
|
const DISABLED = "DISABLED";
|
|
12625
12663
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
12626
|
-
const
|
|
12664
|
+
const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
|
|
12627
12665
|
|
|
12628
12666
|
/*
|
|
12629
12667
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12678,8 +12716,8 @@ function createNativeAuthError(code, description, ext) {
|
|
|
12678
12716
|
return createBrowserAuthError(userCancelled);
|
|
12679
12717
|
case NO_NETWORK:
|
|
12680
12718
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
12681
|
-
case
|
|
12682
|
-
return createInteractionRequiredAuthError(
|
|
12719
|
+
case UI_NOT_ALLOWED:
|
|
12720
|
+
return createInteractionRequiredAuthError(uiNotAllowed);
|
|
12683
12721
|
}
|
|
12684
12722
|
}
|
|
12685
12723
|
return new NativeAuthError(code, description, ext);
|
|
@@ -12910,7 +12948,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12910
12948
|
noHistory: false,
|
|
12911
12949
|
};
|
|
12912
12950
|
const redirectUri = navigateToLoginRequestUrl
|
|
12913
|
-
? window.location.href
|
|
12951
|
+
? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
|
|
12914
12952
|
: getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
12915
12953
|
rootMeasurement.end({ success: true });
|
|
12916
12954
|
await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
|
|
@@ -13965,6 +14003,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13965
14003
|
};
|
|
13966
14004
|
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
13967
14005
|
iframeTimeoutTelemetry: false,
|
|
14006
|
+
allowPlatformBrokerWithDOM: false,
|
|
13968
14007
|
};
|
|
13969
14008
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
13970
14009
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
@@ -14411,25 +14450,23 @@ class PlatformAuthDOMHandler {
|
|
|
14411
14450
|
*/
|
|
14412
14451
|
/**
|
|
14413
14452
|
* Checks if the platform broker is available in the current environment.
|
|
14414
|
-
* @param
|
|
14415
|
-
* @param
|
|
14416
|
-
* @param
|
|
14417
|
-
* @
|
|
14453
|
+
* @param domConfig - Whether to enable platform broker DOM API support (required)
|
|
14454
|
+
* @param loggerOptions - Optional logger options
|
|
14455
|
+
* @param perfClient - Optional performance client
|
|
14456
|
+
* @param correlationId - Optional correlation ID
|
|
14457
|
+
* @returns Promise<boolean> indicating if platform broker is available
|
|
14418
14458
|
*/
|
|
14419
|
-
async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationId) {
|
|
14459
|
+
async function isPlatformBrokerAvailable(domConfig, loggerOptions, perfClient, correlationId) {
|
|
14420
14460
|
const logger = new Logger(loggerOptions || {}, name, version);
|
|
14421
|
-
const cid = correlationId || "";
|
|
14422
|
-
logger.trace("07660b", cid);
|
|
14423
14461
|
const performanceClient = perfClient || new StubPerformanceClient();
|
|
14424
14462
|
if (typeof window === "undefined") {
|
|
14425
|
-
logger.trace("082ed3",
|
|
14463
|
+
logger.trace("082ed3", correlationId || createNewGuid());
|
|
14426
14464
|
return false;
|
|
14427
14465
|
}
|
|
14428
|
-
return !!(await getPlatformAuthProvider(logger, performanceClient,
|
|
14466
|
+
return !!(await getPlatformAuthProvider(logger, performanceClient, correlationId || createNewGuid(), undefined, domConfig));
|
|
14429
14467
|
}
|
|
14430
|
-
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
|
|
14468
|
+
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
|
|
14431
14469
|
logger.trace("134j0v", correlationId);
|
|
14432
|
-
const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
|
|
14433
14470
|
logger.trace("04c81g", correlationId);
|
|
14434
14471
|
let platformAuthProvider;
|
|
14435
14472
|
try {
|
|
@@ -14453,22 +14490,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
|
|
|
14453
14490
|
}
|
|
14454
14491
|
return platformAuthProvider;
|
|
14455
14492
|
}
|
|
14456
|
-
/**
|
|
14457
|
-
* Returns true if the DOM API support for platform auth is enabled in session storage
|
|
14458
|
-
* @returns boolean
|
|
14459
|
-
* @deprecated
|
|
14460
|
-
*/
|
|
14461
|
-
function isDomEnabledForPlatformAuth() {
|
|
14462
|
-
let sessionStorage;
|
|
14463
|
-
try {
|
|
14464
|
-
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
14465
|
-
// Mute errors if it's a non-browser environment or cookies are blocked.
|
|
14466
|
-
return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
|
|
14467
|
-
}
|
|
14468
|
-
catch (e) {
|
|
14469
|
-
return false;
|
|
14470
|
-
}
|
|
14471
|
-
}
|
|
14472
14493
|
/**
|
|
14473
14494
|
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
14474
14495
|
* @param logger
|
|
@@ -14479,6 +14500,11 @@ function isDomEnabledForPlatformAuth() {
|
|
|
14479
14500
|
*/
|
|
14480
14501
|
function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
|
|
14481
14502
|
logger.trace("0uko3r", correlationId);
|
|
14503
|
+
// throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
|
|
14504
|
+
if (!config.system.allowPlatformBroker &&
|
|
14505
|
+
config.experimental.allowPlatformBrokerWithDOM) {
|
|
14506
|
+
throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
|
|
14507
|
+
}
|
|
14482
14508
|
if (!config.system.allowPlatformBroker) {
|
|
14483
14509
|
logger.trace("04hozs", correlationId);
|
|
14484
14510
|
// Developer disabled WAM
|
|
@@ -14508,10 +14534,11 @@ function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvid
|
|
|
14508
14534
|
* Licensed under the MIT License.
|
|
14509
14535
|
*/
|
|
14510
14536
|
class PopupClient extends StandardInteractionClient {
|
|
14511
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
|
|
14537
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
|
|
14512
14538
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
|
|
14513
14539
|
this.nativeStorage = nativeStorageImpl;
|
|
14514
14540
|
this.eventHandler = eventHandler;
|
|
14541
|
+
this.waitForPopupResponseHook = waitForPopupResponseHook;
|
|
14515
14542
|
}
|
|
14516
14543
|
/**
|
|
14517
14544
|
* Acquires tokens by opening a popup window to the /authorize endpoint of the authority
|
|
@@ -14645,7 +14672,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14645
14672
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
14646
14673
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14647
14674
|
// Wait for the redirect bridge response
|
|
14648
|
-
const responseString = await
|
|
14675
|
+
const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
|
|
14649
14676
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14650
14677
|
return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14651
14678
|
}
|
|
@@ -14680,7 +14707,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14680
14707
|
const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
|
|
14681
14708
|
form.submit();
|
|
14682
14709
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14683
|
-
const responseString = await invokeAsync(
|
|
14710
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
|
|
14684
14711
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14685
14712
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
14686
14713
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
@@ -14705,7 +14732,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14705
14732
|
const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
|
|
14706
14733
|
form.submit();
|
|
14707
14734
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14708
|
-
const responseString = await invokeAsync(
|
|
14735
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
|
|
14709
14736
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14710
14737
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14711
14738
|
}
|
|
@@ -14762,7 +14789,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14762
14789
|
// Open the popup window to requestUrl.
|
|
14763
14790
|
const popupWindow = this.openPopup(logoutUri, popupParams);
|
|
14764
14791
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14765
|
-
await
|
|
14792
|
+
await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
|
|
14766
14793
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
14767
14794
|
});
|
|
14768
14795
|
if (mainWindowRedirectUri) {
|
|
@@ -14841,6 +14868,19 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14841
14868
|
if (!popupWindow) {
|
|
14842
14869
|
throw createBrowserAuthError(emptyWindowError);
|
|
14843
14870
|
}
|
|
14871
|
+
try {
|
|
14872
|
+
popupWindow.document.title = "Microsoft Authentication";
|
|
14873
|
+
}
|
|
14874
|
+
catch (e) {
|
|
14875
|
+
if (typeof DOMException !== "undefined" &&
|
|
14876
|
+
e instanceof DOMException &&
|
|
14877
|
+
e.name === "SecurityError") {
|
|
14878
|
+
// Cross-origin - title cannot be set
|
|
14879
|
+
}
|
|
14880
|
+
else {
|
|
14881
|
+
this.logger.verbose("1s1yfs", this.correlationId);
|
|
14882
|
+
}
|
|
14883
|
+
}
|
|
14844
14884
|
if (popupWindow.focus) {
|
|
14845
14885
|
popupWindow.focus();
|
|
14846
14886
|
}
|
|
@@ -14919,6 +14959,12 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14919
14959
|
const homeAccountId = request.account && request.account.homeAccountId;
|
|
14920
14960
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
14921
14961
|
}
|
|
14962
|
+
async waitForPopupResponse(request, popupWindow, popupWindowParent) {
|
|
14963
|
+
if (this.waitForPopupResponseHook) {
|
|
14964
|
+
return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
|
|
14965
|
+
}
|
|
14966
|
+
return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
|
|
14967
|
+
}
|
|
14922
14968
|
}
|
|
14923
14969
|
|
|
14924
14970
|
/*
|
|
@@ -15072,6 +15118,8 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15072
15118
|
* @param options {HandleRedirectPromiseOptions} options for handling redirect promise
|
|
15073
15119
|
*/
|
|
15074
15120
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
15121
|
+
const originalTitle = document.title;
|
|
15122
|
+
document.title = "Microsoft Authentication";
|
|
15075
15123
|
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15076
15124
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
15077
15125
|
try {
|
|
@@ -15154,6 +15202,9 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15154
15202
|
}
|
|
15155
15203
|
throw e;
|
|
15156
15204
|
}
|
|
15205
|
+
finally {
|
|
15206
|
+
document.title = originalTitle;
|
|
15207
|
+
}
|
|
15157
15208
|
}
|
|
15158
15209
|
/**
|
|
15159
15210
|
* Gets the response hash for a redirect request
|
|
@@ -15409,6 +15460,7 @@ function loadFrameSync(urlNavigate) {
|
|
|
15409
15460
|
function createHiddenIframe() {
|
|
15410
15461
|
const authFrame = document.createElement("iframe");
|
|
15411
15462
|
authFrame.className = "msalSilentIframe";
|
|
15463
|
+
authFrame.title = "Microsoft Authentication";
|
|
15412
15464
|
authFrame.style.visibility = "hidden";
|
|
15413
15465
|
authFrame.style.position = "absolute";
|
|
15414
15466
|
authFrame.style.width = authFrame.style.height = "0";
|
|
@@ -15434,10 +15486,11 @@ function removeHiddenIframe(iframe) {
|
|
|
15434
15486
|
* Licensed under the MIT License.
|
|
15435
15487
|
*/
|
|
15436
15488
|
class SilentIframeClient extends StandardInteractionClient {
|
|
15437
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
|
|
15489
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
|
|
15438
15490
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
|
|
15439
15491
|
this.apiId = apiId;
|
|
15440
15492
|
this.nativeStorage = nativeStorageImpl;
|
|
15493
|
+
this.waitForIframeResponseHook = waitForIframeResponseHook;
|
|
15441
15494
|
}
|
|
15442
15495
|
/**
|
|
15443
15496
|
* Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
|
|
@@ -15526,7 +15579,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15526
15579
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15527
15580
|
let responseString;
|
|
15528
15581
|
try {
|
|
15529
|
-
responseString = await invokeAsync(
|
|
15582
|
+
responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15530
15583
|
}
|
|
15531
15584
|
finally {
|
|
15532
15585
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15624,7 +15677,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15624
15677
|
// Wait for response from the redirect bridge.
|
|
15625
15678
|
let responseString;
|
|
15626
15679
|
try {
|
|
15627
|
-
responseString = await invokeAsync(
|
|
15680
|
+
responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15628
15681
|
}
|
|
15629
15682
|
finally {
|
|
15630
15683
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15632,6 +15685,12 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15632
15685
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15633
15686
|
return { serverParams, pkceCodes, silentRequest };
|
|
15634
15687
|
}
|
|
15688
|
+
async waitForIframeResponse(iframe, request) {
|
|
15689
|
+
if (this.waitForIframeResponseHook) {
|
|
15690
|
+
return this.waitForIframeResponseHook(iframe, request);
|
|
15691
|
+
}
|
|
15692
|
+
return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
|
|
15693
|
+
}
|
|
15635
15694
|
}
|
|
15636
15695
|
|
|
15637
15696
|
/*
|
|
@@ -15938,7 +15997,7 @@ class StandardController {
|
|
|
15938
15997
|
if (allowPlatformBroker) {
|
|
15939
15998
|
try {
|
|
15940
15999
|
// check if platform authentication is available via DOM or browser extension and create relevant handlers
|
|
15941
|
-
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
|
|
16000
|
+
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
|
|
15942
16001
|
}
|
|
15943
16002
|
catch (e) {
|
|
15944
16003
|
this.logger.verbose(e, correlationId);
|
|
@@ -16845,7 +16904,7 @@ class StandardController {
|
|
|
16845
16904
|
* @param correlationId
|
|
16846
16905
|
*/
|
|
16847
16906
|
createPopupClient(correlationId) {
|
|
16848
|
-
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
16907
|
+
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
|
|
16849
16908
|
}
|
|
16850
16909
|
/**
|
|
16851
16910
|
* Returns new instance of the Redirect Interaction Client
|
|
@@ -16859,7 +16918,7 @@ class StandardController {
|
|
|
16859
16918
|
* @param correlationId
|
|
16860
16919
|
*/
|
|
16861
16920
|
createSilentIframeClient(correlationId) {
|
|
16862
|
-
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
16921
|
+
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
|
|
16863
16922
|
}
|
|
16864
16923
|
/**
|
|
16865
16924
|
* Returns new instance of the Silent Cache Interaction Client
|
|
@@ -17333,7 +17392,7 @@ class BaseOperatingContext {
|
|
|
17333
17392
|
return;
|
|
17334
17393
|
}
|
|
17335
17394
|
}
|
|
17336
|
-
constructor(config) {
|
|
17395
|
+
constructor(config, responseHandlers) {
|
|
17337
17396
|
/*
|
|
17338
17397
|
* If loaded in an environment where window is not available,
|
|
17339
17398
|
* set internal flag to false so that further requests fail.
|
|
@@ -17341,6 +17400,7 @@ class BaseOperatingContext {
|
|
|
17341
17400
|
*/
|
|
17342
17401
|
this.browserEnvironment = typeof window !== "undefined";
|
|
17343
17402
|
this.config = buildConfiguration(config, this.browserEnvironment);
|
|
17403
|
+
this.responseHandlers = responseHandlers;
|
|
17344
17404
|
let sessionStorage;
|
|
17345
17405
|
try {
|
|
17346
17406
|
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
@@ -17377,6 +17437,13 @@ class BaseOperatingContext {
|
|
|
17377
17437
|
getConfig() {
|
|
17378
17438
|
return this.config;
|
|
17379
17439
|
}
|
|
17440
|
+
/**
|
|
17441
|
+
* Returns the internal response handlers supplied by PublicClientApplication, if any.
|
|
17442
|
+
* @returns AuthResponseHandlers | undefined
|
|
17443
|
+
*/
|
|
17444
|
+
getResponseHandlers() {
|
|
17445
|
+
return this.responseHandlers;
|
|
17446
|
+
}
|
|
17380
17447
|
/**
|
|
17381
17448
|
* Returns the MSAL Logger
|
|
17382
17449
|
* @returns Logger
|
|
@@ -18398,7 +18465,48 @@ class PublicClientApplication {
|
|
|
18398
18465
|
constructor(configuration, controller) {
|
|
18399
18466
|
this.controller =
|
|
18400
18467
|
controller ||
|
|
18401
|
-
new StandardController(new StandardOperatingContext(configuration
|
|
18468
|
+
new StandardController(new StandardOperatingContext(configuration, {
|
|
18469
|
+
waitForPopupResponse: this.waitForPopupResponse.bind(this),
|
|
18470
|
+
waitForIframeResponse: this.waitForIframeResponse.bind(this),
|
|
18471
|
+
}));
|
|
18472
|
+
}
|
|
18473
|
+
/**
|
|
18474
|
+
* Waits for the auth response from a popup window opened by MSAL.
|
|
18475
|
+
*
|
|
18476
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
18477
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
18478
|
+
* with an `AuthError` on failure.
|
|
18479
|
+
*
|
|
18480
|
+
* @internal
|
|
18481
|
+
* @param request The in-flight authorization or end-session request.
|
|
18482
|
+
* @param popupWindow The popup window opened by MSAL.
|
|
18483
|
+
* @param popupWindowParent The parent window that opened the popup.
|
|
18484
|
+
*/
|
|
18485
|
+
async waitForPopupResponse(request,
|
|
18486
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18487
|
+
popupWindow,
|
|
18488
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18489
|
+
popupWindowParent) {
|
|
18490
|
+
const controller = this.controller;
|
|
18491
|
+
return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
|
|
18492
|
+
}
|
|
18493
|
+
/**
|
|
18494
|
+
* Waits for the auth response from a hidden iframe used by MSAL silent flows.
|
|
18495
|
+
*
|
|
18496
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
18497
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
18498
|
+
* with an `AuthError` on failure.
|
|
18499
|
+
*
|
|
18500
|
+
* @internal
|
|
18501
|
+
* @param iframe The hidden iframe MSAL attached to the document.
|
|
18502
|
+
* @param request The in-flight authorization request.
|
|
18503
|
+
*/
|
|
18504
|
+
async waitForIframeResponse(
|
|
18505
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18506
|
+
iframe, request) {
|
|
18507
|
+
const controller = this.controller;
|
|
18508
|
+
const config = controller.getConfiguration();
|
|
18509
|
+
return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
|
|
18402
18510
|
}
|
|
18403
18511
|
/**
|
|
18404
18512
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|