@azure/msal-browser 5.10.1 → 5.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (294) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +44 -2
  3. package/dist/app/PublicClientApplication.mjs.map +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  9. package/dist/cache/AccountManager.mjs +1 -1
  10. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  11. package/dist/cache/BrowserCacheManager.mjs +12 -1
  12. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.mjs +2 -3
  15. package/dist/cache/CacheKeys.mjs.map +1 -1
  16. package/dist/cache/CookieStorage.mjs +1 -1
  17. package/dist/cache/DatabaseStorage.mjs +1 -1
  18. package/dist/cache/EncryptedData.mjs +1 -1
  19. package/dist/cache/LocalStorage.mjs +1 -1
  20. package/dist/cache/MemoryStorage.mjs +1 -1
  21. package/dist/cache/SessionStorage.mjs +1 -1
  22. package/dist/cache/TokenCache.mjs +1 -1
  23. package/dist/config/Configuration.mjs +3 -2
  24. package/dist/config/Configuration.mjs.map +1 -1
  25. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  26. package/dist/controllers/StandardController.mjs +4 -4
  27. package/dist/controllers/StandardController.mjs.map +1 -1
  28. package/dist/crypto/BrowserCrypto.mjs +1 -1
  29. package/dist/crypto/CryptoOps.mjs +1 -1
  30. package/dist/crypto/PkceGenerator.mjs +1 -1
  31. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  32. package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
  33. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  34. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  35. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
  36. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  37. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  51. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  52. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  53. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  54. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  55. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  56. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  57. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  58. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  59. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  60. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  61. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  62. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  63. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  64. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  65. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  66. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  67. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  68. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  69. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  73. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  74. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  75. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
  77. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
  79. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
  83. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  84. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
  85. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  86. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
  87. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  88. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  89. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  90. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  91. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  92. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  93. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  94. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
  95. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
  96. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  97. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  98. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  99. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  100. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  101. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  102. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  103. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  104. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  105. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  106. package/dist/custom_auth/index.mjs +1 -1
  107. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  109. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  110. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  111. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  112. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  113. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  114. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  115. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  116. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  117. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  118. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  122. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  123. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  124. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  125. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  126. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  127. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  128. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  129. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  130. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  131. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  132. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  136. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  137. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  138. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  139. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  140. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  141. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  142. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  143. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  144. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  145. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  146. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  147. package/dist/encode/Base64Decode.mjs +1 -1
  148. package/dist/encode/Base64Encode.mjs +1 -1
  149. package/dist/error/BrowserAuthError.mjs +1 -1
  150. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  151. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  152. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  153. package/dist/error/NativeAuthError.mjs +4 -4
  154. package/dist/error/NativeAuthError.mjs.map +1 -1
  155. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  156. package/dist/error/NestedAppAuthError.mjs +1 -1
  157. package/dist/event/EventHandler.mjs +1 -1
  158. package/dist/event/EventMessage.mjs +1 -1
  159. package/dist/event/EventType.mjs +1 -1
  160. package/dist/index.mjs +1 -1
  161. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  162. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  163. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -3
  164. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  165. package/dist/interaction_client/PopupClient.mjs +27 -7
  166. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  167. package/dist/interaction_client/RedirectClient.mjs +6 -1
  168. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  169. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  170. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  171. package/dist/interaction_client/SilentIframeClient.mjs +11 -4
  172. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  173. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  174. package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
  175. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  176. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  177. package/dist/interaction_handler/SilentHandler.mjs +2 -1
  178. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  179. package/dist/log-strings-mapping.json +1203 -1187
  180. package/dist/naa/BridgeError.mjs +1 -1
  181. package/dist/naa/BridgeProxy.mjs +1 -1
  182. package/dist/naa/BridgeStatusCode.mjs +1 -1
  183. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  184. package/dist/navigation/NavigationClient.mjs +1 -1
  185. package/dist/network/FetchClient.mjs +1 -1
  186. package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
  187. package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
  188. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  189. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  190. package/dist/packageMetadata.mjs +2 -2
  191. package/dist/protocol/Authorize.mjs +1 -1
  192. package/dist/redirect_bridge/index.mjs +4 -5
  193. package/dist/redirect_bridge/index.mjs.map +1 -1
  194. package/dist/request/RequestHelpers.mjs +1 -1
  195. package/dist/response/ResponseHandler.mjs +1 -1
  196. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  197. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  198. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  199. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  200. package/dist/utils/BrowserConstants.mjs +1 -1
  201. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  202. package/dist/utils/BrowserUtils.mjs +15 -5
  203. package/dist/utils/BrowserUtils.mjs.map +1 -1
  204. package/dist/utils/Helpers.mjs +1 -1
  205. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  206. package/lib/custom-auth-path/log-strings-mapping.json +33 -17
  207. package/lib/custom-auth-path/msal-custom-auth.cjs +342 -169
  208. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  209. package/lib/custom-auth-path/msal-custom-auth.js +342 -169
  210. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  211. package/lib/log-strings-mapping.json +13 -9
  212. package/lib/msal-browser.cjs +275 -167
  213. package/lib/msal-browser.cjs.map +1 -1
  214. package/lib/msal-browser.js +275 -167
  215. package/lib/msal-browser.js.map +1 -1
  216. package/lib/msal-browser.min.js +2 -2
  217. package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
  218. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  219. package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
  220. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  221. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  222. package/package.json +2 -2
  223. package/src/app/PublicClientApplication.ts +85 -1
  224. package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
  225. package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
  226. package/src/cache/BrowserCacheManager.ts +17 -0
  227. package/src/config/Configuration.ts +5 -0
  228. package/src/controllers/StandardController.ts +6 -3
  229. package/src/custom_auth/CustomAuthConstants.ts +10 -0
  230. package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
  231. package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
  232. package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
  233. package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
  234. package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
  235. package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
  236. package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
  237. package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
  238. package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
  239. package/src/custom_auth/index.ts +4 -0
  240. package/src/error/NativeAuthError.ts +2 -2
  241. package/src/interaction_client/PlatformAuthInteractionClient.ts +5 -1
  242. package/src/interaction_client/PopupClient.ts +65 -27
  243. package/src/interaction_client/RedirectClient.ts +5 -0
  244. package/src/interaction_client/SilentIframeClient.ts +49 -19
  245. package/src/interaction_client/StandardInteractionClient.ts +11 -5
  246. package/src/interaction_handler/SilentHandler.ts +1 -0
  247. package/src/operatingcontext/BaseOperatingContext.ts +15 -1
  248. package/src/packageMetadata.ts +1 -1
  249. package/src/redirect_bridge/index.ts +3 -7
  250. package/src/utils/BrowserUtils.ts +28 -7
  251. package/types/app/PublicClientApplication.d.ts +37 -1
  252. package/types/app/PublicClientApplication.d.ts.map +1 -1
  253. package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
  254. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
  255. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  256. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  257. package/types/config/Configuration.d.ts +4 -0
  258. package/types/config/Configuration.d.ts.map +1 -1
  259. package/types/controllers/StandardController.d.ts.map +1 -1
  260. package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
  261. package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
  262. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
  263. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
  264. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
  265. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
  266. package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  267. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
  268. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
  269. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
  270. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  271. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
  272. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
  273. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
  274. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  275. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
  276. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
  277. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
  278. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
  279. package/types/custom_auth/index.d.ts +1 -0
  280. package/types/custom_auth/index.d.ts.map +1 -1
  281. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  282. package/types/interaction_client/PopupClient.d.ts +11 -1
  283. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  284. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  285. package/types/interaction_client/SilentIframeClient.d.ts +20 -1
  286. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  287. package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  288. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  289. package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
  290. package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
  291. package/types/packageMetadata.d.ts +1 -1
  292. package/types/redirect_bridge/index.d.ts.map +1 -1
  293. package/types/utils/BrowserUtils.d.ts +17 -2
  294. package/types/utils/BrowserUtils.d.ts.map +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.10.1 2026-05-11 */
1
+ /*! @azure/msal-browser v5.12.0 2026-06-05 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.6.1 2026-05-11 */
9
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -238,7 +238,7 @@
238
238
  // Token renewal offset default in seconds
239
239
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
240
240
 
241
- /*! @azure/msal-common v16.6.1 2026-05-11 */
241
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
242
242
  /*
243
243
  * Copyright (c) Microsoft Corporation. All rights reserved.
244
244
  * Licensed under the MIT License.
@@ -290,7 +290,7 @@
290
290
  const RESOURCE = "resource";
291
291
  const CLI_DATA = "clidata";
292
292
 
293
- /*! @azure/msal-common v16.6.1 2026-05-11 */
293
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
294
294
  /*
295
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
296
296
  * Licensed under the MIT License.
@@ -321,7 +321,7 @@
321
321
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
322
322
  }
323
323
 
324
- /*! @azure/msal-common v16.6.1 2026-05-11 */
324
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
325
325
 
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -341,7 +341,7 @@
341
341
  return new ClientConfigurationError(errorCode);
342
342
  }
343
343
 
344
- /*! @azure/msal-common v16.6.1 2026-05-11 */
344
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
345
345
  /*
346
346
  * Copyright (c) Microsoft Corporation. All rights reserved.
347
347
  * Licensed under the MIT License.
@@ -421,7 +421,7 @@
421
421
  }
422
422
  }
423
423
 
424
- /*! @azure/msal-common v16.6.1 2026-05-11 */
424
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
425
425
 
426
426
  /*
427
427
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -444,7 +444,7 @@
444
444
  return new ClientAuthError(errorCode, additionalMessage);
445
445
  }
446
446
 
447
- /*! @azure/msal-common v16.6.1 2026-05-11 */
447
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
448
448
  /*
449
449
  * Copyright (c) Microsoft Corporation. All rights reserved.
450
450
  * Licensed under the MIT License.
@@ -471,6 +471,7 @@
471
471
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
472
472
  const authorityMismatch = "authority_mismatch";
473
473
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
474
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
474
475
  const issuerValidationFailed = "issuer_validation_failed";
475
476
 
476
477
  var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
@@ -486,6 +487,7 @@
486
487
  invalidClaims: invalidClaims,
487
488
  invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
488
489
  invalidCodeChallengeMethod: invalidCodeChallengeMethod,
490
+ invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration,
489
491
  invalidRequestMethodForEAR: invalidRequestMethodForEAR,
490
492
  issuerValidationFailed: issuerValidationFailed,
491
493
  logoutRequestEmpty: logoutRequestEmpty,
@@ -500,7 +502,7 @@
500
502
  urlParseError: urlParseError
501
503
  });
502
504
 
503
- /*! @azure/msal-common v16.6.1 2026-05-11 */
505
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
504
506
  /*
505
507
  * Copyright (c) Microsoft Corporation. All rights reserved.
506
508
  * Licensed under the MIT License.
@@ -588,7 +590,7 @@
588
590
  userCanceled: userCanceled
589
591
  });
590
592
 
591
- /*! @azure/msal-common v16.6.1 2026-05-11 */
593
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
592
594
 
593
595
  /*
594
596
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -783,7 +785,7 @@
783
785
  }
784
786
  }
785
787
 
786
- /*! @azure/msal-common v16.6.1 2026-05-11 */
788
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
787
789
 
788
790
  /*
789
791
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1172,7 +1174,7 @@
1172
1174
  }
1173
1175
  }
1174
1176
 
1175
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1177
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1176
1178
 
1177
1179
  /*
1178
1180
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1281,7 +1283,7 @@
1281
1283
  }
1282
1284
  }
1283
1285
 
1284
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1286
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1285
1287
 
1286
1288
  /*
1287
1289
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1320,7 +1322,7 @@
1320
1322
  },
1321
1323
  };
1322
1324
 
1323
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1325
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1324
1326
  /*
1325
1327
  * Copyright (c) Microsoft Corporation. All rights reserved.
1326
1328
  * Licensed under the MIT License.
@@ -1595,12 +1597,12 @@
1595
1597
  }
1596
1598
  }
1597
1599
 
1598
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1600
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1599
1601
  /* eslint-disable header/header */
1600
1602
  const name$1 = "@azure/msal-common";
1601
- const version$1 = "16.6.1";
1603
+ const version$1 = "16.7.0";
1602
1604
 
1603
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1605
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1604
1606
  /*
1605
1607
  * Copyright (c) Microsoft Corporation. All rights reserved.
1606
1608
  * Licensed under the MIT License.
@@ -1620,7 +1622,7 @@
1620
1622
  AzureUsGovernment: "https://login.microsoftonline.us",
1621
1623
  };
1622
1624
 
1623
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1625
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1624
1626
  /*
1625
1627
  * Copyright (c) Microsoft Corporation. All rights reserved.
1626
1628
  * Licensed under the MIT License.
@@ -1703,7 +1705,7 @@
1703
1705
  return updatedAccountInfo;
1704
1706
  }
1705
1707
 
1706
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1708
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1707
1709
 
1708
1710
  /*
1709
1711
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1783,7 +1785,7 @@
1783
1785
  }
1784
1786
  }
1785
1787
 
1786
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1788
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1787
1789
 
1788
1790
  /*
1789
1791
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1940,7 +1942,7 @@
1940
1942
  }
1941
1943
  }
1942
1944
 
1943
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1945
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1944
1946
 
1945
1947
  /*
1946
1948
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2106,7 +2108,7 @@
2106
2108
  return null;
2107
2109
  }
2108
2110
 
2109
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2111
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2110
2112
  /*
2111
2113
  * Copyright (c) Microsoft Corporation. All rights reserved.
2112
2114
  * Licensed under the MIT License.
@@ -2114,7 +2116,7 @@
2114
2116
  const cacheQuotaExceeded = "cache_quota_exceeded";
2115
2117
  const cacheErrorUnknown = "cache_error_unknown";
2116
2118
 
2117
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2119
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2118
2120
 
2119
2121
  /*
2120
2122
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2152,7 +2154,7 @@
2152
2154
  }
2153
2155
  }
2154
2156
 
2155
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2157
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2156
2158
 
2157
2159
  /*
2158
2160
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2190,7 +2192,7 @@
2190
2192
  };
2191
2193
  }
2192
2194
 
2193
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2195
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2194
2196
  /*
2195
2197
  * Copyright (c) Microsoft Corporation. All rights reserved.
2196
2198
  * Licensed under the MIT License.
@@ -2205,7 +2207,7 @@
2205
2207
  Ciam: 3,
2206
2208
  };
2207
2209
 
2208
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2210
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2209
2211
  /*
2210
2212
  * Copyright (c) Microsoft Corporation. All rights reserved.
2211
2213
  * Licensed under the MIT License.
@@ -2227,7 +2229,7 @@
2227
2229
  return null;
2228
2230
  }
2229
2231
 
2230
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2232
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2231
2233
  /*
2232
2234
  * Copyright (c) Microsoft Corporation. All rights reserved.
2233
2235
  * Licensed under the MIT License.
@@ -2251,7 +2253,7 @@
2251
2253
  EAR: "EAR",
2252
2254
  };
2253
2255
 
2254
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2256
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2255
2257
  /**
2256
2258
  * Returns the AccountInfo interface for this account.
2257
2259
  */
@@ -2426,7 +2428,7 @@
2426
2428
  entity.hasOwnProperty("authorityType"));
2427
2429
  }
2428
2430
 
2429
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2431
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2430
2432
 
2431
2433
  /*
2432
2434
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2566,8 +2568,8 @@
2566
2568
  return false;
2567
2569
  }
2568
2570
  if (!!tenantProfileFilter.username &&
2569
- !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
2570
- !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
2571
+ !this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
2572
+ !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
2571
2573
  return false;
2572
2574
  }
2573
2575
  if (!!tenantProfileFilter.loginHint &&
@@ -3558,7 +3560,7 @@
3558
3560
  }
3559
3561
  }
3560
3562
 
3561
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3563
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3562
3564
  /*
3563
3565
  * Copyright (c) Microsoft Corporation. All rights reserved.
3564
3566
  * Licensed under the MIT License.
@@ -3609,7 +3611,7 @@
3609
3611
  "redirectBridgeMessageVersion",
3610
3612
  ]);
3611
3613
 
3612
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3614
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3613
3615
 
3614
3616
  /*
3615
3617
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3664,7 +3666,7 @@
3664
3666
  }
3665
3667
  }
3666
3668
 
3667
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3669
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3668
3670
 
3669
3671
  /*
3670
3672
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3759,7 +3761,7 @@
3759
3761
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3760
3762
  }
3761
3763
 
3762
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3764
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3763
3765
  /*
3764
3766
  * Copyright (c) Microsoft Corporation. All rights reserved.
3765
3767
  * Licensed under the MIT License.
@@ -3786,7 +3788,7 @@
3786
3788
  }
3787
3789
  }
3788
3790
 
3789
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3791
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3790
3792
  /*
3791
3793
  * Copyright (c) Microsoft Corporation. All rights reserved.
3792
3794
  * Licensed under the MIT License.
@@ -3851,7 +3853,7 @@
3851
3853
  return cachedAtSec > nowSeconds();
3852
3854
  }
3853
3855
 
3854
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3856
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3855
3857
 
3856
3858
  /*
3857
3859
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4110,7 +4112,7 @@
4110
4112
  return metadata.expiresAt <= nowSeconds();
4111
4113
  }
4112
4114
 
4113
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4115
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4114
4116
  /*
4115
4117
  * Copyright (c) Microsoft Corporation. All rights reserved.
4116
4118
  * Licensed under the MIT License.
@@ -4181,7 +4183,7 @@
4181
4183
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4182
4184
  const SetUserData = "setUserData";
4183
4185
 
4184
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4186
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4185
4187
  /*
4186
4188
  * Copyright (c) Microsoft Corporation. All rights reserved.
4187
4189
  * Licensed under the MIT License.
@@ -4274,7 +4276,7 @@
4274
4276
  };
4275
4277
  };
4276
4278
 
4277
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4279
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4278
4280
 
4279
4281
  /*
4280
4282
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4354,7 +4356,7 @@
4354
4356
  }
4355
4357
  }
4356
4358
 
4357
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4359
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4358
4360
  /*
4359
4361
  * Copyright (c) Microsoft Corporation. All rights reserved.
4360
4362
  * Licensed under the MIT License.
@@ -4378,7 +4380,7 @@
4378
4380
  * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4379
4381
  * @public
4380
4382
  */
4381
- const uxNotAllowed = "ux_not_allowed";
4383
+ const uiNotAllowed = "ui_not_allowed";
4382
4384
  /**
4383
4385
  * Server-originated error code indicating interaction is required to complete the request.
4384
4386
  * @public
@@ -4415,10 +4417,10 @@
4415
4417
  nativeAccountUnavailable: nativeAccountUnavailable,
4416
4418
  noTokensFound: noTokensFound,
4417
4419
  refreshTokenExpired: refreshTokenExpired,
4418
- uxNotAllowed: uxNotAllowed
4420
+ uiNotAllowed: uiNotAllowed
4419
4421
  });
4420
4422
 
4421
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4423
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4422
4424
 
4423
4425
  /*
4424
4426
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4432,7 +4434,7 @@
4432
4434
  consentRequired,
4433
4435
  loginRequired,
4434
4436
  badToken,
4435
- uxNotAllowed,
4437
+ uiNotAllowed,
4436
4438
  interruptedUser,
4437
4439
  ];
4438
4440
  const InteractionRequiredAuthSubErrorMessage = [
@@ -4442,7 +4444,7 @@
4442
4444
  "user_password_expired",
4443
4445
  "consent_required",
4444
4446
  "bad_token",
4445
- "ux_not_allowed",
4447
+ "ui_not_allowed",
4446
4448
  "interrupted_user",
4447
4449
  ];
4448
4450
  /**
@@ -4486,7 +4488,7 @@
4486
4488
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4487
4489
  }
4488
4490
 
4489
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4491
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4490
4492
 
4491
4493
  /*
4492
4494
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4505,7 +4507,7 @@
4505
4507
  }
4506
4508
  }
4507
4509
 
4508
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4510
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4509
4511
 
4510
4512
  /*
4511
4513
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4573,7 +4575,7 @@
4573
4575
  }
4574
4576
  }
4575
4577
 
4576
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4578
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4577
4579
 
4578
4580
  /*
4579
4581
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4921,7 +4923,7 @@
4921
4923
  return baseAccount;
4922
4924
  }
4923
4925
 
4924
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4926
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4925
4927
  /*
4926
4928
  * Copyright (c) Microsoft Corporation. All rights reserved.
4927
4929
  * Licensed under the MIT License.
@@ -4931,7 +4933,7 @@
4931
4933
  UPN: "UPN",
4932
4934
  };
4933
4935
 
4934
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4936
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4935
4937
  /*
4936
4938
  * Copyright (c) Microsoft Corporation. All rights reserved.
4937
4939
  * Licensed under the MIT License.
@@ -4949,7 +4951,7 @@
4949
4951
  }
4950
4952
  }
4951
4953
 
4952
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4954
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4953
4955
  /*
4954
4956
  * Copyright (c) Microsoft Corporation. All rights reserved.
4955
4957
  * Licensed under the MIT License.
@@ -4970,7 +4972,7 @@
4970
4972
  };
4971
4973
  }
4972
4974
 
4973
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4975
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4974
4976
 
4975
4977
  /*
4976
4978
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5056,7 +5058,7 @@
5056
5058
  }
5057
5059
  }
5058
5060
 
5059
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5061
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5060
5062
 
5061
5063
  /*
5062
5064
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5087,7 +5089,7 @@
5087
5089
  return new NetworkError(error, httpStatus, responseHeaders);
5088
5090
  }
5089
5091
 
5090
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5092
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5091
5093
 
5092
5094
  /*
5093
5095
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5201,7 +5203,7 @@
5201
5203
  return response;
5202
5204
  }
5203
5205
 
5204
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5206
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5205
5207
  /*
5206
5208
  * Copyright (c) Microsoft Corporation. All rights reserved.
5207
5209
  * Licensed under the MIT License.
@@ -5213,7 +5215,7 @@
5213
5215
  response.hasOwnProperty("jwks_uri"));
5214
5216
  }
5215
5217
 
5216
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5218
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5217
5219
  /*
5218
5220
  * Copyright (c) Microsoft Corporation. All rights reserved.
5219
5221
  * Licensed under the MIT License.
@@ -5223,7 +5225,7 @@
5223
5225
  response.hasOwnProperty("metadata"));
5224
5226
  }
5225
5227
 
5226
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5228
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5227
5229
  /*
5228
5230
  * Copyright (c) Microsoft Corporation. All rights reserved.
5229
5231
  * Licensed under the MIT License.
@@ -5233,7 +5235,7 @@
5233
5235
  response.hasOwnProperty("error_description"));
5234
5236
  }
5235
5237
 
5236
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5238
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5237
5239
 
5238
5240
  /*
5239
5241
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5338,7 +5340,7 @@
5338
5340
  },
5339
5341
  };
5340
5342
 
5341
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5343
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5342
5344
 
5343
5345
  /*
5344
5346
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5895,7 +5897,7 @@
5895
5897
  }
5896
5898
  }
5897
5899
  // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
5898
- if (this.isInKnownAuthorities()) {
5900
+ if (this.isInKnownAuthorities(this.hostnameAndPort)) {
5899
5901
  this.logger.verbose("0mt9al", this.correlationId);
5900
5902
  return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
5901
5903
  }
@@ -5962,13 +5964,14 @@
5962
5964
  return match;
5963
5965
  }
5964
5966
  /**
5965
- * Helper function to determine if this host is included in the knownAuthorities config option
5967
+ * Helper function to determine if a host is included in the knownAuthorities config option.
5966
5968
  */
5967
- isInKnownAuthorities() {
5969
+ isInKnownAuthorities(host) {
5970
+ const normalizedHost = host.toLowerCase();
5968
5971
  const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
5969
5972
  return (authority &&
5970
5973
  UrlString.getDomainFromUrl(authority).toLowerCase() ===
5971
- this.hostnameAndPort);
5974
+ normalizedHost);
5972
5975
  });
5973
5976
  return matches.length > 0;
5974
5977
  }
@@ -6045,6 +6048,10 @@
6045
6048
  * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
6046
6049
  * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
6047
6050
  * path.
6051
+ * 5. The issuer host is HTTPS and is explicitly listed in the
6052
+ * developer-configured `knownAuthorities`. This covers scenarios where
6053
+ * the OIDC discovery document returns an issuer host that differs from
6054
+ * the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
6048
6055
  *
6049
6056
  * @param issuer The `issuer` value returned in the OIDC discovery document.
6050
6057
  * @throws ClientConfigurationError("issuer_validation_failed") on failure.
@@ -6081,11 +6088,19 @@
6081
6088
  * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
6082
6089
  */
6083
6090
  const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
6091
+ /*
6092
+ * Rule 5: The issuer host is explicitly listed in the developer-configured
6093
+ * knownAuthorities. This covers scenarios where the OIDC discovery document
6094
+ * returns an issuer with a different host than the authority
6095
+ * (e.g., a GUID-based issuer for a name-based authority).
6096
+ */
6097
+ const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
6084
6098
  // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
6085
6099
  if (matchesAuthorityOrigin ||
6086
6100
  matchesKnownMicrosoftHost ||
6087
6101
  matchesRegionalMicrosoftHost ||
6088
- matchesCiamTenantPattern) {
6102
+ matchesCiamTenantPattern ||
6103
+ matchesKnownAuthority) {
6089
6104
  return;
6090
6105
  }
6091
6106
  // issuer validation fails if none of the above rules are satisfied
@@ -6293,7 +6308,7 @@
6293
6308
  };
6294
6309
  }
6295
6310
 
6296
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6311
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6297
6312
 
6298
6313
  /*
6299
6314
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6327,7 +6342,7 @@
6327
6342
  }
6328
6343
  }
6329
6344
 
6330
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6345
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6331
6346
 
6332
6347
  /*
6333
6348
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6584,7 +6599,7 @@
6584
6599
  }
6585
6600
  }
6586
6601
 
6587
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6602
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6588
6603
 
6589
6604
  /*
6590
6605
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6805,7 +6820,7 @@
6805
6820
  }
6806
6821
  }
6807
6822
 
6808
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6823
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6809
6824
 
6810
6825
  /*
6811
6826
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6921,7 +6936,7 @@
6921
6936
  }
6922
6937
  }
6923
6938
 
6924
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6939
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6925
6940
 
6926
6941
  /*
6927
6942
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6936,7 +6951,7 @@
6936
6951
  },
6937
6952
  };
6938
6953
 
6939
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6954
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6940
6955
 
6941
6956
  /*
6942
6957
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7159,7 +7174,7 @@
7159
7174
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7160
7175
  }
7161
7176
 
7162
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7177
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7163
7178
 
7164
7179
  /*
7165
7180
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7192,7 +7207,7 @@
7192
7207
  return Object.prototype.hasOwnProperty.call(params, "resource");
7193
7208
  }
7194
7209
 
7195
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7210
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7196
7211
 
7197
7212
  /*
7198
7213
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7250,7 +7265,7 @@
7250
7265
  }
7251
7266
  }
7252
7267
 
7253
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7268
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7254
7269
  /*
7255
7270
  * Copyright (c) Microsoft Corporation. All rights reserved.
7256
7271
  * Licensed under the MIT License.
@@ -7267,7 +7282,7 @@
7267
7282
  unexpectedError: unexpectedError
7268
7283
  });
7269
7284
 
7270
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7285
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7271
7286
 
7272
7287
  /*
7273
7288
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7528,7 +7543,7 @@
7528
7543
  }
7529
7544
  }
7530
7545
 
7531
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7546
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7532
7547
 
7533
7548
  /*
7534
7549
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7549,7 +7564,7 @@
7549
7564
  return new JoseHeaderError(code);
7550
7565
  }
7551
7566
 
7552
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7567
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7553
7568
  /*
7554
7569
  * Copyright (c) Microsoft Corporation. All rights reserved.
7555
7570
  * Licensed under the MIT License.
@@ -7557,7 +7572,7 @@
7557
7572
  const missingKidError = "missing_kid_error";
7558
7573
  const missingAlgError = "missing_alg_error";
7559
7574
 
7560
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7575
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7561
7576
 
7562
7577
  /*
7563
7578
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7597,7 +7612,7 @@
7597
7612
  }
7598
7613
  }
7599
7614
 
7600
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7615
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7601
7616
 
7602
7617
  /*
7603
7618
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8392,6 +8407,43 @@
8392
8407
  return new BrowserAuthError(errorCode, subError);
8393
8408
  }
8394
8409
 
8410
+ /*
8411
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8412
+ * Licensed under the MIT License.
8413
+ */
8414
+ /**
8415
+ * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
8416
+ * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
8417
+ */
8418
+ /**
8419
+ * Returns a URL-safe plaintext decoded string from b64 encoded input.
8420
+ * @param input
8421
+ */
8422
+ function base64Decode(input) {
8423
+ return new TextDecoder().decode(base64DecToArr(input));
8424
+ }
8425
+ /**
8426
+ * Decodes base64 into Uint8Array
8427
+ * @param base64String
8428
+ */
8429
+ function base64DecToArr(base64String) {
8430
+ let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
8431
+ switch (encodedString.length % 4) {
8432
+ case 0:
8433
+ break;
8434
+ case 2:
8435
+ encodedString += "==";
8436
+ break;
8437
+ case 3:
8438
+ encodedString += "=";
8439
+ break;
8440
+ default:
8441
+ throw createBrowserAuthError(invalidBase64String);
8442
+ }
8443
+ const binString = atob(encodedString);
8444
+ return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
8445
+ }
8446
+
8395
8447
  /*
8396
8448
  * Copyright (c) Microsoft Corporation. All rights reserved.
8397
8449
  * Licensed under the MIT License.
@@ -8651,43 +8703,6 @@
8651
8703
  return btoa(binString);
8652
8704
  }
8653
8705
 
8654
- /*
8655
- * Copyright (c) Microsoft Corporation. All rights reserved.
8656
- * Licensed under the MIT License.
8657
- */
8658
- /**
8659
- * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
8660
- * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
8661
- */
8662
- /**
8663
- * Returns a URL-safe plaintext decoded string from b64 encoded input.
8664
- * @param input
8665
- */
8666
- function base64Decode(input) {
8667
- return new TextDecoder().decode(base64DecToArr(input));
8668
- }
8669
- /**
8670
- * Decodes base64 into Uint8Array
8671
- * @param base64String
8672
- */
8673
- function base64DecToArr(base64String) {
8674
- let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
8675
- switch (encodedString.length % 4) {
8676
- case 0:
8677
- break;
8678
- case 2:
8679
- encodedString += "==";
8680
- break;
8681
- case 3:
8682
- encodedString += "=";
8683
- break;
8684
- default:
8685
- throw createBrowserAuthError(invalidBase64String);
8686
- }
8687
- const binString = atob(encodedString);
8688
- return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
8689
- }
8690
-
8691
8706
  /*
8692
8707
  * Copyright (c) Microsoft Corporation. All rights reserved.
8693
8708
  * Licensed under the MIT License.
@@ -9106,6 +9121,16 @@
9106
9121
  contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`);
9107
9122
  }
9108
9123
  }
9124
+ /**
9125
+ * Strips both hash and query string from the given window's URL by replacing
9126
+ * with origin + pathname only. Used to remove auth response parameters
9127
+ * (auth code, state, etc.) before the window is closed or navigated away.
9128
+ */
9129
+ function clearAuthResponseFromUrl(contentWindow) {
9130
+ if (typeof contentWindow.history?.replaceState === "function") {
9131
+ contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}`);
9132
+ }
9133
+ }
9109
9134
  /**
9110
9135
  * Replaces current hash with hash from provided url
9111
9136
  */
@@ -9164,7 +9189,7 @@
9164
9189
  activeBridgeMonitor = null;
9165
9190
  }
9166
9191
  }
9167
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
9192
+ async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
9168
9193
  return new Promise((resolve, reject) => {
9169
9194
  logger.verbose("1rf6em", request.correlationId);
9170
9195
  const correlationId = request.correlationId;
@@ -9172,7 +9197,7 @@
9172
9197
  redirectBridgeTimeoutMs: timeoutMs,
9173
9198
  lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
9174
9199
  }, correlationId);
9175
- const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
9200
+ const { libraryState } = parseRequestState(base64Decode, request.state || "");
9176
9201
  const channel = new BroadcastChannel(libraryState.id);
9177
9202
  let responseString = undefined;
9178
9203
  let timedOut$1 = false;
@@ -9360,6 +9385,7 @@
9360
9385
  blockRedirectInIframe: blockRedirectInIframe,
9361
9386
  blockReloadInHiddenIframes: blockReloadInHiddenIframes,
9362
9387
  cancelPendingBridgeResponse: cancelPendingBridgeResponse,
9388
+ clearAuthResponseFromUrl: clearAuthResponseFromUrl,
9363
9389
  clearHash: clearHash,
9364
9390
  createGuid: createGuid,
9365
9391
  getCurrentUri: getCurrentUri,
@@ -10019,7 +10045,6 @@
10019
10045
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
10020
10046
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
10021
10047
  const BROWSER_PERF_ENABLED_KEY = `${PREFIX}.${BROWSER_PREFIX}.performance.enabled`;
10022
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
10023
10048
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
10024
10049
  const ACCOUNT_KEYS = "account.keys";
10025
10050
  const TOKEN_KEYS = "token.keys";
@@ -10535,7 +10560,7 @@
10535
10560
 
10536
10561
  /* eslint-disable header/header */
10537
10562
  const name = "@azure/msal-browser";
10538
- const version = "5.10.1";
10563
+ const version = "5.12.0";
10539
10564
 
10540
10565
  /*
10541
10566
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10642,6 +10667,7 @@
10642
10667
  ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
10643
10668
  : parsedValue;
10644
10669
  if (!decryptedData || !isCredentialEntity(decryptedData)) {
10670
+ this.browserStorage.removeItem(key);
10645
10671
  this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
10646
10672
  return null;
10647
10673
  }
@@ -10672,6 +10698,7 @@
10672
10698
  const rawValue = this.browserStorage.getItem(accountKey);
10673
10699
  const parsedValue = this.validateAndParseJson(rawValue || "");
10674
10700
  if (!parsedValue) {
10701
+ this.browserStorage.removeItem(accountKey);
10675
10702
  removeElementFromArray(accountKeysToCheck, accountKey);
10676
10703
  continue;
10677
10704
  }
@@ -10686,6 +10713,15 @@
10686
10713
  await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
10687
10714
  removeElementFromArray(accountKeysToCheck, accountKey);
10688
10715
  }
10716
+ else if (isEncrypted(parsedValue)) {
10717
+ // Remove accounts encrypted with a different key (session cookie expired/changed)
10718
+ const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
10719
+ if (!decrypted) {
10720
+ this.browserStorage.removeItem(accountKey);
10721
+ this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
10722
+ removeElementFromArray(accountKeysToCheck, accountKey);
10723
+ }
10724
+ }
10689
10725
  }
10690
10726
  this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
10691
10727
  }
@@ -12283,12 +12319,13 @@
12283
12319
  * and logoutHint attribute wasn't manually set in logout request
12284
12320
  */
12285
12321
  if (logoutRequest) {
12286
- // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
12322
+ // If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
12287
12323
  if (!logoutRequest.logoutHint) {
12288
12324
  if (logoutRequest.account) {
12289
- const logoutHint = this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
12325
+ const logoutHint = logoutRequest.account.loginHint ||
12326
+ this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
12290
12327
  if (logoutHint) {
12291
- this.logger.verbose("0st5di", this.correlationId);
12328
+ this.logger.verbose("0d7s8p", this.correlationId);
12292
12329
  validLogoutRequest.logoutHint = logoutHint;
12293
12330
  }
12294
12331
  }
@@ -12341,6 +12378,7 @@
12341
12378
  const idTokenClaims = account.idTokenClaims;
12342
12379
  if (idTokenClaims) {
12343
12380
  if (idTokenClaims.login_hint) {
12381
+ this.logger.verbose("0u5bmc", this.correlationId);
12344
12382
  return idTokenClaims.login_hint;
12345
12383
  }
12346
12384
  else {
@@ -12627,7 +12665,7 @@
12627
12665
  const NO_NETWORK = "NO_NETWORK";
12628
12666
  const DISABLED = "DISABLED";
12629
12667
  const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
12630
- const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
12668
+ const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
12631
12669
 
12632
12670
  /*
12633
12671
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12682,8 +12720,8 @@
12682
12720
  return createBrowserAuthError(userCancelled);
12683
12721
  case NO_NETWORK:
12684
12722
  return createBrowserAuthError(noNetworkConnectivity);
12685
- case UX_NOT_ALLOWED:
12686
- return createInteractionRequiredAuthError(uxNotAllowed);
12723
+ case UI_NOT_ALLOWED:
12724
+ return createInteractionRequiredAuthError(uiNotAllowed);
12687
12725
  }
12688
12726
  }
12689
12727
  return new NativeAuthError(code, description, ext);
@@ -12914,7 +12952,7 @@
12914
12952
  noHistory: false,
12915
12953
  };
12916
12954
  const redirectUri = navigateToLoginRequestUrl
12917
- ? window.location.href
12955
+ ? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
12918
12956
  : getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
12919
12957
  rootMeasurement.end({ success: true });
12920
12958
  await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
@@ -13969,6 +14007,7 @@
13969
14007
  };
13970
14008
  const DEFAULT_EXPERIMENTAL_OPTIONS = {
13971
14009
  iframeTimeoutTelemetry: false,
14010
+ allowPlatformBrokerWithDOM: false,
13972
14011
  };
13973
14012
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
13974
14013
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
@@ -14415,25 +14454,23 @@
14415
14454
  */
14416
14455
  /**
14417
14456
  * Checks if the platform broker is available in the current environment.
14418
- * @param loggerOptions
14419
- * @param perfClient
14420
- * @param correlationId
14421
- * @returns
14457
+ * @param domConfig - Whether to enable platform broker DOM API support (required)
14458
+ * @param loggerOptions - Optional logger options
14459
+ * @param perfClient - Optional performance client
14460
+ * @param correlationId - Optional correlation ID
14461
+ * @returns Promise<boolean> indicating if platform broker is available
14422
14462
  */
14423
- async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationId) {
14463
+ async function isPlatformBrokerAvailable(domConfig, loggerOptions, perfClient, correlationId) {
14424
14464
  const logger = new Logger(loggerOptions || {}, name, version);
14425
- const cid = correlationId || "";
14426
- logger.trace("07660b", cid);
14427
14465
  const performanceClient = perfClient || new StubPerformanceClient();
14428
14466
  if (typeof window === "undefined") {
14429
- logger.trace("082ed3", cid);
14467
+ logger.trace("082ed3", correlationId || createNewGuid());
14430
14468
  return false;
14431
14469
  }
14432
- return !!(await getPlatformAuthProvider(logger, performanceClient, cid));
14470
+ return !!(await getPlatformAuthProvider(logger, performanceClient, correlationId || createNewGuid(), undefined, domConfig));
14433
14471
  }
14434
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
14472
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
14435
14473
  logger.trace("134j0v", correlationId);
14436
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
14437
14474
  logger.trace("04c81g", correlationId);
14438
14475
  let platformAuthProvider;
14439
14476
  try {
@@ -14457,22 +14494,6 @@
14457
14494
  }
14458
14495
  return platformAuthProvider;
14459
14496
  }
14460
- /**
14461
- * Returns true if the DOM API support for platform auth is enabled in session storage
14462
- * @returns boolean
14463
- * @deprecated
14464
- */
14465
- function isDomEnabledForPlatformAuth() {
14466
- let sessionStorage;
14467
- try {
14468
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
14469
- // Mute errors if it's a non-browser environment or cookies are blocked.
14470
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
14471
- }
14472
- catch (e) {
14473
- return false;
14474
- }
14475
- }
14476
14497
  /**
14477
14498
  * Returns boolean indicating whether or not the request should attempt to use platform broker
14478
14499
  * @param logger
@@ -14483,6 +14504,11 @@
14483
14504
  */
14484
14505
  function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
14485
14506
  logger.trace("0uko3r", correlationId);
14507
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
14508
+ if (!config.system.allowPlatformBroker &&
14509
+ config.experimental.allowPlatformBrokerWithDOM) {
14510
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
14511
+ }
14486
14512
  if (!config.system.allowPlatformBroker) {
14487
14513
  logger.trace("04hozs", correlationId);
14488
14514
  // Developer disabled WAM
@@ -14512,10 +14538,11 @@
14512
14538
  * Licensed under the MIT License.
14513
14539
  */
14514
14540
  class PopupClient extends StandardInteractionClient {
14515
- constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
14541
+ constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
14516
14542
  super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
14517
14543
  this.nativeStorage = nativeStorageImpl;
14518
14544
  this.eventHandler = eventHandler;
14545
+ this.waitForPopupResponseHook = waitForPopupResponseHook;
14519
14546
  }
14520
14547
  /**
14521
14548
  * Acquires tokens by opening a popup window to the /authorize endpoint of the authority
@@ -14649,7 +14676,7 @@
14649
14676
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
14650
14677
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14651
14678
  // Wait for the redirect bridge response
14652
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14679
+ const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
14653
14680
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14654
14681
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14655
14682
  }
@@ -14684,7 +14711,7 @@
14684
14711
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
14685
14712
  form.submit();
14686
14713
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14687
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
14714
+ const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
14688
14715
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14689
14716
  if (!serverParams.ear_jwe && serverParams.code) {
14690
14717
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -14709,7 +14736,7 @@
14709
14736
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
14710
14737
  form.submit();
14711
14738
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14712
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14739
+ const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
14713
14740
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14714
14741
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14715
14742
  }
@@ -14766,7 +14793,7 @@
14766
14793
  // Open the popup window to requestUrl.
14767
14794
  const popupWindow = this.openPopup(logoutUri, popupParams);
14768
14795
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14769
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
14796
+ await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
14770
14797
  // Swallow any errors related to monitoring the window. Server logout is best effort
14771
14798
  });
14772
14799
  if (mainWindowRedirectUri) {
@@ -14845,6 +14872,19 @@
14845
14872
  if (!popupWindow) {
14846
14873
  throw createBrowserAuthError(emptyWindowError);
14847
14874
  }
14875
+ try {
14876
+ popupWindow.document.title = "Microsoft Authentication";
14877
+ }
14878
+ catch (e) {
14879
+ if (typeof DOMException !== "undefined" &&
14880
+ e instanceof DOMException &&
14881
+ e.name === "SecurityError") {
14882
+ // Cross-origin - title cannot be set
14883
+ }
14884
+ else {
14885
+ this.logger.verbose("1s1yfs", this.correlationId);
14886
+ }
14887
+ }
14848
14888
  if (popupWindow.focus) {
14849
14889
  popupWindow.focus();
14850
14890
  }
@@ -14923,6 +14963,12 @@
14923
14963
  const homeAccountId = request.account && request.account.homeAccountId;
14924
14964
  return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
14925
14965
  }
14966
+ async waitForPopupResponse(request, popupWindow, popupWindowParent) {
14967
+ if (this.waitForPopupResponseHook) {
14968
+ return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
14969
+ }
14970
+ return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
14971
+ }
14926
14972
  }
14927
14973
 
14928
14974
  /*
@@ -15076,6 +15122,8 @@
15076
15122
  * @param options {HandleRedirectPromiseOptions} options for handling redirect promise
15077
15123
  */
15078
15124
  async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
15125
+ const originalTitle = document.title;
15126
+ document.title = "Microsoft Authentication";
15079
15127
  const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15080
15128
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
15081
15129
  try {
@@ -15158,6 +15206,9 @@
15158
15206
  }
15159
15207
  throw e;
15160
15208
  }
15209
+ finally {
15210
+ document.title = originalTitle;
15211
+ }
15161
15212
  }
15162
15213
  /**
15163
15214
  * Gets the response hash for a redirect request
@@ -15413,6 +15464,7 @@
15413
15464
  function createHiddenIframe() {
15414
15465
  const authFrame = document.createElement("iframe");
15415
15466
  authFrame.className = "msalSilentIframe";
15467
+ authFrame.title = "Microsoft Authentication";
15416
15468
  authFrame.style.visibility = "hidden";
15417
15469
  authFrame.style.position = "absolute";
15418
15470
  authFrame.style.width = authFrame.style.height = "0";
@@ -15438,10 +15490,11 @@
15438
15490
  * Licensed under the MIT License.
15439
15491
  */
15440
15492
  class SilentIframeClient extends StandardInteractionClient {
15441
- constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
15493
+ constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
15442
15494
  super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
15443
15495
  this.apiId = apiId;
15444
15496
  this.nativeStorage = nativeStorageImpl;
15497
+ this.waitForIframeResponseHook = waitForIframeResponseHook;
15445
15498
  }
15446
15499
  /**
15447
15500
  * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
@@ -15530,7 +15583,7 @@
15530
15583
  const responseType = this.config.auth.OIDCOptions.responseMode;
15531
15584
  let responseString;
15532
15585
  try {
15533
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
15586
+ responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15534
15587
  }
15535
15588
  finally {
15536
15589
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15628,7 +15681,7 @@
15628
15681
  // Wait for response from the redirect bridge.
15629
15682
  let responseString;
15630
15683
  try {
15631
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
15684
+ responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15632
15685
  }
15633
15686
  finally {
15634
15687
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15636,6 +15689,12 @@
15636
15689
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15637
15690
  return { serverParams, pkceCodes, silentRequest };
15638
15691
  }
15692
+ async waitForIframeResponse(iframe, request) {
15693
+ if (this.waitForIframeResponseHook) {
15694
+ return this.waitForIframeResponseHook(iframe, request);
15695
+ }
15696
+ return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
15697
+ }
15639
15698
  }
15640
15699
 
15641
15700
  /*
@@ -15942,7 +16001,7 @@
15942
16001
  if (allowPlatformBroker) {
15943
16002
  try {
15944
16003
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
15945
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
16004
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
15946
16005
  }
15947
16006
  catch (e) {
15948
16007
  this.logger.verbose(e, correlationId);
@@ -16849,7 +16908,7 @@
16849
16908
  * @param correlationId
16850
16909
  */
16851
16910
  createPopupClient(correlationId) {
16852
- return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
16911
+ return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
16853
16912
  }
16854
16913
  /**
16855
16914
  * Returns new instance of the Redirect Interaction Client
@@ -16863,7 +16922,7 @@
16863
16922
  * @param correlationId
16864
16923
  */
16865
16924
  createSilentIframeClient(correlationId) {
16866
- return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
16925
+ return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
16867
16926
  }
16868
16927
  /**
16869
16928
  * Returns new instance of the Silent Cache Interaction Client
@@ -17337,7 +17396,7 @@
17337
17396
  return;
17338
17397
  }
17339
17398
  }
17340
- constructor(config) {
17399
+ constructor(config, responseHandlers) {
17341
17400
  /*
17342
17401
  * If loaded in an environment where window is not available,
17343
17402
  * set internal flag to false so that further requests fail.
@@ -17345,6 +17404,7 @@
17345
17404
  */
17346
17405
  this.browserEnvironment = typeof window !== "undefined";
17347
17406
  this.config = buildConfiguration(config, this.browserEnvironment);
17407
+ this.responseHandlers = responseHandlers;
17348
17408
  let sessionStorage;
17349
17409
  try {
17350
17410
  sessionStorage = window[BrowserCacheLocation.SessionStorage];
@@ -17381,6 +17441,13 @@
17381
17441
  getConfig() {
17382
17442
  return this.config;
17383
17443
  }
17444
+ /**
17445
+ * Returns the internal response handlers supplied by PublicClientApplication, if any.
17446
+ * @returns AuthResponseHandlers | undefined
17447
+ */
17448
+ getResponseHandlers() {
17449
+ return this.responseHandlers;
17450
+ }
17384
17451
  /**
17385
17452
  * Returns the MSAL Logger
17386
17453
  * @returns Logger
@@ -18402,7 +18469,48 @@
18402
18469
  constructor(configuration, controller) {
18403
18470
  this.controller =
18404
18471
  controller ||
18405
- new StandardController(new StandardOperatingContext(configuration));
18472
+ new StandardController(new StandardOperatingContext(configuration, {
18473
+ waitForPopupResponse: this.waitForPopupResponse.bind(this),
18474
+ waitForIframeResponse: this.waitForIframeResponse.bind(this),
18475
+ }));
18476
+ }
18477
+ /**
18478
+ * Waits for the auth response from a popup window opened by MSAL.
18479
+ *
18480
+ * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
18481
+ * Subclasses must return the raw response string (hash/query/fragment), or reject
18482
+ * with an `AuthError` on failure.
18483
+ *
18484
+ * @internal
18485
+ * @param request The in-flight authorization or end-session request.
18486
+ * @param popupWindow The popup window opened by MSAL.
18487
+ * @param popupWindowParent The parent window that opened the popup.
18488
+ */
18489
+ async waitForPopupResponse(request,
18490
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
18491
+ popupWindow,
18492
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
18493
+ popupWindowParent) {
18494
+ const controller = this.controller;
18495
+ return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
18496
+ }
18497
+ /**
18498
+ * Waits for the auth response from a hidden iframe used by MSAL silent flows.
18499
+ *
18500
+ * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
18501
+ * Subclasses must return the raw response string (hash/query/fragment), or reject
18502
+ * with an `AuthError` on failure.
18503
+ *
18504
+ * @internal
18505
+ * @param iframe The hidden iframe MSAL attached to the document.
18506
+ * @param request The in-flight authorization request.
18507
+ */
18508
+ async waitForIframeResponse(
18509
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
18510
+ iframe, request) {
18511
+ const controller = this.controller;
18512
+ const config = controller.getConfiguration();
18513
+ return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
18406
18514
  }
18407
18515
  /**
18408
18516
  * Initializer function to perform async startup tasks such as connecting to WAM extension