@azure/msal-browser 5.10.1 → 5.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +44 -2
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +12 -1
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +2 -3
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +3 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +4 -4
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +4 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -3
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +27 -7
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -1
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +11 -4
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +2 -1
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1203 -1187
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +4 -5
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +15 -5
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +33 -17
- package/lib/custom-auth-path/msal-custom-auth.cjs +342 -169
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +342 -169
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +13 -9
- package/lib/msal-browser.cjs +275 -167
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +275 -167
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +2 -2
- package/src/app/PublicClientApplication.ts +85 -1
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
- package/src/cache/BrowserCacheManager.ts +17 -0
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/StandardController.ts +6 -3
- package/src/custom_auth/CustomAuthConstants.ts +10 -0
- package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
- package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
- package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
- package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
- package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
- package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
- package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
- package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
- package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
- package/src/custom_auth/index.ts +4 -0
- package/src/error/NativeAuthError.ts +2 -2
- package/src/interaction_client/PlatformAuthInteractionClient.ts +5 -1
- package/src/interaction_client/PopupClient.ts +65 -27
- package/src/interaction_client/RedirectClient.ts +5 -0
- package/src/interaction_client/SilentIframeClient.ts +49 -19
- package/src/interaction_client/StandardInteractionClient.ts +11 -5
- package/src/interaction_handler/SilentHandler.ts +1 -0
- package/src/operatingcontext/BaseOperatingContext.ts +15 -1
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +3 -7
- package/src/utils/BrowserUtils.ts +28 -7
- package/types/app/PublicClientApplication.d.ts +37 -1
- package/types/app/PublicClientApplication.d.ts.map +1 -1
- package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +4 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
- package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
- package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
- package/types/custom_auth/index.d.ts +1 -0
- package/types/custom_auth/index.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +11 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts +20 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/redirect_bridge/index.d.ts.map +1 -1
- package/types/utils/BrowserUtils.d.ts +17 -2
- package/types/utils/BrowserUtils.d.ts.map +1 -1
package/lib/msal-browser.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.12.0 2026-06-05 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.
|
|
9
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
// Token renewal offset default in seconds
|
|
239
239
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
240
240
|
|
|
241
|
-
/*! @azure/msal-common v16.
|
|
241
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
242
242
|
/*
|
|
243
243
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
244
244
|
* Licensed under the MIT License.
|
|
@@ -290,7 +290,7 @@
|
|
|
290
290
|
const RESOURCE = "resource";
|
|
291
291
|
const CLI_DATA = "clidata";
|
|
292
292
|
|
|
293
|
-
/*! @azure/msal-common v16.
|
|
293
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
294
294
|
/*
|
|
295
295
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
296
296
|
* Licensed under the MIT License.
|
|
@@ -321,7 +321,7 @@
|
|
|
321
321
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
322
322
|
}
|
|
323
323
|
|
|
324
|
-
/*! @azure/msal-common v16.
|
|
324
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
325
325
|
|
|
326
326
|
/*
|
|
327
327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -341,7 +341,7 @@
|
|
|
341
341
|
return new ClientConfigurationError(errorCode);
|
|
342
342
|
}
|
|
343
343
|
|
|
344
|
-
/*! @azure/msal-common v16.
|
|
344
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
345
345
|
/*
|
|
346
346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
347
347
|
* Licensed under the MIT License.
|
|
@@ -421,7 +421,7 @@
|
|
|
421
421
|
}
|
|
422
422
|
}
|
|
423
423
|
|
|
424
|
-
/*! @azure/msal-common v16.
|
|
424
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
425
425
|
|
|
426
426
|
/*
|
|
427
427
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -444,7 +444,7 @@
|
|
|
444
444
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
445
445
|
}
|
|
446
446
|
|
|
447
|
-
/*! @azure/msal-common v16.
|
|
447
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
448
448
|
/*
|
|
449
449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
450
450
|
* Licensed under the MIT License.
|
|
@@ -471,6 +471,7 @@
|
|
|
471
471
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
472
472
|
const authorityMismatch = "authority_mismatch";
|
|
473
473
|
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
474
|
+
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
474
475
|
const issuerValidationFailed = "issuer_validation_failed";
|
|
475
476
|
|
|
476
477
|
var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
@@ -486,6 +487,7 @@
|
|
|
486
487
|
invalidClaims: invalidClaims,
|
|
487
488
|
invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
|
|
488
489
|
invalidCodeChallengeMethod: invalidCodeChallengeMethod,
|
|
490
|
+
invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration,
|
|
489
491
|
invalidRequestMethodForEAR: invalidRequestMethodForEAR,
|
|
490
492
|
issuerValidationFailed: issuerValidationFailed,
|
|
491
493
|
logoutRequestEmpty: logoutRequestEmpty,
|
|
@@ -500,7 +502,7 @@
|
|
|
500
502
|
urlParseError: urlParseError
|
|
501
503
|
});
|
|
502
504
|
|
|
503
|
-
/*! @azure/msal-common v16.
|
|
505
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
504
506
|
/*
|
|
505
507
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
506
508
|
* Licensed under the MIT License.
|
|
@@ -588,7 +590,7 @@
|
|
|
588
590
|
userCanceled: userCanceled
|
|
589
591
|
});
|
|
590
592
|
|
|
591
|
-
/*! @azure/msal-common v16.
|
|
593
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
592
594
|
|
|
593
595
|
/*
|
|
594
596
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -783,7 +785,7 @@
|
|
|
783
785
|
}
|
|
784
786
|
}
|
|
785
787
|
|
|
786
|
-
/*! @azure/msal-common v16.
|
|
788
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
787
789
|
|
|
788
790
|
/*
|
|
789
791
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1172,7 +1174,7 @@
|
|
|
1172
1174
|
}
|
|
1173
1175
|
}
|
|
1174
1176
|
|
|
1175
|
-
/*! @azure/msal-common v16.
|
|
1177
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1176
1178
|
|
|
1177
1179
|
/*
|
|
1178
1180
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1281,7 +1283,7 @@
|
|
|
1281
1283
|
}
|
|
1282
1284
|
}
|
|
1283
1285
|
|
|
1284
|
-
/*! @azure/msal-common v16.
|
|
1286
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1285
1287
|
|
|
1286
1288
|
/*
|
|
1287
1289
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1320,7 +1322,7 @@
|
|
|
1320
1322
|
},
|
|
1321
1323
|
};
|
|
1322
1324
|
|
|
1323
|
-
/*! @azure/msal-common v16.
|
|
1325
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1324
1326
|
/*
|
|
1325
1327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1326
1328
|
* Licensed under the MIT License.
|
|
@@ -1595,12 +1597,12 @@
|
|
|
1595
1597
|
}
|
|
1596
1598
|
}
|
|
1597
1599
|
|
|
1598
|
-
/*! @azure/msal-common v16.
|
|
1600
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1599
1601
|
/* eslint-disable header/header */
|
|
1600
1602
|
const name$1 = "@azure/msal-common";
|
|
1601
|
-
const version$1 = "16.
|
|
1603
|
+
const version$1 = "16.7.0";
|
|
1602
1604
|
|
|
1603
|
-
/*! @azure/msal-common v16.
|
|
1605
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1604
1606
|
/*
|
|
1605
1607
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1606
1608
|
* Licensed under the MIT License.
|
|
@@ -1620,7 +1622,7 @@
|
|
|
1620
1622
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1621
1623
|
};
|
|
1622
1624
|
|
|
1623
|
-
/*! @azure/msal-common v16.
|
|
1625
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1624
1626
|
/*
|
|
1625
1627
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1626
1628
|
* Licensed under the MIT License.
|
|
@@ -1703,7 +1705,7 @@
|
|
|
1703
1705
|
return updatedAccountInfo;
|
|
1704
1706
|
}
|
|
1705
1707
|
|
|
1706
|
-
/*! @azure/msal-common v16.
|
|
1708
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1707
1709
|
|
|
1708
1710
|
/*
|
|
1709
1711
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1783,7 +1785,7 @@
|
|
|
1783
1785
|
}
|
|
1784
1786
|
}
|
|
1785
1787
|
|
|
1786
|
-
/*! @azure/msal-common v16.
|
|
1788
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1787
1789
|
|
|
1788
1790
|
/*
|
|
1789
1791
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1940,7 +1942,7 @@
|
|
|
1940
1942
|
}
|
|
1941
1943
|
}
|
|
1942
1944
|
|
|
1943
|
-
/*! @azure/msal-common v16.
|
|
1945
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1944
1946
|
|
|
1945
1947
|
/*
|
|
1946
1948
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2106,7 +2108,7 @@
|
|
|
2106
2108
|
return null;
|
|
2107
2109
|
}
|
|
2108
2110
|
|
|
2109
|
-
/*! @azure/msal-common v16.
|
|
2111
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2110
2112
|
/*
|
|
2111
2113
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2112
2114
|
* Licensed under the MIT License.
|
|
@@ -2114,7 +2116,7 @@
|
|
|
2114
2116
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2115
2117
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2116
2118
|
|
|
2117
|
-
/*! @azure/msal-common v16.
|
|
2119
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2118
2120
|
|
|
2119
2121
|
/*
|
|
2120
2122
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2152,7 +2154,7 @@
|
|
|
2152
2154
|
}
|
|
2153
2155
|
}
|
|
2154
2156
|
|
|
2155
|
-
/*! @azure/msal-common v16.
|
|
2157
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2156
2158
|
|
|
2157
2159
|
/*
|
|
2158
2160
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2190,7 +2192,7 @@
|
|
|
2190
2192
|
};
|
|
2191
2193
|
}
|
|
2192
2194
|
|
|
2193
|
-
/*! @azure/msal-common v16.
|
|
2195
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2194
2196
|
/*
|
|
2195
2197
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2196
2198
|
* Licensed under the MIT License.
|
|
@@ -2205,7 +2207,7 @@
|
|
|
2205
2207
|
Ciam: 3,
|
|
2206
2208
|
};
|
|
2207
2209
|
|
|
2208
|
-
/*! @azure/msal-common v16.
|
|
2210
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2209
2211
|
/*
|
|
2210
2212
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2211
2213
|
* Licensed under the MIT License.
|
|
@@ -2227,7 +2229,7 @@
|
|
|
2227
2229
|
return null;
|
|
2228
2230
|
}
|
|
2229
2231
|
|
|
2230
|
-
/*! @azure/msal-common v16.
|
|
2232
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2231
2233
|
/*
|
|
2232
2234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2233
2235
|
* Licensed under the MIT License.
|
|
@@ -2251,7 +2253,7 @@
|
|
|
2251
2253
|
EAR: "EAR",
|
|
2252
2254
|
};
|
|
2253
2255
|
|
|
2254
|
-
/*! @azure/msal-common v16.
|
|
2256
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2255
2257
|
/**
|
|
2256
2258
|
* Returns the AccountInfo interface for this account.
|
|
2257
2259
|
*/
|
|
@@ -2426,7 +2428,7 @@
|
|
|
2426
2428
|
entity.hasOwnProperty("authorityType"));
|
|
2427
2429
|
}
|
|
2428
2430
|
|
|
2429
|
-
/*! @azure/msal-common v16.
|
|
2431
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2430
2432
|
|
|
2431
2433
|
/*
|
|
2432
2434
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2566,8 +2568,8 @@
|
|
|
2566
2568
|
return false;
|
|
2567
2569
|
}
|
|
2568
2570
|
if (!!tenantProfileFilter.username &&
|
|
2569
|
-
!
|
|
2570
|
-
|
|
2571
|
+
!this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
|
|
2572
|
+
!this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
|
|
2571
2573
|
return false;
|
|
2572
2574
|
}
|
|
2573
2575
|
if (!!tenantProfileFilter.loginHint &&
|
|
@@ -3558,7 +3560,7 @@
|
|
|
3558
3560
|
}
|
|
3559
3561
|
}
|
|
3560
3562
|
|
|
3561
|
-
/*! @azure/msal-common v16.
|
|
3563
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3562
3564
|
/*
|
|
3563
3565
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3564
3566
|
* Licensed under the MIT License.
|
|
@@ -3609,7 +3611,7 @@
|
|
|
3609
3611
|
"redirectBridgeMessageVersion",
|
|
3610
3612
|
]);
|
|
3611
3613
|
|
|
3612
|
-
/*! @azure/msal-common v16.
|
|
3614
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3613
3615
|
|
|
3614
3616
|
/*
|
|
3615
3617
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3664,7 +3666,7 @@
|
|
|
3664
3666
|
}
|
|
3665
3667
|
}
|
|
3666
3668
|
|
|
3667
|
-
/*! @azure/msal-common v16.
|
|
3669
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3668
3670
|
|
|
3669
3671
|
/*
|
|
3670
3672
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3759,7 +3761,7 @@
|
|
|
3759
3761
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3760
3762
|
}
|
|
3761
3763
|
|
|
3762
|
-
/*! @azure/msal-common v16.
|
|
3764
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3763
3765
|
/*
|
|
3764
3766
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3765
3767
|
* Licensed under the MIT License.
|
|
@@ -3786,7 +3788,7 @@
|
|
|
3786
3788
|
}
|
|
3787
3789
|
}
|
|
3788
3790
|
|
|
3789
|
-
/*! @azure/msal-common v16.
|
|
3791
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3790
3792
|
/*
|
|
3791
3793
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3792
3794
|
* Licensed under the MIT License.
|
|
@@ -3851,7 +3853,7 @@
|
|
|
3851
3853
|
return cachedAtSec > nowSeconds();
|
|
3852
3854
|
}
|
|
3853
3855
|
|
|
3854
|
-
/*! @azure/msal-common v16.
|
|
3856
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3855
3857
|
|
|
3856
3858
|
/*
|
|
3857
3859
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4110,7 +4112,7 @@
|
|
|
4110
4112
|
return metadata.expiresAt <= nowSeconds();
|
|
4111
4113
|
}
|
|
4112
4114
|
|
|
4113
|
-
/*! @azure/msal-common v16.
|
|
4115
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4114
4116
|
/*
|
|
4115
4117
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4116
4118
|
* Licensed under the MIT License.
|
|
@@ -4181,7 +4183,7 @@
|
|
|
4181
4183
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4182
4184
|
const SetUserData = "setUserData";
|
|
4183
4185
|
|
|
4184
|
-
/*! @azure/msal-common v16.
|
|
4186
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4185
4187
|
/*
|
|
4186
4188
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4187
4189
|
* Licensed under the MIT License.
|
|
@@ -4274,7 +4276,7 @@
|
|
|
4274
4276
|
};
|
|
4275
4277
|
};
|
|
4276
4278
|
|
|
4277
|
-
/*! @azure/msal-common v16.
|
|
4279
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4278
4280
|
|
|
4279
4281
|
/*
|
|
4280
4282
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4354,7 +4356,7 @@
|
|
|
4354
4356
|
}
|
|
4355
4357
|
}
|
|
4356
4358
|
|
|
4357
|
-
/*! @azure/msal-common v16.
|
|
4359
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4358
4360
|
/*
|
|
4359
4361
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4360
4362
|
* Licensed under the MIT License.
|
|
@@ -4378,7 +4380,7 @@
|
|
|
4378
4380
|
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4379
4381
|
* @public
|
|
4380
4382
|
*/
|
|
4381
|
-
const
|
|
4383
|
+
const uiNotAllowed = "ui_not_allowed";
|
|
4382
4384
|
/**
|
|
4383
4385
|
* Server-originated error code indicating interaction is required to complete the request.
|
|
4384
4386
|
* @public
|
|
@@ -4415,10 +4417,10 @@
|
|
|
4415
4417
|
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
4416
4418
|
noTokensFound: noTokensFound,
|
|
4417
4419
|
refreshTokenExpired: refreshTokenExpired,
|
|
4418
|
-
|
|
4420
|
+
uiNotAllowed: uiNotAllowed
|
|
4419
4421
|
});
|
|
4420
4422
|
|
|
4421
|
-
/*! @azure/msal-common v16.
|
|
4423
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4422
4424
|
|
|
4423
4425
|
/*
|
|
4424
4426
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4432,7 +4434,7 @@
|
|
|
4432
4434
|
consentRequired,
|
|
4433
4435
|
loginRequired,
|
|
4434
4436
|
badToken,
|
|
4435
|
-
|
|
4437
|
+
uiNotAllowed,
|
|
4436
4438
|
interruptedUser,
|
|
4437
4439
|
];
|
|
4438
4440
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
@@ -4442,7 +4444,7 @@
|
|
|
4442
4444
|
"user_password_expired",
|
|
4443
4445
|
"consent_required",
|
|
4444
4446
|
"bad_token",
|
|
4445
|
-
"
|
|
4447
|
+
"ui_not_allowed",
|
|
4446
4448
|
"interrupted_user",
|
|
4447
4449
|
];
|
|
4448
4450
|
/**
|
|
@@ -4486,7 +4488,7 @@
|
|
|
4486
4488
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4487
4489
|
}
|
|
4488
4490
|
|
|
4489
|
-
/*! @azure/msal-common v16.
|
|
4491
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4490
4492
|
|
|
4491
4493
|
/*
|
|
4492
4494
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4505,7 +4507,7 @@
|
|
|
4505
4507
|
}
|
|
4506
4508
|
}
|
|
4507
4509
|
|
|
4508
|
-
/*! @azure/msal-common v16.
|
|
4510
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4509
4511
|
|
|
4510
4512
|
/*
|
|
4511
4513
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4573,7 +4575,7 @@
|
|
|
4573
4575
|
}
|
|
4574
4576
|
}
|
|
4575
4577
|
|
|
4576
|
-
/*! @azure/msal-common v16.
|
|
4578
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4577
4579
|
|
|
4578
4580
|
/*
|
|
4579
4581
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4921,7 +4923,7 @@
|
|
|
4921
4923
|
return baseAccount;
|
|
4922
4924
|
}
|
|
4923
4925
|
|
|
4924
|
-
/*! @azure/msal-common v16.
|
|
4926
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4925
4927
|
/*
|
|
4926
4928
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4927
4929
|
* Licensed under the MIT License.
|
|
@@ -4931,7 +4933,7 @@
|
|
|
4931
4933
|
UPN: "UPN",
|
|
4932
4934
|
};
|
|
4933
4935
|
|
|
4934
|
-
/*! @azure/msal-common v16.
|
|
4936
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4935
4937
|
/*
|
|
4936
4938
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4937
4939
|
* Licensed under the MIT License.
|
|
@@ -4949,7 +4951,7 @@
|
|
|
4949
4951
|
}
|
|
4950
4952
|
}
|
|
4951
4953
|
|
|
4952
|
-
/*! @azure/msal-common v16.
|
|
4954
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4953
4955
|
/*
|
|
4954
4956
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4955
4957
|
* Licensed under the MIT License.
|
|
@@ -4970,7 +4972,7 @@
|
|
|
4970
4972
|
};
|
|
4971
4973
|
}
|
|
4972
4974
|
|
|
4973
|
-
/*! @azure/msal-common v16.
|
|
4975
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4974
4976
|
|
|
4975
4977
|
/*
|
|
4976
4978
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5056,7 +5058,7 @@
|
|
|
5056
5058
|
}
|
|
5057
5059
|
}
|
|
5058
5060
|
|
|
5059
|
-
/*! @azure/msal-common v16.
|
|
5061
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5060
5062
|
|
|
5061
5063
|
/*
|
|
5062
5064
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5087,7 +5089,7 @@
|
|
|
5087
5089
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5088
5090
|
}
|
|
5089
5091
|
|
|
5090
|
-
/*! @azure/msal-common v16.
|
|
5092
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5091
5093
|
|
|
5092
5094
|
/*
|
|
5093
5095
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5201,7 +5203,7 @@
|
|
|
5201
5203
|
return response;
|
|
5202
5204
|
}
|
|
5203
5205
|
|
|
5204
|
-
/*! @azure/msal-common v16.
|
|
5206
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5205
5207
|
/*
|
|
5206
5208
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5207
5209
|
* Licensed under the MIT License.
|
|
@@ -5213,7 +5215,7 @@
|
|
|
5213
5215
|
response.hasOwnProperty("jwks_uri"));
|
|
5214
5216
|
}
|
|
5215
5217
|
|
|
5216
|
-
/*! @azure/msal-common v16.
|
|
5218
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5217
5219
|
/*
|
|
5218
5220
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5219
5221
|
* Licensed under the MIT License.
|
|
@@ -5223,7 +5225,7 @@
|
|
|
5223
5225
|
response.hasOwnProperty("metadata"));
|
|
5224
5226
|
}
|
|
5225
5227
|
|
|
5226
|
-
/*! @azure/msal-common v16.
|
|
5228
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5227
5229
|
/*
|
|
5228
5230
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5229
5231
|
* Licensed under the MIT License.
|
|
@@ -5233,7 +5235,7 @@
|
|
|
5233
5235
|
response.hasOwnProperty("error_description"));
|
|
5234
5236
|
}
|
|
5235
5237
|
|
|
5236
|
-
/*! @azure/msal-common v16.
|
|
5238
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5237
5239
|
|
|
5238
5240
|
/*
|
|
5239
5241
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5338,7 +5340,7 @@
|
|
|
5338
5340
|
},
|
|
5339
5341
|
};
|
|
5340
5342
|
|
|
5341
|
-
/*! @azure/msal-common v16.
|
|
5343
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5342
5344
|
|
|
5343
5345
|
/*
|
|
5344
5346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5895,7 +5897,7 @@
|
|
|
5895
5897
|
}
|
|
5896
5898
|
}
|
|
5897
5899
|
// If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
|
|
5898
|
-
if (this.isInKnownAuthorities()) {
|
|
5900
|
+
if (this.isInKnownAuthorities(this.hostnameAndPort)) {
|
|
5899
5901
|
this.logger.verbose("0mt9al", this.correlationId);
|
|
5900
5902
|
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
5901
5903
|
}
|
|
@@ -5962,13 +5964,14 @@
|
|
|
5962
5964
|
return match;
|
|
5963
5965
|
}
|
|
5964
5966
|
/**
|
|
5965
|
-
* Helper function to determine if
|
|
5967
|
+
* Helper function to determine if a host is included in the knownAuthorities config option.
|
|
5966
5968
|
*/
|
|
5967
|
-
isInKnownAuthorities() {
|
|
5969
|
+
isInKnownAuthorities(host) {
|
|
5970
|
+
const normalizedHost = host.toLowerCase();
|
|
5968
5971
|
const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
|
|
5969
5972
|
return (authority &&
|
|
5970
5973
|
UrlString.getDomainFromUrl(authority).toLowerCase() ===
|
|
5971
|
-
|
|
5974
|
+
normalizedHost);
|
|
5972
5975
|
});
|
|
5973
5976
|
return matches.length > 0;
|
|
5974
5977
|
}
|
|
@@ -6045,6 +6048,10 @@
|
|
|
6045
6048
|
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
6046
6049
|
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
6047
6050
|
* path.
|
|
6051
|
+
* 5. The issuer host is HTTPS and is explicitly listed in the
|
|
6052
|
+
* developer-configured `knownAuthorities`. This covers scenarios where
|
|
6053
|
+
* the OIDC discovery document returns an issuer host that differs from
|
|
6054
|
+
* the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
|
|
6048
6055
|
*
|
|
6049
6056
|
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
6050
6057
|
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
@@ -6081,11 +6088,19 @@
|
|
|
6081
6088
|
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
6082
6089
|
*/
|
|
6083
6090
|
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
6091
|
+
/*
|
|
6092
|
+
* Rule 5: The issuer host is explicitly listed in the developer-configured
|
|
6093
|
+
* knownAuthorities. This covers scenarios where the OIDC discovery document
|
|
6094
|
+
* returns an issuer with a different host than the authority
|
|
6095
|
+
* (e.g., a GUID-based issuer for a name-based authority).
|
|
6096
|
+
*/
|
|
6097
|
+
const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
|
|
6084
6098
|
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
6085
6099
|
if (matchesAuthorityOrigin ||
|
|
6086
6100
|
matchesKnownMicrosoftHost ||
|
|
6087
6101
|
matchesRegionalMicrosoftHost ||
|
|
6088
|
-
matchesCiamTenantPattern
|
|
6102
|
+
matchesCiamTenantPattern ||
|
|
6103
|
+
matchesKnownAuthority) {
|
|
6089
6104
|
return;
|
|
6090
6105
|
}
|
|
6091
6106
|
// issuer validation fails if none of the above rules are satisfied
|
|
@@ -6293,7 +6308,7 @@
|
|
|
6293
6308
|
};
|
|
6294
6309
|
}
|
|
6295
6310
|
|
|
6296
|
-
/*! @azure/msal-common v16.
|
|
6311
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6297
6312
|
|
|
6298
6313
|
/*
|
|
6299
6314
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6327,7 +6342,7 @@
|
|
|
6327
6342
|
}
|
|
6328
6343
|
}
|
|
6329
6344
|
|
|
6330
|
-
/*! @azure/msal-common v16.
|
|
6345
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6331
6346
|
|
|
6332
6347
|
/*
|
|
6333
6348
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6584,7 +6599,7 @@
|
|
|
6584
6599
|
}
|
|
6585
6600
|
}
|
|
6586
6601
|
|
|
6587
|
-
/*! @azure/msal-common v16.
|
|
6602
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6588
6603
|
|
|
6589
6604
|
/*
|
|
6590
6605
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6805,7 +6820,7 @@
|
|
|
6805
6820
|
}
|
|
6806
6821
|
}
|
|
6807
6822
|
|
|
6808
|
-
/*! @azure/msal-common v16.
|
|
6823
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6809
6824
|
|
|
6810
6825
|
/*
|
|
6811
6826
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6921,7 +6936,7 @@
|
|
|
6921
6936
|
}
|
|
6922
6937
|
}
|
|
6923
6938
|
|
|
6924
|
-
/*! @azure/msal-common v16.
|
|
6939
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6925
6940
|
|
|
6926
6941
|
/*
|
|
6927
6942
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6936,7 +6951,7 @@
|
|
|
6936
6951
|
},
|
|
6937
6952
|
};
|
|
6938
6953
|
|
|
6939
|
-
/*! @azure/msal-common v16.
|
|
6954
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6940
6955
|
|
|
6941
6956
|
/*
|
|
6942
6957
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7159,7 +7174,7 @@
|
|
|
7159
7174
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7160
7175
|
}
|
|
7161
7176
|
|
|
7162
|
-
/*! @azure/msal-common v16.
|
|
7177
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7163
7178
|
|
|
7164
7179
|
/*
|
|
7165
7180
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7192,7 +7207,7 @@
|
|
|
7192
7207
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7193
7208
|
}
|
|
7194
7209
|
|
|
7195
|
-
/*! @azure/msal-common v16.
|
|
7210
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7196
7211
|
|
|
7197
7212
|
/*
|
|
7198
7213
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7250,7 +7265,7 @@
|
|
|
7250
7265
|
}
|
|
7251
7266
|
}
|
|
7252
7267
|
|
|
7253
|
-
/*! @azure/msal-common v16.
|
|
7268
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7254
7269
|
/*
|
|
7255
7270
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7256
7271
|
* Licensed under the MIT License.
|
|
@@ -7267,7 +7282,7 @@
|
|
|
7267
7282
|
unexpectedError: unexpectedError
|
|
7268
7283
|
});
|
|
7269
7284
|
|
|
7270
|
-
/*! @azure/msal-common v16.
|
|
7285
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7271
7286
|
|
|
7272
7287
|
/*
|
|
7273
7288
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7528,7 +7543,7 @@
|
|
|
7528
7543
|
}
|
|
7529
7544
|
}
|
|
7530
7545
|
|
|
7531
|
-
/*! @azure/msal-common v16.
|
|
7546
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7532
7547
|
|
|
7533
7548
|
/*
|
|
7534
7549
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7549,7 +7564,7 @@
|
|
|
7549
7564
|
return new JoseHeaderError(code);
|
|
7550
7565
|
}
|
|
7551
7566
|
|
|
7552
|
-
/*! @azure/msal-common v16.
|
|
7567
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7553
7568
|
/*
|
|
7554
7569
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7555
7570
|
* Licensed under the MIT License.
|
|
@@ -7557,7 +7572,7 @@
|
|
|
7557
7572
|
const missingKidError = "missing_kid_error";
|
|
7558
7573
|
const missingAlgError = "missing_alg_error";
|
|
7559
7574
|
|
|
7560
|
-
/*! @azure/msal-common v16.
|
|
7575
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7561
7576
|
|
|
7562
7577
|
/*
|
|
7563
7578
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7597,7 +7612,7 @@
|
|
|
7597
7612
|
}
|
|
7598
7613
|
}
|
|
7599
7614
|
|
|
7600
|
-
/*! @azure/msal-common v16.
|
|
7615
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7601
7616
|
|
|
7602
7617
|
/*
|
|
7603
7618
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8392,6 +8407,43 @@
|
|
|
8392
8407
|
return new BrowserAuthError(errorCode, subError);
|
|
8393
8408
|
}
|
|
8394
8409
|
|
|
8410
|
+
/*
|
|
8411
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8412
|
+
* Licensed under the MIT License.
|
|
8413
|
+
*/
|
|
8414
|
+
/**
|
|
8415
|
+
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8416
|
+
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8417
|
+
*/
|
|
8418
|
+
/**
|
|
8419
|
+
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8420
|
+
* @param input
|
|
8421
|
+
*/
|
|
8422
|
+
function base64Decode(input) {
|
|
8423
|
+
return new TextDecoder().decode(base64DecToArr(input));
|
|
8424
|
+
}
|
|
8425
|
+
/**
|
|
8426
|
+
* Decodes base64 into Uint8Array
|
|
8427
|
+
* @param base64String
|
|
8428
|
+
*/
|
|
8429
|
+
function base64DecToArr(base64String) {
|
|
8430
|
+
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8431
|
+
switch (encodedString.length % 4) {
|
|
8432
|
+
case 0:
|
|
8433
|
+
break;
|
|
8434
|
+
case 2:
|
|
8435
|
+
encodedString += "==";
|
|
8436
|
+
break;
|
|
8437
|
+
case 3:
|
|
8438
|
+
encodedString += "=";
|
|
8439
|
+
break;
|
|
8440
|
+
default:
|
|
8441
|
+
throw createBrowserAuthError(invalidBase64String);
|
|
8442
|
+
}
|
|
8443
|
+
const binString = atob(encodedString);
|
|
8444
|
+
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8445
|
+
}
|
|
8446
|
+
|
|
8395
8447
|
/*
|
|
8396
8448
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8397
8449
|
* Licensed under the MIT License.
|
|
@@ -8651,43 +8703,6 @@
|
|
|
8651
8703
|
return btoa(binString);
|
|
8652
8704
|
}
|
|
8653
8705
|
|
|
8654
|
-
/*
|
|
8655
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8656
|
-
* Licensed under the MIT License.
|
|
8657
|
-
*/
|
|
8658
|
-
/**
|
|
8659
|
-
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8660
|
-
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8661
|
-
*/
|
|
8662
|
-
/**
|
|
8663
|
-
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8664
|
-
* @param input
|
|
8665
|
-
*/
|
|
8666
|
-
function base64Decode(input) {
|
|
8667
|
-
return new TextDecoder().decode(base64DecToArr(input));
|
|
8668
|
-
}
|
|
8669
|
-
/**
|
|
8670
|
-
* Decodes base64 into Uint8Array
|
|
8671
|
-
* @param base64String
|
|
8672
|
-
*/
|
|
8673
|
-
function base64DecToArr(base64String) {
|
|
8674
|
-
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8675
|
-
switch (encodedString.length % 4) {
|
|
8676
|
-
case 0:
|
|
8677
|
-
break;
|
|
8678
|
-
case 2:
|
|
8679
|
-
encodedString += "==";
|
|
8680
|
-
break;
|
|
8681
|
-
case 3:
|
|
8682
|
-
encodedString += "=";
|
|
8683
|
-
break;
|
|
8684
|
-
default:
|
|
8685
|
-
throw createBrowserAuthError(invalidBase64String);
|
|
8686
|
-
}
|
|
8687
|
-
const binString = atob(encodedString);
|
|
8688
|
-
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8689
|
-
}
|
|
8690
|
-
|
|
8691
8706
|
/*
|
|
8692
8707
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8693
8708
|
* Licensed under the MIT License.
|
|
@@ -9106,6 +9121,16 @@
|
|
|
9106
9121
|
contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`);
|
|
9107
9122
|
}
|
|
9108
9123
|
}
|
|
9124
|
+
/**
|
|
9125
|
+
* Strips both hash and query string from the given window's URL by replacing
|
|
9126
|
+
* with origin + pathname only. Used to remove auth response parameters
|
|
9127
|
+
* (auth code, state, etc.) before the window is closed or navigated away.
|
|
9128
|
+
*/
|
|
9129
|
+
function clearAuthResponseFromUrl(contentWindow) {
|
|
9130
|
+
if (typeof contentWindow.history?.replaceState === "function") {
|
|
9131
|
+
contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}`);
|
|
9132
|
+
}
|
|
9133
|
+
}
|
|
9109
9134
|
/**
|
|
9110
9135
|
* Replaces current hash with hash from provided url
|
|
9111
9136
|
*/
|
|
@@ -9164,7 +9189,7 @@
|
|
|
9164
9189
|
activeBridgeMonitor = null;
|
|
9165
9190
|
}
|
|
9166
9191
|
}
|
|
9167
|
-
async function waitForBridgeResponse(timeoutMs, logger,
|
|
9192
|
+
async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
|
|
9168
9193
|
return new Promise((resolve, reject) => {
|
|
9169
9194
|
logger.verbose("1rf6em", request.correlationId);
|
|
9170
9195
|
const correlationId = request.correlationId;
|
|
@@ -9172,7 +9197,7 @@
|
|
|
9172
9197
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9173
9198
|
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9174
9199
|
}, correlationId);
|
|
9175
|
-
const { libraryState } = parseRequestState(
|
|
9200
|
+
const { libraryState } = parseRequestState(base64Decode, request.state || "");
|
|
9176
9201
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9177
9202
|
let responseString = undefined;
|
|
9178
9203
|
let timedOut$1 = false;
|
|
@@ -9360,6 +9385,7 @@
|
|
|
9360
9385
|
blockRedirectInIframe: blockRedirectInIframe,
|
|
9361
9386
|
blockReloadInHiddenIframes: blockReloadInHiddenIframes,
|
|
9362
9387
|
cancelPendingBridgeResponse: cancelPendingBridgeResponse,
|
|
9388
|
+
clearAuthResponseFromUrl: clearAuthResponseFromUrl,
|
|
9363
9389
|
clearHash: clearHash,
|
|
9364
9390
|
createGuid: createGuid,
|
|
9365
9391
|
getCurrentUri: getCurrentUri,
|
|
@@ -10019,7 +10045,6 @@
|
|
|
10019
10045
|
const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
|
|
10020
10046
|
const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
|
|
10021
10047
|
const BROWSER_PERF_ENABLED_KEY = `${PREFIX}.${BROWSER_PREFIX}.performance.enabled`;
|
|
10022
|
-
const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
|
|
10023
10048
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
10024
10049
|
const ACCOUNT_KEYS = "account.keys";
|
|
10025
10050
|
const TOKEN_KEYS = "token.keys";
|
|
@@ -10535,7 +10560,7 @@
|
|
|
10535
10560
|
|
|
10536
10561
|
/* eslint-disable header/header */
|
|
10537
10562
|
const name = "@azure/msal-browser";
|
|
10538
|
-
const version = "5.
|
|
10563
|
+
const version = "5.12.0";
|
|
10539
10564
|
|
|
10540
10565
|
/*
|
|
10541
10566
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10642,6 +10667,7 @@
|
|
|
10642
10667
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
10643
10668
|
: parsedValue;
|
|
10644
10669
|
if (!decryptedData || !isCredentialEntity(decryptedData)) {
|
|
10670
|
+
this.browserStorage.removeItem(key);
|
|
10645
10671
|
this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
|
|
10646
10672
|
return null;
|
|
10647
10673
|
}
|
|
@@ -10672,6 +10698,7 @@
|
|
|
10672
10698
|
const rawValue = this.browserStorage.getItem(accountKey);
|
|
10673
10699
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10674
10700
|
if (!parsedValue) {
|
|
10701
|
+
this.browserStorage.removeItem(accountKey);
|
|
10675
10702
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10676
10703
|
continue;
|
|
10677
10704
|
}
|
|
@@ -10686,6 +10713,15 @@
|
|
|
10686
10713
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
10687
10714
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10688
10715
|
}
|
|
10716
|
+
else if (isEncrypted(parsedValue)) {
|
|
10717
|
+
// Remove accounts encrypted with a different key (session cookie expired/changed)
|
|
10718
|
+
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
10719
|
+
if (!decrypted) {
|
|
10720
|
+
this.browserStorage.removeItem(accountKey);
|
|
10721
|
+
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
10722
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10723
|
+
}
|
|
10724
|
+
}
|
|
10689
10725
|
}
|
|
10690
10726
|
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
10691
10727
|
}
|
|
@@ -12283,12 +12319,13 @@
|
|
|
12283
12319
|
* and logoutHint attribute wasn't manually set in logout request
|
|
12284
12320
|
*/
|
|
12285
12321
|
if (logoutRequest) {
|
|
12286
|
-
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
|
|
12322
|
+
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
|
|
12287
12323
|
if (!logoutRequest.logoutHint) {
|
|
12288
12324
|
if (logoutRequest.account) {
|
|
12289
|
-
const logoutHint =
|
|
12325
|
+
const logoutHint = logoutRequest.account.loginHint ||
|
|
12326
|
+
this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
|
|
12290
12327
|
if (logoutHint) {
|
|
12291
|
-
this.logger.verbose("
|
|
12328
|
+
this.logger.verbose("0d7s8p", this.correlationId);
|
|
12292
12329
|
validLogoutRequest.logoutHint = logoutHint;
|
|
12293
12330
|
}
|
|
12294
12331
|
}
|
|
@@ -12341,6 +12378,7 @@
|
|
|
12341
12378
|
const idTokenClaims = account.idTokenClaims;
|
|
12342
12379
|
if (idTokenClaims) {
|
|
12343
12380
|
if (idTokenClaims.login_hint) {
|
|
12381
|
+
this.logger.verbose("0u5bmc", this.correlationId);
|
|
12344
12382
|
return idTokenClaims.login_hint;
|
|
12345
12383
|
}
|
|
12346
12384
|
else {
|
|
@@ -12627,7 +12665,7 @@
|
|
|
12627
12665
|
const NO_NETWORK = "NO_NETWORK";
|
|
12628
12666
|
const DISABLED = "DISABLED";
|
|
12629
12667
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
12630
|
-
const
|
|
12668
|
+
const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
|
|
12631
12669
|
|
|
12632
12670
|
/*
|
|
12633
12671
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12682,8 +12720,8 @@
|
|
|
12682
12720
|
return createBrowserAuthError(userCancelled);
|
|
12683
12721
|
case NO_NETWORK:
|
|
12684
12722
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
12685
|
-
case
|
|
12686
|
-
return createInteractionRequiredAuthError(
|
|
12723
|
+
case UI_NOT_ALLOWED:
|
|
12724
|
+
return createInteractionRequiredAuthError(uiNotAllowed);
|
|
12687
12725
|
}
|
|
12688
12726
|
}
|
|
12689
12727
|
return new NativeAuthError(code, description, ext);
|
|
@@ -12914,7 +12952,7 @@
|
|
|
12914
12952
|
noHistory: false,
|
|
12915
12953
|
};
|
|
12916
12954
|
const redirectUri = navigateToLoginRequestUrl
|
|
12917
|
-
? window.location.href
|
|
12955
|
+
? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
|
|
12918
12956
|
: getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
12919
12957
|
rootMeasurement.end({ success: true });
|
|
12920
12958
|
await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
|
|
@@ -13969,6 +14007,7 @@
|
|
|
13969
14007
|
};
|
|
13970
14008
|
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
13971
14009
|
iframeTimeoutTelemetry: false,
|
|
14010
|
+
allowPlatformBrokerWithDOM: false,
|
|
13972
14011
|
};
|
|
13973
14012
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
13974
14013
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
@@ -14415,25 +14454,23 @@
|
|
|
14415
14454
|
*/
|
|
14416
14455
|
/**
|
|
14417
14456
|
* Checks if the platform broker is available in the current environment.
|
|
14418
|
-
* @param
|
|
14419
|
-
* @param
|
|
14420
|
-
* @param
|
|
14421
|
-
* @
|
|
14457
|
+
* @param domConfig - Whether to enable platform broker DOM API support (required)
|
|
14458
|
+
* @param loggerOptions - Optional logger options
|
|
14459
|
+
* @param perfClient - Optional performance client
|
|
14460
|
+
* @param correlationId - Optional correlation ID
|
|
14461
|
+
* @returns Promise<boolean> indicating if platform broker is available
|
|
14422
14462
|
*/
|
|
14423
|
-
async function isPlatformBrokerAvailable(loggerOptions, perfClient, correlationId) {
|
|
14463
|
+
async function isPlatformBrokerAvailable(domConfig, loggerOptions, perfClient, correlationId) {
|
|
14424
14464
|
const logger = new Logger(loggerOptions || {}, name, version);
|
|
14425
|
-
const cid = correlationId || "";
|
|
14426
|
-
logger.trace("07660b", cid);
|
|
14427
14465
|
const performanceClient = perfClient || new StubPerformanceClient();
|
|
14428
14466
|
if (typeof window === "undefined") {
|
|
14429
|
-
logger.trace("082ed3",
|
|
14467
|
+
logger.trace("082ed3", correlationId || createNewGuid());
|
|
14430
14468
|
return false;
|
|
14431
14469
|
}
|
|
14432
|
-
return !!(await getPlatformAuthProvider(logger, performanceClient,
|
|
14470
|
+
return !!(await getPlatformAuthProvider(logger, performanceClient, correlationId || createNewGuid(), undefined, domConfig));
|
|
14433
14471
|
}
|
|
14434
|
-
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
|
|
14472
|
+
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
|
|
14435
14473
|
logger.trace("134j0v", correlationId);
|
|
14436
|
-
const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
|
|
14437
14474
|
logger.trace("04c81g", correlationId);
|
|
14438
14475
|
let platformAuthProvider;
|
|
14439
14476
|
try {
|
|
@@ -14457,22 +14494,6 @@
|
|
|
14457
14494
|
}
|
|
14458
14495
|
return platformAuthProvider;
|
|
14459
14496
|
}
|
|
14460
|
-
/**
|
|
14461
|
-
* Returns true if the DOM API support for platform auth is enabled in session storage
|
|
14462
|
-
* @returns boolean
|
|
14463
|
-
* @deprecated
|
|
14464
|
-
*/
|
|
14465
|
-
function isDomEnabledForPlatformAuth() {
|
|
14466
|
-
let sessionStorage;
|
|
14467
|
-
try {
|
|
14468
|
-
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
14469
|
-
// Mute errors if it's a non-browser environment or cookies are blocked.
|
|
14470
|
-
return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
|
|
14471
|
-
}
|
|
14472
|
-
catch (e) {
|
|
14473
|
-
return false;
|
|
14474
|
-
}
|
|
14475
|
-
}
|
|
14476
14497
|
/**
|
|
14477
14498
|
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
14478
14499
|
* @param logger
|
|
@@ -14483,6 +14504,11 @@
|
|
|
14483
14504
|
*/
|
|
14484
14505
|
function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
|
|
14485
14506
|
logger.trace("0uko3r", correlationId);
|
|
14507
|
+
// throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
|
|
14508
|
+
if (!config.system.allowPlatformBroker &&
|
|
14509
|
+
config.experimental.allowPlatformBrokerWithDOM) {
|
|
14510
|
+
throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
|
|
14511
|
+
}
|
|
14486
14512
|
if (!config.system.allowPlatformBroker) {
|
|
14487
14513
|
logger.trace("04hozs", correlationId);
|
|
14488
14514
|
// Developer disabled WAM
|
|
@@ -14512,10 +14538,11 @@
|
|
|
14512
14538
|
* Licensed under the MIT License.
|
|
14513
14539
|
*/
|
|
14514
14540
|
class PopupClient extends StandardInteractionClient {
|
|
14515
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
|
|
14541
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
|
|
14516
14542
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
|
|
14517
14543
|
this.nativeStorage = nativeStorageImpl;
|
|
14518
14544
|
this.eventHandler = eventHandler;
|
|
14545
|
+
this.waitForPopupResponseHook = waitForPopupResponseHook;
|
|
14519
14546
|
}
|
|
14520
14547
|
/**
|
|
14521
14548
|
* Acquires tokens by opening a popup window to the /authorize endpoint of the authority
|
|
@@ -14649,7 +14676,7 @@
|
|
|
14649
14676
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
14650
14677
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14651
14678
|
// Wait for the redirect bridge response
|
|
14652
|
-
const responseString = await
|
|
14679
|
+
const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
|
|
14653
14680
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14654
14681
|
return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14655
14682
|
}
|
|
@@ -14684,7 +14711,7 @@
|
|
|
14684
14711
|
const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
|
|
14685
14712
|
form.submit();
|
|
14686
14713
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14687
|
-
const responseString = await invokeAsync(
|
|
14714
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
|
|
14688
14715
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14689
14716
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
14690
14717
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
@@ -14709,7 +14736,7 @@
|
|
|
14709
14736
|
const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
|
|
14710
14737
|
form.submit();
|
|
14711
14738
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14712
|
-
const responseString = await invokeAsync(
|
|
14739
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
|
|
14713
14740
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14714
14741
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14715
14742
|
}
|
|
@@ -14766,7 +14793,7 @@
|
|
|
14766
14793
|
// Open the popup window to requestUrl.
|
|
14767
14794
|
const popupWindow = this.openPopup(logoutUri, popupParams);
|
|
14768
14795
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14769
|
-
await
|
|
14796
|
+
await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
|
|
14770
14797
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
14771
14798
|
});
|
|
14772
14799
|
if (mainWindowRedirectUri) {
|
|
@@ -14845,6 +14872,19 @@
|
|
|
14845
14872
|
if (!popupWindow) {
|
|
14846
14873
|
throw createBrowserAuthError(emptyWindowError);
|
|
14847
14874
|
}
|
|
14875
|
+
try {
|
|
14876
|
+
popupWindow.document.title = "Microsoft Authentication";
|
|
14877
|
+
}
|
|
14878
|
+
catch (e) {
|
|
14879
|
+
if (typeof DOMException !== "undefined" &&
|
|
14880
|
+
e instanceof DOMException &&
|
|
14881
|
+
e.name === "SecurityError") {
|
|
14882
|
+
// Cross-origin - title cannot be set
|
|
14883
|
+
}
|
|
14884
|
+
else {
|
|
14885
|
+
this.logger.verbose("1s1yfs", this.correlationId);
|
|
14886
|
+
}
|
|
14887
|
+
}
|
|
14848
14888
|
if (popupWindow.focus) {
|
|
14849
14889
|
popupWindow.focus();
|
|
14850
14890
|
}
|
|
@@ -14923,6 +14963,12 @@
|
|
|
14923
14963
|
const homeAccountId = request.account && request.account.homeAccountId;
|
|
14924
14964
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
14925
14965
|
}
|
|
14966
|
+
async waitForPopupResponse(request, popupWindow, popupWindowParent) {
|
|
14967
|
+
if (this.waitForPopupResponseHook) {
|
|
14968
|
+
return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
|
|
14969
|
+
}
|
|
14970
|
+
return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
|
|
14971
|
+
}
|
|
14926
14972
|
}
|
|
14927
14973
|
|
|
14928
14974
|
/*
|
|
@@ -15076,6 +15122,8 @@
|
|
|
15076
15122
|
* @param options {HandleRedirectPromiseOptions} options for handling redirect promise
|
|
15077
15123
|
*/
|
|
15078
15124
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
15125
|
+
const originalTitle = document.title;
|
|
15126
|
+
document.title = "Microsoft Authentication";
|
|
15079
15127
|
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15080
15128
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
15081
15129
|
try {
|
|
@@ -15158,6 +15206,9 @@
|
|
|
15158
15206
|
}
|
|
15159
15207
|
throw e;
|
|
15160
15208
|
}
|
|
15209
|
+
finally {
|
|
15210
|
+
document.title = originalTitle;
|
|
15211
|
+
}
|
|
15161
15212
|
}
|
|
15162
15213
|
/**
|
|
15163
15214
|
* Gets the response hash for a redirect request
|
|
@@ -15413,6 +15464,7 @@
|
|
|
15413
15464
|
function createHiddenIframe() {
|
|
15414
15465
|
const authFrame = document.createElement("iframe");
|
|
15415
15466
|
authFrame.className = "msalSilentIframe";
|
|
15467
|
+
authFrame.title = "Microsoft Authentication";
|
|
15416
15468
|
authFrame.style.visibility = "hidden";
|
|
15417
15469
|
authFrame.style.position = "absolute";
|
|
15418
15470
|
authFrame.style.width = authFrame.style.height = "0";
|
|
@@ -15438,10 +15490,11 @@
|
|
|
15438
15490
|
* Licensed under the MIT License.
|
|
15439
15491
|
*/
|
|
15440
15492
|
class SilentIframeClient extends StandardInteractionClient {
|
|
15441
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
|
|
15493
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
|
|
15442
15494
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
|
|
15443
15495
|
this.apiId = apiId;
|
|
15444
15496
|
this.nativeStorage = nativeStorageImpl;
|
|
15497
|
+
this.waitForIframeResponseHook = waitForIframeResponseHook;
|
|
15445
15498
|
}
|
|
15446
15499
|
/**
|
|
15447
15500
|
* Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
|
|
@@ -15530,7 +15583,7 @@
|
|
|
15530
15583
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15531
15584
|
let responseString;
|
|
15532
15585
|
try {
|
|
15533
|
-
responseString = await invokeAsync(
|
|
15586
|
+
responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15534
15587
|
}
|
|
15535
15588
|
finally {
|
|
15536
15589
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15628,7 +15681,7 @@
|
|
|
15628
15681
|
// Wait for response from the redirect bridge.
|
|
15629
15682
|
let responseString;
|
|
15630
15683
|
try {
|
|
15631
|
-
responseString = await invokeAsync(
|
|
15684
|
+
responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15632
15685
|
}
|
|
15633
15686
|
finally {
|
|
15634
15687
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15636,6 +15689,12 @@
|
|
|
15636
15689
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15637
15690
|
return { serverParams, pkceCodes, silentRequest };
|
|
15638
15691
|
}
|
|
15692
|
+
async waitForIframeResponse(iframe, request) {
|
|
15693
|
+
if (this.waitForIframeResponseHook) {
|
|
15694
|
+
return this.waitForIframeResponseHook(iframe, request);
|
|
15695
|
+
}
|
|
15696
|
+
return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
|
|
15697
|
+
}
|
|
15639
15698
|
}
|
|
15640
15699
|
|
|
15641
15700
|
/*
|
|
@@ -15942,7 +16001,7 @@
|
|
|
15942
16001
|
if (allowPlatformBroker) {
|
|
15943
16002
|
try {
|
|
15944
16003
|
// check if platform authentication is available via DOM or browser extension and create relevant handlers
|
|
15945
|
-
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
|
|
16004
|
+
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
|
|
15946
16005
|
}
|
|
15947
16006
|
catch (e) {
|
|
15948
16007
|
this.logger.verbose(e, correlationId);
|
|
@@ -16849,7 +16908,7 @@
|
|
|
16849
16908
|
* @param correlationId
|
|
16850
16909
|
*/
|
|
16851
16910
|
createPopupClient(correlationId) {
|
|
16852
|
-
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
16911
|
+
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
|
|
16853
16912
|
}
|
|
16854
16913
|
/**
|
|
16855
16914
|
* Returns new instance of the Redirect Interaction Client
|
|
@@ -16863,7 +16922,7 @@
|
|
|
16863
16922
|
* @param correlationId
|
|
16864
16923
|
*/
|
|
16865
16924
|
createSilentIframeClient(correlationId) {
|
|
16866
|
-
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
16925
|
+
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
|
|
16867
16926
|
}
|
|
16868
16927
|
/**
|
|
16869
16928
|
* Returns new instance of the Silent Cache Interaction Client
|
|
@@ -17337,7 +17396,7 @@
|
|
|
17337
17396
|
return;
|
|
17338
17397
|
}
|
|
17339
17398
|
}
|
|
17340
|
-
constructor(config) {
|
|
17399
|
+
constructor(config, responseHandlers) {
|
|
17341
17400
|
/*
|
|
17342
17401
|
* If loaded in an environment where window is not available,
|
|
17343
17402
|
* set internal flag to false so that further requests fail.
|
|
@@ -17345,6 +17404,7 @@
|
|
|
17345
17404
|
*/
|
|
17346
17405
|
this.browserEnvironment = typeof window !== "undefined";
|
|
17347
17406
|
this.config = buildConfiguration(config, this.browserEnvironment);
|
|
17407
|
+
this.responseHandlers = responseHandlers;
|
|
17348
17408
|
let sessionStorage;
|
|
17349
17409
|
try {
|
|
17350
17410
|
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
@@ -17381,6 +17441,13 @@
|
|
|
17381
17441
|
getConfig() {
|
|
17382
17442
|
return this.config;
|
|
17383
17443
|
}
|
|
17444
|
+
/**
|
|
17445
|
+
* Returns the internal response handlers supplied by PublicClientApplication, if any.
|
|
17446
|
+
* @returns AuthResponseHandlers | undefined
|
|
17447
|
+
*/
|
|
17448
|
+
getResponseHandlers() {
|
|
17449
|
+
return this.responseHandlers;
|
|
17450
|
+
}
|
|
17384
17451
|
/**
|
|
17385
17452
|
* Returns the MSAL Logger
|
|
17386
17453
|
* @returns Logger
|
|
@@ -18402,7 +18469,48 @@
|
|
|
18402
18469
|
constructor(configuration, controller) {
|
|
18403
18470
|
this.controller =
|
|
18404
18471
|
controller ||
|
|
18405
|
-
new StandardController(new StandardOperatingContext(configuration
|
|
18472
|
+
new StandardController(new StandardOperatingContext(configuration, {
|
|
18473
|
+
waitForPopupResponse: this.waitForPopupResponse.bind(this),
|
|
18474
|
+
waitForIframeResponse: this.waitForIframeResponse.bind(this),
|
|
18475
|
+
}));
|
|
18476
|
+
}
|
|
18477
|
+
/**
|
|
18478
|
+
* Waits for the auth response from a popup window opened by MSAL.
|
|
18479
|
+
*
|
|
18480
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
18481
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
18482
|
+
* with an `AuthError` on failure.
|
|
18483
|
+
*
|
|
18484
|
+
* @internal
|
|
18485
|
+
* @param request The in-flight authorization or end-session request.
|
|
18486
|
+
* @param popupWindow The popup window opened by MSAL.
|
|
18487
|
+
* @param popupWindowParent The parent window that opened the popup.
|
|
18488
|
+
*/
|
|
18489
|
+
async waitForPopupResponse(request,
|
|
18490
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18491
|
+
popupWindow,
|
|
18492
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18493
|
+
popupWindowParent) {
|
|
18494
|
+
const controller = this.controller;
|
|
18495
|
+
return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
|
|
18496
|
+
}
|
|
18497
|
+
/**
|
|
18498
|
+
* Waits for the auth response from a hidden iframe used by MSAL silent flows.
|
|
18499
|
+
*
|
|
18500
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
18501
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
18502
|
+
* with an `AuthError` on failure.
|
|
18503
|
+
*
|
|
18504
|
+
* @internal
|
|
18505
|
+
* @param iframe The hidden iframe MSAL attached to the document.
|
|
18506
|
+
* @param request The in-flight authorization request.
|
|
18507
|
+
*/
|
|
18508
|
+
async waitForIframeResponse(
|
|
18509
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18510
|
+
iframe, request) {
|
|
18511
|
+
const controller = this.controller;
|
|
18512
|
+
const config = controller.getConfiguration();
|
|
18513
|
+
return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
|
|
18406
18514
|
}
|
|
18407
18515
|
/**
|
|
18408
18516
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|