@azure/msal-browser 5.10.1 → 5.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +44 -2
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +12 -1
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +2 -3
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +3 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +4 -4
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +4 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -3
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +27 -7
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -1
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +11 -4
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +2 -1
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1203 -1187
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +4 -5
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +15 -5
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +33 -17
- package/lib/custom-auth-path/msal-custom-auth.cjs +342 -169
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +342 -169
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +13 -9
- package/lib/msal-browser.cjs +275 -167
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +275 -167
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +2 -2
- package/src/app/PublicClientApplication.ts +85 -1
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
- package/src/cache/BrowserCacheManager.ts +17 -0
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/StandardController.ts +6 -3
- package/src/custom_auth/CustomAuthConstants.ts +10 -0
- package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
- package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
- package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
- package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
- package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
- package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
- package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
- package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
- package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
- package/src/custom_auth/index.ts +4 -0
- package/src/error/NativeAuthError.ts +2 -2
- package/src/interaction_client/PlatformAuthInteractionClient.ts +5 -1
- package/src/interaction_client/PopupClient.ts +65 -27
- package/src/interaction_client/RedirectClient.ts +5 -0
- package/src/interaction_client/SilentIframeClient.ts +49 -19
- package/src/interaction_client/StandardInteractionClient.ts +11 -5
- package/src/interaction_handler/SilentHandler.ts +1 -0
- package/src/operatingcontext/BaseOperatingContext.ts +15 -1
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +3 -7
- package/src/utils/BrowserUtils.ts +28 -7
- package/types/app/PublicClientApplication.d.ts +37 -1
- package/types/app/PublicClientApplication.d.ts.map +1 -1
- package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +4 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
- package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
- package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
- package/types/custom_auth/index.d.ts +1 -0
- package/types/custom_auth/index.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +11 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts +20 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/redirect_bridge/index.d.ts.map +1 -1
- package/types/utils/BrowserUtils.d.ts +17 -2
- package/types/utils/BrowserUtils.d.ts.map +1 -1
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.12.0 2026-06-05 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.
|
|
5
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
|
|
|
229
229
|
// Token renewal offset default in seconds
|
|
230
230
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
231
231
|
|
|
232
|
-
/*! @azure/msal-common v16.
|
|
232
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
233
233
|
/*
|
|
234
234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
235
235
|
* Licensed under the MIT License.
|
|
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
281
281
|
const RESOURCE = "resource";
|
|
282
282
|
const CLI_DATA = "clidata";
|
|
283
283
|
|
|
284
|
-
/*! @azure/msal-common v16.
|
|
284
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
285
285
|
/*
|
|
286
286
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
287
287
|
* Licensed under the MIT License.
|
|
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
312
312
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
313
313
|
}
|
|
314
314
|
|
|
315
|
-
/*! @azure/msal-common v16.
|
|
315
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
316
316
|
|
|
317
317
|
/*
|
|
318
318
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
332
332
|
return new ClientConfigurationError(errorCode);
|
|
333
333
|
}
|
|
334
334
|
|
|
335
|
-
/*! @azure/msal-common v16.
|
|
335
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
336
336
|
/*
|
|
337
337
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
338
338
|
* Licensed under the MIT License.
|
|
@@ -412,7 +412,7 @@ class StringUtils {
|
|
|
412
412
|
}
|
|
413
413
|
}
|
|
414
414
|
|
|
415
|
-
/*! @azure/msal-common v16.
|
|
415
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
416
416
|
|
|
417
417
|
/*
|
|
418
418
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
435
435
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
436
436
|
}
|
|
437
437
|
|
|
438
|
-
/*! @azure/msal-common v16.
|
|
438
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
439
439
|
/*
|
|
440
440
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
441
441
|
* Licensed under the MIT License.
|
|
@@ -458,9 +458,10 @@ const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
|
|
|
458
458
|
const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
459
459
|
const authorityMismatch = "authority_mismatch";
|
|
460
460
|
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
461
|
+
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
461
462
|
const issuerValidationFailed = "issuer_validation_failed";
|
|
462
463
|
|
|
463
|
-
/*! @azure/msal-common v16.
|
|
464
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
464
465
|
/*
|
|
465
466
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
466
467
|
* Licensed under the MIT License.
|
|
@@ -499,7 +500,7 @@ const methodNotImplemented = "method_not_implemented";
|
|
|
499
500
|
const resourceParameterRequired = "resource_parameter_required";
|
|
500
501
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
501
502
|
|
|
502
|
-
/*! @azure/msal-common v16.
|
|
503
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
503
504
|
|
|
504
505
|
/*
|
|
505
506
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -694,7 +695,7 @@ class ScopeSet {
|
|
|
694
695
|
}
|
|
695
696
|
}
|
|
696
697
|
|
|
697
|
-
/*! @azure/msal-common v16.
|
|
698
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
698
699
|
|
|
699
700
|
/*
|
|
700
701
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1083,7 +1084,7 @@ function addResource(parameters, resource) {
|
|
|
1083
1084
|
}
|
|
1084
1085
|
}
|
|
1085
1086
|
|
|
1086
|
-
/*! @azure/msal-common v16.
|
|
1087
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1087
1088
|
|
|
1088
1089
|
/*
|
|
1089
1090
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1192,7 +1193,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1192
1193
|
}
|
|
1193
1194
|
}
|
|
1194
1195
|
|
|
1195
|
-
/*! @azure/msal-common v16.
|
|
1196
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1196
1197
|
|
|
1197
1198
|
/*
|
|
1198
1199
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1231,7 +1232,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1231
1232
|
},
|
|
1232
1233
|
};
|
|
1233
1234
|
|
|
1234
|
-
/*! @azure/msal-common v16.
|
|
1235
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1235
1236
|
/*
|
|
1236
1237
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1237
1238
|
* Licensed under the MIT License.
|
|
@@ -1492,12 +1493,12 @@ class Logger {
|
|
|
1492
1493
|
}
|
|
1493
1494
|
}
|
|
1494
1495
|
|
|
1495
|
-
/*! @azure/msal-common v16.
|
|
1496
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1496
1497
|
/* eslint-disable header/header */
|
|
1497
1498
|
const name$1 = "@azure/msal-common";
|
|
1498
|
-
const version$1 = "16.
|
|
1499
|
+
const version$1 = "16.7.0";
|
|
1499
1500
|
|
|
1500
|
-
/*! @azure/msal-common v16.
|
|
1501
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1501
1502
|
/*
|
|
1502
1503
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1503
1504
|
* Licensed under the MIT License.
|
|
@@ -1506,7 +1507,7 @@ const AzureCloudInstance = {
|
|
|
1506
1507
|
// AzureCloudInstance is not specified.
|
|
1507
1508
|
None: "none"};
|
|
1508
1509
|
|
|
1509
|
-
/*! @azure/msal-common v16.
|
|
1510
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1510
1511
|
/*
|
|
1511
1512
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1512
1513
|
* Licensed under the MIT License.
|
|
@@ -1589,7 +1590,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1589
1590
|
return updatedAccountInfo;
|
|
1590
1591
|
}
|
|
1591
1592
|
|
|
1592
|
-
/*! @azure/msal-common v16.
|
|
1593
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1593
1594
|
|
|
1594
1595
|
/*
|
|
1595
1596
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1669,7 +1670,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1669
1670
|
}
|
|
1670
1671
|
}
|
|
1671
1672
|
|
|
1672
|
-
/*! @azure/msal-common v16.
|
|
1673
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1673
1674
|
|
|
1674
1675
|
/*
|
|
1675
1676
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1826,7 +1827,7 @@ class UrlString {
|
|
|
1826
1827
|
}
|
|
1827
1828
|
}
|
|
1828
1829
|
|
|
1829
|
-
/*! @azure/msal-common v16.
|
|
1830
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1830
1831
|
|
|
1831
1832
|
/*
|
|
1832
1833
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1992,7 +1993,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1992
1993
|
return null;
|
|
1993
1994
|
}
|
|
1994
1995
|
|
|
1995
|
-
/*! @azure/msal-common v16.
|
|
1996
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
1996
1997
|
/*
|
|
1997
1998
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1998
1999
|
* Licensed under the MIT License.
|
|
@@ -2000,7 +2001,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2000
2001
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2001
2002
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2002
2003
|
|
|
2003
|
-
/*! @azure/msal-common v16.
|
|
2004
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2004
2005
|
|
|
2005
2006
|
/*
|
|
2006
2007
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2038,7 +2039,7 @@ function createCacheError(e) {
|
|
|
2038
2039
|
}
|
|
2039
2040
|
}
|
|
2040
2041
|
|
|
2041
|
-
/*! @azure/msal-common v16.
|
|
2042
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2042
2043
|
|
|
2043
2044
|
/*
|
|
2044
2045
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2076,7 +2077,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2076
2077
|
};
|
|
2077
2078
|
}
|
|
2078
2079
|
|
|
2079
|
-
/*! @azure/msal-common v16.
|
|
2080
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2080
2081
|
/*
|
|
2081
2082
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2082
2083
|
* Licensed under the MIT License.
|
|
@@ -2091,7 +2092,7 @@ const AuthorityType = {
|
|
|
2091
2092
|
Ciam: 3,
|
|
2092
2093
|
};
|
|
2093
2094
|
|
|
2094
|
-
/*! @azure/msal-common v16.
|
|
2095
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2095
2096
|
/*
|
|
2096
2097
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2097
2098
|
* Licensed under the MIT License.
|
|
@@ -2113,7 +2114,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2113
2114
|
return null;
|
|
2114
2115
|
}
|
|
2115
2116
|
|
|
2116
|
-
/*! @azure/msal-common v16.
|
|
2117
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2117
2118
|
/*
|
|
2118
2119
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2119
2120
|
* Licensed under the MIT License.
|
|
@@ -2137,7 +2138,7 @@ const ProtocolMode = {
|
|
|
2137
2138
|
EAR: "EAR",
|
|
2138
2139
|
};
|
|
2139
2140
|
|
|
2140
|
-
/*! @azure/msal-common v16.
|
|
2141
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2141
2142
|
/**
|
|
2142
2143
|
* Returns the AccountInfo interface for this account.
|
|
2143
2144
|
*/
|
|
@@ -2312,7 +2313,7 @@ function isAccountEntity(entity) {
|
|
|
2312
2313
|
entity.hasOwnProperty("authorityType"));
|
|
2313
2314
|
}
|
|
2314
2315
|
|
|
2315
|
-
/*! @azure/msal-common v16.
|
|
2316
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
2316
2317
|
|
|
2317
2318
|
/*
|
|
2318
2319
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2452,8 +2453,8 @@ class CacheManager {
|
|
|
2452
2453
|
return false;
|
|
2453
2454
|
}
|
|
2454
2455
|
if (!!tenantProfileFilter.username &&
|
|
2455
|
-
!
|
|
2456
|
-
|
|
2456
|
+
!this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
|
|
2457
|
+
!this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
|
|
2457
2458
|
return false;
|
|
2458
2459
|
}
|
|
2459
2460
|
if (!!tenantProfileFilter.loginHint &&
|
|
@@ -3443,7 +3444,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3443
3444
|
}
|
|
3444
3445
|
}
|
|
3445
3446
|
|
|
3446
|
-
/*! @azure/msal-common v16.
|
|
3447
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3447
3448
|
/*
|
|
3448
3449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3449
3450
|
* Licensed under the MIT License.
|
|
@@ -3457,7 +3458,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3457
3458
|
const PerformanceEventStatus = {
|
|
3458
3459
|
InProgress: 1};
|
|
3459
3460
|
|
|
3460
|
-
/*! @azure/msal-common v16.
|
|
3461
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3461
3462
|
|
|
3462
3463
|
/*
|
|
3463
3464
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3512,7 +3513,7 @@ class StubPerformanceClient {
|
|
|
3512
3513
|
}
|
|
3513
3514
|
}
|
|
3514
3515
|
|
|
3515
|
-
/*! @azure/msal-common v16.
|
|
3516
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3516
3517
|
|
|
3517
3518
|
/*
|
|
3518
3519
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3607,7 +3608,7 @@ function isOidcProtocolMode(config) {
|
|
|
3607
3608
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3608
3609
|
}
|
|
3609
3610
|
|
|
3610
|
-
/*! @azure/msal-common v16.
|
|
3611
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3611
3612
|
/*
|
|
3612
3613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3613
3614
|
* Licensed under the MIT License.
|
|
@@ -3634,7 +3635,7 @@ function isOidcProtocolMode(config) {
|
|
|
3634
3635
|
}
|
|
3635
3636
|
}
|
|
3636
3637
|
|
|
3637
|
-
/*! @azure/msal-common v16.
|
|
3638
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3638
3639
|
/*
|
|
3639
3640
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3640
3641
|
* Licensed under the MIT License.
|
|
@@ -3699,7 +3700,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3699
3700
|
return cachedAtSec > nowSeconds();
|
|
3700
3701
|
}
|
|
3701
3702
|
|
|
3702
|
-
/*! @azure/msal-common v16.
|
|
3703
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3703
3704
|
|
|
3704
3705
|
/*
|
|
3705
3706
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3958,7 +3959,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
3958
3959
|
return metadata.expiresAt <= nowSeconds();
|
|
3959
3960
|
}
|
|
3960
3961
|
|
|
3961
|
-
/*! @azure/msal-common v16.
|
|
3962
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
3962
3963
|
/*
|
|
3963
3964
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3964
3965
|
* Licensed under the MIT License.
|
|
@@ -4029,7 +4030,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4029
4030
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4030
4031
|
const SetUserData = "setUserData";
|
|
4031
4032
|
|
|
4032
|
-
/*! @azure/msal-common v16.
|
|
4033
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4033
4034
|
/*
|
|
4034
4035
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4035
4036
|
* Licensed under the MIT License.
|
|
@@ -4122,7 +4123,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4122
4123
|
};
|
|
4123
4124
|
};
|
|
4124
4125
|
|
|
4125
|
-
/*! @azure/msal-common v16.
|
|
4126
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4126
4127
|
|
|
4127
4128
|
/*
|
|
4128
4129
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4202,7 +4203,7 @@ class PopTokenGenerator {
|
|
|
4202
4203
|
}
|
|
4203
4204
|
}
|
|
4204
4205
|
|
|
4205
|
-
/*! @azure/msal-common v16.
|
|
4206
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4206
4207
|
/*
|
|
4207
4208
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4208
4209
|
* Licensed under the MIT License.
|
|
@@ -4226,7 +4227,7 @@ const refreshTokenExpired = "refresh_token_expired";
|
|
|
4226
4227
|
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4227
4228
|
* @public
|
|
4228
4229
|
*/
|
|
4229
|
-
const
|
|
4230
|
+
const uiNotAllowed = "ui_not_allowed";
|
|
4230
4231
|
/**
|
|
4231
4232
|
* Server-originated error code indicating interaction is required to complete the request.
|
|
4232
4233
|
* @public
|
|
@@ -4253,7 +4254,7 @@ const badToken = "bad_token";
|
|
|
4253
4254
|
*/
|
|
4254
4255
|
const interruptedUser = "interrupted_user";
|
|
4255
4256
|
|
|
4256
|
-
/*! @azure/msal-common v16.
|
|
4257
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4257
4258
|
|
|
4258
4259
|
/*
|
|
4259
4260
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4267,7 +4268,7 @@ const InteractionRequiredServerErrorMessage = [
|
|
|
4267
4268
|
consentRequired,
|
|
4268
4269
|
loginRequired,
|
|
4269
4270
|
badToken,
|
|
4270
|
-
|
|
4271
|
+
uiNotAllowed,
|
|
4271
4272
|
interruptedUser,
|
|
4272
4273
|
];
|
|
4273
4274
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
@@ -4277,7 +4278,7 @@ const InteractionRequiredAuthSubErrorMessage = [
|
|
|
4277
4278
|
"user_password_expired",
|
|
4278
4279
|
"consent_required",
|
|
4279
4280
|
"bad_token",
|
|
4280
|
-
"
|
|
4281
|
+
"ui_not_allowed",
|
|
4281
4282
|
"interrupted_user",
|
|
4282
4283
|
];
|
|
4283
4284
|
/**
|
|
@@ -4321,7 +4322,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4321
4322
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4322
4323
|
}
|
|
4323
4324
|
|
|
4324
|
-
/*! @azure/msal-common v16.
|
|
4325
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4325
4326
|
|
|
4326
4327
|
/*
|
|
4327
4328
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4340,7 +4341,7 @@ class ServerError extends AuthError {
|
|
|
4340
4341
|
}
|
|
4341
4342
|
}
|
|
4342
4343
|
|
|
4343
|
-
/*! @azure/msal-common v16.
|
|
4344
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4344
4345
|
|
|
4345
4346
|
/*
|
|
4346
4347
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4408,7 +4409,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4408
4409
|
}
|
|
4409
4410
|
}
|
|
4410
4411
|
|
|
4411
|
-
/*! @azure/msal-common v16.
|
|
4412
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4412
4413
|
|
|
4413
4414
|
/*
|
|
4414
4415
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4756,7 +4757,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4756
4757
|
return baseAccount;
|
|
4757
4758
|
}
|
|
4758
4759
|
|
|
4759
|
-
/*! @azure/msal-common v16.
|
|
4760
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4760
4761
|
/*
|
|
4761
4762
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4762
4763
|
* Licensed under the MIT License.
|
|
@@ -4766,7 +4767,7 @@ const CcsCredentialType = {
|
|
|
4766
4767
|
UPN: "UPN",
|
|
4767
4768
|
};
|
|
4768
4769
|
|
|
4769
|
-
/*! @azure/msal-common v16.
|
|
4770
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4770
4771
|
/*
|
|
4771
4772
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4772
4773
|
* Licensed under the MIT License.
|
|
@@ -4784,7 +4785,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4784
4785
|
}
|
|
4785
4786
|
}
|
|
4786
4787
|
|
|
4787
|
-
/*! @azure/msal-common v16.
|
|
4788
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4788
4789
|
/*
|
|
4789
4790
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4790
4791
|
* Licensed under the MIT License.
|
|
@@ -4805,7 +4806,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4805
4806
|
};
|
|
4806
4807
|
}
|
|
4807
4808
|
|
|
4808
|
-
/*! @azure/msal-common v16.
|
|
4809
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4809
4810
|
|
|
4810
4811
|
/*
|
|
4811
4812
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4891,7 +4892,7 @@ class ThrottlingUtils {
|
|
|
4891
4892
|
}
|
|
4892
4893
|
}
|
|
4893
4894
|
|
|
4894
|
-
/*! @azure/msal-common v16.
|
|
4895
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4895
4896
|
|
|
4896
4897
|
/*
|
|
4897
4898
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4922,7 +4923,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
4922
4923
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4923
4924
|
}
|
|
4924
4925
|
|
|
4925
|
-
/*! @azure/msal-common v16.
|
|
4926
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
4926
4927
|
|
|
4927
4928
|
/*
|
|
4928
4929
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5036,7 +5037,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5036
5037
|
return response;
|
|
5037
5038
|
}
|
|
5038
5039
|
|
|
5039
|
-
/*! @azure/msal-common v16.
|
|
5040
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5040
5041
|
/*
|
|
5041
5042
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5042
5043
|
* Licensed under the MIT License.
|
|
@@ -5048,7 +5049,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5048
5049
|
response.hasOwnProperty("jwks_uri"));
|
|
5049
5050
|
}
|
|
5050
5051
|
|
|
5051
|
-
/*! @azure/msal-common v16.
|
|
5052
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5052
5053
|
/*
|
|
5053
5054
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5054
5055
|
* Licensed under the MIT License.
|
|
@@ -5058,7 +5059,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5058
5059
|
response.hasOwnProperty("metadata"));
|
|
5059
5060
|
}
|
|
5060
5061
|
|
|
5061
|
-
/*! @azure/msal-common v16.
|
|
5062
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5062
5063
|
/*
|
|
5063
5064
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5064
5065
|
* Licensed under the MIT License.
|
|
@@ -5068,7 +5069,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5068
5069
|
response.hasOwnProperty("error_description"));
|
|
5069
5070
|
}
|
|
5070
5071
|
|
|
5071
|
-
/*! @azure/msal-common v16.
|
|
5072
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5072
5073
|
|
|
5073
5074
|
/*
|
|
5074
5075
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5173,7 +5174,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5173
5174
|
},
|
|
5174
5175
|
};
|
|
5175
5176
|
|
|
5176
|
-
/*! @azure/msal-common v16.
|
|
5177
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
5177
5178
|
|
|
5178
5179
|
/*
|
|
5179
5180
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5730,7 +5731,7 @@ class Authority {
|
|
|
5730
5731
|
}
|
|
5731
5732
|
}
|
|
5732
5733
|
// If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
|
|
5733
|
-
if (this.isInKnownAuthorities()) {
|
|
5734
|
+
if (this.isInKnownAuthorities(this.hostnameAndPort)) {
|
|
5734
5735
|
this.logger.verbose("0mt9al", this.correlationId);
|
|
5735
5736
|
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
5736
5737
|
}
|
|
@@ -5797,13 +5798,14 @@ class Authority {
|
|
|
5797
5798
|
return match;
|
|
5798
5799
|
}
|
|
5799
5800
|
/**
|
|
5800
|
-
* Helper function to determine if
|
|
5801
|
+
* Helper function to determine if a host is included in the knownAuthorities config option.
|
|
5801
5802
|
*/
|
|
5802
|
-
isInKnownAuthorities() {
|
|
5803
|
+
isInKnownAuthorities(host) {
|
|
5804
|
+
const normalizedHost = host.toLowerCase();
|
|
5803
5805
|
const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
|
|
5804
5806
|
return (authority &&
|
|
5805
5807
|
UrlString.getDomainFromUrl(authority).toLowerCase() ===
|
|
5806
|
-
|
|
5808
|
+
normalizedHost);
|
|
5807
5809
|
});
|
|
5808
5810
|
return matches.length > 0;
|
|
5809
5811
|
}
|
|
@@ -5880,6 +5882,10 @@ class Authority {
|
|
|
5880
5882
|
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
5881
5883
|
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
5882
5884
|
* path.
|
|
5885
|
+
* 5. The issuer host is HTTPS and is explicitly listed in the
|
|
5886
|
+
* developer-configured `knownAuthorities`. This covers scenarios where
|
|
5887
|
+
* the OIDC discovery document returns an issuer host that differs from
|
|
5888
|
+
* the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
|
|
5883
5889
|
*
|
|
5884
5890
|
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
5885
5891
|
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
@@ -5916,11 +5922,19 @@ class Authority {
|
|
|
5916
5922
|
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
5917
5923
|
*/
|
|
5918
5924
|
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
5925
|
+
/*
|
|
5926
|
+
* Rule 5: The issuer host is explicitly listed in the developer-configured
|
|
5927
|
+
* knownAuthorities. This covers scenarios where the OIDC discovery document
|
|
5928
|
+
* returns an issuer with a different host than the authority
|
|
5929
|
+
* (e.g., a GUID-based issuer for a name-based authority).
|
|
5930
|
+
*/
|
|
5931
|
+
const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
|
|
5919
5932
|
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
5920
5933
|
if (matchesAuthorityOrigin ||
|
|
5921
5934
|
matchesKnownMicrosoftHost ||
|
|
5922
5935
|
matchesRegionalMicrosoftHost ||
|
|
5923
|
-
matchesCiamTenantPattern
|
|
5936
|
+
matchesCiamTenantPattern ||
|
|
5937
|
+
matchesKnownAuthority) {
|
|
5924
5938
|
return;
|
|
5925
5939
|
}
|
|
5926
5940
|
// issuer validation fails if none of the above rules are satisfied
|
|
@@ -6128,7 +6142,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6128
6142
|
};
|
|
6129
6143
|
}
|
|
6130
6144
|
|
|
6131
|
-
/*! @azure/msal-common v16.
|
|
6145
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6132
6146
|
|
|
6133
6147
|
/*
|
|
6134
6148
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6162,7 +6176,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6162
6176
|
}
|
|
6163
6177
|
}
|
|
6164
6178
|
|
|
6165
|
-
/*! @azure/msal-common v16.
|
|
6179
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6166
6180
|
|
|
6167
6181
|
/*
|
|
6168
6182
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6419,7 +6433,7 @@ class AuthorizationCodeClient {
|
|
|
6419
6433
|
}
|
|
6420
6434
|
}
|
|
6421
6435
|
|
|
6422
|
-
/*! @azure/msal-common v16.
|
|
6436
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6423
6437
|
|
|
6424
6438
|
/*
|
|
6425
6439
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6640,7 +6654,7 @@ class RefreshTokenClient {
|
|
|
6640
6654
|
}
|
|
6641
6655
|
}
|
|
6642
6656
|
|
|
6643
|
-
/*! @azure/msal-common v16.
|
|
6657
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6644
6658
|
|
|
6645
6659
|
/*
|
|
6646
6660
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6756,7 +6770,7 @@ class SilentFlowClient {
|
|
|
6756
6770
|
}
|
|
6757
6771
|
}
|
|
6758
6772
|
|
|
6759
|
-
/*! @azure/msal-common v16.
|
|
6773
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6760
6774
|
|
|
6761
6775
|
/*
|
|
6762
6776
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6771,7 +6785,7 @@ const StubbedNetworkModule = {
|
|
|
6771
6785
|
},
|
|
6772
6786
|
};
|
|
6773
6787
|
|
|
6774
|
-
/*! @azure/msal-common v16.
|
|
6788
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6775
6789
|
|
|
6776
6790
|
/*
|
|
6777
6791
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6994,7 +7008,7 @@ function extractLoginHint(account) {
|
|
|
6994
7008
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6995
7009
|
}
|
|
6996
7010
|
|
|
6997
|
-
/*! @azure/msal-common v16.
|
|
7011
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
6998
7012
|
|
|
6999
7013
|
/*
|
|
7000
7014
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7027,7 +7041,7 @@ function containsResourceParam(params) {
|
|
|
7027
7041
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7028
7042
|
}
|
|
7029
7043
|
|
|
7030
|
-
/*! @azure/msal-common v16.
|
|
7044
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7031
7045
|
/*
|
|
7032
7046
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7033
7047
|
* Licensed under the MIT License.
|
|
@@ -7037,7 +7051,7 @@ function containsResourceParam(params) {
|
|
|
7037
7051
|
*/
|
|
7038
7052
|
const unexpectedError = "unexpected_error";
|
|
7039
7053
|
|
|
7040
|
-
/*! @azure/msal-common v16.
|
|
7054
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7041
7055
|
|
|
7042
7056
|
/*
|
|
7043
7057
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7298,7 +7312,7 @@ class ServerTelemetryManager {
|
|
|
7298
7312
|
}
|
|
7299
7313
|
}
|
|
7300
7314
|
|
|
7301
|
-
/*! @azure/msal-common v16.
|
|
7315
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7302
7316
|
|
|
7303
7317
|
/*
|
|
7304
7318
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7319,7 +7333,7 @@ function createJoseHeaderError(code) {
|
|
|
7319
7333
|
return new JoseHeaderError(code);
|
|
7320
7334
|
}
|
|
7321
7335
|
|
|
7322
|
-
/*! @azure/msal-common v16.
|
|
7336
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7323
7337
|
/*
|
|
7324
7338
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7325
7339
|
* Licensed under the MIT License.
|
|
@@ -7327,7 +7341,7 @@ function createJoseHeaderError(code) {
|
|
|
7327
7341
|
const missingKidError = "missing_kid_error";
|
|
7328
7342
|
const missingAlgError = "missing_alg_error";
|
|
7329
7343
|
|
|
7330
|
-
/*! @azure/msal-common v16.
|
|
7344
|
+
/*! @azure/msal-common v16.7.0 2026-06-05 */
|
|
7331
7345
|
|
|
7332
7346
|
/*
|
|
7333
7347
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7762,7 +7776,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
|
|
|
7762
7776
|
|
|
7763
7777
|
/* eslint-disable header/header */
|
|
7764
7778
|
const name = "@azure/msal-browser";
|
|
7765
|
-
const version = "5.
|
|
7779
|
+
const version = "5.12.0";
|
|
7766
7780
|
|
|
7767
7781
|
/*
|
|
7768
7782
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7791,6 +7805,15 @@ const HttpHeaderKeys = {
|
|
|
7791
7805
|
CONTENT_TYPE: "Content-Type",
|
|
7792
7806
|
X_MS_REQUEST_ID: "x-ms-request-id",
|
|
7793
7807
|
};
|
|
7808
|
+
const CustomHeaderConstants = {
|
|
7809
|
+
REQUIRED_PREFIX: "x-",
|
|
7810
|
+
RESERVED_PREFIXES: [
|
|
7811
|
+
"x-client-",
|
|
7812
|
+
"x-ms-",
|
|
7813
|
+
"x-broker-",
|
|
7814
|
+
"x-app-",
|
|
7815
|
+
],
|
|
7816
|
+
};
|
|
7794
7817
|
const DefaultPackageInfo = {
|
|
7795
7818
|
SKU: "msal.browser",
|
|
7796
7819
|
VERSION: version,
|
|
@@ -8647,6 +8670,43 @@ function createBrowserAuthError(errorCode, subError) {
|
|
|
8647
8670
|
return new BrowserAuthError(errorCode, subError);
|
|
8648
8671
|
}
|
|
8649
8672
|
|
|
8673
|
+
/*
|
|
8674
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8675
|
+
* Licensed under the MIT License.
|
|
8676
|
+
*/
|
|
8677
|
+
/**
|
|
8678
|
+
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8679
|
+
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8680
|
+
*/
|
|
8681
|
+
/**
|
|
8682
|
+
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8683
|
+
* @param input
|
|
8684
|
+
*/
|
|
8685
|
+
function base64Decode(input) {
|
|
8686
|
+
return new TextDecoder().decode(base64DecToArr(input));
|
|
8687
|
+
}
|
|
8688
|
+
/**
|
|
8689
|
+
* Decodes base64 into Uint8Array
|
|
8690
|
+
* @param base64String
|
|
8691
|
+
*/
|
|
8692
|
+
function base64DecToArr(base64String) {
|
|
8693
|
+
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8694
|
+
switch (encodedString.length % 4) {
|
|
8695
|
+
case 0:
|
|
8696
|
+
break;
|
|
8697
|
+
case 2:
|
|
8698
|
+
encodedString += "==";
|
|
8699
|
+
break;
|
|
8700
|
+
case 3:
|
|
8701
|
+
encodedString += "=";
|
|
8702
|
+
break;
|
|
8703
|
+
default:
|
|
8704
|
+
throw createBrowserAuthError(invalidBase64String);
|
|
8705
|
+
}
|
|
8706
|
+
const binString = atob(encodedString);
|
|
8707
|
+
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8708
|
+
}
|
|
8709
|
+
|
|
8650
8710
|
/*
|
|
8651
8711
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8652
8712
|
* Licensed under the MIT License.
|
|
@@ -8691,43 +8751,6 @@ function base64EncArr(aBytes) {
|
|
|
8691
8751
|
return btoa(binString);
|
|
8692
8752
|
}
|
|
8693
8753
|
|
|
8694
|
-
/*
|
|
8695
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8696
|
-
* Licensed under the MIT License.
|
|
8697
|
-
*/
|
|
8698
|
-
/**
|
|
8699
|
-
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8700
|
-
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8701
|
-
*/
|
|
8702
|
-
/**
|
|
8703
|
-
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8704
|
-
* @param input
|
|
8705
|
-
*/
|
|
8706
|
-
function base64Decode(input) {
|
|
8707
|
-
return new TextDecoder().decode(base64DecToArr(input));
|
|
8708
|
-
}
|
|
8709
|
-
/**
|
|
8710
|
-
* Decodes base64 into Uint8Array
|
|
8711
|
-
* @param base64String
|
|
8712
|
-
*/
|
|
8713
|
-
function base64DecToArr(base64String) {
|
|
8714
|
-
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8715
|
-
switch (encodedString.length % 4) {
|
|
8716
|
-
case 0:
|
|
8717
|
-
break;
|
|
8718
|
-
case 2:
|
|
8719
|
-
encodedString += "==";
|
|
8720
|
-
break;
|
|
8721
|
-
case 3:
|
|
8722
|
-
encodedString += "=";
|
|
8723
|
-
break;
|
|
8724
|
-
default:
|
|
8725
|
-
throw createBrowserAuthError(invalidBase64String);
|
|
8726
|
-
}
|
|
8727
|
-
const binString = atob(encodedString);
|
|
8728
|
-
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8729
|
-
}
|
|
8730
|
-
|
|
8731
8754
|
/*
|
|
8732
8755
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8733
8756
|
* Licensed under the MIT License.
|
|
@@ -9196,7 +9219,7 @@ function cancelPendingBridgeResponse(logger, correlationId) {
|
|
|
9196
9219
|
activeBridgeMonitor = null;
|
|
9197
9220
|
}
|
|
9198
9221
|
}
|
|
9199
|
-
async function waitForBridgeResponse(timeoutMs, logger,
|
|
9222
|
+
async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
|
|
9200
9223
|
return new Promise((resolve, reject) => {
|
|
9201
9224
|
logger.verbose("1rf6em", request.correlationId);
|
|
9202
9225
|
const correlationId = request.correlationId;
|
|
@@ -9204,7 +9227,7 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
|
|
|
9204
9227
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9205
9228
|
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9206
9229
|
}, correlationId);
|
|
9207
|
-
const { libraryState } = parseRequestState(
|
|
9230
|
+
const { libraryState } = parseRequestState(base64Decode, request.state || "");
|
|
9208
9231
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9209
9232
|
let responseString = undefined;
|
|
9210
9233
|
let timedOut$1 = false;
|
|
@@ -9614,12 +9637,13 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
9614
9637
|
* and logoutHint attribute wasn't manually set in logout request
|
|
9615
9638
|
*/
|
|
9616
9639
|
if (logoutRequest) {
|
|
9617
|
-
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
|
|
9640
|
+
// If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
|
|
9618
9641
|
if (!logoutRequest.logoutHint) {
|
|
9619
9642
|
if (logoutRequest.account) {
|
|
9620
|
-
const logoutHint =
|
|
9643
|
+
const logoutHint = logoutRequest.account.loginHint ||
|
|
9644
|
+
this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
|
|
9621
9645
|
if (logoutHint) {
|
|
9622
|
-
this.logger.verbose("
|
|
9646
|
+
this.logger.verbose("0d7s8p", this.correlationId);
|
|
9623
9647
|
validLogoutRequest.logoutHint = logoutHint;
|
|
9624
9648
|
}
|
|
9625
9649
|
}
|
|
@@ -9672,6 +9696,7 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
9672
9696
|
const idTokenClaims = account.idTokenClaims;
|
|
9673
9697
|
if (idTokenClaims) {
|
|
9674
9698
|
if (idTokenClaims.login_hint) {
|
|
9699
|
+
this.logger.verbose("0u5bmc", this.correlationId);
|
|
9675
9700
|
return idTokenClaims.login_hint;
|
|
9676
9701
|
}
|
|
9677
9702
|
else {
|
|
@@ -10963,15 +10988,67 @@ class CustomAuthInterationClientFactory {
|
|
|
10963
10988
|
}
|
|
10964
10989
|
}
|
|
10965
10990
|
|
|
10991
|
+
/*
|
|
10992
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10993
|
+
* Licensed under the MIT License.
|
|
10994
|
+
*/
|
|
10995
|
+
/**
|
|
10996
|
+
* Filters the headers returned by a {@link CustomAuthRequestInterceptor},
|
|
10997
|
+
* keeping only those that conform to the custom-auth header naming rules.
|
|
10998
|
+
*
|
|
10999
|
+
* Rules (mirrors the iOS / Android native auth implementations):
|
|
11000
|
+
* - Header names must start with `x-` (case-insensitive); others are dropped.
|
|
11001
|
+
* - Header names that start with any reserved prefix (`x-client-`, `x-ms-`,
|
|
11002
|
+
* `x-broker-`, `x-app-`) are dropped.
|
|
11003
|
+
* - Headers with empty/whitespace-only names or null/undefined values are dropped.
|
|
11004
|
+
*
|
|
11005
|
+
* Dropped headers are logged as warnings (PII-safe) when a logger is provided.
|
|
11006
|
+
*
|
|
11007
|
+
* @param headers - Raw headers returned by the interceptor.
|
|
11008
|
+
* @param logger - Optional logger used to emit warnings for dropped headers.
|
|
11009
|
+
* @param correlationId - Optional correlation id forwarded to the logger.
|
|
11010
|
+
* @returns A new record containing only the headers that pass the filter,
|
|
11011
|
+
* preserving the original casing of header names.
|
|
11012
|
+
*/
|
|
11013
|
+
function filterCustomHeaders(headers, logger, correlationId) {
|
|
11014
|
+
const filtered = {};
|
|
11015
|
+
if (!headers) {
|
|
11016
|
+
return filtered;
|
|
11017
|
+
}
|
|
11018
|
+
for (const [name, value] of Object.entries(headers)) {
|
|
11019
|
+
if (!name || value === undefined || value === null) {
|
|
11020
|
+
continue;
|
|
11021
|
+
}
|
|
11022
|
+
const trimmedName = name.trim();
|
|
11023
|
+
if (!trimmedName) {
|
|
11024
|
+
continue;
|
|
11025
|
+
}
|
|
11026
|
+
const lowerName = trimmedName.toLowerCase();
|
|
11027
|
+
if (!lowerName.startsWith(CustomHeaderConstants.REQUIRED_PREFIX)) {
|
|
11028
|
+
logger?.warningPii("0vzpop", correlationId ?? "");
|
|
11029
|
+
continue;
|
|
11030
|
+
}
|
|
11031
|
+
const reservedPrefix = CustomHeaderConstants.RESERVED_PREFIXES.find((prefix) => lowerName.startsWith(prefix));
|
|
11032
|
+
if (reservedPrefix) {
|
|
11033
|
+
logger?.warningPii("1m3lhk", correlationId ?? "");
|
|
11034
|
+
continue;
|
|
11035
|
+
}
|
|
11036
|
+
filtered[trimmedName] = value;
|
|
11037
|
+
}
|
|
11038
|
+
return filtered;
|
|
11039
|
+
}
|
|
11040
|
+
|
|
10966
11041
|
/*
|
|
10967
11042
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10968
11043
|
* Licensed under the MIT License.
|
|
10969
11044
|
*/
|
|
10970
11045
|
class BaseApiClient {
|
|
10971
|
-
constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams) {
|
|
11046
|
+
constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
10972
11047
|
this.clientId = clientId;
|
|
10973
11048
|
this.httpClient = httpClient;
|
|
10974
11049
|
this.customAuthApiQueryParams = customAuthApiQueryParams;
|
|
11050
|
+
this.requestInterceptor = requestInterceptor;
|
|
11051
|
+
this.logger = logger;
|
|
10975
11052
|
this.baseRequestUrl = parseUrl(!baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl);
|
|
10976
11053
|
}
|
|
10977
11054
|
async request(endpoint, data, telemetryManager, correlationId) {
|
|
@@ -10979,8 +11056,10 @@ class BaseApiClient {
|
|
|
10979
11056
|
client_id: this.clientId,
|
|
10980
11057
|
...data,
|
|
10981
11058
|
});
|
|
10982
|
-
const
|
|
11059
|
+
const commonHeaders = this.getCommonHeaders(correlationId, telemetryManager);
|
|
10983
11060
|
const url = buildUrl(this.baseRequestUrl.href, endpoint, this.customAuthApiQueryParams);
|
|
11061
|
+
const additionalHeaders = await this.getAdditionalHeaders(url, correlationId);
|
|
11062
|
+
const headers = { ...commonHeaders, ...additionalHeaders };
|
|
10984
11063
|
let response;
|
|
10985
11064
|
try {
|
|
10986
11065
|
response = await this.httpClient.post(url, formData, headers);
|
|
@@ -11038,6 +11117,19 @@ class BaseApiClient {
|
|
|
11038
11117
|
: responseError.invalid_attributes ?? [];
|
|
11039
11118
|
throw new CustomAuthApiError(responseError.error, responseError.error_description, responseError.correlation_id, responseError.error_codes, responseError.suberror, attributes, responseError.continuation_token, responseError.trace_id, responseError.timestamp);
|
|
11040
11119
|
}
|
|
11120
|
+
async getAdditionalHeaders(url, correlationId) {
|
|
11121
|
+
if (!this.requestInterceptor) {
|
|
11122
|
+
return {};
|
|
11123
|
+
}
|
|
11124
|
+
try {
|
|
11125
|
+
const result = await Promise.resolve(this.requestInterceptor.addAdditionalHeaderFields(url));
|
|
11126
|
+
return filterCustomHeaders(result, this.logger, correlationId);
|
|
11127
|
+
}
|
|
11128
|
+
catch (e) {
|
|
11129
|
+
this.logger?.warningPii("1ptwx4", correlationId);
|
|
11130
|
+
return {};
|
|
11131
|
+
}
|
|
11132
|
+
}
|
|
11041
11133
|
}
|
|
11042
11134
|
|
|
11043
11135
|
/*
|
|
@@ -11045,8 +11137,8 @@ class BaseApiClient {
|
|
|
11045
11137
|
* Licensed under the MIT License.
|
|
11046
11138
|
*/
|
|
11047
11139
|
class ResetPasswordApiClient extends BaseApiClient {
|
|
11048
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11049
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11140
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11141
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11050
11142
|
this.capabilities = capabilities;
|
|
11051
11143
|
}
|
|
11052
11144
|
/**
|
|
@@ -11129,8 +11221,8 @@ class ResetPasswordApiClient extends BaseApiClient {
|
|
|
11129
11221
|
* Licensed under the MIT License.
|
|
11130
11222
|
*/
|
|
11131
11223
|
class SignupApiClient extends BaseApiClient {
|
|
11132
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11133
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11224
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11225
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11134
11226
|
this.capabilities = capabilities;
|
|
11135
11227
|
}
|
|
11136
11228
|
/**
|
|
@@ -11199,8 +11291,8 @@ class SignupApiClient extends BaseApiClient {
|
|
|
11199
11291
|
* Licensed under the MIT License.
|
|
11200
11292
|
*/
|
|
11201
11293
|
class SignInApiClient extends BaseApiClient {
|
|
11202
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11203
|
-
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11294
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11295
|
+
super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11204
11296
|
this.capabilities = capabilities;
|
|
11205
11297
|
}
|
|
11206
11298
|
/**
|
|
@@ -11367,11 +11459,11 @@ class RegisterApiClient extends BaseApiClient {
|
|
|
11367
11459
|
* Licensed under the MIT License.
|
|
11368
11460
|
*/
|
|
11369
11461
|
class CustomAuthApiClient {
|
|
11370
|
-
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
|
|
11371
|
-
this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11372
|
-
this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11373
|
-
this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
|
|
11374
|
-
this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
|
|
11462
|
+
constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
|
|
11463
|
+
this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11464
|
+
this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11465
|
+
this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11466
|
+
this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
|
|
11375
11467
|
}
|
|
11376
11468
|
}
|
|
11377
11469
|
|
|
@@ -14382,7 +14474,6 @@ const CREDENTIAL_SCHEMA_VERSION = 3;
|
|
|
14382
14474
|
const ACCOUNT_SCHEMA_VERSION = 3;
|
|
14383
14475
|
const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
|
|
14384
14476
|
const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
|
|
14385
|
-
const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
|
|
14386
14477
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
14387
14478
|
const ACCOUNT_KEYS = "account.keys";
|
|
14388
14479
|
const TOKEN_KEYS = "token.keys";
|
|
@@ -15001,6 +15092,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15001
15092
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
15002
15093
|
: parsedValue;
|
|
15003
15094
|
if (!decryptedData || !isCredentialEntity(decryptedData)) {
|
|
15095
|
+
this.browserStorage.removeItem(key);
|
|
15004
15096
|
this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
|
|
15005
15097
|
return null;
|
|
15006
15098
|
}
|
|
@@ -15031,6 +15123,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15031
15123
|
const rawValue = this.browserStorage.getItem(accountKey);
|
|
15032
15124
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
15033
15125
|
if (!parsedValue) {
|
|
15126
|
+
this.browserStorage.removeItem(accountKey);
|
|
15034
15127
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15035
15128
|
continue;
|
|
15036
15129
|
}
|
|
@@ -15045,6 +15138,15 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15045
15138
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
15046
15139
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15047
15140
|
}
|
|
15141
|
+
else if (isEncrypted(parsedValue)) {
|
|
15142
|
+
// Remove accounts encrypted with a different key (session cookie expired/changed)
|
|
15143
|
+
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
15144
|
+
if (!decrypted) {
|
|
15145
|
+
this.browserStorage.removeItem(accountKey);
|
|
15146
|
+
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
15147
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15148
|
+
}
|
|
15149
|
+
}
|
|
15048
15150
|
}
|
|
15049
15151
|
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
15050
15152
|
}
|
|
@@ -16574,7 +16676,7 @@ const USER_CANCEL = "USER_CANCEL";
|
|
|
16574
16676
|
const NO_NETWORK = "NO_NETWORK";
|
|
16575
16677
|
const DISABLED = "DISABLED";
|
|
16576
16678
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
16577
|
-
const
|
|
16679
|
+
const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
|
|
16578
16680
|
|
|
16579
16681
|
/*
|
|
16580
16682
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -16629,8 +16731,8 @@ function createNativeAuthError(code, description, ext) {
|
|
|
16629
16731
|
return createBrowserAuthError(userCancelled);
|
|
16630
16732
|
case NO_NETWORK:
|
|
16631
16733
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
16632
|
-
case
|
|
16633
|
-
return createInteractionRequiredAuthError(
|
|
16734
|
+
case UI_NOT_ALLOWED:
|
|
16735
|
+
return createInteractionRequiredAuthError(uiNotAllowed);
|
|
16634
16736
|
}
|
|
16635
16737
|
}
|
|
16636
16738
|
return new NativeAuthError(code, description, ext);
|
|
@@ -16861,7 +16963,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16861
16963
|
noHistory: false,
|
|
16862
16964
|
};
|
|
16863
16965
|
const redirectUri = navigateToLoginRequestUrl
|
|
16864
|
-
? window.location.href
|
|
16966
|
+
? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
|
|
16865
16967
|
: getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
16866
16968
|
rootMeasurement.end({ success: true });
|
|
16867
16969
|
await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
|
|
@@ -17916,6 +18018,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
17916
18018
|
};
|
|
17917
18019
|
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
17918
18020
|
iframeTimeoutTelemetry: false,
|
|
18021
|
+
allowPlatformBrokerWithDOM: false,
|
|
17919
18022
|
};
|
|
17920
18023
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
17921
18024
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
@@ -18360,9 +18463,8 @@ class PlatformAuthDOMHandler {
|
|
|
18360
18463
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
18361
18464
|
* Licensed under the MIT License.
|
|
18362
18465
|
*/
|
|
18363
|
-
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
|
|
18466
|
+
async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
|
|
18364
18467
|
logger.trace("134j0v", correlationId);
|
|
18365
|
-
const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
|
|
18366
18468
|
logger.trace("04c81g", correlationId);
|
|
18367
18469
|
let platformAuthProvider;
|
|
18368
18470
|
try {
|
|
@@ -18386,22 +18488,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
|
|
|
18386
18488
|
}
|
|
18387
18489
|
return platformAuthProvider;
|
|
18388
18490
|
}
|
|
18389
|
-
/**
|
|
18390
|
-
* Returns true if the DOM API support for platform auth is enabled in session storage
|
|
18391
|
-
* @returns boolean
|
|
18392
|
-
* @deprecated
|
|
18393
|
-
*/
|
|
18394
|
-
function isDomEnabledForPlatformAuth() {
|
|
18395
|
-
let sessionStorage;
|
|
18396
|
-
try {
|
|
18397
|
-
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
18398
|
-
// Mute errors if it's a non-browser environment or cookies are blocked.
|
|
18399
|
-
return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
|
|
18400
|
-
}
|
|
18401
|
-
catch (e) {
|
|
18402
|
-
return false;
|
|
18403
|
-
}
|
|
18404
|
-
}
|
|
18405
18491
|
/**
|
|
18406
18492
|
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
18407
18493
|
* @param logger
|
|
@@ -18412,6 +18498,11 @@ function isDomEnabledForPlatformAuth() {
|
|
|
18412
18498
|
*/
|
|
18413
18499
|
function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
|
|
18414
18500
|
logger.trace("0uko3r", correlationId);
|
|
18501
|
+
// throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
|
|
18502
|
+
if (!config.system.allowPlatformBroker &&
|
|
18503
|
+
config.experimental.allowPlatformBrokerWithDOM) {
|
|
18504
|
+
throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
|
|
18505
|
+
}
|
|
18415
18506
|
if (!config.system.allowPlatformBroker) {
|
|
18416
18507
|
logger.trace("04hozs", correlationId);
|
|
18417
18508
|
// Developer disabled WAM
|
|
@@ -18441,10 +18532,11 @@ function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvid
|
|
|
18441
18532
|
* Licensed under the MIT License.
|
|
18442
18533
|
*/
|
|
18443
18534
|
class PopupClient extends StandardInteractionClient {
|
|
18444
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
|
|
18535
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
|
|
18445
18536
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
|
|
18446
18537
|
this.nativeStorage = nativeStorageImpl;
|
|
18447
18538
|
this.eventHandler = eventHandler;
|
|
18539
|
+
this.waitForPopupResponseHook = waitForPopupResponseHook;
|
|
18448
18540
|
}
|
|
18449
18541
|
/**
|
|
18450
18542
|
* Acquires tokens by opening a popup window to the /authorize endpoint of the authority
|
|
@@ -18578,7 +18670,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18578
18670
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
18579
18671
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
|
|
18580
18672
|
// Wait for the redirect bridge response
|
|
18581
|
-
const responseString = await
|
|
18673
|
+
const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
|
|
18582
18674
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18583
18675
|
return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
18584
18676
|
}
|
|
@@ -18613,7 +18705,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18613
18705
|
const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
|
|
18614
18706
|
form.submit();
|
|
18615
18707
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
18616
|
-
const responseString = await invokeAsync(
|
|
18708
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
|
|
18617
18709
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18618
18710
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
18619
18711
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
@@ -18638,7 +18730,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18638
18730
|
const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
|
|
18639
18731
|
form.submit();
|
|
18640
18732
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
18641
|
-
const responseString = await invokeAsync(
|
|
18733
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
|
|
18642
18734
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18643
18735
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
18644
18736
|
}
|
|
@@ -18695,7 +18787,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18695
18787
|
// Open the popup window to requestUrl.
|
|
18696
18788
|
const popupWindow = this.openPopup(logoutUri, popupParams);
|
|
18697
18789
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
|
|
18698
|
-
await
|
|
18790
|
+
await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
|
|
18699
18791
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
18700
18792
|
});
|
|
18701
18793
|
if (mainWindowRedirectUri) {
|
|
@@ -18774,6 +18866,19 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18774
18866
|
if (!popupWindow) {
|
|
18775
18867
|
throw createBrowserAuthError(emptyWindowError);
|
|
18776
18868
|
}
|
|
18869
|
+
try {
|
|
18870
|
+
popupWindow.document.title = "Microsoft Authentication";
|
|
18871
|
+
}
|
|
18872
|
+
catch (e) {
|
|
18873
|
+
if (typeof DOMException !== "undefined" &&
|
|
18874
|
+
e instanceof DOMException &&
|
|
18875
|
+
e.name === "SecurityError") {
|
|
18876
|
+
// Cross-origin - title cannot be set
|
|
18877
|
+
}
|
|
18878
|
+
else {
|
|
18879
|
+
this.logger.verbose("1s1yfs", this.correlationId);
|
|
18880
|
+
}
|
|
18881
|
+
}
|
|
18777
18882
|
if (popupWindow.focus) {
|
|
18778
18883
|
popupWindow.focus();
|
|
18779
18884
|
}
|
|
@@ -18852,6 +18957,12 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18852
18957
|
const homeAccountId = request.account && request.account.homeAccountId;
|
|
18853
18958
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
18854
18959
|
}
|
|
18960
|
+
async waitForPopupResponse(request, popupWindow, popupWindowParent) {
|
|
18961
|
+
if (this.waitForPopupResponseHook) {
|
|
18962
|
+
return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
|
|
18963
|
+
}
|
|
18964
|
+
return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
|
|
18965
|
+
}
|
|
18855
18966
|
}
|
|
18856
18967
|
|
|
18857
18968
|
/*
|
|
@@ -19005,6 +19116,8 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19005
19116
|
* @param options {HandleRedirectPromiseOptions} options for handling redirect promise
|
|
19006
19117
|
*/
|
|
19007
19118
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
19119
|
+
const originalTitle = document.title;
|
|
19120
|
+
document.title = "Microsoft Authentication";
|
|
19008
19121
|
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19009
19122
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
19010
19123
|
try {
|
|
@@ -19087,6 +19200,9 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19087
19200
|
}
|
|
19088
19201
|
throw e;
|
|
19089
19202
|
}
|
|
19203
|
+
finally {
|
|
19204
|
+
document.title = originalTitle;
|
|
19205
|
+
}
|
|
19090
19206
|
}
|
|
19091
19207
|
/**
|
|
19092
19208
|
* Gets the response hash for a redirect request
|
|
@@ -19342,6 +19458,7 @@ function loadFrameSync(urlNavigate) {
|
|
|
19342
19458
|
function createHiddenIframe() {
|
|
19343
19459
|
const authFrame = document.createElement("iframe");
|
|
19344
19460
|
authFrame.className = "msalSilentIframe";
|
|
19461
|
+
authFrame.title = "Microsoft Authentication";
|
|
19345
19462
|
authFrame.style.visibility = "hidden";
|
|
19346
19463
|
authFrame.style.position = "absolute";
|
|
19347
19464
|
authFrame.style.width = authFrame.style.height = "0";
|
|
@@ -19367,10 +19484,11 @@ function removeHiddenIframe(iframe) {
|
|
|
19367
19484
|
* Licensed under the MIT License.
|
|
19368
19485
|
*/
|
|
19369
19486
|
class SilentIframeClient extends StandardInteractionClient {
|
|
19370
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
|
|
19487
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
|
|
19371
19488
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
|
|
19372
19489
|
this.apiId = apiId;
|
|
19373
19490
|
this.nativeStorage = nativeStorageImpl;
|
|
19491
|
+
this.waitForIframeResponseHook = waitForIframeResponseHook;
|
|
19374
19492
|
}
|
|
19375
19493
|
/**
|
|
19376
19494
|
* Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
|
|
@@ -19459,7 +19577,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19459
19577
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19460
19578
|
let responseString;
|
|
19461
19579
|
try {
|
|
19462
|
-
responseString = await invokeAsync(
|
|
19580
|
+
responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
19463
19581
|
}
|
|
19464
19582
|
finally {
|
|
19465
19583
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19557,7 +19675,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19557
19675
|
// Wait for response from the redirect bridge.
|
|
19558
19676
|
let responseString;
|
|
19559
19677
|
try {
|
|
19560
|
-
responseString = await invokeAsync(
|
|
19678
|
+
responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
19561
19679
|
}
|
|
19562
19680
|
finally {
|
|
19563
19681
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19565,6 +19683,12 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19565
19683
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
19566
19684
|
return { serverParams, pkceCodes, silentRequest };
|
|
19567
19685
|
}
|
|
19686
|
+
async waitForIframeResponse(iframe, request) {
|
|
19687
|
+
if (this.waitForIframeResponseHook) {
|
|
19688
|
+
return this.waitForIframeResponseHook(iframe, request);
|
|
19689
|
+
}
|
|
19690
|
+
return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
|
|
19691
|
+
}
|
|
19568
19692
|
}
|
|
19569
19693
|
|
|
19570
19694
|
/*
|
|
@@ -19859,7 +19983,7 @@ class StandardController {
|
|
|
19859
19983
|
if (allowPlatformBroker) {
|
|
19860
19984
|
try {
|
|
19861
19985
|
// check if platform authentication is available via DOM or browser extension and create relevant handlers
|
|
19862
|
-
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
|
|
19986
|
+
this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
|
|
19863
19987
|
}
|
|
19864
19988
|
catch (e) {
|
|
19865
19989
|
this.logger.verbose(e, correlationId);
|
|
@@ -20766,7 +20890,7 @@ class StandardController {
|
|
|
20766
20890
|
* @param correlationId
|
|
20767
20891
|
*/
|
|
20768
20892
|
createPopupClient(correlationId) {
|
|
20769
|
-
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
20893
|
+
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
|
|
20770
20894
|
}
|
|
20771
20895
|
/**
|
|
20772
20896
|
* Returns new instance of the Redirect Interaction Client
|
|
@@ -20780,7 +20904,7 @@ class StandardController {
|
|
|
20780
20904
|
* @param correlationId
|
|
20781
20905
|
*/
|
|
20782
20906
|
createSilentIframeClient(correlationId) {
|
|
20783
|
-
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
20907
|
+
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
|
|
20784
20908
|
}
|
|
20785
20909
|
/**
|
|
20786
20910
|
* Returns new instance of the Silent Cache Interaction Client
|
|
@@ -21241,7 +21365,7 @@ class CustomAuthStandardController extends StandardController {
|
|
|
21241
21365
|
this.customAuthConfig = operatingContext.getCustomAuthConfig();
|
|
21242
21366
|
this.authority = new CustomAuthAuthority(this.customAuthConfig.auth.authority, this.customAuthConfig, this.networkClient, this.browserStorage, this.logger, this.performanceClient, this.customAuthConfig.customAuth?.authApiProxyUrl);
|
|
21243
21367
|
const interactionClientFactory = new CustomAuthInterationClientFactory(this.customAuthConfig, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, customAuthApiClient ??
|
|
21244
|
-
new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams), this.authority);
|
|
21368
|
+
new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams, this.customAuthConfig.customAuth?.requestInterceptor, this.logger), this.authority);
|
|
21245
21369
|
this.signInClient = interactionClientFactory.create(SignInClient);
|
|
21246
21370
|
this.signUpClient = interactionClientFactory.create(SignUpClient);
|
|
21247
21371
|
this.resetPasswordClient =
|
|
@@ -21549,7 +21673,7 @@ class BaseOperatingContext {
|
|
|
21549
21673
|
return;
|
|
21550
21674
|
}
|
|
21551
21675
|
}
|
|
21552
|
-
constructor(config) {
|
|
21676
|
+
constructor(config, responseHandlers) {
|
|
21553
21677
|
/*
|
|
21554
21678
|
* If loaded in an environment where window is not available,
|
|
21555
21679
|
* set internal flag to false so that further requests fail.
|
|
@@ -21557,6 +21681,7 @@ class BaseOperatingContext {
|
|
|
21557
21681
|
*/
|
|
21558
21682
|
this.browserEnvironment = typeof window !== "undefined";
|
|
21559
21683
|
this.config = buildConfiguration(config, this.browserEnvironment);
|
|
21684
|
+
this.responseHandlers = responseHandlers;
|
|
21560
21685
|
let sessionStorage;
|
|
21561
21686
|
try {
|
|
21562
21687
|
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
@@ -21593,6 +21718,13 @@ class BaseOperatingContext {
|
|
|
21593
21718
|
getConfig() {
|
|
21594
21719
|
return this.config;
|
|
21595
21720
|
}
|
|
21721
|
+
/**
|
|
21722
|
+
* Returns the internal response handlers supplied by PublicClientApplication, if any.
|
|
21723
|
+
* @returns AuthResponseHandlers | undefined
|
|
21724
|
+
*/
|
|
21725
|
+
getResponseHandlers() {
|
|
21726
|
+
return this.responseHandlers;
|
|
21727
|
+
}
|
|
21596
21728
|
/**
|
|
21597
21729
|
* Returns the MSAL Logger
|
|
21598
21730
|
* @returns Logger
|
|
@@ -21957,7 +22089,48 @@ class PublicClientApplication {
|
|
|
21957
22089
|
constructor(configuration, controller) {
|
|
21958
22090
|
this.controller =
|
|
21959
22091
|
controller ||
|
|
21960
|
-
new StandardController(new StandardOperatingContext(configuration
|
|
22092
|
+
new StandardController(new StandardOperatingContext(configuration, {
|
|
22093
|
+
waitForPopupResponse: this.waitForPopupResponse.bind(this),
|
|
22094
|
+
waitForIframeResponse: this.waitForIframeResponse.bind(this),
|
|
22095
|
+
}));
|
|
22096
|
+
}
|
|
22097
|
+
/**
|
|
22098
|
+
* Waits for the auth response from a popup window opened by MSAL.
|
|
22099
|
+
*
|
|
22100
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
22101
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
22102
|
+
* with an `AuthError` on failure.
|
|
22103
|
+
*
|
|
22104
|
+
* @internal
|
|
22105
|
+
* @param request The in-flight authorization or end-session request.
|
|
22106
|
+
* @param popupWindow The popup window opened by MSAL.
|
|
22107
|
+
* @param popupWindowParent The parent window that opened the popup.
|
|
22108
|
+
*/
|
|
22109
|
+
async waitForPopupResponse(request,
|
|
22110
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22111
|
+
popupWindow,
|
|
22112
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22113
|
+
popupWindowParent) {
|
|
22114
|
+
const controller = this.controller;
|
|
22115
|
+
return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
|
|
22116
|
+
}
|
|
22117
|
+
/**
|
|
22118
|
+
* Waits for the auth response from a hidden iframe used by MSAL silent flows.
|
|
22119
|
+
*
|
|
22120
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
22121
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
22122
|
+
* with an `AuthError` on failure.
|
|
22123
|
+
*
|
|
22124
|
+
* @internal
|
|
22125
|
+
* @param iframe The hidden iframe MSAL attached to the document.
|
|
22126
|
+
* @param request The in-flight authorization request.
|
|
22127
|
+
*/
|
|
22128
|
+
async waitForIframeResponse(
|
|
22129
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22130
|
+
iframe, request) {
|
|
22131
|
+
const controller = this.controller;
|
|
22132
|
+
const config = controller.getConfiguration();
|
|
22133
|
+
return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
|
|
21961
22134
|
}
|
|
21962
22135
|
/**
|
|
21963
22136
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|