@azure/msal-browser 5.10.1 → 5.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (294) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +44 -2
  3. package/dist/app/PublicClientApplication.mjs.map +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  9. package/dist/cache/AccountManager.mjs +1 -1
  10. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  11. package/dist/cache/BrowserCacheManager.mjs +12 -1
  12. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.mjs +2 -3
  15. package/dist/cache/CacheKeys.mjs.map +1 -1
  16. package/dist/cache/CookieStorage.mjs +1 -1
  17. package/dist/cache/DatabaseStorage.mjs +1 -1
  18. package/dist/cache/EncryptedData.mjs +1 -1
  19. package/dist/cache/LocalStorage.mjs +1 -1
  20. package/dist/cache/MemoryStorage.mjs +1 -1
  21. package/dist/cache/SessionStorage.mjs +1 -1
  22. package/dist/cache/TokenCache.mjs +1 -1
  23. package/dist/config/Configuration.mjs +3 -2
  24. package/dist/config/Configuration.mjs.map +1 -1
  25. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  26. package/dist/controllers/StandardController.mjs +4 -4
  27. package/dist/controllers/StandardController.mjs.map +1 -1
  28. package/dist/crypto/BrowserCrypto.mjs +1 -1
  29. package/dist/crypto/CryptoOps.mjs +1 -1
  30. package/dist/crypto/PkceGenerator.mjs +1 -1
  31. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  32. package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
  33. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  34. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  35. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
  36. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  37. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  51. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  52. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  53. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  54. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  55. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  56. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  57. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  58. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  59. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  60. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  61. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  62. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  63. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  64. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  65. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  66. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  67. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  68. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  69. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  73. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  74. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  75. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
  77. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
  79. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
  83. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  84. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
  85. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  86. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
  87. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  88. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  89. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  90. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  91. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  92. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  93. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  94. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
  95. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
  96. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  97. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  98. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  99. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  100. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  101. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  102. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  103. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  104. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  105. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  106. package/dist/custom_auth/index.mjs +1 -1
  107. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  109. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  110. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  111. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  112. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  113. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  114. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  115. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  116. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  117. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  118. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  122. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  123. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  124. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  125. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  126. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  127. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  128. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  129. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  130. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  131. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  132. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  136. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  137. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  138. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  139. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  140. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  141. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  142. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  143. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  144. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  145. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  146. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  147. package/dist/encode/Base64Decode.mjs +1 -1
  148. package/dist/encode/Base64Encode.mjs +1 -1
  149. package/dist/error/BrowserAuthError.mjs +1 -1
  150. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  151. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  152. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  153. package/dist/error/NativeAuthError.mjs +4 -4
  154. package/dist/error/NativeAuthError.mjs.map +1 -1
  155. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  156. package/dist/error/NestedAppAuthError.mjs +1 -1
  157. package/dist/event/EventHandler.mjs +1 -1
  158. package/dist/event/EventMessage.mjs +1 -1
  159. package/dist/event/EventType.mjs +1 -1
  160. package/dist/index.mjs +1 -1
  161. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  162. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  163. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -3
  164. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  165. package/dist/interaction_client/PopupClient.mjs +27 -7
  166. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  167. package/dist/interaction_client/RedirectClient.mjs +6 -1
  168. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  169. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  170. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  171. package/dist/interaction_client/SilentIframeClient.mjs +11 -4
  172. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  173. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  174. package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
  175. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  176. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  177. package/dist/interaction_handler/SilentHandler.mjs +2 -1
  178. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  179. package/dist/log-strings-mapping.json +1203 -1187
  180. package/dist/naa/BridgeError.mjs +1 -1
  181. package/dist/naa/BridgeProxy.mjs +1 -1
  182. package/dist/naa/BridgeStatusCode.mjs +1 -1
  183. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  184. package/dist/navigation/NavigationClient.mjs +1 -1
  185. package/dist/network/FetchClient.mjs +1 -1
  186. package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
  187. package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
  188. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  189. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  190. package/dist/packageMetadata.mjs +2 -2
  191. package/dist/protocol/Authorize.mjs +1 -1
  192. package/dist/redirect_bridge/index.mjs +4 -5
  193. package/dist/redirect_bridge/index.mjs.map +1 -1
  194. package/dist/request/RequestHelpers.mjs +1 -1
  195. package/dist/response/ResponseHandler.mjs +1 -1
  196. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  197. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  198. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  199. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  200. package/dist/utils/BrowserConstants.mjs +1 -1
  201. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  202. package/dist/utils/BrowserUtils.mjs +15 -5
  203. package/dist/utils/BrowserUtils.mjs.map +1 -1
  204. package/dist/utils/Helpers.mjs +1 -1
  205. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  206. package/lib/custom-auth-path/log-strings-mapping.json +33 -17
  207. package/lib/custom-auth-path/msal-custom-auth.cjs +342 -169
  208. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  209. package/lib/custom-auth-path/msal-custom-auth.js +342 -169
  210. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  211. package/lib/log-strings-mapping.json +13 -9
  212. package/lib/msal-browser.cjs +275 -167
  213. package/lib/msal-browser.cjs.map +1 -1
  214. package/lib/msal-browser.js +275 -167
  215. package/lib/msal-browser.js.map +1 -1
  216. package/lib/msal-browser.min.js +2 -2
  217. package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
  218. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  219. package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
  220. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  221. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  222. package/package.json +2 -2
  223. package/src/app/PublicClientApplication.ts +85 -1
  224. package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
  225. package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
  226. package/src/cache/BrowserCacheManager.ts +17 -0
  227. package/src/config/Configuration.ts +5 -0
  228. package/src/controllers/StandardController.ts +6 -3
  229. package/src/custom_auth/CustomAuthConstants.ts +10 -0
  230. package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
  231. package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
  232. package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
  233. package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
  234. package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
  235. package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
  236. package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
  237. package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
  238. package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
  239. package/src/custom_auth/index.ts +4 -0
  240. package/src/error/NativeAuthError.ts +2 -2
  241. package/src/interaction_client/PlatformAuthInteractionClient.ts +5 -1
  242. package/src/interaction_client/PopupClient.ts +65 -27
  243. package/src/interaction_client/RedirectClient.ts +5 -0
  244. package/src/interaction_client/SilentIframeClient.ts +49 -19
  245. package/src/interaction_client/StandardInteractionClient.ts +11 -5
  246. package/src/interaction_handler/SilentHandler.ts +1 -0
  247. package/src/operatingcontext/BaseOperatingContext.ts +15 -1
  248. package/src/packageMetadata.ts +1 -1
  249. package/src/redirect_bridge/index.ts +3 -7
  250. package/src/utils/BrowserUtils.ts +28 -7
  251. package/types/app/PublicClientApplication.d.ts +37 -1
  252. package/types/app/PublicClientApplication.d.ts.map +1 -1
  253. package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
  254. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
  255. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  256. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  257. package/types/config/Configuration.d.ts +4 -0
  258. package/types/config/Configuration.d.ts.map +1 -1
  259. package/types/controllers/StandardController.d.ts.map +1 -1
  260. package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
  261. package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
  262. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
  263. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
  264. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
  265. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
  266. package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  267. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
  268. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
  269. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
  270. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  271. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
  272. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
  273. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
  274. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  275. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
  276. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
  277. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
  278. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
  279. package/types/custom_auth/index.d.ts +1 -0
  280. package/types/custom_auth/index.d.ts.map +1 -1
  281. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  282. package/types/interaction_client/PopupClient.d.ts +11 -1
  283. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  284. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  285. package/types/interaction_client/SilentIframeClient.d.ts +20 -1
  286. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  287. package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  288. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  289. package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
  290. package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
  291. package/types/packageMetadata.d.ts +1 -1
  292. package/types/redirect_bridge/index.d.ts.map +1 -1
  293. package/types/utils/BrowserUtils.d.ts +17 -2
  294. package/types/utils/BrowserUtils.d.ts.map +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.10.1 2026-05-11 */
1
+ /*! @azure/msal-browser v5.12.0 2026-06-05 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
229
229
  // Token renewal offset default in seconds
230
230
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
231
231
 
232
- /*! @azure/msal-common v16.6.1 2026-05-11 */
232
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
233
233
  /*
234
234
  * Copyright (c) Microsoft Corporation. All rights reserved.
235
235
  * Licensed under the MIT License.
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
281
281
  const RESOURCE = "resource";
282
282
  const CLI_DATA = "clidata";
283
283
 
284
- /*! @azure/msal-common v16.6.1 2026-05-11 */
284
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
285
285
  /*
286
286
  * Copyright (c) Microsoft Corporation. All rights reserved.
287
287
  * Licensed under the MIT License.
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
312
312
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
313
313
  }
314
314
 
315
- /*! @azure/msal-common v16.6.1 2026-05-11 */
315
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
316
316
 
317
317
  /*
318
318
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
332
332
  return new ClientConfigurationError(errorCode);
333
333
  }
334
334
 
335
- /*! @azure/msal-common v16.6.1 2026-05-11 */
335
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
336
336
  /*
337
337
  * Copyright (c) Microsoft Corporation. All rights reserved.
338
338
  * Licensed under the MIT License.
@@ -412,7 +412,7 @@ class StringUtils {
412
412
  }
413
413
  }
414
414
 
415
- /*! @azure/msal-common v16.6.1 2026-05-11 */
415
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
416
416
 
417
417
  /*
418
418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
435
435
  return new ClientAuthError(errorCode, additionalMessage);
436
436
  }
437
437
 
438
- /*! @azure/msal-common v16.6.1 2026-05-11 */
438
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
439
439
  /*
440
440
  * Copyright (c) Microsoft Corporation. All rights reserved.
441
441
  * Licensed under the MIT License.
@@ -458,9 +458,10 @@ const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
458
458
  const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
459
459
  const authorityMismatch = "authority_mismatch";
460
460
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
461
+ const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
461
462
  const issuerValidationFailed = "issuer_validation_failed";
462
463
 
463
- /*! @azure/msal-common v16.6.1 2026-05-11 */
464
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
464
465
  /*
465
466
  * Copyright (c) Microsoft Corporation. All rights reserved.
466
467
  * Licensed under the MIT License.
@@ -499,7 +500,7 @@ const methodNotImplemented = "method_not_implemented";
499
500
  const resourceParameterRequired = "resource_parameter_required";
500
501
  const misplacedResourceParam = "misplaced_resource_parameter";
501
502
 
502
- /*! @azure/msal-common v16.6.1 2026-05-11 */
503
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
503
504
 
504
505
  /*
505
506
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -694,7 +695,7 @@ class ScopeSet {
694
695
  }
695
696
  }
696
697
 
697
- /*! @azure/msal-common v16.6.1 2026-05-11 */
698
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
698
699
 
699
700
  /*
700
701
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1083,7 +1084,7 @@ function addResource(parameters, resource) {
1083
1084
  }
1084
1085
  }
1085
1086
 
1086
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1087
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1087
1088
 
1088
1089
  /*
1089
1090
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1192,7 +1193,7 @@ function normalizeUrlForComparison(url) {
1192
1193
  }
1193
1194
  }
1194
1195
 
1195
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1196
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1196
1197
 
1197
1198
  /*
1198
1199
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1231,7 +1232,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1231
1232
  },
1232
1233
  };
1233
1234
 
1234
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1235
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1235
1236
  /*
1236
1237
  * Copyright (c) Microsoft Corporation. All rights reserved.
1237
1238
  * Licensed under the MIT License.
@@ -1492,12 +1493,12 @@ class Logger {
1492
1493
  }
1493
1494
  }
1494
1495
 
1495
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1496
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1496
1497
  /* eslint-disable header/header */
1497
1498
  const name$1 = "@azure/msal-common";
1498
- const version$1 = "16.6.1";
1499
+ const version$1 = "16.7.0";
1499
1500
 
1500
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1501
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1501
1502
  /*
1502
1503
  * Copyright (c) Microsoft Corporation. All rights reserved.
1503
1504
  * Licensed under the MIT License.
@@ -1506,7 +1507,7 @@ const AzureCloudInstance = {
1506
1507
  // AzureCloudInstance is not specified.
1507
1508
  None: "none"};
1508
1509
 
1509
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1510
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1510
1511
  /*
1511
1512
  * Copyright (c) Microsoft Corporation. All rights reserved.
1512
1513
  * Licensed under the MIT License.
@@ -1589,7 +1590,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1589
1590
  return updatedAccountInfo;
1590
1591
  }
1591
1592
 
1592
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1593
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1593
1594
 
1594
1595
  /*
1595
1596
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1669,7 +1670,7 @@ function checkMaxAge(authTime, maxAge) {
1669
1670
  }
1670
1671
  }
1671
1672
 
1672
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1673
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1673
1674
 
1674
1675
  /*
1675
1676
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1826,7 +1827,7 @@ class UrlString {
1826
1827
  }
1827
1828
  }
1828
1829
 
1829
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1830
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1830
1831
 
1831
1832
  /*
1832
1833
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1992,7 +1993,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1992
1993
  return null;
1993
1994
  }
1994
1995
 
1995
- /*! @azure/msal-common v16.6.1 2026-05-11 */
1996
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
1996
1997
  /*
1997
1998
  * Copyright (c) Microsoft Corporation. All rights reserved.
1998
1999
  * Licensed under the MIT License.
@@ -2000,7 +2001,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2000
2001
  const cacheQuotaExceeded = "cache_quota_exceeded";
2001
2002
  const cacheErrorUnknown = "cache_error_unknown";
2002
2003
 
2003
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2004
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2004
2005
 
2005
2006
  /*
2006
2007
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2038,7 +2039,7 @@ function createCacheError(e) {
2038
2039
  }
2039
2040
  }
2040
2041
 
2041
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2042
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2042
2043
 
2043
2044
  /*
2044
2045
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2076,7 +2077,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2076
2077
  };
2077
2078
  }
2078
2079
 
2079
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2080
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2080
2081
  /*
2081
2082
  * Copyright (c) Microsoft Corporation. All rights reserved.
2082
2083
  * Licensed under the MIT License.
@@ -2091,7 +2092,7 @@ const AuthorityType = {
2091
2092
  Ciam: 3,
2092
2093
  };
2093
2094
 
2094
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2095
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2095
2096
  /*
2096
2097
  * Copyright (c) Microsoft Corporation. All rights reserved.
2097
2098
  * Licensed under the MIT License.
@@ -2113,7 +2114,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2113
2114
  return null;
2114
2115
  }
2115
2116
 
2116
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2117
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2117
2118
  /*
2118
2119
  * Copyright (c) Microsoft Corporation. All rights reserved.
2119
2120
  * Licensed under the MIT License.
@@ -2137,7 +2138,7 @@ const ProtocolMode = {
2137
2138
  EAR: "EAR",
2138
2139
  };
2139
2140
 
2140
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2141
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2141
2142
  /**
2142
2143
  * Returns the AccountInfo interface for this account.
2143
2144
  */
@@ -2312,7 +2313,7 @@ function isAccountEntity(entity) {
2312
2313
  entity.hasOwnProperty("authorityType"));
2313
2314
  }
2314
2315
 
2315
- /*! @azure/msal-common v16.6.1 2026-05-11 */
2316
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2316
2317
 
2317
2318
  /*
2318
2319
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2452,8 +2453,8 @@ class CacheManager {
2452
2453
  return false;
2453
2454
  }
2454
2455
  if (!!tenantProfileFilter.username &&
2455
- !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
2456
- !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
2456
+ !this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
2457
+ !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
2457
2458
  return false;
2458
2459
  }
2459
2460
  if (!!tenantProfileFilter.loginHint &&
@@ -3443,7 +3444,7 @@ class DefaultStorageClass extends CacheManager {
3443
3444
  }
3444
3445
  }
3445
3446
 
3446
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3447
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3447
3448
  /*
3448
3449
  * Copyright (c) Microsoft Corporation. All rights reserved.
3449
3450
  * Licensed under the MIT License.
@@ -3457,7 +3458,7 @@ class DefaultStorageClass extends CacheManager {
3457
3458
  const PerformanceEventStatus = {
3458
3459
  InProgress: 1};
3459
3460
 
3460
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3461
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3461
3462
 
3462
3463
  /*
3463
3464
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3512,7 +3513,7 @@ class StubPerformanceClient {
3512
3513
  }
3513
3514
  }
3514
3515
 
3515
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3516
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3516
3517
 
3517
3518
  /*
3518
3519
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3607,7 +3608,7 @@ function isOidcProtocolMode(config) {
3607
3608
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3608
3609
  }
3609
3610
 
3610
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3611
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3611
3612
  /*
3612
3613
  * Copyright (c) Microsoft Corporation. All rights reserved.
3613
3614
  * Licensed under the MIT License.
@@ -3634,7 +3635,7 @@ function isOidcProtocolMode(config) {
3634
3635
  }
3635
3636
  }
3636
3637
 
3637
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3638
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3638
3639
  /*
3639
3640
  * Copyright (c) Microsoft Corporation. All rights reserved.
3640
3641
  * Licensed under the MIT License.
@@ -3699,7 +3700,7 @@ function wasClockTurnedBack(cachedAt) {
3699
3700
  return cachedAtSec > nowSeconds();
3700
3701
  }
3701
3702
 
3702
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3703
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3703
3704
 
3704
3705
  /*
3705
3706
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3958,7 +3959,7 @@ function isAuthorityMetadataExpired(metadata) {
3958
3959
  return metadata.expiresAt <= nowSeconds();
3959
3960
  }
3960
3961
 
3961
- /*! @azure/msal-common v16.6.1 2026-05-11 */
3962
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
3962
3963
  /*
3963
3964
  * Copyright (c) Microsoft Corporation. All rights reserved.
3964
3965
  * Licensed under the MIT License.
@@ -4029,7 +4030,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4029
4030
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4030
4031
  const SetUserData = "setUserData";
4031
4032
 
4032
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4033
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4033
4034
  /*
4034
4035
  * Copyright (c) Microsoft Corporation. All rights reserved.
4035
4036
  * Licensed under the MIT License.
@@ -4122,7 +4123,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4122
4123
  };
4123
4124
  };
4124
4125
 
4125
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4126
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4126
4127
 
4127
4128
  /*
4128
4129
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4202,7 +4203,7 @@ class PopTokenGenerator {
4202
4203
  }
4203
4204
  }
4204
4205
 
4205
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4206
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4206
4207
  /*
4207
4208
  * Copyright (c) Microsoft Corporation. All rights reserved.
4208
4209
  * Licensed under the MIT License.
@@ -4226,7 +4227,7 @@ const refreshTokenExpired = "refresh_token_expired";
4226
4227
  * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4227
4228
  * @public
4228
4229
  */
4229
- const uxNotAllowed = "ux_not_allowed";
4230
+ const uiNotAllowed = "ui_not_allowed";
4230
4231
  /**
4231
4232
  * Server-originated error code indicating interaction is required to complete the request.
4232
4233
  * @public
@@ -4253,7 +4254,7 @@ const badToken = "bad_token";
4253
4254
  */
4254
4255
  const interruptedUser = "interrupted_user";
4255
4256
 
4256
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4257
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4257
4258
 
4258
4259
  /*
4259
4260
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4267,7 +4268,7 @@ const InteractionRequiredServerErrorMessage = [
4267
4268
  consentRequired,
4268
4269
  loginRequired,
4269
4270
  badToken,
4270
- uxNotAllowed,
4271
+ uiNotAllowed,
4271
4272
  interruptedUser,
4272
4273
  ];
4273
4274
  const InteractionRequiredAuthSubErrorMessage = [
@@ -4277,7 +4278,7 @@ const InteractionRequiredAuthSubErrorMessage = [
4277
4278
  "user_password_expired",
4278
4279
  "consent_required",
4279
4280
  "bad_token",
4280
- "ux_not_allowed",
4281
+ "ui_not_allowed",
4281
4282
  "interrupted_user",
4282
4283
  ];
4283
4284
  /**
@@ -4321,7 +4322,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4321
4322
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4322
4323
  }
4323
4324
 
4324
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4325
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4325
4326
 
4326
4327
  /*
4327
4328
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4340,7 +4341,7 @@ class ServerError extends AuthError {
4340
4341
  }
4341
4342
  }
4342
4343
 
4343
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4344
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4344
4345
 
4345
4346
  /*
4346
4347
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4408,7 +4409,7 @@ function parseRequestState(base64Decode, state) {
4408
4409
  }
4409
4410
  }
4410
4411
 
4411
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4412
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4412
4413
 
4413
4414
  /*
4414
4415
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4756,7 +4757,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4756
4757
  return baseAccount;
4757
4758
  }
4758
4759
 
4759
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4760
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4760
4761
  /*
4761
4762
  * Copyright (c) Microsoft Corporation. All rights reserved.
4762
4763
  * Licensed under the MIT License.
@@ -4766,7 +4767,7 @@ const CcsCredentialType = {
4766
4767
  UPN: "UPN",
4767
4768
  };
4768
4769
 
4769
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4770
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4770
4771
  /*
4771
4772
  * Copyright (c) Microsoft Corporation. All rights reserved.
4772
4773
  * Licensed under the MIT License.
@@ -4784,7 +4785,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4784
4785
  }
4785
4786
  }
4786
4787
 
4787
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4788
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4788
4789
  /*
4789
4790
  * Copyright (c) Microsoft Corporation. All rights reserved.
4790
4791
  * Licensed under the MIT License.
@@ -4805,7 +4806,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4805
4806
  };
4806
4807
  }
4807
4808
 
4808
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4809
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4809
4810
 
4810
4811
  /*
4811
4812
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4891,7 +4892,7 @@ class ThrottlingUtils {
4891
4892
  }
4892
4893
  }
4893
4894
 
4894
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4895
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4895
4896
 
4896
4897
  /*
4897
4898
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4922,7 +4923,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4922
4923
  return new NetworkError(error, httpStatus, responseHeaders);
4923
4924
  }
4924
4925
 
4925
- /*! @azure/msal-common v16.6.1 2026-05-11 */
4926
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
4926
4927
 
4927
4928
  /*
4928
4929
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5036,7 +5037,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5036
5037
  return response;
5037
5038
  }
5038
5039
 
5039
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5040
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5040
5041
  /*
5041
5042
  * Copyright (c) Microsoft Corporation. All rights reserved.
5042
5043
  * Licensed under the MIT License.
@@ -5048,7 +5049,7 @@ function isOpenIdConfigResponse(response) {
5048
5049
  response.hasOwnProperty("jwks_uri"));
5049
5050
  }
5050
5051
 
5051
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5052
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5052
5053
  /*
5053
5054
  * Copyright (c) Microsoft Corporation. All rights reserved.
5054
5055
  * Licensed under the MIT License.
@@ -5058,7 +5059,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5058
5059
  response.hasOwnProperty("metadata"));
5059
5060
  }
5060
5061
 
5061
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5062
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5062
5063
  /*
5063
5064
  * Copyright (c) Microsoft Corporation. All rights reserved.
5064
5065
  * Licensed under the MIT License.
@@ -5068,7 +5069,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5068
5069
  response.hasOwnProperty("error_description"));
5069
5070
  }
5070
5071
 
5071
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5072
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5072
5073
 
5073
5074
  /*
5074
5075
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5173,7 +5174,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5173
5174
  },
5174
5175
  };
5175
5176
 
5176
- /*! @azure/msal-common v16.6.1 2026-05-11 */
5177
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
5177
5178
 
5178
5179
  /*
5179
5180
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5730,7 +5731,7 @@ class Authority {
5730
5731
  }
5731
5732
  }
5732
5733
  // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
5733
- if (this.isInKnownAuthorities()) {
5734
+ if (this.isInKnownAuthorities(this.hostnameAndPort)) {
5734
5735
  this.logger.verbose("0mt9al", this.correlationId);
5735
5736
  return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
5736
5737
  }
@@ -5797,13 +5798,14 @@ class Authority {
5797
5798
  return match;
5798
5799
  }
5799
5800
  /**
5800
- * Helper function to determine if this host is included in the knownAuthorities config option
5801
+ * Helper function to determine if a host is included in the knownAuthorities config option.
5801
5802
  */
5802
- isInKnownAuthorities() {
5803
+ isInKnownAuthorities(host) {
5804
+ const normalizedHost = host.toLowerCase();
5803
5805
  const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
5804
5806
  return (authority &&
5805
5807
  UrlString.getDomainFromUrl(authority).toLowerCase() ===
5806
- this.hostnameAndPort);
5808
+ normalizedHost);
5807
5809
  });
5808
5810
  return matches.length > 0;
5809
5811
  }
@@ -5880,6 +5882,10 @@ class Authority {
5880
5882
  * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
5881
5883
  * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
5882
5884
  * path.
5885
+ * 5. The issuer host is HTTPS and is explicitly listed in the
5886
+ * developer-configured `knownAuthorities`. This covers scenarios where
5887
+ * the OIDC discovery document returns an issuer host that differs from
5888
+ * the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
5883
5889
  *
5884
5890
  * @param issuer The `issuer` value returned in the OIDC discovery document.
5885
5891
  * @throws ClientConfigurationError("issuer_validation_failed") on failure.
@@ -5916,11 +5922,19 @@ class Authority {
5916
5922
  * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
5917
5923
  */
5918
5924
  const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
5925
+ /*
5926
+ * Rule 5: The issuer host is explicitly listed in the developer-configured
5927
+ * knownAuthorities. This covers scenarios where the OIDC discovery document
5928
+ * returns an issuer with a different host than the authority
5929
+ * (e.g., a GUID-based issuer for a name-based authority).
5930
+ */
5931
+ const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
5919
5932
  // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
5920
5933
  if (matchesAuthorityOrigin ||
5921
5934
  matchesKnownMicrosoftHost ||
5922
5935
  matchesRegionalMicrosoftHost ||
5923
- matchesCiamTenantPattern) {
5936
+ matchesCiamTenantPattern ||
5937
+ matchesKnownAuthority) {
5924
5938
  return;
5925
5939
  }
5926
5940
  // issuer validation fails if none of the above rules are satisfied
@@ -6128,7 +6142,7 @@ function buildStaticAuthorityOptions(authOptions) {
6128
6142
  };
6129
6143
  }
6130
6144
 
6131
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6145
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6132
6146
 
6133
6147
  /*
6134
6148
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6162,7 +6176,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6162
6176
  }
6163
6177
  }
6164
6178
 
6165
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6179
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6166
6180
 
6167
6181
  /*
6168
6182
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6419,7 +6433,7 @@ class AuthorizationCodeClient {
6419
6433
  }
6420
6434
  }
6421
6435
 
6422
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6436
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6423
6437
 
6424
6438
  /*
6425
6439
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6640,7 +6654,7 @@ class RefreshTokenClient {
6640
6654
  }
6641
6655
  }
6642
6656
 
6643
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6657
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6644
6658
 
6645
6659
  /*
6646
6660
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6756,7 +6770,7 @@ class SilentFlowClient {
6756
6770
  }
6757
6771
  }
6758
6772
 
6759
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6773
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6760
6774
 
6761
6775
  /*
6762
6776
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6771,7 +6785,7 @@ const StubbedNetworkModule = {
6771
6785
  },
6772
6786
  };
6773
6787
 
6774
- /*! @azure/msal-common v16.6.1 2026-05-11 */
6788
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6775
6789
 
6776
6790
  /*
6777
6791
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6994,7 +7008,7 @@ function extractLoginHint(account) {
6994
7008
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6995
7009
  }
6996
7010
 
6997
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7011
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
6998
7012
 
6999
7013
  /*
7000
7014
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7027,7 +7041,7 @@ function containsResourceParam(params) {
7027
7041
  return Object.prototype.hasOwnProperty.call(params, "resource");
7028
7042
  }
7029
7043
 
7030
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7044
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7031
7045
  /*
7032
7046
  * Copyright (c) Microsoft Corporation. All rights reserved.
7033
7047
  * Licensed under the MIT License.
@@ -7037,7 +7051,7 @@ function containsResourceParam(params) {
7037
7051
  */
7038
7052
  const unexpectedError = "unexpected_error";
7039
7053
 
7040
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7054
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7041
7055
 
7042
7056
  /*
7043
7057
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7298,7 +7312,7 @@ class ServerTelemetryManager {
7298
7312
  }
7299
7313
  }
7300
7314
 
7301
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7315
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7302
7316
 
7303
7317
  /*
7304
7318
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7319,7 +7333,7 @@ function createJoseHeaderError(code) {
7319
7333
  return new JoseHeaderError(code);
7320
7334
  }
7321
7335
 
7322
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7336
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7323
7337
  /*
7324
7338
  * Copyright (c) Microsoft Corporation. All rights reserved.
7325
7339
  * Licensed under the MIT License.
@@ -7327,7 +7341,7 @@ function createJoseHeaderError(code) {
7327
7341
  const missingKidError = "missing_kid_error";
7328
7342
  const missingAlgError = "missing_alg_error";
7329
7343
 
7330
- /*! @azure/msal-common v16.6.1 2026-05-11 */
7344
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
7331
7345
 
7332
7346
  /*
7333
7347
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7762,7 +7776,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7762
7776
 
7763
7777
  /* eslint-disable header/header */
7764
7778
  const name = "@azure/msal-browser";
7765
- const version = "5.10.1";
7779
+ const version = "5.12.0";
7766
7780
 
7767
7781
  /*
7768
7782
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7791,6 +7805,15 @@ const HttpHeaderKeys = {
7791
7805
  CONTENT_TYPE: "Content-Type",
7792
7806
  X_MS_REQUEST_ID: "x-ms-request-id",
7793
7807
  };
7808
+ const CustomHeaderConstants = {
7809
+ REQUIRED_PREFIX: "x-",
7810
+ RESERVED_PREFIXES: [
7811
+ "x-client-",
7812
+ "x-ms-",
7813
+ "x-broker-",
7814
+ "x-app-",
7815
+ ],
7816
+ };
7794
7817
  const DefaultPackageInfo = {
7795
7818
  SKU: "msal.browser",
7796
7819
  VERSION: version,
@@ -8647,6 +8670,43 @@ function createBrowserAuthError(errorCode, subError) {
8647
8670
  return new BrowserAuthError(errorCode, subError);
8648
8671
  }
8649
8672
 
8673
+ /*
8674
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8675
+ * Licensed under the MIT License.
8676
+ */
8677
+ /**
8678
+ * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
8679
+ * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
8680
+ */
8681
+ /**
8682
+ * Returns a URL-safe plaintext decoded string from b64 encoded input.
8683
+ * @param input
8684
+ */
8685
+ function base64Decode(input) {
8686
+ return new TextDecoder().decode(base64DecToArr(input));
8687
+ }
8688
+ /**
8689
+ * Decodes base64 into Uint8Array
8690
+ * @param base64String
8691
+ */
8692
+ function base64DecToArr(base64String) {
8693
+ let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
8694
+ switch (encodedString.length % 4) {
8695
+ case 0:
8696
+ break;
8697
+ case 2:
8698
+ encodedString += "==";
8699
+ break;
8700
+ case 3:
8701
+ encodedString += "=";
8702
+ break;
8703
+ default:
8704
+ throw createBrowserAuthError(invalidBase64String);
8705
+ }
8706
+ const binString = atob(encodedString);
8707
+ return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
8708
+ }
8709
+
8650
8710
  /*
8651
8711
  * Copyright (c) Microsoft Corporation. All rights reserved.
8652
8712
  * Licensed under the MIT License.
@@ -8691,43 +8751,6 @@ function base64EncArr(aBytes) {
8691
8751
  return btoa(binString);
8692
8752
  }
8693
8753
 
8694
- /*
8695
- * Copyright (c) Microsoft Corporation. All rights reserved.
8696
- * Licensed under the MIT License.
8697
- */
8698
- /**
8699
- * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
8700
- * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
8701
- */
8702
- /**
8703
- * Returns a URL-safe plaintext decoded string from b64 encoded input.
8704
- * @param input
8705
- */
8706
- function base64Decode(input) {
8707
- return new TextDecoder().decode(base64DecToArr(input));
8708
- }
8709
- /**
8710
- * Decodes base64 into Uint8Array
8711
- * @param base64String
8712
- */
8713
- function base64DecToArr(base64String) {
8714
- let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
8715
- switch (encodedString.length % 4) {
8716
- case 0:
8717
- break;
8718
- case 2:
8719
- encodedString += "==";
8720
- break;
8721
- case 3:
8722
- encodedString += "=";
8723
- break;
8724
- default:
8725
- throw createBrowserAuthError(invalidBase64String);
8726
- }
8727
- const binString = atob(encodedString);
8728
- return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
8729
- }
8730
-
8731
8754
  /*
8732
8755
  * Copyright (c) Microsoft Corporation. All rights reserved.
8733
8756
  * Licensed under the MIT License.
@@ -9196,7 +9219,7 @@ function cancelPendingBridgeResponse(logger, correlationId) {
9196
9219
  activeBridgeMonitor = null;
9197
9220
  }
9198
9221
  }
9199
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
9222
+ async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
9200
9223
  return new Promise((resolve, reject) => {
9201
9224
  logger.verbose("1rf6em", request.correlationId);
9202
9225
  const correlationId = request.correlationId;
@@ -9204,7 +9227,7 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
9204
9227
  redirectBridgeTimeoutMs: timeoutMs,
9205
9228
  lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
9206
9229
  }, correlationId);
9207
- const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
9230
+ const { libraryState } = parseRequestState(base64Decode, request.state || "");
9208
9231
  const channel = new BroadcastChannel(libraryState.id);
9209
9232
  let responseString = undefined;
9210
9233
  let timedOut$1 = false;
@@ -9614,12 +9637,13 @@ class StandardInteractionClient extends BaseInteractionClient {
9614
9637
  * and logoutHint attribute wasn't manually set in logout request
9615
9638
  */
9616
9639
  if (logoutRequest) {
9617
- // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims
9640
+ // If logoutHint isn't set and an account was passed in, try to extract logoutHint from account loginHint or ID Token Claims
9618
9641
  if (!logoutRequest.logoutHint) {
9619
9642
  if (logoutRequest.account) {
9620
- const logoutHint = this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
9643
+ const logoutHint = logoutRequest.account.loginHint ||
9644
+ this.getLogoutHintFromIdTokenClaims(logoutRequest.account);
9621
9645
  if (logoutHint) {
9622
- this.logger.verbose("0st5di", this.correlationId);
9646
+ this.logger.verbose("0d7s8p", this.correlationId);
9623
9647
  validLogoutRequest.logoutHint = logoutHint;
9624
9648
  }
9625
9649
  }
@@ -9672,6 +9696,7 @@ class StandardInteractionClient extends BaseInteractionClient {
9672
9696
  const idTokenClaims = account.idTokenClaims;
9673
9697
  if (idTokenClaims) {
9674
9698
  if (idTokenClaims.login_hint) {
9699
+ this.logger.verbose("0u5bmc", this.correlationId);
9675
9700
  return idTokenClaims.login_hint;
9676
9701
  }
9677
9702
  else {
@@ -10963,15 +10988,67 @@ class CustomAuthInterationClientFactory {
10963
10988
  }
10964
10989
  }
10965
10990
 
10991
+ /*
10992
+ * Copyright (c) Microsoft Corporation. All rights reserved.
10993
+ * Licensed under the MIT License.
10994
+ */
10995
+ /**
10996
+ * Filters the headers returned by a {@link CustomAuthRequestInterceptor},
10997
+ * keeping only those that conform to the custom-auth header naming rules.
10998
+ *
10999
+ * Rules (mirrors the iOS / Android native auth implementations):
11000
+ * - Header names must start with `x-` (case-insensitive); others are dropped.
11001
+ * - Header names that start with any reserved prefix (`x-client-`, `x-ms-`,
11002
+ * `x-broker-`, `x-app-`) are dropped.
11003
+ * - Headers with empty/whitespace-only names or null/undefined values are dropped.
11004
+ *
11005
+ * Dropped headers are logged as warnings (PII-safe) when a logger is provided.
11006
+ *
11007
+ * @param headers - Raw headers returned by the interceptor.
11008
+ * @param logger - Optional logger used to emit warnings for dropped headers.
11009
+ * @param correlationId - Optional correlation id forwarded to the logger.
11010
+ * @returns A new record containing only the headers that pass the filter,
11011
+ * preserving the original casing of header names.
11012
+ */
11013
+ function filterCustomHeaders(headers, logger, correlationId) {
11014
+ const filtered = {};
11015
+ if (!headers) {
11016
+ return filtered;
11017
+ }
11018
+ for (const [name, value] of Object.entries(headers)) {
11019
+ if (!name || value === undefined || value === null) {
11020
+ continue;
11021
+ }
11022
+ const trimmedName = name.trim();
11023
+ if (!trimmedName) {
11024
+ continue;
11025
+ }
11026
+ const lowerName = trimmedName.toLowerCase();
11027
+ if (!lowerName.startsWith(CustomHeaderConstants.REQUIRED_PREFIX)) {
11028
+ logger?.warningPii("0vzpop", correlationId ?? "");
11029
+ continue;
11030
+ }
11031
+ const reservedPrefix = CustomHeaderConstants.RESERVED_PREFIXES.find((prefix) => lowerName.startsWith(prefix));
11032
+ if (reservedPrefix) {
11033
+ logger?.warningPii("1m3lhk", correlationId ?? "");
11034
+ continue;
11035
+ }
11036
+ filtered[trimmedName] = value;
11037
+ }
11038
+ return filtered;
11039
+ }
11040
+
10966
11041
  /*
10967
11042
  * Copyright (c) Microsoft Corporation. All rights reserved.
10968
11043
  * Licensed under the MIT License.
10969
11044
  */
10970
11045
  class BaseApiClient {
10971
- constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams) {
11046
+ constructor(baseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger) {
10972
11047
  this.clientId = clientId;
10973
11048
  this.httpClient = httpClient;
10974
11049
  this.customAuthApiQueryParams = customAuthApiQueryParams;
11050
+ this.requestInterceptor = requestInterceptor;
11051
+ this.logger = logger;
10975
11052
  this.baseRequestUrl = parseUrl(!baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl);
10976
11053
  }
10977
11054
  async request(endpoint, data, telemetryManager, correlationId) {
@@ -10979,8 +11056,10 @@ class BaseApiClient {
10979
11056
  client_id: this.clientId,
10980
11057
  ...data,
10981
11058
  });
10982
- const headers = this.getCommonHeaders(correlationId, telemetryManager);
11059
+ const commonHeaders = this.getCommonHeaders(correlationId, telemetryManager);
10983
11060
  const url = buildUrl(this.baseRequestUrl.href, endpoint, this.customAuthApiQueryParams);
11061
+ const additionalHeaders = await this.getAdditionalHeaders(url, correlationId);
11062
+ const headers = { ...commonHeaders, ...additionalHeaders };
10984
11063
  let response;
10985
11064
  try {
10986
11065
  response = await this.httpClient.post(url, formData, headers);
@@ -11038,6 +11117,19 @@ class BaseApiClient {
11038
11117
  : responseError.invalid_attributes ?? [];
11039
11118
  throw new CustomAuthApiError(responseError.error, responseError.error_description, responseError.correlation_id, responseError.error_codes, responseError.suberror, attributes, responseError.continuation_token, responseError.trace_id, responseError.timestamp);
11040
11119
  }
11120
+ async getAdditionalHeaders(url, correlationId) {
11121
+ if (!this.requestInterceptor) {
11122
+ return {};
11123
+ }
11124
+ try {
11125
+ const result = await Promise.resolve(this.requestInterceptor.addAdditionalHeaderFields(url));
11126
+ return filterCustomHeaders(result, this.logger, correlationId);
11127
+ }
11128
+ catch (e) {
11129
+ this.logger?.warningPii("1ptwx4", correlationId);
11130
+ return {};
11131
+ }
11132
+ }
11041
11133
  }
11042
11134
 
11043
11135
  /*
@@ -11045,8 +11137,8 @@ class BaseApiClient {
11045
11137
  * Licensed under the MIT License.
11046
11138
  */
11047
11139
  class ResetPasswordApiClient extends BaseApiClient {
11048
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11049
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11140
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11141
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11050
11142
  this.capabilities = capabilities;
11051
11143
  }
11052
11144
  /**
@@ -11129,8 +11221,8 @@ class ResetPasswordApiClient extends BaseApiClient {
11129
11221
  * Licensed under the MIT License.
11130
11222
  */
11131
11223
  class SignupApiClient extends BaseApiClient {
11132
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11133
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11224
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11225
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11134
11226
  this.capabilities = capabilities;
11135
11227
  }
11136
11228
  /**
@@ -11199,8 +11291,8 @@ class SignupApiClient extends BaseApiClient {
11199
11291
  * Licensed under the MIT License.
11200
11292
  */
11201
11293
  class SignInApiClient extends BaseApiClient {
11202
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11203
- super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11294
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11295
+ super(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11204
11296
  this.capabilities = capabilities;
11205
11297
  }
11206
11298
  /**
@@ -11367,11 +11459,11 @@ class RegisterApiClient extends BaseApiClient {
11367
11459
  * Licensed under the MIT License.
11368
11460
  */
11369
11461
  class CustomAuthApiClient {
11370
- constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams) {
11371
- this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11372
- this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11373
- this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams);
11374
- this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams);
11462
+ constructor(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger) {
11463
+ this.signInApi = new SignInApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11464
+ this.signUpApi = new SignupApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11465
+ this.resetPasswordApi = new ResetPasswordApiClient(customAuthApiBaseUrl, clientId, httpClient, capabilities, customAuthApiQueryParams, requestInterceptor, logger);
11466
+ this.registerApi = new RegisterApiClient(customAuthApiBaseUrl, clientId, httpClient, customAuthApiQueryParams, requestInterceptor, logger);
11375
11467
  }
11376
11468
  }
11377
11469
 
@@ -14382,7 +14474,6 @@ const CREDENTIAL_SCHEMA_VERSION = 3;
14382
14474
  const ACCOUNT_SCHEMA_VERSION = 3;
14383
14475
  const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
14384
14476
  const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
14385
- const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom`;
14386
14477
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
14387
14478
  const ACCOUNT_KEYS = "account.keys";
14388
14479
  const TOKEN_KEYS = "token.keys";
@@ -15001,6 +15092,7 @@ class BrowserCacheManager extends CacheManager {
15001
15092
  ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
15002
15093
  : parsedValue;
15003
15094
  if (!decryptedData || !isCredentialEntity(decryptedData)) {
15095
+ this.browserStorage.removeItem(key);
15004
15096
  this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
15005
15097
  return null;
15006
15098
  }
@@ -15031,6 +15123,7 @@ class BrowserCacheManager extends CacheManager {
15031
15123
  const rawValue = this.browserStorage.getItem(accountKey);
15032
15124
  const parsedValue = this.validateAndParseJson(rawValue || "");
15033
15125
  if (!parsedValue) {
15126
+ this.browserStorage.removeItem(accountKey);
15034
15127
  removeElementFromArray(accountKeysToCheck, accountKey);
15035
15128
  continue;
15036
15129
  }
@@ -15045,6 +15138,15 @@ class BrowserCacheManager extends CacheManager {
15045
15138
  await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
15046
15139
  removeElementFromArray(accountKeysToCheck, accountKey);
15047
15140
  }
15141
+ else if (isEncrypted(parsedValue)) {
15142
+ // Remove accounts encrypted with a different key (session cookie expired/changed)
15143
+ const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
15144
+ if (!decrypted) {
15145
+ this.browserStorage.removeItem(accountKey);
15146
+ this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
15147
+ removeElementFromArray(accountKeysToCheck, accountKey);
15148
+ }
15149
+ }
15048
15150
  }
15049
15151
  this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
15050
15152
  }
@@ -16574,7 +16676,7 @@ const USER_CANCEL = "USER_CANCEL";
16574
16676
  const NO_NETWORK = "NO_NETWORK";
16575
16677
  const DISABLED = "DISABLED";
16576
16678
  const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
16577
- const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
16679
+ const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
16578
16680
 
16579
16681
  /*
16580
16682
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -16629,8 +16731,8 @@ function createNativeAuthError(code, description, ext) {
16629
16731
  return createBrowserAuthError(userCancelled);
16630
16732
  case NO_NETWORK:
16631
16733
  return createBrowserAuthError(noNetworkConnectivity);
16632
- case UX_NOT_ALLOWED:
16633
- return createInteractionRequiredAuthError(uxNotAllowed);
16734
+ case UI_NOT_ALLOWED:
16735
+ return createInteractionRequiredAuthError(uiNotAllowed);
16634
16736
  }
16635
16737
  }
16636
16738
  return new NativeAuthError(code, description, ext);
@@ -16861,7 +16963,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16861
16963
  noHistory: false,
16862
16964
  };
16863
16965
  const redirectUri = navigateToLoginRequestUrl
16864
- ? window.location.href
16966
+ ? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
16865
16967
  : getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
16866
16968
  rootMeasurement.end({ success: true });
16867
16969
  await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
@@ -17916,6 +18018,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17916
18018
  };
17917
18019
  const DEFAULT_EXPERIMENTAL_OPTIONS = {
17918
18020
  iframeTimeoutTelemetry: false,
18021
+ allowPlatformBrokerWithDOM: false,
17919
18022
  };
17920
18023
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
17921
18024
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
@@ -18360,9 +18463,8 @@ class PlatformAuthDOMHandler {
18360
18463
  * Copyright (c) Microsoft Corporation. All rights reserved.
18361
18464
  * Licensed under the MIT License.
18362
18465
  */
18363
- async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout) {
18466
+ async function getPlatformAuthProvider(logger, performanceClient, correlationId, nativeBrokerHandshakeTimeout, enablePlatformBrokerDOMSupport) {
18364
18467
  logger.trace("134j0v", correlationId);
18365
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
18366
18468
  logger.trace("04c81g", correlationId);
18367
18469
  let platformAuthProvider;
18368
18470
  try {
@@ -18386,22 +18488,6 @@ async function getPlatformAuthProvider(logger, performanceClient, correlationId,
18386
18488
  }
18387
18489
  return platformAuthProvider;
18388
18490
  }
18389
- /**
18390
- * Returns true if the DOM API support for platform auth is enabled in session storage
18391
- * @returns boolean
18392
- * @deprecated
18393
- */
18394
- function isDomEnabledForPlatformAuth() {
18395
- let sessionStorage;
18396
- try {
18397
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
18398
- // Mute errors if it's a non-browser environment or cookies are blocked.
18399
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
18400
- }
18401
- catch (e) {
18402
- return false;
18403
- }
18404
- }
18405
18491
  /**
18406
18492
  * Returns boolean indicating whether or not the request should attempt to use platform broker
18407
18493
  * @param logger
@@ -18412,6 +18498,11 @@ function isDomEnabledForPlatformAuth() {
18412
18498
  */
18413
18499
  function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvider, authenticationScheme) {
18414
18500
  logger.trace("0uko3r", correlationId);
18501
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
18502
+ if (!config.system.allowPlatformBroker &&
18503
+ config.experimental.allowPlatformBrokerWithDOM) {
18504
+ throw createClientConfigurationError(invalidPlatformBrokerConfiguration);
18505
+ }
18415
18506
  if (!config.system.allowPlatformBroker) {
18416
18507
  logger.trace("04hozs", correlationId);
18417
18508
  // Developer disabled WAM
@@ -18441,10 +18532,11 @@ function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvid
18441
18532
  * Licensed under the MIT License.
18442
18533
  */
18443
18534
  class PopupClient extends StandardInteractionClient {
18444
- constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
18535
+ constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
18445
18536
  super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
18446
18537
  this.nativeStorage = nativeStorageImpl;
18447
18538
  this.eventHandler = eventHandler;
18539
+ this.waitForPopupResponseHook = waitForPopupResponseHook;
18448
18540
  }
18449
18541
  /**
18450
18542
  * Acquires tokens by opening a popup window to the /authorize endpoint of the authority
@@ -18578,7 +18670,7 @@ class PopupClient extends StandardInteractionClient {
18578
18670
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
18579
18671
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
18580
18672
  // Wait for the redirect bridge response
18581
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18673
+ const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
18582
18674
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18583
18675
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18584
18676
  }
@@ -18613,7 +18705,7 @@ class PopupClient extends StandardInteractionClient {
18613
18705
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
18614
18706
  form.submit();
18615
18707
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18616
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
18708
+ const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
18617
18709
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18618
18710
  if (!serverParams.ear_jwe && serverParams.code) {
18619
18711
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -18638,7 +18730,7 @@ class PopupClient extends StandardInteractionClient {
18638
18730
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
18639
18731
  form.submit();
18640
18732
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18641
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18733
+ const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
18642
18734
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18643
18735
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18644
18736
  }
@@ -18695,7 +18787,7 @@ class PopupClient extends StandardInteractionClient {
18695
18787
  // Open the popup window to requestUrl.
18696
18788
  const popupWindow = this.openPopup(logoutUri, popupParams);
18697
18789
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
18698
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
18790
+ await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
18699
18791
  // Swallow any errors related to monitoring the window. Server logout is best effort
18700
18792
  });
18701
18793
  if (mainWindowRedirectUri) {
@@ -18774,6 +18866,19 @@ class PopupClient extends StandardInteractionClient {
18774
18866
  if (!popupWindow) {
18775
18867
  throw createBrowserAuthError(emptyWindowError);
18776
18868
  }
18869
+ try {
18870
+ popupWindow.document.title = "Microsoft Authentication";
18871
+ }
18872
+ catch (e) {
18873
+ if (typeof DOMException !== "undefined" &&
18874
+ e instanceof DOMException &&
18875
+ e.name === "SecurityError") {
18876
+ // Cross-origin - title cannot be set
18877
+ }
18878
+ else {
18879
+ this.logger.verbose("1s1yfs", this.correlationId);
18880
+ }
18881
+ }
18777
18882
  if (popupWindow.focus) {
18778
18883
  popupWindow.focus();
18779
18884
  }
@@ -18852,6 +18957,12 @@ class PopupClient extends StandardInteractionClient {
18852
18957
  const homeAccountId = request.account && request.account.homeAccountId;
18853
18958
  return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
18854
18959
  }
18960
+ async waitForPopupResponse(request, popupWindow, popupWindowParent) {
18961
+ if (this.waitForPopupResponseHook) {
18962
+ return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
18963
+ }
18964
+ return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
18965
+ }
18855
18966
  }
18856
18967
 
18857
18968
  /*
@@ -19005,6 +19116,8 @@ class RedirectClient extends StandardInteractionClient {
19005
19116
  * @param options {HandleRedirectPromiseOptions} options for handling redirect promise
19006
19117
  */
19007
19118
  async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
19119
+ const originalTitle = document.title;
19120
+ document.title = "Microsoft Authentication";
19008
19121
  const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19009
19122
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
19010
19123
  try {
@@ -19087,6 +19200,9 @@ class RedirectClient extends StandardInteractionClient {
19087
19200
  }
19088
19201
  throw e;
19089
19202
  }
19203
+ finally {
19204
+ document.title = originalTitle;
19205
+ }
19090
19206
  }
19091
19207
  /**
19092
19208
  * Gets the response hash for a redirect request
@@ -19342,6 +19458,7 @@ function loadFrameSync(urlNavigate) {
19342
19458
  function createHiddenIframe() {
19343
19459
  const authFrame = document.createElement("iframe");
19344
19460
  authFrame.className = "msalSilentIframe";
19461
+ authFrame.title = "Microsoft Authentication";
19345
19462
  authFrame.style.visibility = "hidden";
19346
19463
  authFrame.style.position = "absolute";
19347
19464
  authFrame.style.width = authFrame.style.height = "0";
@@ -19367,10 +19484,11 @@ function removeHiddenIframe(iframe) {
19367
19484
  * Licensed under the MIT License.
19368
19485
  */
19369
19486
  class SilentIframeClient extends StandardInteractionClient {
19370
- constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
19487
+ constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
19371
19488
  super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
19372
19489
  this.apiId = apiId;
19373
19490
  this.nativeStorage = nativeStorageImpl;
19491
+ this.waitForIframeResponseHook = waitForIframeResponseHook;
19374
19492
  }
19375
19493
  /**
19376
19494
  * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
@@ -19459,7 +19577,7 @@ class SilentIframeClient extends StandardInteractionClient {
19459
19577
  const responseType = this.config.auth.OIDCOptions.responseMode;
19460
19578
  let responseString;
19461
19579
  try {
19462
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
19580
+ responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19463
19581
  }
19464
19582
  finally {
19465
19583
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19557,7 +19675,7 @@ class SilentIframeClient extends StandardInteractionClient {
19557
19675
  // Wait for response from the redirect bridge.
19558
19676
  let responseString;
19559
19677
  try {
19560
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
19678
+ responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19561
19679
  }
19562
19680
  finally {
19563
19681
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19565,6 +19683,12 @@ class SilentIframeClient extends StandardInteractionClient {
19565
19683
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19566
19684
  return { serverParams, pkceCodes, silentRequest };
19567
19685
  }
19686
+ async waitForIframeResponse(iframe, request) {
19687
+ if (this.waitForIframeResponseHook) {
19688
+ return this.waitForIframeResponseHook(iframe, request);
19689
+ }
19690
+ return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
19691
+ }
19568
19692
  }
19569
19693
 
19570
19694
  /*
@@ -19859,7 +19983,7 @@ class StandardController {
19859
19983
  if (allowPlatformBroker) {
19860
19984
  try {
19861
19985
  // check if platform authentication is available via DOM or browser extension and create relevant handlers
19862
- this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout);
19986
+ this.platformAuthProvider = await getPlatformAuthProvider(this.logger, this.performanceClient, correlationId, this.config.system.nativeBrokerHandshakeTimeout, this.config.experimental.allowPlatformBrokerWithDOM);
19863
19987
  }
19864
19988
  catch (e) {
19865
19989
  this.logger.verbose(e, correlationId);
@@ -20766,7 +20890,7 @@ class StandardController {
20766
20890
  * @param correlationId
20767
20891
  */
20768
20892
  createPopupClient(correlationId) {
20769
- return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
20893
+ return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
20770
20894
  }
20771
20895
  /**
20772
20896
  * Returns new instance of the Redirect Interaction Client
@@ -20780,7 +20904,7 @@ class StandardController {
20780
20904
  * @param correlationId
20781
20905
  */
20782
20906
  createSilentIframeClient(correlationId) {
20783
- return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
20907
+ return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
20784
20908
  }
20785
20909
  /**
20786
20910
  * Returns new instance of the Silent Cache Interaction Client
@@ -21241,7 +21365,7 @@ class CustomAuthStandardController extends StandardController {
21241
21365
  this.customAuthConfig = operatingContext.getCustomAuthConfig();
21242
21366
  this.authority = new CustomAuthAuthority(this.customAuthConfig.auth.authority, this.customAuthConfig, this.networkClient, this.browserStorage, this.logger, this.performanceClient, this.customAuthConfig.customAuth?.authApiProxyUrl);
21243
21367
  const interactionClientFactory = new CustomAuthInterationClientFactory(this.customAuthConfig, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, customAuthApiClient ??
21244
- new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams), this.authority);
21368
+ new CustomAuthApiClient(this.authority.getCustomAuthApiDomain(), this.customAuthConfig.auth.clientId, new FetchHttpClient(this.logger), this.customAuthConfig.customAuth?.capabilities?.join(" "), this.customAuthConfig.customAuth?.customAuthApiQueryParams, this.customAuthConfig.customAuth?.requestInterceptor, this.logger), this.authority);
21245
21369
  this.signInClient = interactionClientFactory.create(SignInClient);
21246
21370
  this.signUpClient = interactionClientFactory.create(SignUpClient);
21247
21371
  this.resetPasswordClient =
@@ -21549,7 +21673,7 @@ class BaseOperatingContext {
21549
21673
  return;
21550
21674
  }
21551
21675
  }
21552
- constructor(config) {
21676
+ constructor(config, responseHandlers) {
21553
21677
  /*
21554
21678
  * If loaded in an environment where window is not available,
21555
21679
  * set internal flag to false so that further requests fail.
@@ -21557,6 +21681,7 @@ class BaseOperatingContext {
21557
21681
  */
21558
21682
  this.browserEnvironment = typeof window !== "undefined";
21559
21683
  this.config = buildConfiguration(config, this.browserEnvironment);
21684
+ this.responseHandlers = responseHandlers;
21560
21685
  let sessionStorage;
21561
21686
  try {
21562
21687
  sessionStorage = window[BrowserCacheLocation.SessionStorage];
@@ -21593,6 +21718,13 @@ class BaseOperatingContext {
21593
21718
  getConfig() {
21594
21719
  return this.config;
21595
21720
  }
21721
+ /**
21722
+ * Returns the internal response handlers supplied by PublicClientApplication, if any.
21723
+ * @returns AuthResponseHandlers | undefined
21724
+ */
21725
+ getResponseHandlers() {
21726
+ return this.responseHandlers;
21727
+ }
21596
21728
  /**
21597
21729
  * Returns the MSAL Logger
21598
21730
  * @returns Logger
@@ -21957,7 +22089,48 @@ class PublicClientApplication {
21957
22089
  constructor(configuration, controller) {
21958
22090
  this.controller =
21959
22091
  controller ||
21960
- new StandardController(new StandardOperatingContext(configuration));
22092
+ new StandardController(new StandardOperatingContext(configuration, {
22093
+ waitForPopupResponse: this.waitForPopupResponse.bind(this),
22094
+ waitForIframeResponse: this.waitForIframeResponse.bind(this),
22095
+ }));
22096
+ }
22097
+ /**
22098
+ * Waits for the auth response from a popup window opened by MSAL.
22099
+ *
22100
+ * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
22101
+ * Subclasses must return the raw response string (hash/query/fragment), or reject
22102
+ * with an `AuthError` on failure.
22103
+ *
22104
+ * @internal
22105
+ * @param request The in-flight authorization or end-session request.
22106
+ * @param popupWindow The popup window opened by MSAL.
22107
+ * @param popupWindowParent The parent window that opened the popup.
22108
+ */
22109
+ async waitForPopupResponse(request,
22110
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22111
+ popupWindow,
22112
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22113
+ popupWindowParent) {
22114
+ const controller = this.controller;
22115
+ return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
22116
+ }
22117
+ /**
22118
+ * Waits for the auth response from a hidden iframe used by MSAL silent flows.
22119
+ *
22120
+ * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
22121
+ * Subclasses must return the raw response string (hash/query/fragment), or reject
22122
+ * with an `AuthError` on failure.
22123
+ *
22124
+ * @internal
22125
+ * @param iframe The hidden iframe MSAL attached to the document.
22126
+ * @param request The in-flight authorization request.
22127
+ */
22128
+ async waitForIframeResponse(
22129
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22130
+ iframe, request) {
22131
+ const controller = this.controller;
22132
+ const config = controller.getConfiguration();
22133
+ return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
21961
22134
  }
21962
22135
  /**
21963
22136
  * Initializer function to perform async startup tasks such as connecting to WAM extension