@azure/msal-browser 5.11.0 → 5.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (267) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +44 -2
  4. package/dist/app/PublicClientApplication.mjs.map +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  9. package/dist/cache/AccountManager.mjs +1 -1
  10. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  11. package/dist/cache/BrowserCacheManager.mjs +99 -15
  12. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.mjs +1 -1
  15. package/dist/cache/CookieStorage.mjs +1 -1
  16. package/dist/cache/DatabaseStorage.mjs +1 -1
  17. package/dist/cache/EncryptedData.mjs +1 -1
  18. package/dist/cache/LocalStorage.mjs +1 -1
  19. package/dist/cache/MemoryStorage.mjs +1 -1
  20. package/dist/cache/SessionStorage.mjs +1 -1
  21. package/dist/cache/TokenCache.mjs +1 -1
  22. package/dist/config/Configuration.mjs +3 -2
  23. package/dist/config/Configuration.mjs.map +1 -1
  24. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  25. package/dist/controllers/StandardController.mjs +5 -5
  26. package/dist/controllers/StandardController.mjs.map +1 -1
  27. package/dist/crypto/BrowserCrypto.mjs +1 -1
  28. package/dist/crypto/CryptoOps.mjs +1 -1
  29. package/dist/crypto/PkceGenerator.mjs +1 -1
  30. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  31. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  32. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  33. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  34. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  51. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  52. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  53. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  54. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  55. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  57. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  58. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  59. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  60. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  61. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  62. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  63. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  64. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  66. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  83. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  84. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  85. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  86. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  87. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  90. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  91. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  92. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  93. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  94. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  95. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  96. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  97. package/dist/custom_auth/index.mjs +1 -1
  98. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  103. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  104. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  105. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  109. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  116. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  122. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  123. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  130. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  136. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  137. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  138. package/dist/encode/Base64Decode.mjs +1 -1
  139. package/dist/encode/Base64Encode.mjs +1 -1
  140. package/dist/error/BrowserAuthError.mjs +1 -1
  141. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  142. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  143. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  144. package/dist/error/NativeAuthError.mjs +4 -4
  145. package/dist/error/NativeAuthError.mjs.map +1 -1
  146. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  147. package/dist/error/NestedAppAuthError.mjs +1 -1
  148. package/dist/event/EventHandler.mjs +1 -1
  149. package/dist/event/EventMessage.mjs +1 -1
  150. package/dist/event/EventType.mjs +1 -1
  151. package/dist/index.mjs +1 -1
  152. package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
  153. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  154. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  155. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +7 -6
  156. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  157. package/dist/interaction_client/PopupClient.mjs +30 -10
  158. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  159. package/dist/interaction_client/RedirectClient.mjs +17 -9
  160. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  161. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  162. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  163. package/dist/interaction_client/SilentCacheClient.mjs +2 -2
  164. package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
  165. package/dist/interaction_client/SilentIframeClient.mjs +49 -20
  166. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  167. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  168. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  169. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  170. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  171. package/dist/interaction_handler/SilentHandler.mjs +13 -26
  172. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  173. package/dist/log-strings-mapping.json +1202 -1194
  174. package/dist/naa/BridgeError.mjs +1 -1
  175. package/dist/naa/BridgeProxy.mjs +1 -1
  176. package/dist/naa/BridgeStatusCode.mjs +1 -1
  177. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  178. package/dist/navigation/NavigationClient.mjs +1 -1
  179. package/dist/network/FetchClient.mjs +1 -1
  180. package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
  181. package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
  182. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  183. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  184. package/dist/packageMetadata.mjs +2 -2
  185. package/dist/protocol/Authorize.mjs +1 -1
  186. package/dist/redirect_bridge/index.mjs +4 -5
  187. package/dist/redirect_bridge/index.mjs.map +1 -1
  188. package/dist/request/RequestHelpers.mjs +1 -1
  189. package/dist/response/ResponseHandler.mjs +1 -1
  190. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  191. package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
  192. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  193. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  194. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  195. package/dist/utils/BrowserConstants.mjs +1 -1
  196. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  197. package/dist/utils/BrowserUtils.mjs +15 -5
  198. package/dist/utils/BrowserUtils.mjs.map +1 -1
  199. package/dist/utils/Helpers.mjs +1 -1
  200. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  201. package/lib/custom-auth-path/log-strings-mapping.json +19 -11
  202. package/lib/custom-auth-path/msal-custom-auth.cjs +511 -263
  203. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  204. package/lib/custom-auth-path/msal-custom-auth.js +511 -263
  205. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  206. package/lib/log-strings-mapping.json +11 -3
  207. package/lib/msal-browser.cjs +539 -267
  208. package/lib/msal-browser.cjs.map +1 -1
  209. package/lib/msal-browser.js +539 -267
  210. package/lib/msal-browser.js.map +1 -1
  211. package/lib/msal-browser.min.js +2 -2
  212. package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
  213. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  214. package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
  215. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  216. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  217. package/package.json +2 -2
  218. package/src/app/PublicClientApplication.ts +85 -1
  219. package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
  220. package/src/cache/BrowserCacheManager.ts +157 -33
  221. package/src/config/Configuration.ts +6 -0
  222. package/src/controllers/StandardController.ts +10 -8
  223. package/src/error/NativeAuthError.ts +2 -2
  224. package/src/interaction_client/BaseInteractionClient.ts +12 -1
  225. package/src/interaction_client/PlatformAuthInteractionClient.ts +14 -4
  226. package/src/interaction_client/PopupClient.ts +74 -30
  227. package/src/interaction_client/RedirectClient.ts +32 -8
  228. package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
  229. package/src/interaction_client/SilentCacheClient.ts +3 -1
  230. package/src/interaction_client/SilentIframeClient.ts +140 -74
  231. package/src/interaction_client/SilentRefreshClient.ts +3 -1
  232. package/src/interaction_handler/SilentHandler.ts +12 -32
  233. package/src/operatingcontext/BaseOperatingContext.ts +15 -1
  234. package/src/packageMetadata.ts +1 -1
  235. package/src/redirect_bridge/index.ts +3 -7
  236. package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
  237. package/src/utils/BrowserUtils.ts +28 -7
  238. package/types/app/PublicClientApplication.d.ts +37 -1
  239. package/types/app/PublicClientApplication.d.ts.map +1 -1
  240. package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
  241. package/types/cache/BrowserCacheManager.d.ts +18 -1
  242. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  243. package/types/config/Configuration.d.ts +5 -0
  244. package/types/config/Configuration.d.ts.map +1 -1
  245. package/types/controllers/StandardController.d.ts.map +1 -1
  246. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  247. package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
  248. package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  249. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  250. package/types/interaction_client/PopupClient.d.ts +11 -1
  251. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  252. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  253. package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  254. package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
  255. package/types/interaction_client/SilentIframeClient.d.ts +20 -1
  256. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  257. package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  258. package/types/interaction_handler/SilentHandler.d.ts +13 -6
  259. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  260. package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
  261. package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
  262. package/types/packageMetadata.d.ts +1 -1
  263. package/types/redirect_bridge/index.d.ts.map +1 -1
  264. package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
  265. package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  266. package/types/utils/BrowserUtils.d.ts +17 -2
  267. package/types/utils/BrowserUtils.d.ts.map +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.11.0 2026-05-19 */
1
+ /*! @azure/msal-browser v5.13.0 2026-06-10 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.6.2 2026-05-19 */
9
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -233,7 +233,7 @@
233
233
  // Token renewal offset default in seconds
234
234
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
235
235
 
236
- /*! @azure/msal-common v16.6.2 2026-05-19 */
236
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
237
237
  /*
238
238
  * Copyright (c) Microsoft Corporation. All rights reserved.
239
239
  * Licensed under the MIT License.
@@ -285,7 +285,7 @@
285
285
  const RESOURCE = "resource";
286
286
  const CLI_DATA = "clidata";
287
287
 
288
- /*! @azure/msal-common v16.6.2 2026-05-19 */
288
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
289
289
  /*
290
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
291
291
  * Licensed under the MIT License.
@@ -316,7 +316,7 @@
316
316
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
317
317
  }
318
318
 
319
- /*! @azure/msal-common v16.6.2 2026-05-19 */
319
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
320
320
 
321
321
  /*
322
322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -336,7 +336,7 @@
336
336
  return new ClientConfigurationError(errorCode);
337
337
  }
338
338
 
339
- /*! @azure/msal-common v16.6.2 2026-05-19 */
339
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
340
340
  /*
341
341
  * Copyright (c) Microsoft Corporation. All rights reserved.
342
342
  * Licensed under the MIT License.
@@ -416,7 +416,7 @@
416
416
  }
417
417
  }
418
418
 
419
- /*! @azure/msal-common v16.6.2 2026-05-19 */
419
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
420
420
 
421
421
  /*
422
422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -439,7 +439,7 @@
439
439
  return new ClientAuthError(errorCode, additionalMessage);
440
440
  }
441
441
 
442
- /*! @azure/msal-common v16.6.2 2026-05-19 */
442
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
443
443
  /*
444
444
  * Copyright (c) Microsoft Corporation. All rights reserved.
445
445
  * Licensed under the MIT License.
@@ -465,7 +465,7 @@
465
465
  const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
466
466
  const issuerValidationFailed = "issuer_validation_failed";
467
467
 
468
- /*! @azure/msal-common v16.6.2 2026-05-19 */
468
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
469
469
  /*
470
470
  * Copyright (c) Microsoft Corporation. All rights reserved.
471
471
  * Licensed under the MIT License.
@@ -504,7 +504,7 @@
504
504
  const resourceParameterRequired = "resource_parameter_required";
505
505
  const misplacedResourceParam = "misplaced_resource_parameter";
506
506
 
507
- /*! @azure/msal-common v16.6.2 2026-05-19 */
507
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
508
508
 
509
509
  /*
510
510
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -699,7 +699,7 @@
699
699
  }
700
700
  }
701
701
 
702
- /*! @azure/msal-common v16.6.2 2026-05-19 */
702
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
703
703
 
704
704
  /*
705
705
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1048,8 +1048,14 @@
1048
1048
  * @param serverTelemetryManager
1049
1049
  */
1050
1050
  function addServerTelemetry(parameters, serverTelemetryManager) {
1051
- parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
1052
- parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
1051
+ const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
1052
+ const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
1053
+ if (currentTelemetryHeader) {
1054
+ parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
1055
+ }
1056
+ if (lastTelemetryHeader) {
1057
+ parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
1058
+ }
1053
1059
  }
1054
1060
  /**
1055
1061
  * Adds parameter that indicates to the server that throttling is supported
@@ -1088,34 +1094,12 @@
1088
1094
  }
1089
1095
  }
1090
1096
 
1091
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1097
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1092
1098
 
1093
1099
  /*
1094
1100
  * Copyright (c) Microsoft Corporation. All rights reserved.
1095
1101
  * Licensed under the MIT License.
1096
1102
  */
1097
- /**
1098
- * Canonicalizes a URL by making it lowercase and ensuring it ends with /
1099
- * Inlined version of UrlString.canonicalizeUri to avoid circular dependency
1100
- * @param url - URL to canonicalize
1101
- * @returns Canonicalized URL
1102
- */
1103
- function canonicalizeUrl(url) {
1104
- if (!url) {
1105
- return url;
1106
- }
1107
- let lowerCaseUrl = url.toLowerCase();
1108
- if (StringUtils.endsWith(lowerCaseUrl, "?")) {
1109
- lowerCaseUrl = lowerCaseUrl.slice(0, -1);
1110
- }
1111
- else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
1112
- lowerCaseUrl = lowerCaseUrl.slice(0, -2);
1113
- }
1114
- if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
1115
- lowerCaseUrl += "/";
1116
- }
1117
- return lowerCaseUrl;
1118
- }
1119
1103
  /**
1120
1104
  * Parses hash string from given string. Returns empty string if no hash symbol is found.
1121
1105
  * @param hashString
@@ -1168,36 +1152,71 @@
1168
1152
  return queryParameterArray.join("&");
1169
1153
  }
1170
1154
  /**
1171
- * Normalizes URLs for comparison by removing hash, canonicalizing,
1172
- * and ensuring consistent URL encoding in query parameters.
1173
- * This fixes redirect loops when URLs contain encoded characters like apostrophes (%27).
1155
+ * Normalizes URLs for comparison per MDN & RFC 3986 standards:
1156
+ * - Hash/fragment is removed
1157
+ * - Scheme and host are lowercased (case-insensitive per spec)
1158
+ * - Path and query parameters preserve original casing (case-sensitive per spec)
1159
+ * - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
1160
+ * - Ensures pathname ends with /
1161
+ * Throws a urlParseError if the provided URL is malformed and cannot be parsed.
1174
1162
  * @param url - URL to normalize
1163
+ * @param logger - Optional logger used to log parse failures
1164
+ * @param correlationId - Optional correlationId associated with the log entry
1175
1165
  * @returns Normalized URL string for comparison
1176
1166
  */
1177
- function normalizeUrlForComparison(url) {
1167
+ function normalizeUrlForComparison(url, logger, correlationId) {
1178
1168
  if (!url) {
1179
1169
  return url;
1180
1170
  }
1181
- // Remove hash first
1182
1171
  const urlWithoutHash = url.split("#")[0];
1172
+ if (!urlWithoutHash) {
1173
+ return urlWithoutHash;
1174
+ }
1183
1175
  try {
1184
- // Parse the URL to handle encoding consistently
1185
1176
  const urlObj = new URL(urlWithoutHash);
1186
- /*
1187
- * Reconstruct the URL with properly decoded query parameters
1188
- * This ensures that %27 and ' are treated as equivalent
1189
- */
1190
- const normalizedUrl = urlObj.origin + urlObj.pathname + urlObj.search;
1191
- // Apply canonicalization logic inline to avoid circular dependency
1192
- return canonicalizeUrl(normalizedUrl);
1177
+ // Treat an empty query string (a bare trailing "?") as equivalent to no query
1178
+ if (!urlObj.search) {
1179
+ urlObj.search = "";
1180
+ }
1181
+ // Decode the pathname to normalize percent-encoding and ensure trailing slash
1182
+ let pathname;
1183
+ try {
1184
+ pathname = decodeURIComponent(urlObj.pathname);
1185
+ }
1186
+ catch (e) {
1187
+ pathname = urlObj.pathname;
1188
+ }
1189
+ if (!pathname.endsWith("/")) {
1190
+ pathname += "/";
1191
+ }
1192
+ urlObj.pathname = pathname;
1193
+ return urlObj.href;
1194
+ }
1195
+ catch (e) {
1196
+ logger?.error("15apdm", correlationId || "");
1197
+ throw createClientConfigurationError(urlParseError);
1198
+ }
1199
+ }
1200
+ /**
1201
+ * Validates that the provided value is a well-formed, parseable absolute URL.
1202
+ * Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
1203
+ * literal string "null", an empty string, or any malformed/relative URL). Use this
1204
+ * to guard against persisting an invalid value (such as a redirect URL) to the cache.
1205
+ * @param url - URL to validate
1206
+ * @param logger - Optional logger used to log validation failures
1207
+ * @param correlationId - Optional correlationId associated with the log entry
1208
+ */
1209
+ function validateUrl(url, logger, correlationId) {
1210
+ try {
1211
+ new URL(url);
1193
1212
  }
1194
1213
  catch (e) {
1195
- // Fallback to original logic if URL parsing fails
1196
- return canonicalizeUrl(urlWithoutHash);
1214
+ logger?.error("1lrjz7", correlationId || "");
1215
+ throw createClientConfigurationError(urlParseError);
1197
1216
  }
1198
1217
  }
1199
1218
 
1200
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1219
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1201
1220
 
1202
1221
  /*
1203
1222
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1236,7 +1255,7 @@
1236
1255
  },
1237
1256
  };
1238
1257
 
1239
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1258
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1240
1259
  /*
1241
1260
  * Copyright (c) Microsoft Corporation. All rights reserved.
1242
1261
  * Licensed under the MIT License.
@@ -1284,7 +1303,7 @@
1284
1303
  // Remove LRU (first entry) if capacity exceeded
1285
1304
  if (correlationCache.size > CACHE_CAPACITY) {
1286
1305
  const firstKey = correlationCache.keys().next().value;
1287
- if (firstKey) {
1306
+ if (firstKey !== undefined) {
1288
1307
  correlationCache.delete(firstKey);
1289
1308
  }
1290
1309
  }
@@ -1497,12 +1516,12 @@
1497
1516
  }
1498
1517
  }
1499
1518
 
1500
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1519
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1501
1520
  /* eslint-disable header/header */
1502
1521
  const name$1 = "@azure/msal-common";
1503
- const version$1 = "16.6.2";
1522
+ const version$1 = "16.8.0";
1504
1523
 
1505
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1524
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1506
1525
  /*
1507
1526
  * Copyright (c) Microsoft Corporation. All rights reserved.
1508
1527
  * Licensed under the MIT License.
@@ -1511,7 +1530,7 @@
1511
1530
  // AzureCloudInstance is not specified.
1512
1531
  None: "none"};
1513
1532
 
1514
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1533
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1515
1534
  /*
1516
1535
  * Copyright (c) Microsoft Corporation. All rights reserved.
1517
1536
  * Licensed under the MIT License.
@@ -1594,7 +1613,7 @@
1594
1613
  return updatedAccountInfo;
1595
1614
  }
1596
1615
 
1597
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1616
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1598
1617
 
1599
1618
  /*
1600
1619
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1674,7 +1693,7 @@
1674
1693
  }
1675
1694
  }
1676
1695
 
1677
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1696
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1678
1697
 
1679
1698
  /*
1680
1699
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1831,7 +1850,7 @@
1831
1850
  }
1832
1851
  }
1833
1852
 
1834
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1853
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1835
1854
 
1836
1855
  /*
1837
1856
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1997,7 +2016,7 @@
1997
2016
  return null;
1998
2017
  }
1999
2018
 
2000
- /*! @azure/msal-common v16.6.2 2026-05-19 */
2019
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2001
2020
  /*
2002
2021
  * Copyright (c) Microsoft Corporation. All rights reserved.
2003
2022
  * Licensed under the MIT License.
@@ -2005,7 +2024,7 @@
2005
2024
  const cacheQuotaExceeded = "cache_quota_exceeded";
2006
2025
  const cacheErrorUnknown = "cache_error_unknown";
2007
2026
 
2008
- /*! @azure/msal-common v16.6.2 2026-05-19 */
2027
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2009
2028
 
2010
2029
  /*
2011
2030
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2043,7 +2062,7 @@
2043
2062
  }
2044
2063
  }
2045
2064
 
2046
- /*! @azure/msal-common v16.6.2 2026-05-19 */
2065
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2047
2066
 
2048
2067
  /*
2049
2068
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2081,7 +2100,7 @@
2081
2100
  };
2082
2101
  }
2083
2102
 
2084
- /*! @azure/msal-common v16.6.2 2026-05-19 */
2103
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2085
2104
  /*
2086
2105
  * Copyright (c) Microsoft Corporation. All rights reserved.
2087
2106
  * Licensed under the MIT License.
@@ -2096,7 +2115,7 @@
2096
2115
  Ciam: 3,
2097
2116
  };
2098
2117
 
2099
- /*! @azure/msal-common v16.6.2 2026-05-19 */
2118
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2100
2119
  /*
2101
2120
  * Copyright (c) Microsoft Corporation. All rights reserved.
2102
2121
  * Licensed under the MIT License.
@@ -2118,7 +2137,7 @@
2118
2137
  return null;
2119
2138
  }
2120
2139
 
2121
- /*! @azure/msal-common v16.6.2 2026-05-19 */
2140
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2122
2141
  /*
2123
2142
  * Copyright (c) Microsoft Corporation. All rights reserved.
2124
2143
  * Licensed under the MIT License.
@@ -2142,7 +2161,7 @@
2142
2161
  EAR: "EAR",
2143
2162
  };
2144
2163
 
2145
- /*! @azure/msal-common v16.6.2 2026-05-19 */
2164
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2146
2165
  /**
2147
2166
  * Returns the AccountInfo interface for this account.
2148
2167
  */
@@ -2317,7 +2336,7 @@
2317
2336
  entity.hasOwnProperty("authorityType"));
2318
2337
  }
2319
2338
 
2320
- /*! @azure/msal-common v16.6.2 2026-05-19 */
2339
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2321
2340
 
2322
2341
  /*
2323
2342
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2457,8 +2476,8 @@
2457
2476
  return false;
2458
2477
  }
2459
2478
  if (!!tenantProfileFilter.username &&
2460
- !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
2461
- !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
2479
+ !this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
2480
+ !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
2462
2481
  return false;
2463
2482
  }
2464
2483
  if (!!tenantProfileFilter.loginHint &&
@@ -3448,7 +3467,7 @@
3448
3467
  }
3449
3468
  }
3450
3469
 
3451
- /*! @azure/msal-common v16.6.2 2026-05-19 */
3470
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3452
3471
  /*
3453
3472
  * Copyright (c) Microsoft Corporation. All rights reserved.
3454
3473
  * Licensed under the MIT License.
@@ -3462,7 +3481,7 @@
3462
3481
  const PerformanceEventStatus = {
3463
3482
  InProgress: 1};
3464
3483
 
3465
- /*! @azure/msal-common v16.6.2 2026-05-19 */
3484
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3466
3485
 
3467
3486
  /*
3468
3487
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3517,7 +3536,7 @@
3517
3536
  }
3518
3537
  }
3519
3538
 
3520
- /*! @azure/msal-common v16.6.2 2026-05-19 */
3539
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3521
3540
 
3522
3541
  /*
3523
3542
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3612,7 +3631,7 @@
3612
3631
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3613
3632
  }
3614
3633
 
3615
- /*! @azure/msal-common v16.6.2 2026-05-19 */
3634
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3616
3635
  /*
3617
3636
  * Copyright (c) Microsoft Corporation. All rights reserved.
3618
3637
  * Licensed under the MIT License.
@@ -3639,7 +3658,7 @@
3639
3658
  }
3640
3659
  }
3641
3660
 
3642
- /*! @azure/msal-common v16.6.2 2026-05-19 */
3661
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3643
3662
  /*
3644
3663
  * Copyright (c) Microsoft Corporation. All rights reserved.
3645
3664
  * Licensed under the MIT License.
@@ -3704,7 +3723,7 @@
3704
3723
  return cachedAtSec > nowSeconds();
3705
3724
  }
3706
3725
 
3707
- /*! @azure/msal-common v16.6.2 2026-05-19 */
3726
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3708
3727
 
3709
3728
  /*
3710
3729
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3963,7 +3982,7 @@
3963
3982
  return metadata.expiresAt <= nowSeconds();
3964
3983
  }
3965
3984
 
3966
- /*! @azure/msal-common v16.6.2 2026-05-19 */
3985
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3967
3986
  /*
3968
3987
  * Copyright (c) Microsoft Corporation. All rights reserved.
3969
3988
  * Licensed under the MIT License.
@@ -4034,7 +4053,7 @@
4034
4053
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4035
4054
  const SetUserData = "setUserData";
4036
4055
 
4037
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4056
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4038
4057
  /*
4039
4058
  * Copyright (c) Microsoft Corporation. All rights reserved.
4040
4059
  * Licensed under the MIT License.
@@ -4127,7 +4146,7 @@
4127
4146
  };
4128
4147
  };
4129
4148
 
4130
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4149
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4131
4150
 
4132
4151
  /*
4133
4152
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4207,7 +4226,7 @@
4207
4226
  }
4208
4227
  }
4209
4228
 
4210
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4229
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4211
4230
  /*
4212
4231
  * Copyright (c) Microsoft Corporation. All rights reserved.
4213
4232
  * Licensed under the MIT License.
@@ -4231,7 +4250,7 @@
4231
4250
  * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4232
4251
  * @public
4233
4252
  */
4234
- const uxNotAllowed = "ux_not_allowed";
4253
+ const uiNotAllowed = "ui_not_allowed";
4235
4254
  /**
4236
4255
  * Server-originated error code indicating interaction is required to complete the request.
4237
4256
  * @public
@@ -4258,7 +4277,7 @@
4258
4277
  */
4259
4278
  const interruptedUser = "interrupted_user";
4260
4279
 
4261
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4280
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4262
4281
 
4263
4282
  /*
4264
4283
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4272,7 +4291,7 @@
4272
4291
  consentRequired,
4273
4292
  loginRequired,
4274
4293
  badToken,
4275
- uxNotAllowed,
4294
+ uiNotAllowed,
4276
4295
  interruptedUser,
4277
4296
  ];
4278
4297
  const InteractionRequiredAuthSubErrorMessage = [
@@ -4282,7 +4301,7 @@
4282
4301
  "user_password_expired",
4283
4302
  "consent_required",
4284
4303
  "bad_token",
4285
- "ux_not_allowed",
4304
+ "ui_not_allowed",
4286
4305
  "interrupted_user",
4287
4306
  ];
4288
4307
  /**
@@ -4326,7 +4345,7 @@
4326
4345
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4327
4346
  }
4328
4347
 
4329
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4348
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4330
4349
 
4331
4350
  /*
4332
4351
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4345,7 +4364,7 @@
4345
4364
  }
4346
4365
  }
4347
4366
 
4348
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4367
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4349
4368
 
4350
4369
  /*
4351
4370
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4413,7 +4432,7 @@
4413
4432
  }
4414
4433
  }
4415
4434
 
4416
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4435
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4417
4436
 
4418
4437
  /*
4419
4438
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4761,7 +4780,7 @@
4761
4780
  return baseAccount;
4762
4781
  }
4763
4782
 
4764
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4783
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4765
4784
  /*
4766
4785
  * Copyright (c) Microsoft Corporation. All rights reserved.
4767
4786
  * Licensed under the MIT License.
@@ -4771,7 +4790,7 @@
4771
4790
  UPN: "UPN",
4772
4791
  };
4773
4792
 
4774
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4793
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4775
4794
  /*
4776
4795
  * Copyright (c) Microsoft Corporation. All rights reserved.
4777
4796
  * Licensed under the MIT License.
@@ -4789,7 +4808,7 @@
4789
4808
  }
4790
4809
  }
4791
4810
 
4792
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4811
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4793
4812
  /*
4794
4813
  * Copyright (c) Microsoft Corporation. All rights reserved.
4795
4814
  * Licensed under the MIT License.
@@ -4810,7 +4829,7 @@
4810
4829
  };
4811
4830
  }
4812
4831
 
4813
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4832
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4814
4833
 
4815
4834
  /*
4816
4835
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4896,7 +4915,7 @@
4896
4915
  }
4897
4916
  }
4898
4917
 
4899
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4918
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4900
4919
 
4901
4920
  /*
4902
4921
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4927,7 +4946,7 @@
4927
4946
  return new NetworkError(error, httpStatus, responseHeaders);
4928
4947
  }
4929
4948
 
4930
- /*! @azure/msal-common v16.6.2 2026-05-19 */
4949
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4931
4950
 
4932
4951
  /*
4933
4952
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5041,7 +5060,7 @@
5041
5060
  return response;
5042
5061
  }
5043
5062
 
5044
- /*! @azure/msal-common v16.6.2 2026-05-19 */
5063
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5045
5064
  /*
5046
5065
  * Copyright (c) Microsoft Corporation. All rights reserved.
5047
5066
  * Licensed under the MIT License.
@@ -5053,7 +5072,7 @@
5053
5072
  response.hasOwnProperty("jwks_uri"));
5054
5073
  }
5055
5074
 
5056
- /*! @azure/msal-common v16.6.2 2026-05-19 */
5075
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5057
5076
  /*
5058
5077
  * Copyright (c) Microsoft Corporation. All rights reserved.
5059
5078
  * Licensed under the MIT License.
@@ -5063,7 +5082,7 @@
5063
5082
  response.hasOwnProperty("metadata"));
5064
5083
  }
5065
5084
 
5066
- /*! @azure/msal-common v16.6.2 2026-05-19 */
5085
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5067
5086
  /*
5068
5087
  * Copyright (c) Microsoft Corporation. All rights reserved.
5069
5088
  * Licensed under the MIT License.
@@ -5073,7 +5092,7 @@
5073
5092
  response.hasOwnProperty("error_description"));
5074
5093
  }
5075
5094
 
5076
- /*! @azure/msal-common v16.6.2 2026-05-19 */
5095
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5077
5096
 
5078
5097
  /*
5079
5098
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5178,7 +5197,7 @@
5178
5197
  },
5179
5198
  };
5180
5199
 
5181
- /*! @azure/msal-common v16.6.2 2026-05-19 */
5200
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5182
5201
 
5183
5202
  /*
5184
5203
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5735,7 +5754,7 @@
5735
5754
  }
5736
5755
  }
5737
5756
  // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
5738
- if (this.isInKnownAuthorities()) {
5757
+ if (this.isInKnownAuthorities(this.hostnameAndPort)) {
5739
5758
  this.logger.verbose("0mt9al", this.correlationId);
5740
5759
  return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
5741
5760
  }
@@ -5802,13 +5821,14 @@
5802
5821
  return match;
5803
5822
  }
5804
5823
  /**
5805
- * Helper function to determine if this host is included in the knownAuthorities config option
5824
+ * Helper function to determine if a host is included in the knownAuthorities config option.
5806
5825
  */
5807
- isInKnownAuthorities() {
5826
+ isInKnownAuthorities(host) {
5827
+ const normalizedHost = host.toLowerCase();
5808
5828
  const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
5809
5829
  return (authority &&
5810
5830
  UrlString.getDomainFromUrl(authority).toLowerCase() ===
5811
- this.hostnameAndPort);
5831
+ normalizedHost);
5812
5832
  });
5813
5833
  return matches.length > 0;
5814
5834
  }
@@ -5885,6 +5905,10 @@
5885
5905
  * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
5886
5906
  * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
5887
5907
  * path.
5908
+ * 5. The issuer host is HTTPS and is explicitly listed in the
5909
+ * developer-configured `knownAuthorities`. This covers scenarios where
5910
+ * the OIDC discovery document returns an issuer host that differs from
5911
+ * the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
5888
5912
  *
5889
5913
  * @param issuer The `issuer` value returned in the OIDC discovery document.
5890
5914
  * @throws ClientConfigurationError("issuer_validation_failed") on failure.
@@ -5921,11 +5945,19 @@
5921
5945
  * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
5922
5946
  */
5923
5947
  const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
5948
+ /*
5949
+ * Rule 5: The issuer host is explicitly listed in the developer-configured
5950
+ * knownAuthorities. This covers scenarios where the OIDC discovery document
5951
+ * returns an issuer with a different host than the authority
5952
+ * (e.g., a GUID-based issuer for a name-based authority).
5953
+ */
5954
+ const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
5924
5955
  // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
5925
5956
  if (matchesAuthorityOrigin ||
5926
5957
  matchesKnownMicrosoftHost ||
5927
5958
  matchesRegionalMicrosoftHost ||
5928
- matchesCiamTenantPattern) {
5959
+ matchesCiamTenantPattern ||
5960
+ matchesKnownAuthority) {
5929
5961
  return;
5930
5962
  }
5931
5963
  // issuer validation fails if none of the above rules are satisfied
@@ -6133,7 +6165,7 @@
6133
6165
  };
6134
6166
  }
6135
6167
 
6136
- /*! @azure/msal-common v16.6.2 2026-05-19 */
6168
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6137
6169
 
6138
6170
  /*
6139
6171
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6167,7 +6199,7 @@
6167
6199
  }
6168
6200
  }
6169
6201
 
6170
- /*! @azure/msal-common v16.6.2 2026-05-19 */
6202
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6171
6203
 
6172
6204
  /*
6173
6205
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6424,7 +6456,7 @@
6424
6456
  }
6425
6457
  }
6426
6458
 
6427
- /*! @azure/msal-common v16.6.2 2026-05-19 */
6459
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6428
6460
 
6429
6461
  /*
6430
6462
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6645,7 +6677,7 @@
6645
6677
  }
6646
6678
  }
6647
6679
 
6648
- /*! @azure/msal-common v16.6.2 2026-05-19 */
6680
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6649
6681
 
6650
6682
  /*
6651
6683
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6761,7 +6793,7 @@
6761
6793
  }
6762
6794
  }
6763
6795
 
6764
- /*! @azure/msal-common v16.6.2 2026-05-19 */
6796
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6765
6797
 
6766
6798
  /*
6767
6799
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6776,7 +6808,7 @@
6776
6808
  },
6777
6809
  };
6778
6810
 
6779
- /*! @azure/msal-common v16.6.2 2026-05-19 */
6811
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6780
6812
 
6781
6813
  /*
6782
6814
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6999,7 +7031,7 @@
6999
7031
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7000
7032
  }
7001
7033
 
7002
- /*! @azure/msal-common v16.6.2 2026-05-19 */
7034
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7003
7035
 
7004
7036
  /*
7005
7037
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7032,7 +7064,7 @@
7032
7064
  return Object.prototype.hasOwnProperty.call(params, "resource");
7033
7065
  }
7034
7066
 
7035
- /*! @azure/msal-common v16.6.2 2026-05-19 */
7067
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7036
7068
  /*
7037
7069
  * Copyright (c) Microsoft Corporation. All rights reserved.
7038
7070
  * Licensed under the MIT License.
@@ -7042,7 +7074,7 @@
7042
7074
  */
7043
7075
  const unexpectedError = "unexpected_error";
7044
7076
 
7045
- /*! @azure/msal-common v16.6.2 2026-05-19 */
7077
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7046
7078
 
7047
7079
  /*
7048
7080
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7153,35 +7185,40 @@
7153
7185
  * @param error
7154
7186
  */
7155
7187
  cacheFailedRequest(error) {
7156
- const lastRequests = this.getLastRequests();
7157
- if (lastRequests.errors.length >=
7158
- SERVER_TELEM_MAX_CACHED_ERRORS) {
7159
- // Remove a cached error to make room, first in first out
7160
- lastRequests.failedRequests.shift(); // apiId
7161
- lastRequests.failedRequests.shift(); // correlationId
7162
- lastRequests.errors.shift();
7163
- }
7164
- lastRequests.failedRequests.push(this.apiId, this.correlationId);
7165
- if (error instanceof Error && !!error && error.toString()) {
7166
- if (error instanceof AuthError) {
7167
- if (error.subError) {
7168
- lastRequests.errors.push(error.subError);
7169
- }
7170
- else if (error.errorCode) {
7171
- lastRequests.errors.push(error.errorCode);
7188
+ try {
7189
+ const lastRequests = this.getLastRequests();
7190
+ if (lastRequests.errors.length >=
7191
+ SERVER_TELEM_MAX_CACHED_ERRORS) {
7192
+ // Remove a cached error to make room, first in first out
7193
+ lastRequests.failedRequests.shift(); // apiId
7194
+ lastRequests.failedRequests.shift(); // correlationId
7195
+ lastRequests.errors.shift();
7196
+ }
7197
+ lastRequests.failedRequests.push(this.apiId, this.correlationId);
7198
+ if (error instanceof Error && !!error && error.toString()) {
7199
+ if (error instanceof AuthError) {
7200
+ if (error.subError) {
7201
+ lastRequests.errors.push(error.subError);
7202
+ }
7203
+ else if (error.errorCode) {
7204
+ lastRequests.errors.push(error.errorCode);
7205
+ }
7206
+ else {
7207
+ lastRequests.errors.push(error.toString());
7208
+ }
7172
7209
  }
7173
7210
  else {
7174
7211
  lastRequests.errors.push(error.toString());
7175
7212
  }
7176
7213
  }
7177
7214
  else {
7178
- lastRequests.errors.push(error.toString());
7215
+ lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7179
7216
  }
7217
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7180
7218
  }
7181
- else {
7182
- lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7219
+ catch {
7220
+ // Ignore telemetry cache failures to avoid masking the original auth error path.
7183
7221
  }
7184
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7185
7222
  return;
7186
7223
  }
7187
7224
  /**
@@ -7301,9 +7338,36 @@
7301
7338
  static makeExtraSkuString(params) {
7302
7339
  return makeExtraSkuString(params);
7303
7340
  }
7341
+ }
7342
+ /** @internal */
7343
+ class StubServerTelemetryManager extends ServerTelemetryManager {
7344
+ constructor() {
7345
+ super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
7346
+ }
7347
+ generateCurrentRequestHeaderValue() {
7348
+ return "";
7349
+ }
7350
+ generateLastRequestHeaderValue() {
7351
+ return "";
7352
+ }
7353
+ cacheFailedRequest() { }
7354
+ incrementCacheHits() {
7355
+ return 0;
7356
+ }
7357
+ clearTelemetryCache() { }
7358
+ getRegionDiscoveryFields() {
7359
+ return "";
7360
+ }
7361
+ updateRegionDiscoveryMetadata() { }
7362
+ setCacheOutcome() { }
7363
+ setNativeBrokerErrorCode() { }
7364
+ getNativeBrokerErrorCode() {
7365
+ return undefined;
7366
+ }
7367
+ clearNativeBrokerErrorCode() { }
7304
7368
  }
7305
7369
 
7306
- /*! @azure/msal-common v16.6.2 2026-05-19 */
7370
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7307
7371
 
7308
7372
  /*
7309
7373
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7324,7 +7388,7 @@
7324
7388
  return new JoseHeaderError(code);
7325
7389
  }
7326
7390
 
7327
- /*! @azure/msal-common v16.6.2 2026-05-19 */
7391
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7328
7392
  /*
7329
7393
  * Copyright (c) Microsoft Corporation. All rights reserved.
7330
7394
  * Licensed under the MIT License.
@@ -7332,7 +7396,7 @@
7332
7396
  const missingKidError = "missing_kid_error";
7333
7397
  const missingAlgError = "missing_alg_error";
7334
7398
 
7335
- /*! @azure/msal-common v16.6.2 2026-05-19 */
7399
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7336
7400
 
7337
7401
  /*
7338
7402
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7767,7 +7831,7 @@
7767
7831
 
7768
7832
  /* eslint-disable header/header */
7769
7833
  const name = "@azure/msal-browser";
7770
- const version = "5.11.0";
7834
+ const version = "5.13.0";
7771
7835
 
7772
7836
  /*
7773
7837
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8360,7 +8424,6 @@
8360
8424
  */
8361
8425
  const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
8362
8426
  const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
8363
- const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
8364
8427
  /**
8365
8428
  * Helper functions in StandardInteractionClient class (msal-browser)
8366
8429
  */
@@ -8661,6 +8724,43 @@
8661
8724
  return new BrowserAuthError(errorCode, subError);
8662
8725
  }
8663
8726
 
8727
+ /*
8728
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8729
+ * Licensed under the MIT License.
8730
+ */
8731
+ /**
8732
+ * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
8733
+ * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
8734
+ */
8735
+ /**
8736
+ * Returns a URL-safe plaintext decoded string from b64 encoded input.
8737
+ * @param input
8738
+ */
8739
+ function base64Decode(input) {
8740
+ return new TextDecoder().decode(base64DecToArr(input));
8741
+ }
8742
+ /**
8743
+ * Decodes base64 into Uint8Array
8744
+ * @param base64String
8745
+ */
8746
+ function base64DecToArr(base64String) {
8747
+ let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
8748
+ switch (encodedString.length % 4) {
8749
+ case 0:
8750
+ break;
8751
+ case 2:
8752
+ encodedString += "==";
8753
+ break;
8754
+ case 3:
8755
+ encodedString += "=";
8756
+ break;
8757
+ default:
8758
+ throw createBrowserAuthError(invalidBase64String);
8759
+ }
8760
+ const binString = atob(encodedString);
8761
+ return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
8762
+ }
8763
+
8664
8764
  /*
8665
8765
  * Copyright (c) Microsoft Corporation. All rights reserved.
8666
8766
  * Licensed under the MIT License.
@@ -8705,43 +8805,6 @@
8705
8805
  return btoa(binString);
8706
8806
  }
8707
8807
 
8708
- /*
8709
- * Copyright (c) Microsoft Corporation. All rights reserved.
8710
- * Licensed under the MIT License.
8711
- */
8712
- /**
8713
- * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
8714
- * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
8715
- */
8716
- /**
8717
- * Returns a URL-safe plaintext decoded string from b64 encoded input.
8718
- * @param input
8719
- */
8720
- function base64Decode(input) {
8721
- return new TextDecoder().decode(base64DecToArr(input));
8722
- }
8723
- /**
8724
- * Decodes base64 into Uint8Array
8725
- * @param base64String
8726
- */
8727
- function base64DecToArr(base64String) {
8728
- let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
8729
- switch (encodedString.length % 4) {
8730
- case 0:
8731
- break;
8732
- case 2:
8733
- encodedString += "==";
8734
- break;
8735
- case 3:
8736
- encodedString += "=";
8737
- break;
8738
- default:
8739
- throw createBrowserAuthError(invalidBase64String);
8740
- }
8741
- const binString = atob(encodedString);
8742
- return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
8743
- }
8744
-
8745
8808
  /*
8746
8809
  * Copyright (c) Microsoft Corporation. All rights reserved.
8747
8810
  * Licensed under the MIT License.
@@ -9210,7 +9273,7 @@
9210
9273
  activeBridgeMonitor = null;
9211
9274
  }
9212
9275
  }
9213
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
9276
+ async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
9214
9277
  return new Promise((resolve, reject) => {
9215
9278
  logger.verbose("BrowserUtils.waitForBridgeResponse - started", request.correlationId);
9216
9279
  const correlationId = request.correlationId;
@@ -9218,7 +9281,7 @@
9218
9281
  redirectBridgeTimeoutMs: timeoutMs,
9219
9282
  lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
9220
9283
  }, correlationId);
9221
- const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
9284
+ const { libraryState } = parseRequestState(base64Decode, request.state || "");
9222
9285
  const channel = new BroadcastChannel(libraryState.id);
9223
9286
  let responseString = undefined;
9224
9287
  let timedOut$1 = false;
@@ -9435,10 +9498,15 @@
9435
9498
  * @param browserStorage - Browser cache manager instance for storing telemetry data
9436
9499
  * @param logger - Optional logger instance for verbose logging
9437
9500
  * @param forceRefresh - Optional flag to force refresh of telemetry data
9501
+ * @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
9438
9502
  * @returns Configured ServerTelemetryManager instance
9439
9503
  */
9440
- function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
9504
+ function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
9441
9505
  logger.verbose("initializeServerTelemetryManager called", correlationId);
9506
+ if (!enabled) {
9507
+ logger.verbose("Server telemetry is disabled in configuration. Skipping telemetry manager initialization.", correlationId);
9508
+ return new StubServerTelemetryManager();
9509
+ }
9442
9510
  const telemetryPayload = {
9443
9511
  clientId: clientId,
9444
9512
  correlationId: correlationId,
@@ -14998,6 +15066,15 @@
14998
15066
  * Copyright (c) Microsoft Corporation. All rights reserved.
14999
15067
  * Licensed under the MIT License.
15000
15068
  */
15069
+ /**
15070
+ * Reason an old-schema cache entry was removed during migration.
15071
+ */
15072
+ const MigrationRemovalReason = {
15073
+ Invalid: "invalid",
15074
+ TtlExpired: "ttlExpired",
15075
+ DecryptFailed: "decryptFailed",
15076
+ Expired: "expired",
15077
+ };
15001
15078
  /**
15002
15079
  * This class implements the cache storage interface for MSAL through browser local or session storage.
15003
15080
  */
@@ -15067,7 +15144,10 @@
15067
15144
  const parsedValue = this.validateAndParseJson(rawValue || "");
15068
15145
  if (!parsedValue) {
15069
15146
  this.browserStorage.removeItem(key);
15070
- return null;
15147
+ return {
15148
+ entry: null,
15149
+ removalReason: MigrationRemovalReason.Invalid,
15150
+ };
15071
15151
  }
15072
15152
  if (!parsedValue.lastUpdatedAt) {
15073
15153
  // Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
@@ -15076,25 +15156,42 @@
15076
15156
  }
15077
15157
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
15078
15158
  this.browserStorage.removeItem(key);
15079
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
15080
- return null;
15159
+ return {
15160
+ entry: null,
15161
+ removalReason: MigrationRemovalReason.TtlExpired,
15162
+ };
15081
15163
  }
15082
- const decryptedData = isEncrypted(parsedValue)
15164
+ const wasEncrypted = isEncrypted(parsedValue);
15165
+ const decryptedData = wasEncrypted
15083
15166
  ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
15084
15167
  : parsedValue;
15085
- if (!decryptedData || !isCredentialEntity(decryptedData)) {
15086
- this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
15087
- return null;
15168
+ if (!decryptedData) {
15169
+ this.browserStorage.removeItem(key);
15170
+ return {
15171
+ entry: null,
15172
+ removalReason: wasEncrypted
15173
+ ? MigrationRemovalReason.DecryptFailed
15174
+ : MigrationRemovalReason.Invalid,
15175
+ };
15176
+ }
15177
+ if (!isCredentialEntity(decryptedData)) {
15178
+ this.browserStorage.removeItem(key);
15179
+ return {
15180
+ entry: null,
15181
+ removalReason: MigrationRemovalReason.Invalid,
15182
+ };
15088
15183
  }
15089
15184
  if ((isAccessTokenEntity(decryptedData) ||
15090
15185
  isRefreshTokenEntity(decryptedData)) &&
15091
15186
  decryptedData.expiresOn &&
15092
15187
  isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
15093
15188
  this.browserStorage.removeItem(key);
15094
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
15095
- return null;
15189
+ return {
15190
+ entry: null,
15191
+ removalReason: MigrationRemovalReason.Expired,
15192
+ };
15096
15193
  }
15097
- return decryptedData;
15194
+ return { entry: decryptedData };
15098
15195
  }
15099
15196
  /**
15100
15197
  * Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
@@ -15113,6 +15210,8 @@
15113
15210
  const rawValue = this.browserStorage.getItem(accountKey);
15114
15211
  const parsedValue = this.validateAndParseJson(rawValue || "");
15115
15212
  if (!parsedValue) {
15213
+ this.browserStorage.removeItem(accountKey);
15214
+ this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
15116
15215
  removeElementFromArray(accountKeysToCheck, accountKey);
15117
15216
  continue;
15118
15217
  }
@@ -15125,8 +15224,20 @@
15125
15224
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
15126
15225
  // Cache expired remove account and associated tokens
15127
15226
  await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
15227
+ this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
15128
15228
  removeElementFromArray(accountKeysToCheck, accountKey);
15129
15229
  }
15230
+ else if (isEncrypted(parsedValue)) {
15231
+ // Remove accounts encrypted with a different key (session cookie expired/changed)
15232
+ const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
15233
+ if (!decrypted) {
15234
+ this.browserStorage.removeItem(accountKey);
15235
+ this.performanceClient.incrementFields({
15236
+ decryptFailedAcntCount: 1,
15237
+ }, correlationId);
15238
+ removeElementFromArray(accountKeysToCheck, accountKey);
15239
+ }
15240
+ }
15130
15241
  }
15131
15242
  this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
15132
15243
  }
@@ -15164,7 +15275,6 @@
15164
15275
  });
15165
15276
  this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
15166
15277
  }
15167
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
15168
15278
  this.browserStorage.removeItem(accountKey);
15169
15279
  }
15170
15280
  /**
@@ -15203,8 +15313,20 @@
15203
15313
  const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
15204
15314
  for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
15205
15315
  this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
15206
- const oldSchemaData = (await this.updateOldEntry(idTokenKey, correlationId));
15316
+ const result = await this.updateOldEntry(idTokenKey, correlationId);
15317
+ const oldSchemaData = result.entry;
15207
15318
  if (!oldSchemaData) {
15319
+ switch (result.removalReason) {
15320
+ case MigrationRemovalReason.TtlExpired:
15321
+ this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
15322
+ break;
15323
+ case MigrationRemovalReason.DecryptFailed:
15324
+ this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
15325
+ break;
15326
+ case MigrationRemovalReason.Invalid:
15327
+ this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
15328
+ break;
15329
+ }
15208
15330
  removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
15209
15331
  continue;
15210
15332
  }
@@ -15283,8 +15405,23 @@
15283
15405
  const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
15284
15406
  for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
15285
15407
  this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
15286
- const oldSchemaData = (await this.updateOldEntry(accessTokenKey, correlationId));
15408
+ const result = await this.updateOldEntry(accessTokenKey, correlationId);
15409
+ const oldSchemaData = result.entry;
15287
15410
  if (!oldSchemaData) {
15411
+ switch (result.removalReason) {
15412
+ case MigrationRemovalReason.TtlExpired:
15413
+ this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
15414
+ break;
15415
+ case MigrationRemovalReason.DecryptFailed:
15416
+ this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
15417
+ break;
15418
+ case MigrationRemovalReason.Expired:
15419
+ this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
15420
+ break;
15421
+ case MigrationRemovalReason.Invalid:
15422
+ this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
15423
+ break;
15424
+ }
15288
15425
  removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
15289
15426
  continue;
15290
15427
  }
@@ -15330,8 +15467,23 @@
15330
15467
  ...credentialKeysToMigrate.refreshToken,
15331
15468
  ]) {
15332
15469
  this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
15333
- const oldSchemaData = (await this.updateOldEntry(refreshTokenKey, correlationId));
15470
+ const result = await this.updateOldEntry(refreshTokenKey, correlationId);
15471
+ const oldSchemaData = result.entry;
15334
15472
  if (!oldSchemaData) {
15473
+ switch (result.removalReason) {
15474
+ case MigrationRemovalReason.TtlExpired:
15475
+ this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
15476
+ break;
15477
+ case MigrationRemovalReason.DecryptFailed:
15478
+ this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
15479
+ break;
15480
+ case MigrationRemovalReason.Expired:
15481
+ this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
15482
+ break;
15483
+ case MigrationRemovalReason.Invalid:
15484
+ this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
15485
+ break;
15486
+ }
15335
15487
  removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
15336
15488
  continue;
15337
15489
  }
@@ -16656,7 +16808,7 @@
16656
16808
  const NO_NETWORK = "NO_NETWORK";
16657
16809
  const DISABLED = "DISABLED";
16658
16810
  const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
16659
- const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
16811
+ const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
16660
16812
 
16661
16813
  /*
16662
16814
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -16711,8 +16863,8 @@
16711
16863
  return createBrowserAuthError(userCancelled);
16712
16864
  case NO_NETWORK:
16713
16865
  return createBrowserAuthError(noNetworkConnectivity);
16714
- case UX_NOT_ALLOWED:
16715
- return createInteractionRequiredAuthError(uxNotAllowed);
16866
+ case UI_NOT_ALLOWED:
16867
+ return createInteractionRequiredAuthError(uiNotAllowed);
16716
16868
  }
16717
16869
  }
16718
16870
  return new NativeAuthError(code, description, ext);
@@ -16729,7 +16881,7 @@
16729
16881
  */
16730
16882
  async acquireToken(silentRequest) {
16731
16883
  // Telemetry manager only used to increment cacheHits here
16732
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
16884
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16733
16885
  const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
16734
16886
  serverTelemetryManager,
16735
16887
  requestAuthority: silentRequest.authority,
@@ -16805,7 +16957,7 @@
16805
16957
  // start the perf measurement
16806
16958
  const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
16807
16959
  const reqTimestamp = nowSeconds();
16808
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
16960
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16809
16961
  try {
16810
16962
  // initialize native request
16811
16963
  const nativeRequest = await this.initializePlatformRequest(request);
@@ -16929,7 +17081,7 @@
16929
17081
  catch (e) {
16930
17082
  // Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
16931
17083
  if (e instanceof NativeAuthError) {
16932
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
17084
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16933
17085
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
16934
17086
  if (isFatalNativeAuthError(e)) {
16935
17087
  throw e;
@@ -16943,7 +17095,7 @@
16943
17095
  noHistory: false,
16944
17096
  };
16945
17097
  const redirectUri = navigateToLoginRequestUrl
16946
- ? window.location.href
17098
+ ? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
16947
17099
  : getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
16948
17100
  rootMeasurement.end({ success: true });
16949
17101
  await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
@@ -16976,7 +17128,7 @@
16976
17128
  this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker.", this.correlationId);
16977
17129
  const response = await this.platformAuthProvider.sendMessage(request);
16978
17130
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
16979
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
17131
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16980
17132
  serverTelemetryManager.clearNativeBrokerErrorCode();
16981
17133
  this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
16982
17134
  return authResult;
@@ -17983,6 +18135,7 @@
17983
18135
  nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
17984
18136
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
17985
18137
  protocolMode: ProtocolMode.AAD,
18138
+ serverTelemetryEnabled: false,
17986
18139
  };
17987
18140
  const providedSystemOptions = {
17988
18141
  ...DEFAULT_BROWSER_SYSTEM_OPTIONS,
@@ -18512,10 +18665,11 @@
18512
18665
  * Licensed under the MIT License.
18513
18666
  */
18514
18667
  class PopupClient extends StandardInteractionClient {
18515
- constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
18668
+ constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
18516
18669
  super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
18517
18670
  this.nativeStorage = nativeStorageImpl;
18518
18671
  this.eventHandler = eventHandler;
18672
+ this.waitForPopupResponseHook = waitForPopupResponseHook;
18519
18673
  }
18520
18674
  /**
18521
18675
  * Acquires tokens by opening a popup window to the /authorize endpoint of the authority
@@ -18623,7 +18777,7 @@
18623
18777
  */
18624
18778
  async executeCodeFlow(request, popupParams, pkceCodes) {
18625
18779
  const correlationId = request.correlationId;
18626
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
18780
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
18627
18781
  const pkce = pkceCodes ||
18628
18782
  (await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
18629
18783
  const popupRequest = {
@@ -18649,7 +18803,7 @@
18649
18803
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
18650
18804
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
18651
18805
  // Wait for the redirect bridge response
18652
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18806
+ const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
18653
18807
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18654
18808
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18655
18809
  }
@@ -18684,11 +18838,11 @@
18684
18838
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
18685
18839
  form.submit();
18686
18840
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18687
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
18841
+ const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
18688
18842
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18689
18843
  if (!serverParams.ear_jwe && serverParams.code) {
18690
18844
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
18691
- serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
18845
+ serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
18692
18846
  requestAuthority: request.authority,
18693
18847
  requestAzureCloudOptions: request.azureCloudOptions,
18694
18848
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -18709,7 +18863,7 @@
18709
18863
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
18710
18864
  form.submit();
18711
18865
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18712
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18866
+ const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
18713
18867
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18714
18868
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18715
18869
  }
@@ -18725,7 +18879,7 @@
18725
18879
  async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
18726
18880
  this.logger.verbose("logoutPopupAsync called", this.correlationId);
18727
18881
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Popup, validRequest);
18728
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
18882
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
18729
18883
  try {
18730
18884
  // Clear cache on logout
18731
18885
  await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
@@ -18766,7 +18920,7 @@
18766
18920
  // Open the popup window to requestUrl.
18767
18921
  const popupWindow = this.openPopup(logoutUri, popupParams);
18768
18922
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
18769
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
18923
+ await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
18770
18924
  // Swallow any errors related to monitoring the window. Server logout is best effort
18771
18925
  });
18772
18926
  if (mainWindowRedirectUri) {
@@ -18845,6 +18999,19 @@
18845
18999
  if (!popupWindow) {
18846
19000
  throw createBrowserAuthError(emptyWindowError);
18847
19001
  }
19002
+ try {
19003
+ popupWindow.document.title = "Microsoft Authentication";
19004
+ }
19005
+ catch (e) {
19006
+ if (typeof DOMException !== "undefined" &&
19007
+ e instanceof DOMException &&
19008
+ e.name === "SecurityError") {
19009
+ // Cross-origin - title cannot be set
19010
+ }
19011
+ else {
19012
+ this.logger.verbose("Could not set document.title on popup window", this.correlationId);
19013
+ }
19014
+ }
18848
19015
  if (popupWindow.focus) {
18849
19016
  popupWindow.focus();
18850
19017
  }
@@ -18923,6 +19090,12 @@
18923
19090
  const homeAccountId = request.account && request.account.homeAccountId;
18924
19091
  return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
18925
19092
  }
19093
+ async waitForPopupResponse(request, popupWindow, popupWindowParent) {
19094
+ if (this.waitForPopupResponseHook) {
19095
+ return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
19096
+ }
19097
+ return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
19098
+ }
18926
19099
  }
18927
19100
 
18928
19101
  /*
@@ -18990,7 +19163,7 @@
18990
19163
  */
18991
19164
  async executeCodeFlow(request) {
18992
19165
  const correlationId = request.correlationId;
18993
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19166
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
18994
19167
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
18995
19168
  const redirectRequest = {
18996
19169
  ...request,
@@ -19076,7 +19249,9 @@
19076
19249
  * @param options {HandleRedirectPromiseOptions} options for handling redirect promise
19077
19250
  */
19078
19251
  async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
19079
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19252
+ const originalTitle = document.title;
19253
+ document.title = "Microsoft Authentication";
19254
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19080
19255
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
19081
19256
  try {
19082
19257
  const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
@@ -19095,8 +19270,8 @@
19095
19270
  }
19096
19271
  // If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
19097
19272
  const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
19098
- const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
19099
- const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
19273
+ const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
19274
+ const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
19100
19275
  if (loginRequestUrlNormalized === currentUrlNormalized &&
19101
19276
  navigateToLoginRequestUrl) {
19102
19277
  // We are on the page we need to navigate to - handle hash
@@ -19129,8 +19304,8 @@
19129
19304
  * The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
19130
19305
  */
19131
19306
  let processHashOnRedirect = true;
19132
- if (!loginRequestUrl || loginRequestUrl === "null") {
19133
- // Redirect to home page if login request url is null (real null or the string null)
19307
+ if (!loginRequestUrl) {
19308
+ // Redirect to home page if login request url is empty
19134
19309
  const homepage = getHomepage();
19135
19310
  // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
19136
19311
  this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
@@ -19158,6 +19333,9 @@
19158
19333
  }
19159
19334
  throw e;
19160
19335
  }
19336
+ finally {
19337
+ document.title = originalTitle;
19338
+ }
19161
19339
  }
19162
19340
  /**
19163
19341
  * Gets the response hash for a redirect request
@@ -19273,7 +19451,7 @@
19273
19451
  async logout(logoutRequest) {
19274
19452
  this.logger.verbose("logoutRedirect called", this.correlationId);
19275
19453
  const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
19276
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19454
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19277
19455
  try {
19278
19456
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Redirect, logoutRequest);
19279
19457
  // Clear cache on logout
@@ -19354,7 +19532,10 @@
19354
19532
  */
19355
19533
  getRedirectStartPage(requestStartPage) {
19356
19534
  const redirectStartPage = requestStartPage || window.location.href;
19357
- return UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
19535
+ const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
19536
+ // Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
19537
+ validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
19538
+ return absoluteRedirectStartPage;
19358
19539
  }
19359
19540
  }
19360
19541
 
@@ -19363,20 +19544,20 @@
19363
19544
  * Licensed under the MIT License.
19364
19545
  */
19365
19546
  /**
19366
- * Creates a hidden iframe to given URL using user-requested scopes as an id.
19367
- * @param urlNavigate
19368
- * @param userRequestScopes
19547
+ * Navigates the given hidden iframe to the provided URL.
19548
+ * @param frame
19549
+ * @param requestUrl
19369
19550
  */
19370
- async function initiateCodeRequest(requestUrl, performanceClient, logger, correlationId) {
19551
+ async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
19371
19552
  if (!requestUrl) {
19372
19553
  // Throw error if request URL is empty.
19373
19554
  logger.info("Navigate url is empty", correlationId);
19374
19555
  throw createBrowserAuthError(emptyNavigateUri);
19375
19556
  }
19376
- return invoke(loadFrameSync, SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl);
19557
+ frame.src = requestUrl;
19558
+ return frame;
19377
19559
  }
19378
- async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
19379
- const frame = createHiddenIframe();
19560
+ async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
19380
19561
  if (!frame.contentDocument) {
19381
19562
  throw "No document associated with iframe!";
19382
19563
  }
@@ -19384,8 +19565,7 @@
19384
19565
  form.submit();
19385
19566
  return frame;
19386
19567
  }
19387
- async function initiateEarRequest(config, authority, request, logger, performanceClient) {
19388
- const frame = createHiddenIframe();
19568
+ async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
19389
19569
  if (!frame.contentDocument) {
19390
19570
  throw "No document associated with iframe!";
19391
19571
  }
@@ -19395,24 +19575,14 @@
19395
19575
  }
19396
19576
  /**
19397
19577
  * @hidden
19398
- * Loads the iframe synchronously when the navigateTimeFrame is set to `0`
19399
- * @param urlNavigate
19400
- * @param frameName
19401
- * @param logger
19402
- */
19403
- function loadFrameSync(urlNavigate) {
19404
- const frameHandle = createHiddenIframe();
19405
- frameHandle.src = urlNavigate;
19406
- return frameHandle;
19407
- }
19408
- /**
19409
- * @hidden
19410
- * Creates a new hidden iframe or gets an existing one for silent token renewal.
19578
+ * Creates a new hidden iframe for silent token renewal. Callers navigate it
19579
+ * (set `src` or submit a form) after registering the response listener.
19411
19580
  * @ignore
19412
19581
  */
19413
19582
  function createHiddenIframe() {
19414
19583
  const authFrame = document.createElement("iframe");
19415
19584
  authFrame.className = "msalSilentIframe";
19585
+ authFrame.title = "Microsoft Authentication";
19416
19586
  authFrame.style.visibility = "hidden";
19417
19587
  authFrame.style.position = "absolute";
19418
19588
  authFrame.style.width = authFrame.style.height = "0";
@@ -19438,10 +19608,11 @@
19438
19608
  * Licensed under the MIT License.
19439
19609
  */
19440
19610
  class SilentIframeClient extends StandardInteractionClient {
19441
- constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
19611
+ constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
19442
19612
  super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
19443
19613
  this.apiId = apiId;
19444
19614
  this.nativeStorage = nativeStorageImpl;
19615
+ this.waitForIframeResponseHook = waitForIframeResponseHook;
19445
19616
  }
19446
19617
  /**
19447
19618
  * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
@@ -19484,7 +19655,7 @@
19484
19655
  */
19485
19656
  async executeCodeFlow(request) {
19486
19657
  let authClient;
19487
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19658
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19488
19659
  try {
19489
19660
  // Initialize the client
19490
19661
  authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
@@ -19526,11 +19697,22 @@
19526
19697
  earJwk: earJwk,
19527
19698
  codeChallenge: pkceCodes.challenge,
19528
19699
  };
19529
- const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19700
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
19701
+ const iframe = createHiddenIframe();
19530
19702
  const responseType = this.config.auth.OIDCOptions.responseMode;
19531
19703
  let responseString;
19532
19704
  try {
19533
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
19705
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19706
+ responsePromise.catch(() => {
19707
+ /*
19708
+ * If navigation below throws before responsePromise is awaited,
19709
+ * the listener still rejects on timeout. Swallow it here so it
19710
+ * does not surface as an unhandled rejection; the navigation
19711
+ * error is propagated instead.
19712
+ */
19713
+ });
19714
+ await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19715
+ responseString = await responsePromise;
19534
19716
  }
19535
19717
  finally {
19536
19718
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19539,7 +19721,7 @@
19539
19721
  if (!serverParams.ear_jwe && serverParams.code) {
19540
19722
  // If server doesn't support EAR, they may fallback to auth code flow instead
19541
19723
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
19542
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
19724
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
19543
19725
  requestAuthority: request.authority,
19544
19726
  requestAzureCloudOptions: request.azureCloudOptions,
19545
19727
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -19566,7 +19748,7 @@
19566
19748
  // Create silent request
19567
19749
  const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
19568
19750
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
19569
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
19751
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
19570
19752
  requestAuthority: silentRequest.authority,
19571
19753
  requestAzureCloudOptions: silentRequest.azureCloudOptions,
19572
19754
  requestExtraQueryParameters: silentRequest.extraQueryParameters,
@@ -19614,21 +19796,32 @@
19614
19796
  ...request,
19615
19797
  codeChallenge: pkceCodes.challenge,
19616
19798
  };
19617
- let iframe;
19618
- if (request.httpMethod === HttpMethod$1.POST) {
19619
- iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19620
- }
19621
- else {
19622
- // Create authorize request url
19623
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19624
- // Get the frame handle for the silent request
19625
- iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
19626
- }
19799
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
19800
+ const iframe = createHiddenIframe();
19627
19801
  const responseType = this.config.auth.OIDCOptions.responseMode;
19628
19802
  // Wait for response from the redirect bridge.
19629
19803
  let responseString;
19630
19804
  try {
19631
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
19805
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19806
+ responsePromise.catch(() => {
19807
+ /*
19808
+ * If URL creation or navigation below throws before
19809
+ * responsePromise is awaited, the listener still rejects on
19810
+ * timeout. Swallow it here so it does not surface as an
19811
+ * unhandled rejection; the navigation error is propagated
19812
+ * instead.
19813
+ */
19814
+ });
19815
+ if (request.httpMethod === HttpMethod$1.POST) {
19816
+ await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19817
+ }
19818
+ else {
19819
+ // Create authorize request url
19820
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19821
+ // Navigate the iframe to the authorize request url
19822
+ await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
19823
+ }
19824
+ responseString = await responsePromise;
19632
19825
  }
19633
19826
  finally {
19634
19827
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19636,6 +19829,12 @@
19636
19829
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19637
19830
  return { serverParams, pkceCodes, silentRequest };
19638
19831
  }
19832
+ async waitForIframeResponse(iframe, request) {
19833
+ if (this.waitForIframeResponseHook) {
19834
+ return this.waitForIframeResponseHook(iframe, request);
19835
+ }
19836
+ return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
19837
+ }
19639
19838
  }
19640
19839
 
19641
19840
  /*
@@ -19657,7 +19856,7 @@
19657
19856
  // Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
19658
19857
  silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
19659
19858
  }
19660
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19859
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19661
19860
  const refreshTokenClient = await this.createRefreshTokenClient({
19662
19861
  serverTelemetryManager,
19663
19862
  authorityUrl: silentRequest.authority,
@@ -19737,7 +19936,7 @@
19737
19936
  * Each auth request creates a new instance of *Client so we can safely use this.correlationId.
19738
19937
  */
19739
19938
  this.correlationId);
19740
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19939
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19741
19940
  try {
19742
19941
  // Create auth code request (PKCE not needed)
19743
19942
  const authCodeRequest = {
@@ -20090,6 +20289,8 @@
20090
20289
  // Preflight request
20091
20290
  const correlationId = this.getRequestCorrelationId(request);
20092
20291
  this.logger.verbose("acquireTokenRedirect called", correlationId);
20292
+ redirectPreflightCheck(this.initialized, this.config);
20293
+ this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
20093
20294
  const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
20094
20295
  atrMeasurement.add({
20095
20296
  scenarioId: request.scenarioId,
@@ -20107,9 +20308,7 @@
20107
20308
  return navigate;
20108
20309
  };
20109
20310
  try {
20110
- redirectPreflightCheck(this.initialized, this.config);
20111
20311
  enforceResourceParameter(this.config.auth.isMcp, request);
20112
- this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
20113
20312
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Redirect, request);
20114
20313
  let result;
20115
20314
  if (this.platformAuthProvider &&
@@ -20837,7 +21036,7 @@
20837
21036
  * @param correlationId
20838
21037
  */
20839
21038
  createPopupClient(correlationId) {
20840
- return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
21039
+ return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
20841
21040
  }
20842
21041
  /**
20843
21042
  * Returns new instance of the Redirect Interaction Client
@@ -20851,7 +21050,7 @@
20851
21050
  * @param correlationId
20852
21051
  */
20853
21052
  createSilentIframeClient(correlationId) {
20854
- return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
21053
+ return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
20855
21054
  }
20856
21055
  /**
20857
21056
  * Returns new instance of the Silent Cache Interaction Client
@@ -21624,7 +21823,7 @@
21624
21823
  return;
21625
21824
  }
21626
21825
  }
21627
- constructor(config) {
21826
+ constructor(config, responseHandlers) {
21628
21827
  /*
21629
21828
  * If loaded in an environment where window is not available,
21630
21829
  * set internal flag to false so that further requests fail.
@@ -21632,6 +21831,7 @@
21632
21831
  */
21633
21832
  this.browserEnvironment = typeof window !== "undefined";
21634
21833
  this.config = buildConfiguration(config, this.browserEnvironment);
21834
+ this.responseHandlers = responseHandlers;
21635
21835
  let sessionStorage;
21636
21836
  try {
21637
21837
  sessionStorage = window[BrowserCacheLocation.SessionStorage];
@@ -21668,6 +21868,13 @@
21668
21868
  getConfig() {
21669
21869
  return this.config;
21670
21870
  }
21871
+ /**
21872
+ * Returns the internal response handlers supplied by PublicClientApplication, if any.
21873
+ * @returns AuthResponseHandlers | undefined
21874
+ */
21875
+ getResponseHandlers() {
21876
+ return this.responseHandlers;
21877
+ }
21671
21878
  /**
21672
21879
  * Returns the MSAL Logger
21673
21880
  * @returns Logger
@@ -22032,7 +22239,48 @@
22032
22239
  constructor(configuration, controller) {
22033
22240
  this.controller =
22034
22241
  controller ||
22035
- new StandardController(new StandardOperatingContext(configuration));
22242
+ new StandardController(new StandardOperatingContext(configuration, {
22243
+ waitForPopupResponse: this.waitForPopupResponse.bind(this),
22244
+ waitForIframeResponse: this.waitForIframeResponse.bind(this),
22245
+ }));
22246
+ }
22247
+ /**
22248
+ * Waits for the auth response from a popup window opened by MSAL.
22249
+ *
22250
+ * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
22251
+ * Subclasses must return the raw response string (hash/query/fragment), or reject
22252
+ * with an `AuthError` on failure.
22253
+ *
22254
+ * @internal
22255
+ * @param request The in-flight authorization or end-session request.
22256
+ * @param popupWindow The popup window opened by MSAL.
22257
+ * @param popupWindowParent The parent window that opened the popup.
22258
+ */
22259
+ async waitForPopupResponse(request,
22260
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22261
+ popupWindow,
22262
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22263
+ popupWindowParent) {
22264
+ const controller = this.controller;
22265
+ return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
22266
+ }
22267
+ /**
22268
+ * Waits for the auth response from a hidden iframe used by MSAL silent flows.
22269
+ *
22270
+ * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
22271
+ * Subclasses must return the raw response string (hash/query/fragment), or reject
22272
+ * with an `AuthError` on failure.
22273
+ *
22274
+ * @internal
22275
+ * @param iframe The hidden iframe MSAL attached to the document.
22276
+ * @param request The in-flight authorization request.
22277
+ */
22278
+ async waitForIframeResponse(
22279
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
22280
+ iframe, request) {
22281
+ const controller = this.controller;
22282
+ const config = controller.getConfiguration();
22283
+ return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
22036
22284
  }
22037
22285
  /**
22038
22286
  * Initializer function to perform async startup tasks such as connecting to WAM extension