@azure/msal-browser 5.11.0 → 5.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +44 -2
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +99 -15
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +3 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +5 -5
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +4 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +7 -6
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +30 -10
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +17 -9
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +2 -2
- package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +49 -20
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
- package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +13 -26
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1202 -1194
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +4 -5
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +15 -5
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +19 -11
- package/lib/custom-auth-path/msal-custom-auth.cjs +511 -263
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +511 -263
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +11 -3
- package/lib/msal-browser.cjs +539 -267
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +539 -267
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +2 -2
- package/src/app/PublicClientApplication.ts +85 -1
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
- package/src/cache/BrowserCacheManager.ts +157 -33
- package/src/config/Configuration.ts +6 -0
- package/src/controllers/StandardController.ts +10 -8
- package/src/error/NativeAuthError.ts +2 -2
- package/src/interaction_client/BaseInteractionClient.ts +12 -1
- package/src/interaction_client/PlatformAuthInteractionClient.ts +14 -4
- package/src/interaction_client/PopupClient.ts +74 -30
- package/src/interaction_client/RedirectClient.ts +32 -8
- package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
- package/src/interaction_client/SilentCacheClient.ts +3 -1
- package/src/interaction_client/SilentIframeClient.ts +140 -74
- package/src/interaction_client/SilentRefreshClient.ts +3 -1
- package/src/interaction_handler/SilentHandler.ts +12 -32
- package/src/operatingcontext/BaseOperatingContext.ts +15 -1
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +3 -7
- package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
- package/src/utils/BrowserUtils.ts +28 -7
- package/types/app/PublicClientApplication.d.ts +37 -1
- package/types/app/PublicClientApplication.d.ts.map +1 -1
- package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
- package/types/cache/BrowserCacheManager.d.ts +18 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +5 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
- package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +11 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts +20 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts +13 -6
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/redirect_bridge/index.d.ts.map +1 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/types/utils/BrowserUtils.d.ts +17 -2
- package/types/utils/BrowserUtils.d.ts.map +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.13.0 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.
|
|
9
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -233,7 +233,7 @@
|
|
|
233
233
|
// Token renewal offset default in seconds
|
|
234
234
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
235
235
|
|
|
236
|
-
/*! @azure/msal-common v16.
|
|
236
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
237
237
|
/*
|
|
238
238
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
239
239
|
* Licensed under the MIT License.
|
|
@@ -285,7 +285,7 @@
|
|
|
285
285
|
const RESOURCE = "resource";
|
|
286
286
|
const CLI_DATA = "clidata";
|
|
287
287
|
|
|
288
|
-
/*! @azure/msal-common v16.
|
|
288
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
289
289
|
/*
|
|
290
290
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
291
291
|
* Licensed under the MIT License.
|
|
@@ -316,7 +316,7 @@
|
|
|
316
316
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
317
317
|
}
|
|
318
318
|
|
|
319
|
-
/*! @azure/msal-common v16.
|
|
319
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
320
320
|
|
|
321
321
|
/*
|
|
322
322
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -336,7 +336,7 @@
|
|
|
336
336
|
return new ClientConfigurationError(errorCode);
|
|
337
337
|
}
|
|
338
338
|
|
|
339
|
-
/*! @azure/msal-common v16.
|
|
339
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
340
340
|
/*
|
|
341
341
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
342
342
|
* Licensed under the MIT License.
|
|
@@ -416,7 +416,7 @@
|
|
|
416
416
|
}
|
|
417
417
|
}
|
|
418
418
|
|
|
419
|
-
/*! @azure/msal-common v16.
|
|
419
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
420
420
|
|
|
421
421
|
/*
|
|
422
422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -439,7 +439,7 @@
|
|
|
439
439
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
440
440
|
}
|
|
441
441
|
|
|
442
|
-
/*! @azure/msal-common v16.
|
|
442
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
443
443
|
/*
|
|
444
444
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
445
445
|
* Licensed under the MIT License.
|
|
@@ -465,7 +465,7 @@
|
|
|
465
465
|
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
466
466
|
const issuerValidationFailed = "issuer_validation_failed";
|
|
467
467
|
|
|
468
|
-
/*! @azure/msal-common v16.
|
|
468
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
469
469
|
/*
|
|
470
470
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
471
471
|
* Licensed under the MIT License.
|
|
@@ -504,7 +504,7 @@
|
|
|
504
504
|
const resourceParameterRequired = "resource_parameter_required";
|
|
505
505
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
506
506
|
|
|
507
|
-
/*! @azure/msal-common v16.
|
|
507
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
508
508
|
|
|
509
509
|
/*
|
|
510
510
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -699,7 +699,7 @@
|
|
|
699
699
|
}
|
|
700
700
|
}
|
|
701
701
|
|
|
702
|
-
/*! @azure/msal-common v16.
|
|
702
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
703
703
|
|
|
704
704
|
/*
|
|
705
705
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1048,8 +1048,14 @@
|
|
|
1048
1048
|
* @param serverTelemetryManager
|
|
1049
1049
|
*/
|
|
1050
1050
|
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
1051
|
-
|
|
1052
|
-
|
|
1051
|
+
const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
|
|
1052
|
+
const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
|
|
1053
|
+
if (currentTelemetryHeader) {
|
|
1054
|
+
parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
|
|
1055
|
+
}
|
|
1056
|
+
if (lastTelemetryHeader) {
|
|
1057
|
+
parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
|
|
1058
|
+
}
|
|
1053
1059
|
}
|
|
1054
1060
|
/**
|
|
1055
1061
|
* Adds parameter that indicates to the server that throttling is supported
|
|
@@ -1088,34 +1094,12 @@
|
|
|
1088
1094
|
}
|
|
1089
1095
|
}
|
|
1090
1096
|
|
|
1091
|
-
/*! @azure/msal-common v16.
|
|
1097
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1092
1098
|
|
|
1093
1099
|
/*
|
|
1094
1100
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1095
1101
|
* Licensed under the MIT License.
|
|
1096
1102
|
*/
|
|
1097
|
-
/**
|
|
1098
|
-
* Canonicalizes a URL by making it lowercase and ensuring it ends with /
|
|
1099
|
-
* Inlined version of UrlString.canonicalizeUri to avoid circular dependency
|
|
1100
|
-
* @param url - URL to canonicalize
|
|
1101
|
-
* @returns Canonicalized URL
|
|
1102
|
-
*/
|
|
1103
|
-
function canonicalizeUrl(url) {
|
|
1104
|
-
if (!url) {
|
|
1105
|
-
return url;
|
|
1106
|
-
}
|
|
1107
|
-
let lowerCaseUrl = url.toLowerCase();
|
|
1108
|
-
if (StringUtils.endsWith(lowerCaseUrl, "?")) {
|
|
1109
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -1);
|
|
1110
|
-
}
|
|
1111
|
-
else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
|
|
1112
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -2);
|
|
1113
|
-
}
|
|
1114
|
-
if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
|
|
1115
|
-
lowerCaseUrl += "/";
|
|
1116
|
-
}
|
|
1117
|
-
return lowerCaseUrl;
|
|
1118
|
-
}
|
|
1119
1103
|
/**
|
|
1120
1104
|
* Parses hash string from given string. Returns empty string if no hash symbol is found.
|
|
1121
1105
|
* @param hashString
|
|
@@ -1168,36 +1152,71 @@
|
|
|
1168
1152
|
return queryParameterArray.join("&");
|
|
1169
1153
|
}
|
|
1170
1154
|
/**
|
|
1171
|
-
* Normalizes URLs for comparison
|
|
1172
|
-
*
|
|
1173
|
-
*
|
|
1155
|
+
* Normalizes URLs for comparison per MDN & RFC 3986 standards:
|
|
1156
|
+
* - Hash/fragment is removed
|
|
1157
|
+
* - Scheme and host are lowercased (case-insensitive per spec)
|
|
1158
|
+
* - Path and query parameters preserve original casing (case-sensitive per spec)
|
|
1159
|
+
* - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
|
|
1160
|
+
* - Ensures pathname ends with /
|
|
1161
|
+
* Throws a urlParseError if the provided URL is malformed and cannot be parsed.
|
|
1174
1162
|
* @param url - URL to normalize
|
|
1163
|
+
* @param logger - Optional logger used to log parse failures
|
|
1164
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1175
1165
|
* @returns Normalized URL string for comparison
|
|
1176
1166
|
*/
|
|
1177
|
-
function normalizeUrlForComparison(url) {
|
|
1167
|
+
function normalizeUrlForComparison(url, logger, correlationId) {
|
|
1178
1168
|
if (!url) {
|
|
1179
1169
|
return url;
|
|
1180
1170
|
}
|
|
1181
|
-
// Remove hash first
|
|
1182
1171
|
const urlWithoutHash = url.split("#")[0];
|
|
1172
|
+
if (!urlWithoutHash) {
|
|
1173
|
+
return urlWithoutHash;
|
|
1174
|
+
}
|
|
1183
1175
|
try {
|
|
1184
|
-
// Parse the URL to handle encoding consistently
|
|
1185
1176
|
const urlObj = new URL(urlWithoutHash);
|
|
1186
|
-
|
|
1187
|
-
|
|
1188
|
-
|
|
1189
|
-
|
|
1190
|
-
|
|
1191
|
-
|
|
1192
|
-
|
|
1177
|
+
// Treat an empty query string (a bare trailing "?") as equivalent to no query
|
|
1178
|
+
if (!urlObj.search) {
|
|
1179
|
+
urlObj.search = "";
|
|
1180
|
+
}
|
|
1181
|
+
// Decode the pathname to normalize percent-encoding and ensure trailing slash
|
|
1182
|
+
let pathname;
|
|
1183
|
+
try {
|
|
1184
|
+
pathname = decodeURIComponent(urlObj.pathname);
|
|
1185
|
+
}
|
|
1186
|
+
catch (e) {
|
|
1187
|
+
pathname = urlObj.pathname;
|
|
1188
|
+
}
|
|
1189
|
+
if (!pathname.endsWith("/")) {
|
|
1190
|
+
pathname += "/";
|
|
1191
|
+
}
|
|
1192
|
+
urlObj.pathname = pathname;
|
|
1193
|
+
return urlObj.href;
|
|
1194
|
+
}
|
|
1195
|
+
catch (e) {
|
|
1196
|
+
logger?.error("15apdm", correlationId || "");
|
|
1197
|
+
throw createClientConfigurationError(urlParseError);
|
|
1198
|
+
}
|
|
1199
|
+
}
|
|
1200
|
+
/**
|
|
1201
|
+
* Validates that the provided value is a well-formed, parseable absolute URL.
|
|
1202
|
+
* Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
|
|
1203
|
+
* literal string "null", an empty string, or any malformed/relative URL). Use this
|
|
1204
|
+
* to guard against persisting an invalid value (such as a redirect URL) to the cache.
|
|
1205
|
+
* @param url - URL to validate
|
|
1206
|
+
* @param logger - Optional logger used to log validation failures
|
|
1207
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1208
|
+
*/
|
|
1209
|
+
function validateUrl(url, logger, correlationId) {
|
|
1210
|
+
try {
|
|
1211
|
+
new URL(url);
|
|
1193
1212
|
}
|
|
1194
1213
|
catch (e) {
|
|
1195
|
-
|
|
1196
|
-
|
|
1214
|
+
logger?.error("1lrjz7", correlationId || "");
|
|
1215
|
+
throw createClientConfigurationError(urlParseError);
|
|
1197
1216
|
}
|
|
1198
1217
|
}
|
|
1199
1218
|
|
|
1200
|
-
/*! @azure/msal-common v16.
|
|
1219
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1201
1220
|
|
|
1202
1221
|
/*
|
|
1203
1222
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1236,7 +1255,7 @@
|
|
|
1236
1255
|
},
|
|
1237
1256
|
};
|
|
1238
1257
|
|
|
1239
|
-
/*! @azure/msal-common v16.
|
|
1258
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1240
1259
|
/*
|
|
1241
1260
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1242
1261
|
* Licensed under the MIT License.
|
|
@@ -1284,7 +1303,7 @@
|
|
|
1284
1303
|
// Remove LRU (first entry) if capacity exceeded
|
|
1285
1304
|
if (correlationCache.size > CACHE_CAPACITY) {
|
|
1286
1305
|
const firstKey = correlationCache.keys().next().value;
|
|
1287
|
-
if (firstKey) {
|
|
1306
|
+
if (firstKey !== undefined) {
|
|
1288
1307
|
correlationCache.delete(firstKey);
|
|
1289
1308
|
}
|
|
1290
1309
|
}
|
|
@@ -1497,12 +1516,12 @@
|
|
|
1497
1516
|
}
|
|
1498
1517
|
}
|
|
1499
1518
|
|
|
1500
|
-
/*! @azure/msal-common v16.
|
|
1519
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1501
1520
|
/* eslint-disable header/header */
|
|
1502
1521
|
const name$1 = "@azure/msal-common";
|
|
1503
|
-
const version$1 = "16.
|
|
1522
|
+
const version$1 = "16.8.0";
|
|
1504
1523
|
|
|
1505
|
-
/*! @azure/msal-common v16.
|
|
1524
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1506
1525
|
/*
|
|
1507
1526
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1508
1527
|
* Licensed under the MIT License.
|
|
@@ -1511,7 +1530,7 @@
|
|
|
1511
1530
|
// AzureCloudInstance is not specified.
|
|
1512
1531
|
None: "none"};
|
|
1513
1532
|
|
|
1514
|
-
/*! @azure/msal-common v16.
|
|
1533
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1515
1534
|
/*
|
|
1516
1535
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1517
1536
|
* Licensed under the MIT License.
|
|
@@ -1594,7 +1613,7 @@
|
|
|
1594
1613
|
return updatedAccountInfo;
|
|
1595
1614
|
}
|
|
1596
1615
|
|
|
1597
|
-
/*! @azure/msal-common v16.
|
|
1616
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1598
1617
|
|
|
1599
1618
|
/*
|
|
1600
1619
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1674,7 +1693,7 @@
|
|
|
1674
1693
|
}
|
|
1675
1694
|
}
|
|
1676
1695
|
|
|
1677
|
-
/*! @azure/msal-common v16.
|
|
1696
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1678
1697
|
|
|
1679
1698
|
/*
|
|
1680
1699
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1831,7 +1850,7 @@
|
|
|
1831
1850
|
}
|
|
1832
1851
|
}
|
|
1833
1852
|
|
|
1834
|
-
/*! @azure/msal-common v16.
|
|
1853
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1835
1854
|
|
|
1836
1855
|
/*
|
|
1837
1856
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1997,7 +2016,7 @@
|
|
|
1997
2016
|
return null;
|
|
1998
2017
|
}
|
|
1999
2018
|
|
|
2000
|
-
/*! @azure/msal-common v16.
|
|
2019
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2001
2020
|
/*
|
|
2002
2021
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2003
2022
|
* Licensed under the MIT License.
|
|
@@ -2005,7 +2024,7 @@
|
|
|
2005
2024
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2006
2025
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2007
2026
|
|
|
2008
|
-
/*! @azure/msal-common v16.
|
|
2027
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2009
2028
|
|
|
2010
2029
|
/*
|
|
2011
2030
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2043,7 +2062,7 @@
|
|
|
2043
2062
|
}
|
|
2044
2063
|
}
|
|
2045
2064
|
|
|
2046
|
-
/*! @azure/msal-common v16.
|
|
2065
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2047
2066
|
|
|
2048
2067
|
/*
|
|
2049
2068
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2081,7 +2100,7 @@
|
|
|
2081
2100
|
};
|
|
2082
2101
|
}
|
|
2083
2102
|
|
|
2084
|
-
/*! @azure/msal-common v16.
|
|
2103
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2085
2104
|
/*
|
|
2086
2105
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2087
2106
|
* Licensed under the MIT License.
|
|
@@ -2096,7 +2115,7 @@
|
|
|
2096
2115
|
Ciam: 3,
|
|
2097
2116
|
};
|
|
2098
2117
|
|
|
2099
|
-
/*! @azure/msal-common v16.
|
|
2118
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2100
2119
|
/*
|
|
2101
2120
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2102
2121
|
* Licensed under the MIT License.
|
|
@@ -2118,7 +2137,7 @@
|
|
|
2118
2137
|
return null;
|
|
2119
2138
|
}
|
|
2120
2139
|
|
|
2121
|
-
/*! @azure/msal-common v16.
|
|
2140
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2122
2141
|
/*
|
|
2123
2142
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2124
2143
|
* Licensed under the MIT License.
|
|
@@ -2142,7 +2161,7 @@
|
|
|
2142
2161
|
EAR: "EAR",
|
|
2143
2162
|
};
|
|
2144
2163
|
|
|
2145
|
-
/*! @azure/msal-common v16.
|
|
2164
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2146
2165
|
/**
|
|
2147
2166
|
* Returns the AccountInfo interface for this account.
|
|
2148
2167
|
*/
|
|
@@ -2317,7 +2336,7 @@
|
|
|
2317
2336
|
entity.hasOwnProperty("authorityType"));
|
|
2318
2337
|
}
|
|
2319
2338
|
|
|
2320
|
-
/*! @azure/msal-common v16.
|
|
2339
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2321
2340
|
|
|
2322
2341
|
/*
|
|
2323
2342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2457,8 +2476,8 @@
|
|
|
2457
2476
|
return false;
|
|
2458
2477
|
}
|
|
2459
2478
|
if (!!tenantProfileFilter.username &&
|
|
2460
|
-
!
|
|
2461
|
-
|
|
2479
|
+
!this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
|
|
2480
|
+
!this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
|
|
2462
2481
|
return false;
|
|
2463
2482
|
}
|
|
2464
2483
|
if (!!tenantProfileFilter.loginHint &&
|
|
@@ -3448,7 +3467,7 @@
|
|
|
3448
3467
|
}
|
|
3449
3468
|
}
|
|
3450
3469
|
|
|
3451
|
-
/*! @azure/msal-common v16.
|
|
3470
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3452
3471
|
/*
|
|
3453
3472
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3454
3473
|
* Licensed under the MIT License.
|
|
@@ -3462,7 +3481,7 @@
|
|
|
3462
3481
|
const PerformanceEventStatus = {
|
|
3463
3482
|
InProgress: 1};
|
|
3464
3483
|
|
|
3465
|
-
/*! @azure/msal-common v16.
|
|
3484
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3466
3485
|
|
|
3467
3486
|
/*
|
|
3468
3487
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3517,7 +3536,7 @@
|
|
|
3517
3536
|
}
|
|
3518
3537
|
}
|
|
3519
3538
|
|
|
3520
|
-
/*! @azure/msal-common v16.
|
|
3539
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3521
3540
|
|
|
3522
3541
|
/*
|
|
3523
3542
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3612,7 +3631,7 @@
|
|
|
3612
3631
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3613
3632
|
}
|
|
3614
3633
|
|
|
3615
|
-
/*! @azure/msal-common v16.
|
|
3634
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3616
3635
|
/*
|
|
3617
3636
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3618
3637
|
* Licensed under the MIT License.
|
|
@@ -3639,7 +3658,7 @@
|
|
|
3639
3658
|
}
|
|
3640
3659
|
}
|
|
3641
3660
|
|
|
3642
|
-
/*! @azure/msal-common v16.
|
|
3661
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3643
3662
|
/*
|
|
3644
3663
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3645
3664
|
* Licensed under the MIT License.
|
|
@@ -3704,7 +3723,7 @@
|
|
|
3704
3723
|
return cachedAtSec > nowSeconds();
|
|
3705
3724
|
}
|
|
3706
3725
|
|
|
3707
|
-
/*! @azure/msal-common v16.
|
|
3726
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3708
3727
|
|
|
3709
3728
|
/*
|
|
3710
3729
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3963,7 +3982,7 @@
|
|
|
3963
3982
|
return metadata.expiresAt <= nowSeconds();
|
|
3964
3983
|
}
|
|
3965
3984
|
|
|
3966
|
-
/*! @azure/msal-common v16.
|
|
3985
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3967
3986
|
/*
|
|
3968
3987
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3969
3988
|
* Licensed under the MIT License.
|
|
@@ -4034,7 +4053,7 @@
|
|
|
4034
4053
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4035
4054
|
const SetUserData = "setUserData";
|
|
4036
4055
|
|
|
4037
|
-
/*! @azure/msal-common v16.
|
|
4056
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4038
4057
|
/*
|
|
4039
4058
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4040
4059
|
* Licensed under the MIT License.
|
|
@@ -4127,7 +4146,7 @@
|
|
|
4127
4146
|
};
|
|
4128
4147
|
};
|
|
4129
4148
|
|
|
4130
|
-
/*! @azure/msal-common v16.
|
|
4149
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4131
4150
|
|
|
4132
4151
|
/*
|
|
4133
4152
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4207,7 +4226,7 @@
|
|
|
4207
4226
|
}
|
|
4208
4227
|
}
|
|
4209
4228
|
|
|
4210
|
-
/*! @azure/msal-common v16.
|
|
4229
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4211
4230
|
/*
|
|
4212
4231
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4213
4232
|
* Licensed under the MIT License.
|
|
@@ -4231,7 +4250,7 @@
|
|
|
4231
4250
|
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4232
4251
|
* @public
|
|
4233
4252
|
*/
|
|
4234
|
-
const
|
|
4253
|
+
const uiNotAllowed = "ui_not_allowed";
|
|
4235
4254
|
/**
|
|
4236
4255
|
* Server-originated error code indicating interaction is required to complete the request.
|
|
4237
4256
|
* @public
|
|
@@ -4258,7 +4277,7 @@
|
|
|
4258
4277
|
*/
|
|
4259
4278
|
const interruptedUser = "interrupted_user";
|
|
4260
4279
|
|
|
4261
|
-
/*! @azure/msal-common v16.
|
|
4280
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4262
4281
|
|
|
4263
4282
|
/*
|
|
4264
4283
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4272,7 +4291,7 @@
|
|
|
4272
4291
|
consentRequired,
|
|
4273
4292
|
loginRequired,
|
|
4274
4293
|
badToken,
|
|
4275
|
-
|
|
4294
|
+
uiNotAllowed,
|
|
4276
4295
|
interruptedUser,
|
|
4277
4296
|
];
|
|
4278
4297
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
@@ -4282,7 +4301,7 @@
|
|
|
4282
4301
|
"user_password_expired",
|
|
4283
4302
|
"consent_required",
|
|
4284
4303
|
"bad_token",
|
|
4285
|
-
"
|
|
4304
|
+
"ui_not_allowed",
|
|
4286
4305
|
"interrupted_user",
|
|
4287
4306
|
];
|
|
4288
4307
|
/**
|
|
@@ -4326,7 +4345,7 @@
|
|
|
4326
4345
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4327
4346
|
}
|
|
4328
4347
|
|
|
4329
|
-
/*! @azure/msal-common v16.
|
|
4348
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4330
4349
|
|
|
4331
4350
|
/*
|
|
4332
4351
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4345,7 +4364,7 @@
|
|
|
4345
4364
|
}
|
|
4346
4365
|
}
|
|
4347
4366
|
|
|
4348
|
-
/*! @azure/msal-common v16.
|
|
4367
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4349
4368
|
|
|
4350
4369
|
/*
|
|
4351
4370
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4413,7 +4432,7 @@
|
|
|
4413
4432
|
}
|
|
4414
4433
|
}
|
|
4415
4434
|
|
|
4416
|
-
/*! @azure/msal-common v16.
|
|
4435
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4417
4436
|
|
|
4418
4437
|
/*
|
|
4419
4438
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4761,7 +4780,7 @@
|
|
|
4761
4780
|
return baseAccount;
|
|
4762
4781
|
}
|
|
4763
4782
|
|
|
4764
|
-
/*! @azure/msal-common v16.
|
|
4783
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4765
4784
|
/*
|
|
4766
4785
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4767
4786
|
* Licensed under the MIT License.
|
|
@@ -4771,7 +4790,7 @@
|
|
|
4771
4790
|
UPN: "UPN",
|
|
4772
4791
|
};
|
|
4773
4792
|
|
|
4774
|
-
/*! @azure/msal-common v16.
|
|
4793
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4775
4794
|
/*
|
|
4776
4795
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4777
4796
|
* Licensed under the MIT License.
|
|
@@ -4789,7 +4808,7 @@
|
|
|
4789
4808
|
}
|
|
4790
4809
|
}
|
|
4791
4810
|
|
|
4792
|
-
/*! @azure/msal-common v16.
|
|
4811
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4793
4812
|
/*
|
|
4794
4813
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4795
4814
|
* Licensed under the MIT License.
|
|
@@ -4810,7 +4829,7 @@
|
|
|
4810
4829
|
};
|
|
4811
4830
|
}
|
|
4812
4831
|
|
|
4813
|
-
/*! @azure/msal-common v16.
|
|
4832
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4814
4833
|
|
|
4815
4834
|
/*
|
|
4816
4835
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4896,7 +4915,7 @@
|
|
|
4896
4915
|
}
|
|
4897
4916
|
}
|
|
4898
4917
|
|
|
4899
|
-
/*! @azure/msal-common v16.
|
|
4918
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4900
4919
|
|
|
4901
4920
|
/*
|
|
4902
4921
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4927,7 +4946,7 @@
|
|
|
4927
4946
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4928
4947
|
}
|
|
4929
4948
|
|
|
4930
|
-
/*! @azure/msal-common v16.
|
|
4949
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4931
4950
|
|
|
4932
4951
|
/*
|
|
4933
4952
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5041,7 +5060,7 @@
|
|
|
5041
5060
|
return response;
|
|
5042
5061
|
}
|
|
5043
5062
|
|
|
5044
|
-
/*! @azure/msal-common v16.
|
|
5063
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5045
5064
|
/*
|
|
5046
5065
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5047
5066
|
* Licensed under the MIT License.
|
|
@@ -5053,7 +5072,7 @@
|
|
|
5053
5072
|
response.hasOwnProperty("jwks_uri"));
|
|
5054
5073
|
}
|
|
5055
5074
|
|
|
5056
|
-
/*! @azure/msal-common v16.
|
|
5075
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5057
5076
|
/*
|
|
5058
5077
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5059
5078
|
* Licensed under the MIT License.
|
|
@@ -5063,7 +5082,7 @@
|
|
|
5063
5082
|
response.hasOwnProperty("metadata"));
|
|
5064
5083
|
}
|
|
5065
5084
|
|
|
5066
|
-
/*! @azure/msal-common v16.
|
|
5085
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5067
5086
|
/*
|
|
5068
5087
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5069
5088
|
* Licensed under the MIT License.
|
|
@@ -5073,7 +5092,7 @@
|
|
|
5073
5092
|
response.hasOwnProperty("error_description"));
|
|
5074
5093
|
}
|
|
5075
5094
|
|
|
5076
|
-
/*! @azure/msal-common v16.
|
|
5095
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5077
5096
|
|
|
5078
5097
|
/*
|
|
5079
5098
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5178,7 +5197,7 @@
|
|
|
5178
5197
|
},
|
|
5179
5198
|
};
|
|
5180
5199
|
|
|
5181
|
-
/*! @azure/msal-common v16.
|
|
5200
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5182
5201
|
|
|
5183
5202
|
/*
|
|
5184
5203
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5735,7 +5754,7 @@
|
|
|
5735
5754
|
}
|
|
5736
5755
|
}
|
|
5737
5756
|
// If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
|
|
5738
|
-
if (this.isInKnownAuthorities()) {
|
|
5757
|
+
if (this.isInKnownAuthorities(this.hostnameAndPort)) {
|
|
5739
5758
|
this.logger.verbose("0mt9al", this.correlationId);
|
|
5740
5759
|
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
5741
5760
|
}
|
|
@@ -5802,13 +5821,14 @@
|
|
|
5802
5821
|
return match;
|
|
5803
5822
|
}
|
|
5804
5823
|
/**
|
|
5805
|
-
* Helper function to determine if
|
|
5824
|
+
* Helper function to determine if a host is included in the knownAuthorities config option.
|
|
5806
5825
|
*/
|
|
5807
|
-
isInKnownAuthorities() {
|
|
5826
|
+
isInKnownAuthorities(host) {
|
|
5827
|
+
const normalizedHost = host.toLowerCase();
|
|
5808
5828
|
const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
|
|
5809
5829
|
return (authority &&
|
|
5810
5830
|
UrlString.getDomainFromUrl(authority).toLowerCase() ===
|
|
5811
|
-
|
|
5831
|
+
normalizedHost);
|
|
5812
5832
|
});
|
|
5813
5833
|
return matches.length > 0;
|
|
5814
5834
|
}
|
|
@@ -5885,6 +5905,10 @@
|
|
|
5885
5905
|
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
5886
5906
|
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
5887
5907
|
* path.
|
|
5908
|
+
* 5. The issuer host is HTTPS and is explicitly listed in the
|
|
5909
|
+
* developer-configured `knownAuthorities`. This covers scenarios where
|
|
5910
|
+
* the OIDC discovery document returns an issuer host that differs from
|
|
5911
|
+
* the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
|
|
5888
5912
|
*
|
|
5889
5913
|
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
5890
5914
|
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
@@ -5921,11 +5945,19 @@
|
|
|
5921
5945
|
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
5922
5946
|
*/
|
|
5923
5947
|
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
5948
|
+
/*
|
|
5949
|
+
* Rule 5: The issuer host is explicitly listed in the developer-configured
|
|
5950
|
+
* knownAuthorities. This covers scenarios where the OIDC discovery document
|
|
5951
|
+
* returns an issuer with a different host than the authority
|
|
5952
|
+
* (e.g., a GUID-based issuer for a name-based authority).
|
|
5953
|
+
*/
|
|
5954
|
+
const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
|
|
5924
5955
|
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
5925
5956
|
if (matchesAuthorityOrigin ||
|
|
5926
5957
|
matchesKnownMicrosoftHost ||
|
|
5927
5958
|
matchesRegionalMicrosoftHost ||
|
|
5928
|
-
matchesCiamTenantPattern
|
|
5959
|
+
matchesCiamTenantPattern ||
|
|
5960
|
+
matchesKnownAuthority) {
|
|
5929
5961
|
return;
|
|
5930
5962
|
}
|
|
5931
5963
|
// issuer validation fails if none of the above rules are satisfied
|
|
@@ -6133,7 +6165,7 @@
|
|
|
6133
6165
|
};
|
|
6134
6166
|
}
|
|
6135
6167
|
|
|
6136
|
-
/*! @azure/msal-common v16.
|
|
6168
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6137
6169
|
|
|
6138
6170
|
/*
|
|
6139
6171
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6167,7 +6199,7 @@
|
|
|
6167
6199
|
}
|
|
6168
6200
|
}
|
|
6169
6201
|
|
|
6170
|
-
/*! @azure/msal-common v16.
|
|
6202
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6171
6203
|
|
|
6172
6204
|
/*
|
|
6173
6205
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6424,7 +6456,7 @@
|
|
|
6424
6456
|
}
|
|
6425
6457
|
}
|
|
6426
6458
|
|
|
6427
|
-
/*! @azure/msal-common v16.
|
|
6459
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6428
6460
|
|
|
6429
6461
|
/*
|
|
6430
6462
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6645,7 +6677,7 @@
|
|
|
6645
6677
|
}
|
|
6646
6678
|
}
|
|
6647
6679
|
|
|
6648
|
-
/*! @azure/msal-common v16.
|
|
6680
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6649
6681
|
|
|
6650
6682
|
/*
|
|
6651
6683
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6761,7 +6793,7 @@
|
|
|
6761
6793
|
}
|
|
6762
6794
|
}
|
|
6763
6795
|
|
|
6764
|
-
/*! @azure/msal-common v16.
|
|
6796
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6765
6797
|
|
|
6766
6798
|
/*
|
|
6767
6799
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6776,7 +6808,7 @@
|
|
|
6776
6808
|
},
|
|
6777
6809
|
};
|
|
6778
6810
|
|
|
6779
|
-
/*! @azure/msal-common v16.
|
|
6811
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6780
6812
|
|
|
6781
6813
|
/*
|
|
6782
6814
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6999,7 +7031,7 @@
|
|
|
6999
7031
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7000
7032
|
}
|
|
7001
7033
|
|
|
7002
|
-
/*! @azure/msal-common v16.
|
|
7034
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7003
7035
|
|
|
7004
7036
|
/*
|
|
7005
7037
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7032,7 +7064,7 @@
|
|
|
7032
7064
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7033
7065
|
}
|
|
7034
7066
|
|
|
7035
|
-
/*! @azure/msal-common v16.
|
|
7067
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7036
7068
|
/*
|
|
7037
7069
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7038
7070
|
* Licensed under the MIT License.
|
|
@@ -7042,7 +7074,7 @@
|
|
|
7042
7074
|
*/
|
|
7043
7075
|
const unexpectedError = "unexpected_error";
|
|
7044
7076
|
|
|
7045
|
-
/*! @azure/msal-common v16.
|
|
7077
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7046
7078
|
|
|
7047
7079
|
/*
|
|
7048
7080
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7153,35 +7185,40 @@
|
|
|
7153
7185
|
* @param error
|
|
7154
7186
|
*/
|
|
7155
7187
|
cacheFailedRequest(error) {
|
|
7156
|
-
|
|
7157
|
-
|
|
7158
|
-
|
|
7159
|
-
|
|
7160
|
-
|
|
7161
|
-
|
|
7162
|
-
|
|
7163
|
-
|
|
7164
|
-
|
|
7165
|
-
|
|
7166
|
-
if (error instanceof
|
|
7167
|
-
if (error
|
|
7168
|
-
|
|
7169
|
-
|
|
7170
|
-
|
|
7171
|
-
|
|
7188
|
+
try {
|
|
7189
|
+
const lastRequests = this.getLastRequests();
|
|
7190
|
+
if (lastRequests.errors.length >=
|
|
7191
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
7192
|
+
// Remove a cached error to make room, first in first out
|
|
7193
|
+
lastRequests.failedRequests.shift(); // apiId
|
|
7194
|
+
lastRequests.failedRequests.shift(); // correlationId
|
|
7195
|
+
lastRequests.errors.shift();
|
|
7196
|
+
}
|
|
7197
|
+
lastRequests.failedRequests.push(this.apiId, this.correlationId);
|
|
7198
|
+
if (error instanceof Error && !!error && error.toString()) {
|
|
7199
|
+
if (error instanceof AuthError) {
|
|
7200
|
+
if (error.subError) {
|
|
7201
|
+
lastRequests.errors.push(error.subError);
|
|
7202
|
+
}
|
|
7203
|
+
else if (error.errorCode) {
|
|
7204
|
+
lastRequests.errors.push(error.errorCode);
|
|
7205
|
+
}
|
|
7206
|
+
else {
|
|
7207
|
+
lastRequests.errors.push(error.toString());
|
|
7208
|
+
}
|
|
7172
7209
|
}
|
|
7173
7210
|
else {
|
|
7174
7211
|
lastRequests.errors.push(error.toString());
|
|
7175
7212
|
}
|
|
7176
7213
|
}
|
|
7177
7214
|
else {
|
|
7178
|
-
lastRequests.errors.push(
|
|
7215
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
7179
7216
|
}
|
|
7217
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7180
7218
|
}
|
|
7181
|
-
|
|
7182
|
-
|
|
7219
|
+
catch {
|
|
7220
|
+
// Ignore telemetry cache failures to avoid masking the original auth error path.
|
|
7183
7221
|
}
|
|
7184
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7185
7222
|
return;
|
|
7186
7223
|
}
|
|
7187
7224
|
/**
|
|
@@ -7301,9 +7338,36 @@
|
|
|
7301
7338
|
static makeExtraSkuString(params) {
|
|
7302
7339
|
return makeExtraSkuString(params);
|
|
7303
7340
|
}
|
|
7341
|
+
}
|
|
7342
|
+
/** @internal */
|
|
7343
|
+
class StubServerTelemetryManager extends ServerTelemetryManager {
|
|
7344
|
+
constructor() {
|
|
7345
|
+
super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
|
|
7346
|
+
}
|
|
7347
|
+
generateCurrentRequestHeaderValue() {
|
|
7348
|
+
return "";
|
|
7349
|
+
}
|
|
7350
|
+
generateLastRequestHeaderValue() {
|
|
7351
|
+
return "";
|
|
7352
|
+
}
|
|
7353
|
+
cacheFailedRequest() { }
|
|
7354
|
+
incrementCacheHits() {
|
|
7355
|
+
return 0;
|
|
7356
|
+
}
|
|
7357
|
+
clearTelemetryCache() { }
|
|
7358
|
+
getRegionDiscoveryFields() {
|
|
7359
|
+
return "";
|
|
7360
|
+
}
|
|
7361
|
+
updateRegionDiscoveryMetadata() { }
|
|
7362
|
+
setCacheOutcome() { }
|
|
7363
|
+
setNativeBrokerErrorCode() { }
|
|
7364
|
+
getNativeBrokerErrorCode() {
|
|
7365
|
+
return undefined;
|
|
7366
|
+
}
|
|
7367
|
+
clearNativeBrokerErrorCode() { }
|
|
7304
7368
|
}
|
|
7305
7369
|
|
|
7306
|
-
/*! @azure/msal-common v16.
|
|
7370
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7307
7371
|
|
|
7308
7372
|
/*
|
|
7309
7373
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7324,7 +7388,7 @@
|
|
|
7324
7388
|
return new JoseHeaderError(code);
|
|
7325
7389
|
}
|
|
7326
7390
|
|
|
7327
|
-
/*! @azure/msal-common v16.
|
|
7391
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7328
7392
|
/*
|
|
7329
7393
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7330
7394
|
* Licensed under the MIT License.
|
|
@@ -7332,7 +7396,7 @@
|
|
|
7332
7396
|
const missingKidError = "missing_kid_error";
|
|
7333
7397
|
const missingAlgError = "missing_alg_error";
|
|
7334
7398
|
|
|
7335
|
-
/*! @azure/msal-common v16.
|
|
7399
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7336
7400
|
|
|
7337
7401
|
/*
|
|
7338
7402
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7767,7 +7831,7 @@
|
|
|
7767
7831
|
|
|
7768
7832
|
/* eslint-disable header/header */
|
|
7769
7833
|
const name = "@azure/msal-browser";
|
|
7770
|
-
const version = "5.
|
|
7834
|
+
const version = "5.13.0";
|
|
7771
7835
|
|
|
7772
7836
|
/*
|
|
7773
7837
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8360,7 +8424,6 @@
|
|
|
8360
8424
|
*/
|
|
8361
8425
|
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8362
8426
|
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8363
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8364
8427
|
/**
|
|
8365
8428
|
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8366
8429
|
*/
|
|
@@ -8661,6 +8724,43 @@
|
|
|
8661
8724
|
return new BrowserAuthError(errorCode, subError);
|
|
8662
8725
|
}
|
|
8663
8726
|
|
|
8727
|
+
/*
|
|
8728
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8729
|
+
* Licensed under the MIT License.
|
|
8730
|
+
*/
|
|
8731
|
+
/**
|
|
8732
|
+
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8733
|
+
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8734
|
+
*/
|
|
8735
|
+
/**
|
|
8736
|
+
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8737
|
+
* @param input
|
|
8738
|
+
*/
|
|
8739
|
+
function base64Decode(input) {
|
|
8740
|
+
return new TextDecoder().decode(base64DecToArr(input));
|
|
8741
|
+
}
|
|
8742
|
+
/**
|
|
8743
|
+
* Decodes base64 into Uint8Array
|
|
8744
|
+
* @param base64String
|
|
8745
|
+
*/
|
|
8746
|
+
function base64DecToArr(base64String) {
|
|
8747
|
+
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8748
|
+
switch (encodedString.length % 4) {
|
|
8749
|
+
case 0:
|
|
8750
|
+
break;
|
|
8751
|
+
case 2:
|
|
8752
|
+
encodedString += "==";
|
|
8753
|
+
break;
|
|
8754
|
+
case 3:
|
|
8755
|
+
encodedString += "=";
|
|
8756
|
+
break;
|
|
8757
|
+
default:
|
|
8758
|
+
throw createBrowserAuthError(invalidBase64String);
|
|
8759
|
+
}
|
|
8760
|
+
const binString = atob(encodedString);
|
|
8761
|
+
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8762
|
+
}
|
|
8763
|
+
|
|
8664
8764
|
/*
|
|
8665
8765
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8666
8766
|
* Licensed under the MIT License.
|
|
@@ -8705,43 +8805,6 @@
|
|
|
8705
8805
|
return btoa(binString);
|
|
8706
8806
|
}
|
|
8707
8807
|
|
|
8708
|
-
/*
|
|
8709
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8710
|
-
* Licensed under the MIT License.
|
|
8711
|
-
*/
|
|
8712
|
-
/**
|
|
8713
|
-
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8714
|
-
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8715
|
-
*/
|
|
8716
|
-
/**
|
|
8717
|
-
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8718
|
-
* @param input
|
|
8719
|
-
*/
|
|
8720
|
-
function base64Decode(input) {
|
|
8721
|
-
return new TextDecoder().decode(base64DecToArr(input));
|
|
8722
|
-
}
|
|
8723
|
-
/**
|
|
8724
|
-
* Decodes base64 into Uint8Array
|
|
8725
|
-
* @param base64String
|
|
8726
|
-
*/
|
|
8727
|
-
function base64DecToArr(base64String) {
|
|
8728
|
-
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8729
|
-
switch (encodedString.length % 4) {
|
|
8730
|
-
case 0:
|
|
8731
|
-
break;
|
|
8732
|
-
case 2:
|
|
8733
|
-
encodedString += "==";
|
|
8734
|
-
break;
|
|
8735
|
-
case 3:
|
|
8736
|
-
encodedString += "=";
|
|
8737
|
-
break;
|
|
8738
|
-
default:
|
|
8739
|
-
throw createBrowserAuthError(invalidBase64String);
|
|
8740
|
-
}
|
|
8741
|
-
const binString = atob(encodedString);
|
|
8742
|
-
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8743
|
-
}
|
|
8744
|
-
|
|
8745
8808
|
/*
|
|
8746
8809
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8747
8810
|
* Licensed under the MIT License.
|
|
@@ -9210,7 +9273,7 @@
|
|
|
9210
9273
|
activeBridgeMonitor = null;
|
|
9211
9274
|
}
|
|
9212
9275
|
}
|
|
9213
|
-
async function waitForBridgeResponse(timeoutMs, logger,
|
|
9276
|
+
async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
|
|
9214
9277
|
return new Promise((resolve, reject) => {
|
|
9215
9278
|
logger.verbose("BrowserUtils.waitForBridgeResponse - started", request.correlationId);
|
|
9216
9279
|
const correlationId = request.correlationId;
|
|
@@ -9218,7 +9281,7 @@
|
|
|
9218
9281
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9219
9282
|
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9220
9283
|
}, correlationId);
|
|
9221
|
-
const { libraryState } = parseRequestState(
|
|
9284
|
+
const { libraryState } = parseRequestState(base64Decode, request.state || "");
|
|
9222
9285
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9223
9286
|
let responseString = undefined;
|
|
9224
9287
|
let timedOut$1 = false;
|
|
@@ -9435,10 +9498,15 @@
|
|
|
9435
9498
|
* @param browserStorage - Browser cache manager instance for storing telemetry data
|
|
9436
9499
|
* @param logger - Optional logger instance for verbose logging
|
|
9437
9500
|
* @param forceRefresh - Optional flag to force refresh of telemetry data
|
|
9501
|
+
* @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
|
|
9438
9502
|
* @returns Configured ServerTelemetryManager instance
|
|
9439
9503
|
*/
|
|
9440
|
-
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
|
|
9504
|
+
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
|
|
9441
9505
|
logger.verbose("initializeServerTelemetryManager called", correlationId);
|
|
9506
|
+
if (!enabled) {
|
|
9507
|
+
logger.verbose("Server telemetry is disabled in configuration. Skipping telemetry manager initialization.", correlationId);
|
|
9508
|
+
return new StubServerTelemetryManager();
|
|
9509
|
+
}
|
|
9442
9510
|
const telemetryPayload = {
|
|
9443
9511
|
clientId: clientId,
|
|
9444
9512
|
correlationId: correlationId,
|
|
@@ -14998,6 +15066,15 @@
|
|
|
14998
15066
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
14999
15067
|
* Licensed under the MIT License.
|
|
15000
15068
|
*/
|
|
15069
|
+
/**
|
|
15070
|
+
* Reason an old-schema cache entry was removed during migration.
|
|
15071
|
+
*/
|
|
15072
|
+
const MigrationRemovalReason = {
|
|
15073
|
+
Invalid: "invalid",
|
|
15074
|
+
TtlExpired: "ttlExpired",
|
|
15075
|
+
DecryptFailed: "decryptFailed",
|
|
15076
|
+
Expired: "expired",
|
|
15077
|
+
};
|
|
15001
15078
|
/**
|
|
15002
15079
|
* This class implements the cache storage interface for MSAL through browser local or session storage.
|
|
15003
15080
|
*/
|
|
@@ -15067,7 +15144,10 @@
|
|
|
15067
15144
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
15068
15145
|
if (!parsedValue) {
|
|
15069
15146
|
this.browserStorage.removeItem(key);
|
|
15070
|
-
return
|
|
15147
|
+
return {
|
|
15148
|
+
entry: null,
|
|
15149
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
15150
|
+
};
|
|
15071
15151
|
}
|
|
15072
15152
|
if (!parsedValue.lastUpdatedAt) {
|
|
15073
15153
|
// Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
|
|
@@ -15076,25 +15156,42 @@
|
|
|
15076
15156
|
}
|
|
15077
15157
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
15078
15158
|
this.browserStorage.removeItem(key);
|
|
15079
|
-
|
|
15080
|
-
|
|
15159
|
+
return {
|
|
15160
|
+
entry: null,
|
|
15161
|
+
removalReason: MigrationRemovalReason.TtlExpired,
|
|
15162
|
+
};
|
|
15081
15163
|
}
|
|
15082
|
-
const
|
|
15164
|
+
const wasEncrypted = isEncrypted(parsedValue);
|
|
15165
|
+
const decryptedData = wasEncrypted
|
|
15083
15166
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
15084
15167
|
: parsedValue;
|
|
15085
|
-
if (!decryptedData
|
|
15086
|
-
this.
|
|
15087
|
-
return
|
|
15168
|
+
if (!decryptedData) {
|
|
15169
|
+
this.browserStorage.removeItem(key);
|
|
15170
|
+
return {
|
|
15171
|
+
entry: null,
|
|
15172
|
+
removalReason: wasEncrypted
|
|
15173
|
+
? MigrationRemovalReason.DecryptFailed
|
|
15174
|
+
: MigrationRemovalReason.Invalid,
|
|
15175
|
+
};
|
|
15176
|
+
}
|
|
15177
|
+
if (!isCredentialEntity(decryptedData)) {
|
|
15178
|
+
this.browserStorage.removeItem(key);
|
|
15179
|
+
return {
|
|
15180
|
+
entry: null,
|
|
15181
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
15182
|
+
};
|
|
15088
15183
|
}
|
|
15089
15184
|
if ((isAccessTokenEntity(decryptedData) ||
|
|
15090
15185
|
isRefreshTokenEntity(decryptedData)) &&
|
|
15091
15186
|
decryptedData.expiresOn &&
|
|
15092
15187
|
isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
|
|
15093
15188
|
this.browserStorage.removeItem(key);
|
|
15094
|
-
|
|
15095
|
-
|
|
15189
|
+
return {
|
|
15190
|
+
entry: null,
|
|
15191
|
+
removalReason: MigrationRemovalReason.Expired,
|
|
15192
|
+
};
|
|
15096
15193
|
}
|
|
15097
|
-
return decryptedData;
|
|
15194
|
+
return { entry: decryptedData };
|
|
15098
15195
|
}
|
|
15099
15196
|
/**
|
|
15100
15197
|
* Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
|
|
@@ -15113,6 +15210,8 @@
|
|
|
15113
15210
|
const rawValue = this.browserStorage.getItem(accountKey);
|
|
15114
15211
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
15115
15212
|
if (!parsedValue) {
|
|
15213
|
+
this.browserStorage.removeItem(accountKey);
|
|
15214
|
+
this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
|
|
15116
15215
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15117
15216
|
continue;
|
|
15118
15217
|
}
|
|
@@ -15125,8 +15224,20 @@
|
|
|
15125
15224
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
15126
15225
|
// Cache expired remove account and associated tokens
|
|
15127
15226
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
15227
|
+
this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
|
|
15128
15228
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15129
15229
|
}
|
|
15230
|
+
else if (isEncrypted(parsedValue)) {
|
|
15231
|
+
// Remove accounts encrypted with a different key (session cookie expired/changed)
|
|
15232
|
+
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
15233
|
+
if (!decrypted) {
|
|
15234
|
+
this.browserStorage.removeItem(accountKey);
|
|
15235
|
+
this.performanceClient.incrementFields({
|
|
15236
|
+
decryptFailedAcntCount: 1,
|
|
15237
|
+
}, correlationId);
|
|
15238
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15239
|
+
}
|
|
15240
|
+
}
|
|
15130
15241
|
}
|
|
15131
15242
|
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
15132
15243
|
}
|
|
@@ -15164,7 +15275,6 @@
|
|
|
15164
15275
|
});
|
|
15165
15276
|
this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
|
|
15166
15277
|
}
|
|
15167
|
-
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
15168
15278
|
this.browserStorage.removeItem(accountKey);
|
|
15169
15279
|
}
|
|
15170
15280
|
/**
|
|
@@ -15203,8 +15313,20 @@
|
|
|
15203
15313
|
const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
|
|
15204
15314
|
for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
|
|
15205
15315
|
this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
|
|
15206
|
-
const
|
|
15316
|
+
const result = await this.updateOldEntry(idTokenKey, correlationId);
|
|
15317
|
+
const oldSchemaData = result.entry;
|
|
15207
15318
|
if (!oldSchemaData) {
|
|
15319
|
+
switch (result.removalReason) {
|
|
15320
|
+
case MigrationRemovalReason.TtlExpired:
|
|
15321
|
+
this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
|
|
15322
|
+
break;
|
|
15323
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
15324
|
+
this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
|
|
15325
|
+
break;
|
|
15326
|
+
case MigrationRemovalReason.Invalid:
|
|
15327
|
+
this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
|
|
15328
|
+
break;
|
|
15329
|
+
}
|
|
15208
15330
|
removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
|
|
15209
15331
|
continue;
|
|
15210
15332
|
}
|
|
@@ -15283,8 +15405,23 @@
|
|
|
15283
15405
|
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
15284
15406
|
for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
|
|
15285
15407
|
this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
|
|
15286
|
-
const
|
|
15408
|
+
const result = await this.updateOldEntry(accessTokenKey, correlationId);
|
|
15409
|
+
const oldSchemaData = result.entry;
|
|
15287
15410
|
if (!oldSchemaData) {
|
|
15411
|
+
switch (result.removalReason) {
|
|
15412
|
+
case MigrationRemovalReason.TtlExpired:
|
|
15413
|
+
this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
|
|
15414
|
+
break;
|
|
15415
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
15416
|
+
this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
|
|
15417
|
+
break;
|
|
15418
|
+
case MigrationRemovalReason.Expired:
|
|
15419
|
+
this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
|
|
15420
|
+
break;
|
|
15421
|
+
case MigrationRemovalReason.Invalid:
|
|
15422
|
+
this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
|
|
15423
|
+
break;
|
|
15424
|
+
}
|
|
15288
15425
|
removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
|
|
15289
15426
|
continue;
|
|
15290
15427
|
}
|
|
@@ -15330,8 +15467,23 @@
|
|
|
15330
15467
|
...credentialKeysToMigrate.refreshToken,
|
|
15331
15468
|
]) {
|
|
15332
15469
|
this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
|
|
15333
|
-
const
|
|
15470
|
+
const result = await this.updateOldEntry(refreshTokenKey, correlationId);
|
|
15471
|
+
const oldSchemaData = result.entry;
|
|
15334
15472
|
if (!oldSchemaData) {
|
|
15473
|
+
switch (result.removalReason) {
|
|
15474
|
+
case MigrationRemovalReason.TtlExpired:
|
|
15475
|
+
this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
|
|
15476
|
+
break;
|
|
15477
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
15478
|
+
this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
|
|
15479
|
+
break;
|
|
15480
|
+
case MigrationRemovalReason.Expired:
|
|
15481
|
+
this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
|
|
15482
|
+
break;
|
|
15483
|
+
case MigrationRemovalReason.Invalid:
|
|
15484
|
+
this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
|
|
15485
|
+
break;
|
|
15486
|
+
}
|
|
15335
15487
|
removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
|
|
15336
15488
|
continue;
|
|
15337
15489
|
}
|
|
@@ -16656,7 +16808,7 @@
|
|
|
16656
16808
|
const NO_NETWORK = "NO_NETWORK";
|
|
16657
16809
|
const DISABLED = "DISABLED";
|
|
16658
16810
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
16659
|
-
const
|
|
16811
|
+
const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
|
|
16660
16812
|
|
|
16661
16813
|
/*
|
|
16662
16814
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -16711,8 +16863,8 @@
|
|
|
16711
16863
|
return createBrowserAuthError(userCancelled);
|
|
16712
16864
|
case NO_NETWORK:
|
|
16713
16865
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
16714
|
-
case
|
|
16715
|
-
return createInteractionRequiredAuthError(
|
|
16866
|
+
case UI_NOT_ALLOWED:
|
|
16867
|
+
return createInteractionRequiredAuthError(uiNotAllowed);
|
|
16716
16868
|
}
|
|
16717
16869
|
}
|
|
16718
16870
|
return new NativeAuthError(code, description, ext);
|
|
@@ -16729,7 +16881,7 @@
|
|
|
16729
16881
|
*/
|
|
16730
16882
|
async acquireToken(silentRequest) {
|
|
16731
16883
|
// Telemetry manager only used to increment cacheHits here
|
|
16732
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
16884
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
16733
16885
|
const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
|
|
16734
16886
|
serverTelemetryManager,
|
|
16735
16887
|
requestAuthority: silentRequest.authority,
|
|
@@ -16805,7 +16957,7 @@
|
|
|
16805
16957
|
// start the perf measurement
|
|
16806
16958
|
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
16807
16959
|
const reqTimestamp = nowSeconds();
|
|
16808
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
16960
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
16809
16961
|
try {
|
|
16810
16962
|
// initialize native request
|
|
16811
16963
|
const nativeRequest = await this.initializePlatformRequest(request);
|
|
@@ -16929,7 +17081,7 @@
|
|
|
16929
17081
|
catch (e) {
|
|
16930
17082
|
// Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
|
|
16931
17083
|
if (e instanceof NativeAuthError) {
|
|
16932
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
17084
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
16933
17085
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
16934
17086
|
if (isFatalNativeAuthError(e)) {
|
|
16935
17087
|
throw e;
|
|
@@ -16943,7 +17095,7 @@
|
|
|
16943
17095
|
noHistory: false,
|
|
16944
17096
|
};
|
|
16945
17097
|
const redirectUri = navigateToLoginRequestUrl
|
|
16946
|
-
? window.location.href
|
|
17098
|
+
? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
|
|
16947
17099
|
: getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
16948
17100
|
rootMeasurement.end({ success: true });
|
|
16949
17101
|
await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
|
|
@@ -16976,7 +17128,7 @@
|
|
|
16976
17128
|
this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker.", this.correlationId);
|
|
16977
17129
|
const response = await this.platformAuthProvider.sendMessage(request);
|
|
16978
17130
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
16979
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
17131
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
16980
17132
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
16981
17133
|
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
16982
17134
|
return authResult;
|
|
@@ -17983,6 +18135,7 @@
|
|
|
17983
18135
|
nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
|
|
17984
18136
|
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
|
|
17985
18137
|
protocolMode: ProtocolMode.AAD,
|
|
18138
|
+
serverTelemetryEnabled: false,
|
|
17986
18139
|
};
|
|
17987
18140
|
const providedSystemOptions = {
|
|
17988
18141
|
...DEFAULT_BROWSER_SYSTEM_OPTIONS,
|
|
@@ -18512,10 +18665,11 @@
|
|
|
18512
18665
|
* Licensed under the MIT License.
|
|
18513
18666
|
*/
|
|
18514
18667
|
class PopupClient extends StandardInteractionClient {
|
|
18515
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
|
|
18668
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
|
|
18516
18669
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
|
|
18517
18670
|
this.nativeStorage = nativeStorageImpl;
|
|
18518
18671
|
this.eventHandler = eventHandler;
|
|
18672
|
+
this.waitForPopupResponseHook = waitForPopupResponseHook;
|
|
18519
18673
|
}
|
|
18520
18674
|
/**
|
|
18521
18675
|
* Acquires tokens by opening a popup window to the /authorize endpoint of the authority
|
|
@@ -18623,7 +18777,7 @@
|
|
|
18623
18777
|
*/
|
|
18624
18778
|
async executeCodeFlow(request, popupParams, pkceCodes) {
|
|
18625
18779
|
const correlationId = request.correlationId;
|
|
18626
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
18780
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
18627
18781
|
const pkce = pkceCodes ||
|
|
18628
18782
|
(await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
|
|
18629
18783
|
const popupRequest = {
|
|
@@ -18649,7 +18803,7 @@
|
|
|
18649
18803
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
18650
18804
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
|
|
18651
18805
|
// Wait for the redirect bridge response
|
|
18652
|
-
const responseString = await
|
|
18806
|
+
const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
|
|
18653
18807
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18654
18808
|
return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
18655
18809
|
}
|
|
@@ -18684,11 +18838,11 @@
|
|
|
18684
18838
|
const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
|
|
18685
18839
|
form.submit();
|
|
18686
18840
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
18687
|
-
const responseString = await invokeAsync(
|
|
18841
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
|
|
18688
18842
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18689
18843
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
18690
18844
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
18691
|
-
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
18845
|
+
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
18692
18846
|
requestAuthority: request.authority,
|
|
18693
18847
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
18694
18848
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -18709,7 +18863,7 @@
|
|
|
18709
18863
|
const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
|
|
18710
18864
|
form.submit();
|
|
18711
18865
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
18712
|
-
const responseString = await invokeAsync(
|
|
18866
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
|
|
18713
18867
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18714
18868
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
18715
18869
|
}
|
|
@@ -18725,7 +18879,7 @@
|
|
|
18725
18879
|
async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
|
|
18726
18880
|
this.logger.verbose("logoutPopupAsync called", this.correlationId);
|
|
18727
18881
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Popup, validRequest);
|
|
18728
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
18882
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
18729
18883
|
try {
|
|
18730
18884
|
// Clear cache on logout
|
|
18731
18885
|
await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
|
|
@@ -18766,7 +18920,7 @@
|
|
|
18766
18920
|
// Open the popup window to requestUrl.
|
|
18767
18921
|
const popupWindow = this.openPopup(logoutUri, popupParams);
|
|
18768
18922
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
|
|
18769
|
-
await
|
|
18923
|
+
await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
|
|
18770
18924
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
18771
18925
|
});
|
|
18772
18926
|
if (mainWindowRedirectUri) {
|
|
@@ -18845,6 +18999,19 @@
|
|
|
18845
18999
|
if (!popupWindow) {
|
|
18846
19000
|
throw createBrowserAuthError(emptyWindowError);
|
|
18847
19001
|
}
|
|
19002
|
+
try {
|
|
19003
|
+
popupWindow.document.title = "Microsoft Authentication";
|
|
19004
|
+
}
|
|
19005
|
+
catch (e) {
|
|
19006
|
+
if (typeof DOMException !== "undefined" &&
|
|
19007
|
+
e instanceof DOMException &&
|
|
19008
|
+
e.name === "SecurityError") {
|
|
19009
|
+
// Cross-origin - title cannot be set
|
|
19010
|
+
}
|
|
19011
|
+
else {
|
|
19012
|
+
this.logger.verbose("Could not set document.title on popup window", this.correlationId);
|
|
19013
|
+
}
|
|
19014
|
+
}
|
|
18848
19015
|
if (popupWindow.focus) {
|
|
18849
19016
|
popupWindow.focus();
|
|
18850
19017
|
}
|
|
@@ -18923,6 +19090,12 @@
|
|
|
18923
19090
|
const homeAccountId = request.account && request.account.homeAccountId;
|
|
18924
19091
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
18925
19092
|
}
|
|
19093
|
+
async waitForPopupResponse(request, popupWindow, popupWindowParent) {
|
|
19094
|
+
if (this.waitForPopupResponseHook) {
|
|
19095
|
+
return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
|
|
19096
|
+
}
|
|
19097
|
+
return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
|
|
19098
|
+
}
|
|
18926
19099
|
}
|
|
18927
19100
|
|
|
18928
19101
|
/*
|
|
@@ -18990,7 +19163,7 @@
|
|
|
18990
19163
|
*/
|
|
18991
19164
|
async executeCodeFlow(request) {
|
|
18992
19165
|
const correlationId = request.correlationId;
|
|
18993
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19166
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
18994
19167
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
18995
19168
|
const redirectRequest = {
|
|
18996
19169
|
...request,
|
|
@@ -19076,7 +19249,9 @@
|
|
|
19076
19249
|
* @param options {HandleRedirectPromiseOptions} options for handling redirect promise
|
|
19077
19250
|
*/
|
|
19078
19251
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
19079
|
-
const
|
|
19252
|
+
const originalTitle = document.title;
|
|
19253
|
+
document.title = "Microsoft Authentication";
|
|
19254
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19080
19255
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
19081
19256
|
try {
|
|
19082
19257
|
const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
|
|
@@ -19095,8 +19270,8 @@
|
|
|
19095
19270
|
}
|
|
19096
19271
|
// If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
|
|
19097
19272
|
const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
|
|
19098
|
-
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
|
|
19099
|
-
const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
|
|
19273
|
+
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
|
|
19274
|
+
const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
|
|
19100
19275
|
if (loginRequestUrlNormalized === currentUrlNormalized &&
|
|
19101
19276
|
navigateToLoginRequestUrl) {
|
|
19102
19277
|
// We are on the page we need to navigate to - handle hash
|
|
@@ -19129,8 +19304,8 @@
|
|
|
19129
19304
|
* The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
|
|
19130
19305
|
*/
|
|
19131
19306
|
let processHashOnRedirect = true;
|
|
19132
|
-
if (!loginRequestUrl
|
|
19133
|
-
// Redirect to home page if login request url is
|
|
19307
|
+
if (!loginRequestUrl) {
|
|
19308
|
+
// Redirect to home page if login request url is empty
|
|
19134
19309
|
const homepage = getHomepage();
|
|
19135
19310
|
// Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
|
|
19136
19311
|
this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
|
|
@@ -19158,6 +19333,9 @@
|
|
|
19158
19333
|
}
|
|
19159
19334
|
throw e;
|
|
19160
19335
|
}
|
|
19336
|
+
finally {
|
|
19337
|
+
document.title = originalTitle;
|
|
19338
|
+
}
|
|
19161
19339
|
}
|
|
19162
19340
|
/**
|
|
19163
19341
|
* Gets the response hash for a redirect request
|
|
@@ -19273,7 +19451,7 @@
|
|
|
19273
19451
|
async logout(logoutRequest) {
|
|
19274
19452
|
this.logger.verbose("logoutRedirect called", this.correlationId);
|
|
19275
19453
|
const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
|
|
19276
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19454
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19277
19455
|
try {
|
|
19278
19456
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Redirect, logoutRequest);
|
|
19279
19457
|
// Clear cache on logout
|
|
@@ -19354,7 +19532,10 @@
|
|
|
19354
19532
|
*/
|
|
19355
19533
|
getRedirectStartPage(requestStartPage) {
|
|
19356
19534
|
const redirectStartPage = requestStartPage || window.location.href;
|
|
19357
|
-
|
|
19535
|
+
const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
|
|
19536
|
+
// Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
|
|
19537
|
+
validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
|
|
19538
|
+
return absoluteRedirectStartPage;
|
|
19358
19539
|
}
|
|
19359
19540
|
}
|
|
19360
19541
|
|
|
@@ -19363,20 +19544,20 @@
|
|
|
19363
19544
|
* Licensed under the MIT License.
|
|
19364
19545
|
*/
|
|
19365
19546
|
/**
|
|
19366
|
-
*
|
|
19367
|
-
* @param
|
|
19368
|
-
* @param
|
|
19547
|
+
* Navigates the given hidden iframe to the provided URL.
|
|
19548
|
+
* @param frame
|
|
19549
|
+
* @param requestUrl
|
|
19369
19550
|
*/
|
|
19370
|
-
async function initiateCodeRequest(
|
|
19551
|
+
async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
|
|
19371
19552
|
if (!requestUrl) {
|
|
19372
19553
|
// Throw error if request URL is empty.
|
|
19373
19554
|
logger.info("Navigate url is empty", correlationId);
|
|
19374
19555
|
throw createBrowserAuthError(emptyNavigateUri);
|
|
19375
19556
|
}
|
|
19376
|
-
|
|
19557
|
+
frame.src = requestUrl;
|
|
19558
|
+
return frame;
|
|
19377
19559
|
}
|
|
19378
|
-
async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
|
|
19379
|
-
const frame = createHiddenIframe();
|
|
19560
|
+
async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
|
|
19380
19561
|
if (!frame.contentDocument) {
|
|
19381
19562
|
throw "No document associated with iframe!";
|
|
19382
19563
|
}
|
|
@@ -19384,8 +19565,7 @@
|
|
|
19384
19565
|
form.submit();
|
|
19385
19566
|
return frame;
|
|
19386
19567
|
}
|
|
19387
|
-
async function initiateEarRequest(config, authority, request, logger, performanceClient) {
|
|
19388
|
-
const frame = createHiddenIframe();
|
|
19568
|
+
async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
|
|
19389
19569
|
if (!frame.contentDocument) {
|
|
19390
19570
|
throw "No document associated with iframe!";
|
|
19391
19571
|
}
|
|
@@ -19395,24 +19575,14 @@
|
|
|
19395
19575
|
}
|
|
19396
19576
|
/**
|
|
19397
19577
|
* @hidden
|
|
19398
|
-
*
|
|
19399
|
-
*
|
|
19400
|
-
* @param frameName
|
|
19401
|
-
* @param logger
|
|
19402
|
-
*/
|
|
19403
|
-
function loadFrameSync(urlNavigate) {
|
|
19404
|
-
const frameHandle = createHiddenIframe();
|
|
19405
|
-
frameHandle.src = urlNavigate;
|
|
19406
|
-
return frameHandle;
|
|
19407
|
-
}
|
|
19408
|
-
/**
|
|
19409
|
-
* @hidden
|
|
19410
|
-
* Creates a new hidden iframe or gets an existing one for silent token renewal.
|
|
19578
|
+
* Creates a new hidden iframe for silent token renewal. Callers navigate it
|
|
19579
|
+
* (set `src` or submit a form) after registering the response listener.
|
|
19411
19580
|
* @ignore
|
|
19412
19581
|
*/
|
|
19413
19582
|
function createHiddenIframe() {
|
|
19414
19583
|
const authFrame = document.createElement("iframe");
|
|
19415
19584
|
authFrame.className = "msalSilentIframe";
|
|
19585
|
+
authFrame.title = "Microsoft Authentication";
|
|
19416
19586
|
authFrame.style.visibility = "hidden";
|
|
19417
19587
|
authFrame.style.position = "absolute";
|
|
19418
19588
|
authFrame.style.width = authFrame.style.height = "0";
|
|
@@ -19438,10 +19608,11 @@
|
|
|
19438
19608
|
* Licensed under the MIT License.
|
|
19439
19609
|
*/
|
|
19440
19610
|
class SilentIframeClient extends StandardInteractionClient {
|
|
19441
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
|
|
19611
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
|
|
19442
19612
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
|
|
19443
19613
|
this.apiId = apiId;
|
|
19444
19614
|
this.nativeStorage = nativeStorageImpl;
|
|
19615
|
+
this.waitForIframeResponseHook = waitForIframeResponseHook;
|
|
19445
19616
|
}
|
|
19446
19617
|
/**
|
|
19447
19618
|
* Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
|
|
@@ -19484,7 +19655,7 @@
|
|
|
19484
19655
|
*/
|
|
19485
19656
|
async executeCodeFlow(request) {
|
|
19486
19657
|
let authClient;
|
|
19487
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19658
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19488
19659
|
try {
|
|
19489
19660
|
// Initialize the client
|
|
19490
19661
|
authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
|
|
@@ -19526,11 +19697,22 @@
|
|
|
19526
19697
|
earJwk: earJwk,
|
|
19527
19698
|
codeChallenge: pkceCodes.challenge,
|
|
19528
19699
|
};
|
|
19529
|
-
|
|
19700
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
19701
|
+
const iframe = createHiddenIframe();
|
|
19530
19702
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19531
19703
|
let responseString;
|
|
19532
19704
|
try {
|
|
19533
|
-
|
|
19705
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
19706
|
+
responsePromise.catch(() => {
|
|
19707
|
+
/*
|
|
19708
|
+
* If navigation below throws before responsePromise is awaited,
|
|
19709
|
+
* the listener still rejects on timeout. Swallow it here so it
|
|
19710
|
+
* does not surface as an unhandled rejection; the navigation
|
|
19711
|
+
* error is propagated instead.
|
|
19712
|
+
*/
|
|
19713
|
+
});
|
|
19714
|
+
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
19715
|
+
responseString = await responsePromise;
|
|
19534
19716
|
}
|
|
19535
19717
|
finally {
|
|
19536
19718
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19539,7 +19721,7 @@
|
|
|
19539
19721
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
19540
19722
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
19541
19723
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
19542
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
19724
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
19543
19725
|
requestAuthority: request.authority,
|
|
19544
19726
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
19545
19727
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -19566,7 +19748,7 @@
|
|
|
19566
19748
|
// Create silent request
|
|
19567
19749
|
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
19568
19750
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
19569
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
19751
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
19570
19752
|
requestAuthority: silentRequest.authority,
|
|
19571
19753
|
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
19572
19754
|
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
@@ -19614,21 +19796,32 @@
|
|
|
19614
19796
|
...request,
|
|
19615
19797
|
codeChallenge: pkceCodes.challenge,
|
|
19616
19798
|
};
|
|
19617
|
-
|
|
19618
|
-
|
|
19619
|
-
iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19620
|
-
}
|
|
19621
|
-
else {
|
|
19622
|
-
// Create authorize request url
|
|
19623
|
-
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19624
|
-
// Get the frame handle for the silent request
|
|
19625
|
-
iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
19626
|
-
}
|
|
19799
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
19800
|
+
const iframe = createHiddenIframe();
|
|
19627
19801
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19628
19802
|
// Wait for response from the redirect bridge.
|
|
19629
19803
|
let responseString;
|
|
19630
19804
|
try {
|
|
19631
|
-
|
|
19805
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
19806
|
+
responsePromise.catch(() => {
|
|
19807
|
+
/*
|
|
19808
|
+
* If URL creation or navigation below throws before
|
|
19809
|
+
* responsePromise is awaited, the listener still rejects on
|
|
19810
|
+
* timeout. Swallow it here so it does not surface as an
|
|
19811
|
+
* unhandled rejection; the navigation error is propagated
|
|
19812
|
+
* instead.
|
|
19813
|
+
*/
|
|
19814
|
+
});
|
|
19815
|
+
if (request.httpMethod === HttpMethod$1.POST) {
|
|
19816
|
+
await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19817
|
+
}
|
|
19818
|
+
else {
|
|
19819
|
+
// Create authorize request url
|
|
19820
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19821
|
+
// Navigate the iframe to the authorize request url
|
|
19822
|
+
await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
|
|
19823
|
+
}
|
|
19824
|
+
responseString = await responsePromise;
|
|
19632
19825
|
}
|
|
19633
19826
|
finally {
|
|
19634
19827
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19636,6 +19829,12 @@
|
|
|
19636
19829
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
19637
19830
|
return { serverParams, pkceCodes, silentRequest };
|
|
19638
19831
|
}
|
|
19832
|
+
async waitForIframeResponse(iframe, request) {
|
|
19833
|
+
if (this.waitForIframeResponseHook) {
|
|
19834
|
+
return this.waitForIframeResponseHook(iframe, request);
|
|
19835
|
+
}
|
|
19836
|
+
return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
|
|
19837
|
+
}
|
|
19639
19838
|
}
|
|
19640
19839
|
|
|
19641
19840
|
/*
|
|
@@ -19657,7 +19856,7 @@
|
|
|
19657
19856
|
// Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
|
|
19658
19857
|
silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
19659
19858
|
}
|
|
19660
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19859
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19661
19860
|
const refreshTokenClient = await this.createRefreshTokenClient({
|
|
19662
19861
|
serverTelemetryManager,
|
|
19663
19862
|
authorityUrl: silentRequest.authority,
|
|
@@ -19737,7 +19936,7 @@
|
|
|
19737
19936
|
* Each auth request creates a new instance of *Client so we can safely use this.correlationId.
|
|
19738
19937
|
*/
|
|
19739
19938
|
this.correlationId);
|
|
19740
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19939
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19741
19940
|
try {
|
|
19742
19941
|
// Create auth code request (PKCE not needed)
|
|
19743
19942
|
const authCodeRequest = {
|
|
@@ -20090,6 +20289,8 @@
|
|
|
20090
20289
|
// Preflight request
|
|
20091
20290
|
const correlationId = this.getRequestCorrelationId(request);
|
|
20092
20291
|
this.logger.verbose("acquireTokenRedirect called", correlationId);
|
|
20292
|
+
redirectPreflightCheck(this.initialized, this.config);
|
|
20293
|
+
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
20093
20294
|
const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
|
|
20094
20295
|
atrMeasurement.add({
|
|
20095
20296
|
scenarioId: request.scenarioId,
|
|
@@ -20107,9 +20308,7 @@
|
|
|
20107
20308
|
return navigate;
|
|
20108
20309
|
};
|
|
20109
20310
|
try {
|
|
20110
|
-
redirectPreflightCheck(this.initialized, this.config);
|
|
20111
20311
|
enforceResourceParameter(this.config.auth.isMcp, request);
|
|
20112
|
-
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
20113
20312
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Redirect, request);
|
|
20114
20313
|
let result;
|
|
20115
20314
|
if (this.platformAuthProvider &&
|
|
@@ -20837,7 +21036,7 @@
|
|
|
20837
21036
|
* @param correlationId
|
|
20838
21037
|
*/
|
|
20839
21038
|
createPopupClient(correlationId) {
|
|
20840
|
-
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
21039
|
+
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
|
|
20841
21040
|
}
|
|
20842
21041
|
/**
|
|
20843
21042
|
* Returns new instance of the Redirect Interaction Client
|
|
@@ -20851,7 +21050,7 @@
|
|
|
20851
21050
|
* @param correlationId
|
|
20852
21051
|
*/
|
|
20853
21052
|
createSilentIframeClient(correlationId) {
|
|
20854
|
-
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
21053
|
+
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
|
|
20855
21054
|
}
|
|
20856
21055
|
/**
|
|
20857
21056
|
* Returns new instance of the Silent Cache Interaction Client
|
|
@@ -21624,7 +21823,7 @@
|
|
|
21624
21823
|
return;
|
|
21625
21824
|
}
|
|
21626
21825
|
}
|
|
21627
|
-
constructor(config) {
|
|
21826
|
+
constructor(config, responseHandlers) {
|
|
21628
21827
|
/*
|
|
21629
21828
|
* If loaded in an environment where window is not available,
|
|
21630
21829
|
* set internal flag to false so that further requests fail.
|
|
@@ -21632,6 +21831,7 @@
|
|
|
21632
21831
|
*/
|
|
21633
21832
|
this.browserEnvironment = typeof window !== "undefined";
|
|
21634
21833
|
this.config = buildConfiguration(config, this.browserEnvironment);
|
|
21834
|
+
this.responseHandlers = responseHandlers;
|
|
21635
21835
|
let sessionStorage;
|
|
21636
21836
|
try {
|
|
21637
21837
|
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
@@ -21668,6 +21868,13 @@
|
|
|
21668
21868
|
getConfig() {
|
|
21669
21869
|
return this.config;
|
|
21670
21870
|
}
|
|
21871
|
+
/**
|
|
21872
|
+
* Returns the internal response handlers supplied by PublicClientApplication, if any.
|
|
21873
|
+
* @returns AuthResponseHandlers | undefined
|
|
21874
|
+
*/
|
|
21875
|
+
getResponseHandlers() {
|
|
21876
|
+
return this.responseHandlers;
|
|
21877
|
+
}
|
|
21671
21878
|
/**
|
|
21672
21879
|
* Returns the MSAL Logger
|
|
21673
21880
|
* @returns Logger
|
|
@@ -22032,7 +22239,48 @@
|
|
|
22032
22239
|
constructor(configuration, controller) {
|
|
22033
22240
|
this.controller =
|
|
22034
22241
|
controller ||
|
|
22035
|
-
new StandardController(new StandardOperatingContext(configuration
|
|
22242
|
+
new StandardController(new StandardOperatingContext(configuration, {
|
|
22243
|
+
waitForPopupResponse: this.waitForPopupResponse.bind(this),
|
|
22244
|
+
waitForIframeResponse: this.waitForIframeResponse.bind(this),
|
|
22245
|
+
}));
|
|
22246
|
+
}
|
|
22247
|
+
/**
|
|
22248
|
+
* Waits for the auth response from a popup window opened by MSAL.
|
|
22249
|
+
*
|
|
22250
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
22251
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
22252
|
+
* with an `AuthError` on failure.
|
|
22253
|
+
*
|
|
22254
|
+
* @internal
|
|
22255
|
+
* @param request The in-flight authorization or end-session request.
|
|
22256
|
+
* @param popupWindow The popup window opened by MSAL.
|
|
22257
|
+
* @param popupWindowParent The parent window that opened the popup.
|
|
22258
|
+
*/
|
|
22259
|
+
async waitForPopupResponse(request,
|
|
22260
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22261
|
+
popupWindow,
|
|
22262
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22263
|
+
popupWindowParent) {
|
|
22264
|
+
const controller = this.controller;
|
|
22265
|
+
return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
|
|
22266
|
+
}
|
|
22267
|
+
/**
|
|
22268
|
+
* Waits for the auth response from a hidden iframe used by MSAL silent flows.
|
|
22269
|
+
*
|
|
22270
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
22271
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
22272
|
+
* with an `AuthError` on failure.
|
|
22273
|
+
*
|
|
22274
|
+
* @internal
|
|
22275
|
+
* @param iframe The hidden iframe MSAL attached to the document.
|
|
22276
|
+
* @param request The in-flight authorization request.
|
|
22277
|
+
*/
|
|
22278
|
+
async waitForIframeResponse(
|
|
22279
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
22280
|
+
iframe, request) {
|
|
22281
|
+
const controller = this.controller;
|
|
22282
|
+
const config = controller.getConfiguration();
|
|
22283
|
+
return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
|
|
22036
22284
|
}
|
|
22037
22285
|
/**
|
|
22038
22286
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|