@azure/msal-browser 5.11.0 → 5.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +44 -2
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +99 -15
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +3 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +5 -5
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +4 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +7 -6
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +30 -10
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +17 -9
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +2 -2
- package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +49 -20
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
- package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +13 -26
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1202 -1194
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +4 -5
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +15 -5
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +19 -11
- package/lib/custom-auth-path/msal-custom-auth.cjs +511 -263
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +511 -263
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +11 -3
- package/lib/msal-browser.cjs +539 -267
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +539 -267
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +2 -2
- package/src/app/PublicClientApplication.ts +85 -1
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
- package/src/cache/BrowserCacheManager.ts +157 -33
- package/src/config/Configuration.ts +6 -0
- package/src/controllers/StandardController.ts +10 -8
- package/src/error/NativeAuthError.ts +2 -2
- package/src/interaction_client/BaseInteractionClient.ts +12 -1
- package/src/interaction_client/PlatformAuthInteractionClient.ts +14 -4
- package/src/interaction_client/PopupClient.ts +74 -30
- package/src/interaction_client/RedirectClient.ts +32 -8
- package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
- package/src/interaction_client/SilentCacheClient.ts +3 -1
- package/src/interaction_client/SilentIframeClient.ts +140 -74
- package/src/interaction_client/SilentRefreshClient.ts +3 -1
- package/src/interaction_handler/SilentHandler.ts +12 -32
- package/src/operatingcontext/BaseOperatingContext.ts +15 -1
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +3 -7
- package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
- package/src/utils/BrowserUtils.ts +28 -7
- package/types/app/PublicClientApplication.d.ts +37 -1
- package/types/app/PublicClientApplication.d.ts.map +1 -1
- package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
- package/types/cache/BrowserCacheManager.d.ts +18 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +5 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
- package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +11 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts +20 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts +13 -6
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/redirect_bridge/index.d.ts.map +1 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/types/utils/BrowserUtils.d.ts +17 -2
- package/types/utils/BrowserUtils.d.ts.map +1 -1
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.13.0 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.
|
|
5
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
|
|
|
234
234
|
// Token renewal offset default in seconds
|
|
235
235
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
236
236
|
|
|
237
|
-
/*! @azure/msal-common v16.
|
|
237
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
238
238
|
/*
|
|
239
239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
240
240
|
* Licensed under the MIT License.
|
|
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
286
286
|
const RESOURCE = "resource";
|
|
287
287
|
const CLI_DATA = "clidata";
|
|
288
288
|
|
|
289
|
-
/*! @azure/msal-common v16.
|
|
289
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
290
290
|
/*
|
|
291
291
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
292
292
|
* Licensed under the MIT License.
|
|
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
317
317
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
318
318
|
}
|
|
319
319
|
|
|
320
|
-
/*! @azure/msal-common v16.
|
|
320
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
321
321
|
|
|
322
322
|
/*
|
|
323
323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
337
337
|
return new ClientConfigurationError(errorCode);
|
|
338
338
|
}
|
|
339
339
|
|
|
340
|
-
/*! @azure/msal-common v16.
|
|
340
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
341
341
|
/*
|
|
342
342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
343
343
|
* Licensed under the MIT License.
|
|
@@ -417,7 +417,7 @@ class StringUtils {
|
|
|
417
417
|
}
|
|
418
418
|
}
|
|
419
419
|
|
|
420
|
-
/*! @azure/msal-common v16.
|
|
420
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
421
421
|
|
|
422
422
|
/*
|
|
423
423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
440
440
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
441
441
|
}
|
|
442
442
|
|
|
443
|
-
/*! @azure/msal-common v16.
|
|
443
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
444
444
|
/*
|
|
445
445
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
446
446
|
* Licensed under the MIT License.
|
|
@@ -498,7 +498,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
498
498
|
urlParseError: urlParseError
|
|
499
499
|
});
|
|
500
500
|
|
|
501
|
-
/*! @azure/msal-common v16.
|
|
501
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
502
502
|
/*
|
|
503
503
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
504
504
|
* Licensed under the MIT License.
|
|
@@ -586,7 +586,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
586
586
|
userCanceled: userCanceled
|
|
587
587
|
});
|
|
588
588
|
|
|
589
|
-
/*! @azure/msal-common v16.
|
|
589
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
590
590
|
|
|
591
591
|
/*
|
|
592
592
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -781,7 +781,7 @@ class ScopeSet {
|
|
|
781
781
|
}
|
|
782
782
|
}
|
|
783
783
|
|
|
784
|
-
/*! @azure/msal-common v16.
|
|
784
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
785
785
|
|
|
786
786
|
/*
|
|
787
787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1130,8 +1130,14 @@ function addSshJwk(parameters, sshJwkString) {
|
|
|
1130
1130
|
* @param serverTelemetryManager
|
|
1131
1131
|
*/
|
|
1132
1132
|
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
1133
|
-
|
|
1134
|
-
|
|
1133
|
+
const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
|
|
1134
|
+
const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
|
|
1135
|
+
if (currentTelemetryHeader) {
|
|
1136
|
+
parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
|
|
1137
|
+
}
|
|
1138
|
+
if (lastTelemetryHeader) {
|
|
1139
|
+
parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
|
|
1140
|
+
}
|
|
1135
1141
|
}
|
|
1136
1142
|
/**
|
|
1137
1143
|
* Adds parameter that indicates to the server that throttling is supported
|
|
@@ -1170,34 +1176,12 @@ function addResource(parameters, resource) {
|
|
|
1170
1176
|
}
|
|
1171
1177
|
}
|
|
1172
1178
|
|
|
1173
|
-
/*! @azure/msal-common v16.
|
|
1179
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1174
1180
|
|
|
1175
1181
|
/*
|
|
1176
1182
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1177
1183
|
* Licensed under the MIT License.
|
|
1178
1184
|
*/
|
|
1179
|
-
/**
|
|
1180
|
-
* Canonicalizes a URL by making it lowercase and ensuring it ends with /
|
|
1181
|
-
* Inlined version of UrlString.canonicalizeUri to avoid circular dependency
|
|
1182
|
-
* @param url - URL to canonicalize
|
|
1183
|
-
* @returns Canonicalized URL
|
|
1184
|
-
*/
|
|
1185
|
-
function canonicalizeUrl(url) {
|
|
1186
|
-
if (!url) {
|
|
1187
|
-
return url;
|
|
1188
|
-
}
|
|
1189
|
-
let lowerCaseUrl = url.toLowerCase();
|
|
1190
|
-
if (StringUtils.endsWith(lowerCaseUrl, "?")) {
|
|
1191
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -1);
|
|
1192
|
-
}
|
|
1193
|
-
else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
|
|
1194
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -2);
|
|
1195
|
-
}
|
|
1196
|
-
if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
|
|
1197
|
-
lowerCaseUrl += "/";
|
|
1198
|
-
}
|
|
1199
|
-
return lowerCaseUrl;
|
|
1200
|
-
}
|
|
1201
1185
|
/**
|
|
1202
1186
|
* Parses hash string from given string. Returns empty string if no hash symbol is found.
|
|
1203
1187
|
* @param hashString
|
|
@@ -1250,36 +1234,71 @@ function mapToQueryString(parameters) {
|
|
|
1250
1234
|
return queryParameterArray.join("&");
|
|
1251
1235
|
}
|
|
1252
1236
|
/**
|
|
1253
|
-
* Normalizes URLs for comparison
|
|
1254
|
-
*
|
|
1255
|
-
*
|
|
1237
|
+
* Normalizes URLs for comparison per MDN & RFC 3986 standards:
|
|
1238
|
+
* - Hash/fragment is removed
|
|
1239
|
+
* - Scheme and host are lowercased (case-insensitive per spec)
|
|
1240
|
+
* - Path and query parameters preserve original casing (case-sensitive per spec)
|
|
1241
|
+
* - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
|
|
1242
|
+
* - Ensures pathname ends with /
|
|
1243
|
+
* Throws a urlParseError if the provided URL is malformed and cannot be parsed.
|
|
1256
1244
|
* @param url - URL to normalize
|
|
1245
|
+
* @param logger - Optional logger used to log parse failures
|
|
1246
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1257
1247
|
* @returns Normalized URL string for comparison
|
|
1258
1248
|
*/
|
|
1259
|
-
function normalizeUrlForComparison(url) {
|
|
1249
|
+
function normalizeUrlForComparison(url, logger, correlationId) {
|
|
1260
1250
|
if (!url) {
|
|
1261
1251
|
return url;
|
|
1262
1252
|
}
|
|
1263
|
-
// Remove hash first
|
|
1264
1253
|
const urlWithoutHash = url.split("#")[0];
|
|
1254
|
+
if (!urlWithoutHash) {
|
|
1255
|
+
return urlWithoutHash;
|
|
1256
|
+
}
|
|
1265
1257
|
try {
|
|
1266
|
-
// Parse the URL to handle encoding consistently
|
|
1267
1258
|
const urlObj = new URL(urlWithoutHash);
|
|
1268
|
-
|
|
1269
|
-
|
|
1270
|
-
|
|
1271
|
-
|
|
1272
|
-
|
|
1273
|
-
|
|
1274
|
-
|
|
1259
|
+
// Treat an empty query string (a bare trailing "?") as equivalent to no query
|
|
1260
|
+
if (!urlObj.search) {
|
|
1261
|
+
urlObj.search = "";
|
|
1262
|
+
}
|
|
1263
|
+
// Decode the pathname to normalize percent-encoding and ensure trailing slash
|
|
1264
|
+
let pathname;
|
|
1265
|
+
try {
|
|
1266
|
+
pathname = decodeURIComponent(urlObj.pathname);
|
|
1267
|
+
}
|
|
1268
|
+
catch (e) {
|
|
1269
|
+
pathname = urlObj.pathname;
|
|
1270
|
+
}
|
|
1271
|
+
if (!pathname.endsWith("/")) {
|
|
1272
|
+
pathname += "/";
|
|
1273
|
+
}
|
|
1274
|
+
urlObj.pathname = pathname;
|
|
1275
|
+
return urlObj.href;
|
|
1276
|
+
}
|
|
1277
|
+
catch (e) {
|
|
1278
|
+
logger?.error("15apdm", correlationId || "");
|
|
1279
|
+
throw createClientConfigurationError(urlParseError);
|
|
1280
|
+
}
|
|
1281
|
+
}
|
|
1282
|
+
/**
|
|
1283
|
+
* Validates that the provided value is a well-formed, parseable absolute URL.
|
|
1284
|
+
* Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
|
|
1285
|
+
* literal string "null", an empty string, or any malformed/relative URL). Use this
|
|
1286
|
+
* to guard against persisting an invalid value (such as a redirect URL) to the cache.
|
|
1287
|
+
* @param url - URL to validate
|
|
1288
|
+
* @param logger - Optional logger used to log validation failures
|
|
1289
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1290
|
+
*/
|
|
1291
|
+
function validateUrl(url, logger, correlationId) {
|
|
1292
|
+
try {
|
|
1293
|
+
new URL(url);
|
|
1275
1294
|
}
|
|
1276
1295
|
catch (e) {
|
|
1277
|
-
|
|
1278
|
-
|
|
1296
|
+
logger?.error("1lrjz7", correlationId || "");
|
|
1297
|
+
throw createClientConfigurationError(urlParseError);
|
|
1279
1298
|
}
|
|
1280
1299
|
}
|
|
1281
1300
|
|
|
1282
|
-
/*! @azure/msal-common v16.
|
|
1301
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1283
1302
|
|
|
1284
1303
|
/*
|
|
1285
1304
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1318,7 +1337,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1318
1337
|
},
|
|
1319
1338
|
};
|
|
1320
1339
|
|
|
1321
|
-
/*! @azure/msal-common v16.
|
|
1340
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1322
1341
|
/*
|
|
1323
1342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1324
1343
|
* Licensed under the MIT License.
|
|
@@ -1366,7 +1385,7 @@ function addLogToCache(correlationId, loggedMessage) {
|
|
|
1366
1385
|
// Remove LRU (first entry) if capacity exceeded
|
|
1367
1386
|
if (correlationCache.size > CACHE_CAPACITY) {
|
|
1368
1387
|
const firstKey = correlationCache.keys().next().value;
|
|
1369
|
-
if (firstKey) {
|
|
1388
|
+
if (firstKey !== undefined) {
|
|
1370
1389
|
correlationCache.delete(firstKey);
|
|
1371
1390
|
}
|
|
1372
1391
|
}
|
|
@@ -1593,12 +1612,12 @@ class Logger {
|
|
|
1593
1612
|
}
|
|
1594
1613
|
}
|
|
1595
1614
|
|
|
1596
|
-
/*! @azure/msal-common v16.
|
|
1615
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1597
1616
|
/* eslint-disable header/header */
|
|
1598
1617
|
const name$1 = "@azure/msal-common";
|
|
1599
|
-
const version$1 = "16.
|
|
1618
|
+
const version$1 = "16.8.0";
|
|
1600
1619
|
|
|
1601
|
-
/*! @azure/msal-common v16.
|
|
1620
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1602
1621
|
/*
|
|
1603
1622
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1604
1623
|
* Licensed under the MIT License.
|
|
@@ -1618,7 +1637,7 @@ const AzureCloudInstance = {
|
|
|
1618
1637
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1619
1638
|
};
|
|
1620
1639
|
|
|
1621
|
-
/*! @azure/msal-common v16.
|
|
1640
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1622
1641
|
/*
|
|
1623
1642
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1624
1643
|
* Licensed under the MIT License.
|
|
@@ -1701,7 +1720,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1701
1720
|
return updatedAccountInfo;
|
|
1702
1721
|
}
|
|
1703
1722
|
|
|
1704
|
-
/*! @azure/msal-common v16.
|
|
1723
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1705
1724
|
|
|
1706
1725
|
/*
|
|
1707
1726
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1781,7 +1800,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1781
1800
|
}
|
|
1782
1801
|
}
|
|
1783
1802
|
|
|
1784
|
-
/*! @azure/msal-common v16.
|
|
1803
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1785
1804
|
|
|
1786
1805
|
/*
|
|
1787
1806
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1938,7 +1957,7 @@ class UrlString {
|
|
|
1938
1957
|
}
|
|
1939
1958
|
}
|
|
1940
1959
|
|
|
1941
|
-
/*! @azure/msal-common v16.
|
|
1960
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1942
1961
|
|
|
1943
1962
|
/*
|
|
1944
1963
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2104,7 +2123,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2104
2123
|
return null;
|
|
2105
2124
|
}
|
|
2106
2125
|
|
|
2107
|
-
/*! @azure/msal-common v16.
|
|
2126
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2108
2127
|
/*
|
|
2109
2128
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2110
2129
|
* Licensed under the MIT License.
|
|
@@ -2112,7 +2131,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2112
2131
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2113
2132
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2114
2133
|
|
|
2115
|
-
/*! @azure/msal-common v16.
|
|
2134
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2116
2135
|
|
|
2117
2136
|
/*
|
|
2118
2137
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2150,7 +2169,7 @@ function createCacheError(e) {
|
|
|
2150
2169
|
}
|
|
2151
2170
|
}
|
|
2152
2171
|
|
|
2153
|
-
/*! @azure/msal-common v16.
|
|
2172
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2154
2173
|
|
|
2155
2174
|
/*
|
|
2156
2175
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2188,7 +2207,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2188
2207
|
};
|
|
2189
2208
|
}
|
|
2190
2209
|
|
|
2191
|
-
/*! @azure/msal-common v16.
|
|
2210
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2192
2211
|
/*
|
|
2193
2212
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2194
2213
|
* Licensed under the MIT License.
|
|
@@ -2203,7 +2222,7 @@ const AuthorityType = {
|
|
|
2203
2222
|
Ciam: 3,
|
|
2204
2223
|
};
|
|
2205
2224
|
|
|
2206
|
-
/*! @azure/msal-common v16.
|
|
2225
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2207
2226
|
/*
|
|
2208
2227
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2209
2228
|
* Licensed under the MIT License.
|
|
@@ -2225,7 +2244,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2225
2244
|
return null;
|
|
2226
2245
|
}
|
|
2227
2246
|
|
|
2228
|
-
/*! @azure/msal-common v16.
|
|
2247
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2229
2248
|
/*
|
|
2230
2249
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2231
2250
|
* Licensed under the MIT License.
|
|
@@ -2249,7 +2268,7 @@ const ProtocolMode = {
|
|
|
2249
2268
|
EAR: "EAR",
|
|
2250
2269
|
};
|
|
2251
2270
|
|
|
2252
|
-
/*! @azure/msal-common v16.
|
|
2271
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2253
2272
|
/**
|
|
2254
2273
|
* Returns the AccountInfo interface for this account.
|
|
2255
2274
|
*/
|
|
@@ -2424,7 +2443,7 @@ function isAccountEntity(entity) {
|
|
|
2424
2443
|
entity.hasOwnProperty("authorityType"));
|
|
2425
2444
|
}
|
|
2426
2445
|
|
|
2427
|
-
/*! @azure/msal-common v16.
|
|
2446
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2428
2447
|
|
|
2429
2448
|
/*
|
|
2430
2449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2564,8 +2583,8 @@ class CacheManager {
|
|
|
2564
2583
|
return false;
|
|
2565
2584
|
}
|
|
2566
2585
|
if (!!tenantProfileFilter.username &&
|
|
2567
|
-
!
|
|
2568
|
-
|
|
2586
|
+
!this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
|
|
2587
|
+
!this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
|
|
2569
2588
|
return false;
|
|
2570
2589
|
}
|
|
2571
2590
|
if (!!tenantProfileFilter.loginHint &&
|
|
@@ -3556,7 +3575,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3556
3575
|
}
|
|
3557
3576
|
}
|
|
3558
3577
|
|
|
3559
|
-
/*! @azure/msal-common v16.
|
|
3578
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3560
3579
|
/*
|
|
3561
3580
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3562
3581
|
* Licensed under the MIT License.
|
|
@@ -3599,7 +3618,20 @@ const IntFields = new Set([
|
|
|
3599
3618
|
"currAccessCount",
|
|
3600
3619
|
"currIdCount",
|
|
3601
3620
|
"currRefreshCount",
|
|
3602
|
-
"
|
|
3621
|
+
"ttlExpiredAcntCount",
|
|
3622
|
+
"ttlExpiredITCount",
|
|
3623
|
+
"ttlExpiredATCount",
|
|
3624
|
+
"ttlExpiredRTCount",
|
|
3625
|
+
"decryptFailedAcntCount",
|
|
3626
|
+
"decryptFailedITCount",
|
|
3627
|
+
"decryptFailedATCount",
|
|
3628
|
+
"decryptFailedRTCount",
|
|
3629
|
+
"invalidAcntCount",
|
|
3630
|
+
"invalidITCount",
|
|
3631
|
+
"invalidATCount",
|
|
3632
|
+
"invalidRTCount",
|
|
3633
|
+
"expiredATCount",
|
|
3634
|
+
"expiredRTCount",
|
|
3603
3635
|
"upgradedCacheCount",
|
|
3604
3636
|
"cacheMatchedAccounts",
|
|
3605
3637
|
"networkRtt",
|
|
@@ -3607,7 +3639,7 @@ const IntFields = new Set([
|
|
|
3607
3639
|
"redirectBridgeMessageVersion",
|
|
3608
3640
|
]);
|
|
3609
3641
|
|
|
3610
|
-
/*! @azure/msal-common v16.
|
|
3642
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3611
3643
|
|
|
3612
3644
|
/*
|
|
3613
3645
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3662,7 +3694,7 @@ class StubPerformanceClient {
|
|
|
3662
3694
|
}
|
|
3663
3695
|
}
|
|
3664
3696
|
|
|
3665
|
-
/*! @azure/msal-common v16.
|
|
3697
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3666
3698
|
|
|
3667
3699
|
/*
|
|
3668
3700
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3757,7 +3789,7 @@ function isOidcProtocolMode(config) {
|
|
|
3757
3789
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3758
3790
|
}
|
|
3759
3791
|
|
|
3760
|
-
/*! @azure/msal-common v16.
|
|
3792
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3761
3793
|
/*
|
|
3762
3794
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3763
3795
|
* Licensed under the MIT License.
|
|
@@ -3784,7 +3816,7 @@ function isOidcProtocolMode(config) {
|
|
|
3784
3816
|
}
|
|
3785
3817
|
}
|
|
3786
3818
|
|
|
3787
|
-
/*! @azure/msal-common v16.
|
|
3819
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3788
3820
|
/*
|
|
3789
3821
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3790
3822
|
* Licensed under the MIT License.
|
|
@@ -3849,7 +3881,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3849
3881
|
return cachedAtSec > nowSeconds();
|
|
3850
3882
|
}
|
|
3851
3883
|
|
|
3852
|
-
/*! @azure/msal-common v16.
|
|
3884
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3853
3885
|
|
|
3854
3886
|
/*
|
|
3855
3887
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4108,7 +4140,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
4108
4140
|
return metadata.expiresAt <= nowSeconds();
|
|
4109
4141
|
}
|
|
4110
4142
|
|
|
4111
|
-
/*! @azure/msal-common v16.
|
|
4143
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4112
4144
|
/*
|
|
4113
4145
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4114
4146
|
* Licensed under the MIT License.
|
|
@@ -4179,7 +4211,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4179
4211
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4180
4212
|
const SetUserData = "setUserData";
|
|
4181
4213
|
|
|
4182
|
-
/*! @azure/msal-common v16.
|
|
4214
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4183
4215
|
/*
|
|
4184
4216
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4185
4217
|
* Licensed under the MIT License.
|
|
@@ -4272,7 +4304,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4272
4304
|
};
|
|
4273
4305
|
};
|
|
4274
4306
|
|
|
4275
|
-
/*! @azure/msal-common v16.
|
|
4307
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4276
4308
|
|
|
4277
4309
|
/*
|
|
4278
4310
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4352,7 +4384,7 @@ class PopTokenGenerator {
|
|
|
4352
4384
|
}
|
|
4353
4385
|
}
|
|
4354
4386
|
|
|
4355
|
-
/*! @azure/msal-common v16.
|
|
4387
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4356
4388
|
/*
|
|
4357
4389
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4358
4390
|
* Licensed under the MIT License.
|
|
@@ -4376,7 +4408,7 @@ const refreshTokenExpired = "refresh_token_expired";
|
|
|
4376
4408
|
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4377
4409
|
* @public
|
|
4378
4410
|
*/
|
|
4379
|
-
const
|
|
4411
|
+
const uiNotAllowed = "ui_not_allowed";
|
|
4380
4412
|
/**
|
|
4381
4413
|
* Server-originated error code indicating interaction is required to complete the request.
|
|
4382
4414
|
* @public
|
|
@@ -4413,10 +4445,10 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
4413
4445
|
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
4414
4446
|
noTokensFound: noTokensFound,
|
|
4415
4447
|
refreshTokenExpired: refreshTokenExpired,
|
|
4416
|
-
|
|
4448
|
+
uiNotAllowed: uiNotAllowed
|
|
4417
4449
|
});
|
|
4418
4450
|
|
|
4419
|
-
/*! @azure/msal-common v16.
|
|
4451
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4420
4452
|
|
|
4421
4453
|
/*
|
|
4422
4454
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4430,7 +4462,7 @@ const InteractionRequiredServerErrorMessage = [
|
|
|
4430
4462
|
consentRequired,
|
|
4431
4463
|
loginRequired,
|
|
4432
4464
|
badToken,
|
|
4433
|
-
|
|
4465
|
+
uiNotAllowed,
|
|
4434
4466
|
interruptedUser,
|
|
4435
4467
|
];
|
|
4436
4468
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
@@ -4440,7 +4472,7 @@ const InteractionRequiredAuthSubErrorMessage = [
|
|
|
4440
4472
|
"user_password_expired",
|
|
4441
4473
|
"consent_required",
|
|
4442
4474
|
"bad_token",
|
|
4443
|
-
"
|
|
4475
|
+
"ui_not_allowed",
|
|
4444
4476
|
"interrupted_user",
|
|
4445
4477
|
];
|
|
4446
4478
|
/**
|
|
@@ -4484,7 +4516,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4484
4516
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4485
4517
|
}
|
|
4486
4518
|
|
|
4487
|
-
/*! @azure/msal-common v16.
|
|
4519
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4488
4520
|
|
|
4489
4521
|
/*
|
|
4490
4522
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4503,7 +4535,7 @@ class ServerError extends AuthError {
|
|
|
4503
4535
|
}
|
|
4504
4536
|
}
|
|
4505
4537
|
|
|
4506
|
-
/*! @azure/msal-common v16.
|
|
4538
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4507
4539
|
|
|
4508
4540
|
/*
|
|
4509
4541
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4571,7 +4603,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4571
4603
|
}
|
|
4572
4604
|
}
|
|
4573
4605
|
|
|
4574
|
-
/*! @azure/msal-common v16.
|
|
4606
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4575
4607
|
|
|
4576
4608
|
/*
|
|
4577
4609
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4919,7 +4951,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4919
4951
|
return baseAccount;
|
|
4920
4952
|
}
|
|
4921
4953
|
|
|
4922
|
-
/*! @azure/msal-common v16.
|
|
4954
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4923
4955
|
/*
|
|
4924
4956
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4925
4957
|
* Licensed under the MIT License.
|
|
@@ -4929,7 +4961,7 @@ const CcsCredentialType = {
|
|
|
4929
4961
|
UPN: "UPN",
|
|
4930
4962
|
};
|
|
4931
4963
|
|
|
4932
|
-
/*! @azure/msal-common v16.
|
|
4964
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4933
4965
|
/*
|
|
4934
4966
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4935
4967
|
* Licensed under the MIT License.
|
|
@@ -4947,7 +4979,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4947
4979
|
}
|
|
4948
4980
|
}
|
|
4949
4981
|
|
|
4950
|
-
/*! @azure/msal-common v16.
|
|
4982
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4951
4983
|
/*
|
|
4952
4984
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4953
4985
|
* Licensed under the MIT License.
|
|
@@ -4968,7 +5000,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4968
5000
|
};
|
|
4969
5001
|
}
|
|
4970
5002
|
|
|
4971
|
-
/*! @azure/msal-common v16.
|
|
5003
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4972
5004
|
|
|
4973
5005
|
/*
|
|
4974
5006
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5054,7 +5086,7 @@ class ThrottlingUtils {
|
|
|
5054
5086
|
}
|
|
5055
5087
|
}
|
|
5056
5088
|
|
|
5057
|
-
/*! @azure/msal-common v16.
|
|
5089
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5058
5090
|
|
|
5059
5091
|
/*
|
|
5060
5092
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5085,7 +5117,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
5085
5117
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5086
5118
|
}
|
|
5087
5119
|
|
|
5088
|
-
/*! @azure/msal-common v16.
|
|
5120
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5089
5121
|
|
|
5090
5122
|
/*
|
|
5091
5123
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5199,7 +5231,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5199
5231
|
return response;
|
|
5200
5232
|
}
|
|
5201
5233
|
|
|
5202
|
-
/*! @azure/msal-common v16.
|
|
5234
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5203
5235
|
/*
|
|
5204
5236
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5205
5237
|
* Licensed under the MIT License.
|
|
@@ -5211,7 +5243,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5211
5243
|
response.hasOwnProperty("jwks_uri"));
|
|
5212
5244
|
}
|
|
5213
5245
|
|
|
5214
|
-
/*! @azure/msal-common v16.
|
|
5246
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5215
5247
|
/*
|
|
5216
5248
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5217
5249
|
* Licensed under the MIT License.
|
|
@@ -5221,7 +5253,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5221
5253
|
response.hasOwnProperty("metadata"));
|
|
5222
5254
|
}
|
|
5223
5255
|
|
|
5224
|
-
/*! @azure/msal-common v16.
|
|
5256
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5225
5257
|
/*
|
|
5226
5258
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5227
5259
|
* Licensed under the MIT License.
|
|
@@ -5231,7 +5263,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5231
5263
|
response.hasOwnProperty("error_description"));
|
|
5232
5264
|
}
|
|
5233
5265
|
|
|
5234
|
-
/*! @azure/msal-common v16.
|
|
5266
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5235
5267
|
|
|
5236
5268
|
/*
|
|
5237
5269
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5336,7 +5368,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5336
5368
|
},
|
|
5337
5369
|
};
|
|
5338
5370
|
|
|
5339
|
-
/*! @azure/msal-common v16.
|
|
5371
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5340
5372
|
|
|
5341
5373
|
/*
|
|
5342
5374
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5893,7 +5925,7 @@ class Authority {
|
|
|
5893
5925
|
}
|
|
5894
5926
|
}
|
|
5895
5927
|
// If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
|
|
5896
|
-
if (this.isInKnownAuthorities()) {
|
|
5928
|
+
if (this.isInKnownAuthorities(this.hostnameAndPort)) {
|
|
5897
5929
|
this.logger.verbose("0mt9al", this.correlationId);
|
|
5898
5930
|
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
5899
5931
|
}
|
|
@@ -5960,13 +5992,14 @@ class Authority {
|
|
|
5960
5992
|
return match;
|
|
5961
5993
|
}
|
|
5962
5994
|
/**
|
|
5963
|
-
* Helper function to determine if
|
|
5995
|
+
* Helper function to determine if a host is included in the knownAuthorities config option.
|
|
5964
5996
|
*/
|
|
5965
|
-
isInKnownAuthorities() {
|
|
5997
|
+
isInKnownAuthorities(host) {
|
|
5998
|
+
const normalizedHost = host.toLowerCase();
|
|
5966
5999
|
const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
|
|
5967
6000
|
return (authority &&
|
|
5968
6001
|
UrlString.getDomainFromUrl(authority).toLowerCase() ===
|
|
5969
|
-
|
|
6002
|
+
normalizedHost);
|
|
5970
6003
|
});
|
|
5971
6004
|
return matches.length > 0;
|
|
5972
6005
|
}
|
|
@@ -6043,6 +6076,10 @@ class Authority {
|
|
|
6043
6076
|
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
6044
6077
|
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
6045
6078
|
* path.
|
|
6079
|
+
* 5. The issuer host is HTTPS and is explicitly listed in the
|
|
6080
|
+
* developer-configured `knownAuthorities`. This covers scenarios where
|
|
6081
|
+
* the OIDC discovery document returns an issuer host that differs from
|
|
6082
|
+
* the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
|
|
6046
6083
|
*
|
|
6047
6084
|
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
6048
6085
|
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
@@ -6079,11 +6116,19 @@ class Authority {
|
|
|
6079
6116
|
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
6080
6117
|
*/
|
|
6081
6118
|
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
6119
|
+
/*
|
|
6120
|
+
* Rule 5: The issuer host is explicitly listed in the developer-configured
|
|
6121
|
+
* knownAuthorities. This covers scenarios where the OIDC discovery document
|
|
6122
|
+
* returns an issuer with a different host than the authority
|
|
6123
|
+
* (e.g., a GUID-based issuer for a name-based authority).
|
|
6124
|
+
*/
|
|
6125
|
+
const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
|
|
6082
6126
|
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
6083
6127
|
if (matchesAuthorityOrigin ||
|
|
6084
6128
|
matchesKnownMicrosoftHost ||
|
|
6085
6129
|
matchesRegionalMicrosoftHost ||
|
|
6086
|
-
matchesCiamTenantPattern
|
|
6130
|
+
matchesCiamTenantPattern ||
|
|
6131
|
+
matchesKnownAuthority) {
|
|
6087
6132
|
return;
|
|
6088
6133
|
}
|
|
6089
6134
|
// issuer validation fails if none of the above rules are satisfied
|
|
@@ -6291,7 +6336,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6291
6336
|
};
|
|
6292
6337
|
}
|
|
6293
6338
|
|
|
6294
|
-
/*! @azure/msal-common v16.
|
|
6339
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6295
6340
|
|
|
6296
6341
|
/*
|
|
6297
6342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6325,7 +6370,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6325
6370
|
}
|
|
6326
6371
|
}
|
|
6327
6372
|
|
|
6328
|
-
/*! @azure/msal-common v16.
|
|
6373
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6329
6374
|
|
|
6330
6375
|
/*
|
|
6331
6376
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6582,7 +6627,7 @@ class AuthorizationCodeClient {
|
|
|
6582
6627
|
}
|
|
6583
6628
|
}
|
|
6584
6629
|
|
|
6585
|
-
/*! @azure/msal-common v16.
|
|
6630
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6586
6631
|
|
|
6587
6632
|
/*
|
|
6588
6633
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6803,7 +6848,7 @@ class RefreshTokenClient {
|
|
|
6803
6848
|
}
|
|
6804
6849
|
}
|
|
6805
6850
|
|
|
6806
|
-
/*! @azure/msal-common v16.
|
|
6851
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6807
6852
|
|
|
6808
6853
|
/*
|
|
6809
6854
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6919,7 +6964,7 @@ class SilentFlowClient {
|
|
|
6919
6964
|
}
|
|
6920
6965
|
}
|
|
6921
6966
|
|
|
6922
|
-
/*! @azure/msal-common v16.
|
|
6967
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6923
6968
|
|
|
6924
6969
|
/*
|
|
6925
6970
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6934,7 +6979,7 @@ const StubbedNetworkModule = {
|
|
|
6934
6979
|
},
|
|
6935
6980
|
};
|
|
6936
6981
|
|
|
6937
|
-
/*! @azure/msal-common v16.
|
|
6982
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6938
6983
|
|
|
6939
6984
|
/*
|
|
6940
6985
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7157,7 +7202,7 @@ function extractLoginHint(account) {
|
|
|
7157
7202
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7158
7203
|
}
|
|
7159
7204
|
|
|
7160
|
-
/*! @azure/msal-common v16.
|
|
7205
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7161
7206
|
|
|
7162
7207
|
/*
|
|
7163
7208
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7190,7 +7235,7 @@ function containsResourceParam(params) {
|
|
|
7190
7235
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7191
7236
|
}
|
|
7192
7237
|
|
|
7193
|
-
/*! @azure/msal-common v16.
|
|
7238
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7194
7239
|
|
|
7195
7240
|
/*
|
|
7196
7241
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7248,7 +7293,7 @@ class AuthenticationHeaderParser {
|
|
|
7248
7293
|
}
|
|
7249
7294
|
}
|
|
7250
7295
|
|
|
7251
|
-
/*! @azure/msal-common v16.
|
|
7296
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7252
7297
|
/*
|
|
7253
7298
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7254
7299
|
* Licensed under the MIT License.
|
|
@@ -7265,7 +7310,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
7265
7310
|
unexpectedError: unexpectedError
|
|
7266
7311
|
});
|
|
7267
7312
|
|
|
7268
|
-
/*! @azure/msal-common v16.
|
|
7313
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7269
7314
|
|
|
7270
7315
|
/*
|
|
7271
7316
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7376,35 +7421,40 @@ class ServerTelemetryManager {
|
|
|
7376
7421
|
* @param error
|
|
7377
7422
|
*/
|
|
7378
7423
|
cacheFailedRequest(error) {
|
|
7379
|
-
|
|
7380
|
-
|
|
7381
|
-
|
|
7382
|
-
|
|
7383
|
-
|
|
7384
|
-
|
|
7385
|
-
|
|
7386
|
-
|
|
7387
|
-
|
|
7388
|
-
|
|
7389
|
-
if (error instanceof
|
|
7390
|
-
if (error
|
|
7391
|
-
|
|
7392
|
-
|
|
7393
|
-
|
|
7394
|
-
|
|
7424
|
+
try {
|
|
7425
|
+
const lastRequests = this.getLastRequests();
|
|
7426
|
+
if (lastRequests.errors.length >=
|
|
7427
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
7428
|
+
// Remove a cached error to make room, first in first out
|
|
7429
|
+
lastRequests.failedRequests.shift(); // apiId
|
|
7430
|
+
lastRequests.failedRequests.shift(); // correlationId
|
|
7431
|
+
lastRequests.errors.shift();
|
|
7432
|
+
}
|
|
7433
|
+
lastRequests.failedRequests.push(this.apiId, this.correlationId);
|
|
7434
|
+
if (error instanceof Error && !!error && error.toString()) {
|
|
7435
|
+
if (error instanceof AuthError) {
|
|
7436
|
+
if (error.subError) {
|
|
7437
|
+
lastRequests.errors.push(error.subError);
|
|
7438
|
+
}
|
|
7439
|
+
else if (error.errorCode) {
|
|
7440
|
+
lastRequests.errors.push(error.errorCode);
|
|
7441
|
+
}
|
|
7442
|
+
else {
|
|
7443
|
+
lastRequests.errors.push(error.toString());
|
|
7444
|
+
}
|
|
7395
7445
|
}
|
|
7396
7446
|
else {
|
|
7397
7447
|
lastRequests.errors.push(error.toString());
|
|
7398
7448
|
}
|
|
7399
7449
|
}
|
|
7400
7450
|
else {
|
|
7401
|
-
lastRequests.errors.push(
|
|
7451
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
7402
7452
|
}
|
|
7453
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7403
7454
|
}
|
|
7404
|
-
|
|
7405
|
-
|
|
7455
|
+
catch {
|
|
7456
|
+
// Ignore telemetry cache failures to avoid masking the original auth error path.
|
|
7406
7457
|
}
|
|
7407
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7408
7458
|
return;
|
|
7409
7459
|
}
|
|
7410
7460
|
/**
|
|
@@ -7524,9 +7574,36 @@ class ServerTelemetryManager {
|
|
|
7524
7574
|
static makeExtraSkuString(params) {
|
|
7525
7575
|
return makeExtraSkuString(params);
|
|
7526
7576
|
}
|
|
7577
|
+
}
|
|
7578
|
+
/** @internal */
|
|
7579
|
+
class StubServerTelemetryManager extends ServerTelemetryManager {
|
|
7580
|
+
constructor() {
|
|
7581
|
+
super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
|
|
7582
|
+
}
|
|
7583
|
+
generateCurrentRequestHeaderValue() {
|
|
7584
|
+
return "";
|
|
7585
|
+
}
|
|
7586
|
+
generateLastRequestHeaderValue() {
|
|
7587
|
+
return "";
|
|
7588
|
+
}
|
|
7589
|
+
cacheFailedRequest() { }
|
|
7590
|
+
incrementCacheHits() {
|
|
7591
|
+
return 0;
|
|
7592
|
+
}
|
|
7593
|
+
clearTelemetryCache() { }
|
|
7594
|
+
getRegionDiscoveryFields() {
|
|
7595
|
+
return "";
|
|
7596
|
+
}
|
|
7597
|
+
updateRegionDiscoveryMetadata() { }
|
|
7598
|
+
setCacheOutcome() { }
|
|
7599
|
+
setNativeBrokerErrorCode() { }
|
|
7600
|
+
getNativeBrokerErrorCode() {
|
|
7601
|
+
return undefined;
|
|
7602
|
+
}
|
|
7603
|
+
clearNativeBrokerErrorCode() { }
|
|
7527
7604
|
}
|
|
7528
7605
|
|
|
7529
|
-
/*! @azure/msal-common v16.
|
|
7606
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7530
7607
|
|
|
7531
7608
|
/*
|
|
7532
7609
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7547,7 +7624,7 @@ function createJoseHeaderError(code) {
|
|
|
7547
7624
|
return new JoseHeaderError(code);
|
|
7548
7625
|
}
|
|
7549
7626
|
|
|
7550
|
-
/*! @azure/msal-common v16.
|
|
7627
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7551
7628
|
/*
|
|
7552
7629
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7553
7630
|
* Licensed under the MIT License.
|
|
@@ -7555,7 +7632,7 @@ function createJoseHeaderError(code) {
|
|
|
7555
7632
|
const missingKidError = "missing_kid_error";
|
|
7556
7633
|
const missingAlgError = "missing_alg_error";
|
|
7557
7634
|
|
|
7558
|
-
/*! @azure/msal-common v16.
|
|
7635
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7559
7636
|
|
|
7560
7637
|
/*
|
|
7561
7638
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7595,7 +7672,7 @@ class JoseHeader {
|
|
|
7595
7672
|
}
|
|
7596
7673
|
}
|
|
7597
7674
|
|
|
7598
|
-
/*! @azure/msal-common v16.
|
|
7675
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7599
7676
|
|
|
7600
7677
|
/*
|
|
7601
7678
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8208,7 +8285,6 @@ const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
|
8208
8285
|
*/
|
|
8209
8286
|
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8210
8287
|
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8211
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8212
8288
|
/**
|
|
8213
8289
|
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8214
8290
|
*/
|
|
@@ -8390,6 +8466,43 @@ function createBrowserAuthError(errorCode, subError) {
|
|
|
8390
8466
|
return new BrowserAuthError(errorCode, subError);
|
|
8391
8467
|
}
|
|
8392
8468
|
|
|
8469
|
+
/*
|
|
8470
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8471
|
+
* Licensed under the MIT License.
|
|
8472
|
+
*/
|
|
8473
|
+
/**
|
|
8474
|
+
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8475
|
+
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8476
|
+
*/
|
|
8477
|
+
/**
|
|
8478
|
+
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8479
|
+
* @param input
|
|
8480
|
+
*/
|
|
8481
|
+
function base64Decode(input) {
|
|
8482
|
+
return new TextDecoder().decode(base64DecToArr(input));
|
|
8483
|
+
}
|
|
8484
|
+
/**
|
|
8485
|
+
* Decodes base64 into Uint8Array
|
|
8486
|
+
* @param base64String
|
|
8487
|
+
*/
|
|
8488
|
+
function base64DecToArr(base64String) {
|
|
8489
|
+
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8490
|
+
switch (encodedString.length % 4) {
|
|
8491
|
+
case 0:
|
|
8492
|
+
break;
|
|
8493
|
+
case 2:
|
|
8494
|
+
encodedString += "==";
|
|
8495
|
+
break;
|
|
8496
|
+
case 3:
|
|
8497
|
+
encodedString += "=";
|
|
8498
|
+
break;
|
|
8499
|
+
default:
|
|
8500
|
+
throw createBrowserAuthError(invalidBase64String);
|
|
8501
|
+
}
|
|
8502
|
+
const binString = atob(encodedString);
|
|
8503
|
+
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8504
|
+
}
|
|
8505
|
+
|
|
8393
8506
|
/*
|
|
8394
8507
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8395
8508
|
* Licensed under the MIT License.
|
|
@@ -8649,43 +8762,6 @@ function base64EncArr(aBytes) {
|
|
|
8649
8762
|
return btoa(binString);
|
|
8650
8763
|
}
|
|
8651
8764
|
|
|
8652
|
-
/*
|
|
8653
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8654
|
-
* Licensed under the MIT License.
|
|
8655
|
-
*/
|
|
8656
|
-
/**
|
|
8657
|
-
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8658
|
-
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8659
|
-
*/
|
|
8660
|
-
/**
|
|
8661
|
-
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8662
|
-
* @param input
|
|
8663
|
-
*/
|
|
8664
|
-
function base64Decode(input) {
|
|
8665
|
-
return new TextDecoder().decode(base64DecToArr(input));
|
|
8666
|
-
}
|
|
8667
|
-
/**
|
|
8668
|
-
* Decodes base64 into Uint8Array
|
|
8669
|
-
* @param base64String
|
|
8670
|
-
*/
|
|
8671
|
-
function base64DecToArr(base64String) {
|
|
8672
|
-
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8673
|
-
switch (encodedString.length % 4) {
|
|
8674
|
-
case 0:
|
|
8675
|
-
break;
|
|
8676
|
-
case 2:
|
|
8677
|
-
encodedString += "==";
|
|
8678
|
-
break;
|
|
8679
|
-
case 3:
|
|
8680
|
-
encodedString += "=";
|
|
8681
|
-
break;
|
|
8682
|
-
default:
|
|
8683
|
-
throw createBrowserAuthError(invalidBase64String);
|
|
8684
|
-
}
|
|
8685
|
-
const binString = atob(encodedString);
|
|
8686
|
-
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8687
|
-
}
|
|
8688
|
-
|
|
8689
8765
|
/*
|
|
8690
8766
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8691
8767
|
* Licensed under the MIT License.
|
|
@@ -9104,6 +9180,16 @@ function clearHash(contentWindow) {
|
|
|
9104
9180
|
contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`);
|
|
9105
9181
|
}
|
|
9106
9182
|
}
|
|
9183
|
+
/**
|
|
9184
|
+
* Strips both hash and query string from the given window's URL by replacing
|
|
9185
|
+
* with origin + pathname only. Used to remove auth response parameters
|
|
9186
|
+
* (auth code, state, etc.) before the window is closed or navigated away.
|
|
9187
|
+
*/
|
|
9188
|
+
function clearAuthResponseFromUrl(contentWindow) {
|
|
9189
|
+
if (typeof contentWindow.history?.replaceState === "function") {
|
|
9190
|
+
contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}`);
|
|
9191
|
+
}
|
|
9192
|
+
}
|
|
9107
9193
|
/**
|
|
9108
9194
|
* Replaces current hash with hash from provided url
|
|
9109
9195
|
*/
|
|
@@ -9162,7 +9248,7 @@ function cancelPendingBridgeResponse(logger, correlationId) {
|
|
|
9162
9248
|
activeBridgeMonitor = null;
|
|
9163
9249
|
}
|
|
9164
9250
|
}
|
|
9165
|
-
async function waitForBridgeResponse(timeoutMs, logger,
|
|
9251
|
+
async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
|
|
9166
9252
|
return new Promise((resolve, reject) => {
|
|
9167
9253
|
logger.verbose("1rf6em", request.correlationId);
|
|
9168
9254
|
const correlationId = request.correlationId;
|
|
@@ -9170,7 +9256,7 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
|
|
|
9170
9256
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9171
9257
|
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9172
9258
|
}, correlationId);
|
|
9173
|
-
const { libraryState } = parseRequestState(
|
|
9259
|
+
const { libraryState } = parseRequestState(base64Decode, request.state || "");
|
|
9174
9260
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9175
9261
|
let responseString = undefined;
|
|
9176
9262
|
let timedOut$1 = false;
|
|
@@ -9358,6 +9444,7 @@ var BrowserUtils = /*#__PURE__*/Object.freeze({
|
|
|
9358
9444
|
blockRedirectInIframe: blockRedirectInIframe,
|
|
9359
9445
|
blockReloadInHiddenIframes: blockReloadInHiddenIframes,
|
|
9360
9446
|
cancelPendingBridgeResponse: cancelPendingBridgeResponse,
|
|
9447
|
+
clearAuthResponseFromUrl: clearAuthResponseFromUrl,
|
|
9361
9448
|
clearHash: clearHash,
|
|
9362
9449
|
createGuid: createGuid,
|
|
9363
9450
|
getCurrentUri: getCurrentUri,
|
|
@@ -10532,7 +10619,7 @@ const EventType = {
|
|
|
10532
10619
|
|
|
10533
10620
|
/* eslint-disable header/header */
|
|
10534
10621
|
const name = "@azure/msal-browser";
|
|
10535
|
-
const version = "5.
|
|
10622
|
+
const version = "5.13.0";
|
|
10536
10623
|
|
|
10537
10624
|
/*
|
|
10538
10625
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10554,6 +10641,15 @@ function removeElementFromArray(array, element) {
|
|
|
10554
10641
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10555
10642
|
* Licensed under the MIT License.
|
|
10556
10643
|
*/
|
|
10644
|
+
/**
|
|
10645
|
+
* Reason an old-schema cache entry was removed during migration.
|
|
10646
|
+
*/
|
|
10647
|
+
const MigrationRemovalReason = {
|
|
10648
|
+
Invalid: "invalid",
|
|
10649
|
+
TtlExpired: "ttlExpired",
|
|
10650
|
+
DecryptFailed: "decryptFailed",
|
|
10651
|
+
Expired: "expired",
|
|
10652
|
+
};
|
|
10557
10653
|
/**
|
|
10558
10654
|
* This class implements the cache storage interface for MSAL through browser local or session storage.
|
|
10559
10655
|
*/
|
|
@@ -10623,7 +10719,10 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10623
10719
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10624
10720
|
if (!parsedValue) {
|
|
10625
10721
|
this.browserStorage.removeItem(key);
|
|
10626
|
-
return
|
|
10722
|
+
return {
|
|
10723
|
+
entry: null,
|
|
10724
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
10725
|
+
};
|
|
10627
10726
|
}
|
|
10628
10727
|
if (!parsedValue.lastUpdatedAt) {
|
|
10629
10728
|
// Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
|
|
@@ -10632,25 +10731,42 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10632
10731
|
}
|
|
10633
10732
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
10634
10733
|
this.browserStorage.removeItem(key);
|
|
10635
|
-
|
|
10636
|
-
|
|
10734
|
+
return {
|
|
10735
|
+
entry: null,
|
|
10736
|
+
removalReason: MigrationRemovalReason.TtlExpired,
|
|
10737
|
+
};
|
|
10637
10738
|
}
|
|
10638
|
-
const
|
|
10739
|
+
const wasEncrypted = isEncrypted(parsedValue);
|
|
10740
|
+
const decryptedData = wasEncrypted
|
|
10639
10741
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
10640
10742
|
: parsedValue;
|
|
10641
|
-
if (!decryptedData
|
|
10642
|
-
this.
|
|
10643
|
-
return
|
|
10743
|
+
if (!decryptedData) {
|
|
10744
|
+
this.browserStorage.removeItem(key);
|
|
10745
|
+
return {
|
|
10746
|
+
entry: null,
|
|
10747
|
+
removalReason: wasEncrypted
|
|
10748
|
+
? MigrationRemovalReason.DecryptFailed
|
|
10749
|
+
: MigrationRemovalReason.Invalid,
|
|
10750
|
+
};
|
|
10751
|
+
}
|
|
10752
|
+
if (!isCredentialEntity(decryptedData)) {
|
|
10753
|
+
this.browserStorage.removeItem(key);
|
|
10754
|
+
return {
|
|
10755
|
+
entry: null,
|
|
10756
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
10757
|
+
};
|
|
10644
10758
|
}
|
|
10645
10759
|
if ((isAccessTokenEntity(decryptedData) ||
|
|
10646
10760
|
isRefreshTokenEntity(decryptedData)) &&
|
|
10647
10761
|
decryptedData.expiresOn &&
|
|
10648
10762
|
isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
|
|
10649
10763
|
this.browserStorage.removeItem(key);
|
|
10650
|
-
|
|
10651
|
-
|
|
10764
|
+
return {
|
|
10765
|
+
entry: null,
|
|
10766
|
+
removalReason: MigrationRemovalReason.Expired,
|
|
10767
|
+
};
|
|
10652
10768
|
}
|
|
10653
|
-
return decryptedData;
|
|
10769
|
+
return { entry: decryptedData };
|
|
10654
10770
|
}
|
|
10655
10771
|
/**
|
|
10656
10772
|
* Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
|
|
@@ -10669,6 +10785,8 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10669
10785
|
const rawValue = this.browserStorage.getItem(accountKey);
|
|
10670
10786
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10671
10787
|
if (!parsedValue) {
|
|
10788
|
+
this.browserStorage.removeItem(accountKey);
|
|
10789
|
+
this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
|
|
10672
10790
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10673
10791
|
continue;
|
|
10674
10792
|
}
|
|
@@ -10681,8 +10799,20 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10681
10799
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
10682
10800
|
// Cache expired remove account and associated tokens
|
|
10683
10801
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
10802
|
+
this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
|
|
10684
10803
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10685
10804
|
}
|
|
10805
|
+
else if (isEncrypted(parsedValue)) {
|
|
10806
|
+
// Remove accounts encrypted with a different key (session cookie expired/changed)
|
|
10807
|
+
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
10808
|
+
if (!decrypted) {
|
|
10809
|
+
this.browserStorage.removeItem(accountKey);
|
|
10810
|
+
this.performanceClient.incrementFields({
|
|
10811
|
+
decryptFailedAcntCount: 1,
|
|
10812
|
+
}, correlationId);
|
|
10813
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10814
|
+
}
|
|
10815
|
+
}
|
|
10686
10816
|
}
|
|
10687
10817
|
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
10688
10818
|
}
|
|
@@ -10720,7 +10850,6 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10720
10850
|
});
|
|
10721
10851
|
this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
|
|
10722
10852
|
}
|
|
10723
|
-
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
10724
10853
|
this.browserStorage.removeItem(accountKey);
|
|
10725
10854
|
}
|
|
10726
10855
|
/**
|
|
@@ -10759,8 +10888,20 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10759
10888
|
const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
|
|
10760
10889
|
for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
|
|
10761
10890
|
this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
|
|
10762
|
-
const
|
|
10891
|
+
const result = await this.updateOldEntry(idTokenKey, correlationId);
|
|
10892
|
+
const oldSchemaData = result.entry;
|
|
10763
10893
|
if (!oldSchemaData) {
|
|
10894
|
+
switch (result.removalReason) {
|
|
10895
|
+
case MigrationRemovalReason.TtlExpired:
|
|
10896
|
+
this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
|
|
10897
|
+
break;
|
|
10898
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
10899
|
+
this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
|
|
10900
|
+
break;
|
|
10901
|
+
case MigrationRemovalReason.Invalid:
|
|
10902
|
+
this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
|
|
10903
|
+
break;
|
|
10904
|
+
}
|
|
10764
10905
|
removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
|
|
10765
10906
|
continue;
|
|
10766
10907
|
}
|
|
@@ -10839,8 +10980,23 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10839
10980
|
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
10840
10981
|
for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
|
|
10841
10982
|
this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
|
|
10842
|
-
const
|
|
10983
|
+
const result = await this.updateOldEntry(accessTokenKey, correlationId);
|
|
10984
|
+
const oldSchemaData = result.entry;
|
|
10843
10985
|
if (!oldSchemaData) {
|
|
10986
|
+
switch (result.removalReason) {
|
|
10987
|
+
case MigrationRemovalReason.TtlExpired:
|
|
10988
|
+
this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
|
|
10989
|
+
break;
|
|
10990
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
10991
|
+
this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
|
|
10992
|
+
break;
|
|
10993
|
+
case MigrationRemovalReason.Expired:
|
|
10994
|
+
this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
|
|
10995
|
+
break;
|
|
10996
|
+
case MigrationRemovalReason.Invalid:
|
|
10997
|
+
this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
|
|
10998
|
+
break;
|
|
10999
|
+
}
|
|
10844
11000
|
removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
|
|
10845
11001
|
continue;
|
|
10846
11002
|
}
|
|
@@ -10886,8 +11042,23 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10886
11042
|
...credentialKeysToMigrate.refreshToken,
|
|
10887
11043
|
]) {
|
|
10888
11044
|
this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
|
|
10889
|
-
const
|
|
11045
|
+
const result = await this.updateOldEntry(refreshTokenKey, correlationId);
|
|
11046
|
+
const oldSchemaData = result.entry;
|
|
10890
11047
|
if (!oldSchemaData) {
|
|
11048
|
+
switch (result.removalReason) {
|
|
11049
|
+
case MigrationRemovalReason.TtlExpired:
|
|
11050
|
+
this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
|
|
11051
|
+
break;
|
|
11052
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
11053
|
+
this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
|
|
11054
|
+
break;
|
|
11055
|
+
case MigrationRemovalReason.Expired:
|
|
11056
|
+
this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
|
|
11057
|
+
break;
|
|
11058
|
+
case MigrationRemovalReason.Invalid:
|
|
11059
|
+
this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
|
|
11060
|
+
break;
|
|
11061
|
+
}
|
|
10891
11062
|
removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
|
|
10892
11063
|
continue;
|
|
10893
11064
|
}
|
|
@@ -12087,10 +12258,15 @@ function getRedirectUri(requestRedirectUri, clientConfigRedirectUri, logger, cor
|
|
|
12087
12258
|
* @param browserStorage - Browser cache manager instance for storing telemetry data
|
|
12088
12259
|
* @param logger - Optional logger instance for verbose logging
|
|
12089
12260
|
* @param forceRefresh - Optional flag to force refresh of telemetry data
|
|
12261
|
+
* @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
|
|
12090
12262
|
* @returns Configured ServerTelemetryManager instance
|
|
12091
12263
|
*/
|
|
12092
|
-
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
|
|
12264
|
+
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
|
|
12093
12265
|
logger.verbose("1p12tq", correlationId);
|
|
12266
|
+
if (!enabled) {
|
|
12267
|
+
logger.verbose("0tajnr", correlationId);
|
|
12268
|
+
return new StubServerTelemetryManager();
|
|
12269
|
+
}
|
|
12094
12270
|
const telemetryPayload = {
|
|
12095
12271
|
clientId: clientId,
|
|
12096
12272
|
correlationId: correlationId,
|
|
@@ -12626,7 +12802,7 @@ const USER_CANCEL = "USER_CANCEL";
|
|
|
12626
12802
|
const NO_NETWORK = "NO_NETWORK";
|
|
12627
12803
|
const DISABLED = "DISABLED";
|
|
12628
12804
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
12629
|
-
const
|
|
12805
|
+
const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
|
|
12630
12806
|
|
|
12631
12807
|
/*
|
|
12632
12808
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12681,8 +12857,8 @@ function createNativeAuthError(code, description, ext) {
|
|
|
12681
12857
|
return createBrowserAuthError(userCancelled);
|
|
12682
12858
|
case NO_NETWORK:
|
|
12683
12859
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
12684
|
-
case
|
|
12685
|
-
return createInteractionRequiredAuthError(
|
|
12860
|
+
case UI_NOT_ALLOWED:
|
|
12861
|
+
return createInteractionRequiredAuthError(uiNotAllowed);
|
|
12686
12862
|
}
|
|
12687
12863
|
}
|
|
12688
12864
|
return new NativeAuthError(code, description, ext);
|
|
@@ -12699,7 +12875,7 @@ class SilentCacheClient extends StandardInteractionClient {
|
|
|
12699
12875
|
*/
|
|
12700
12876
|
async acquireToken(silentRequest) {
|
|
12701
12877
|
// Telemetry manager only used to increment cacheHits here
|
|
12702
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12878
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12703
12879
|
const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
|
|
12704
12880
|
serverTelemetryManager,
|
|
12705
12881
|
requestAuthority: silentRequest.authority,
|
|
@@ -12775,7 +12951,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12775
12951
|
// start the perf measurement
|
|
12776
12952
|
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
12777
12953
|
const reqTimestamp = nowSeconds();
|
|
12778
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12954
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12779
12955
|
try {
|
|
12780
12956
|
// initialize native request
|
|
12781
12957
|
const nativeRequest = await this.initializePlatformRequest(request);
|
|
@@ -12899,7 +13075,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12899
13075
|
catch (e) {
|
|
12900
13076
|
// Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
|
|
12901
13077
|
if (e instanceof NativeAuthError) {
|
|
12902
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
13078
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12903
13079
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
12904
13080
|
if (isFatalNativeAuthError(e)) {
|
|
12905
13081
|
throw e;
|
|
@@ -12913,7 +13089,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12913
13089
|
noHistory: false,
|
|
12914
13090
|
};
|
|
12915
13091
|
const redirectUri = navigateToLoginRequestUrl
|
|
12916
|
-
? window.location.href
|
|
13092
|
+
? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
|
|
12917
13093
|
: getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
12918
13094
|
rootMeasurement.end({ success: true });
|
|
12919
13095
|
await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
|
|
@@ -12946,7 +13122,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12946
13122
|
this.logger.verbose("003x5a", this.correlationId);
|
|
12947
13123
|
const response = await this.platformAuthProvider.sendMessage(request);
|
|
12948
13124
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
12949
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
13125
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12950
13126
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
12951
13127
|
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
12952
13128
|
return authResult;
|
|
@@ -13953,6 +14129,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13953
14129
|
nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
|
|
13954
14130
|
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
|
|
13955
14131
|
protocolMode: ProtocolMode.AAD,
|
|
14132
|
+
serverTelemetryEnabled: false,
|
|
13956
14133
|
};
|
|
13957
14134
|
const providedSystemOptions = {
|
|
13958
14135
|
...DEFAULT_BROWSER_SYSTEM_OPTIONS,
|
|
@@ -14499,10 +14676,11 @@ function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvid
|
|
|
14499
14676
|
* Licensed under the MIT License.
|
|
14500
14677
|
*/
|
|
14501
14678
|
class PopupClient extends StandardInteractionClient {
|
|
14502
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
|
|
14679
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
|
|
14503
14680
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
|
|
14504
14681
|
this.nativeStorage = nativeStorageImpl;
|
|
14505
14682
|
this.eventHandler = eventHandler;
|
|
14683
|
+
this.waitForPopupResponseHook = waitForPopupResponseHook;
|
|
14506
14684
|
}
|
|
14507
14685
|
/**
|
|
14508
14686
|
* Acquires tokens by opening a popup window to the /authorize endpoint of the authority
|
|
@@ -14610,7 +14788,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14610
14788
|
*/
|
|
14611
14789
|
async executeCodeFlow(request, popupParams, pkceCodes) {
|
|
14612
14790
|
const correlationId = request.correlationId;
|
|
14613
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
14791
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14614
14792
|
const pkce = pkceCodes ||
|
|
14615
14793
|
(await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
|
|
14616
14794
|
const popupRequest = {
|
|
@@ -14636,7 +14814,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14636
14814
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
14637
14815
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14638
14816
|
// Wait for the redirect bridge response
|
|
14639
|
-
const responseString = await
|
|
14817
|
+
const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
|
|
14640
14818
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14641
14819
|
return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14642
14820
|
}
|
|
@@ -14671,11 +14849,11 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14671
14849
|
const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
|
|
14672
14850
|
form.submit();
|
|
14673
14851
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14674
|
-
const responseString = await invokeAsync(
|
|
14852
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
|
|
14675
14853
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14676
14854
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
14677
14855
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
14678
|
-
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
14856
|
+
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
14679
14857
|
requestAuthority: request.authority,
|
|
14680
14858
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
14681
14859
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -14696,7 +14874,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14696
14874
|
const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
|
|
14697
14875
|
form.submit();
|
|
14698
14876
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14699
|
-
const responseString = await invokeAsync(
|
|
14877
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
|
|
14700
14878
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14701
14879
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14702
14880
|
}
|
|
@@ -14712,7 +14890,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14712
14890
|
async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
|
|
14713
14891
|
this.logger.verbose("0b7yrk", this.correlationId);
|
|
14714
14892
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Popup, validRequest);
|
|
14715
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
14893
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14716
14894
|
try {
|
|
14717
14895
|
// Clear cache on logout
|
|
14718
14896
|
await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
|
|
@@ -14753,7 +14931,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14753
14931
|
// Open the popup window to requestUrl.
|
|
14754
14932
|
const popupWindow = this.openPopup(logoutUri, popupParams);
|
|
14755
14933
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14756
|
-
await
|
|
14934
|
+
await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
|
|
14757
14935
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
14758
14936
|
});
|
|
14759
14937
|
if (mainWindowRedirectUri) {
|
|
@@ -14832,6 +15010,19 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14832
15010
|
if (!popupWindow) {
|
|
14833
15011
|
throw createBrowserAuthError(emptyWindowError);
|
|
14834
15012
|
}
|
|
15013
|
+
try {
|
|
15014
|
+
popupWindow.document.title = "Microsoft Authentication";
|
|
15015
|
+
}
|
|
15016
|
+
catch (e) {
|
|
15017
|
+
if (typeof DOMException !== "undefined" &&
|
|
15018
|
+
e instanceof DOMException &&
|
|
15019
|
+
e.name === "SecurityError") {
|
|
15020
|
+
// Cross-origin - title cannot be set
|
|
15021
|
+
}
|
|
15022
|
+
else {
|
|
15023
|
+
this.logger.verbose("1s1yfs", this.correlationId);
|
|
15024
|
+
}
|
|
15025
|
+
}
|
|
14835
15026
|
if (popupWindow.focus) {
|
|
14836
15027
|
popupWindow.focus();
|
|
14837
15028
|
}
|
|
@@ -14910,6 +15101,12 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14910
15101
|
const homeAccountId = request.account && request.account.homeAccountId;
|
|
14911
15102
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
14912
15103
|
}
|
|
15104
|
+
async waitForPopupResponse(request, popupWindow, popupWindowParent) {
|
|
15105
|
+
if (this.waitForPopupResponseHook) {
|
|
15106
|
+
return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
|
|
15107
|
+
}
|
|
15108
|
+
return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
|
|
15109
|
+
}
|
|
14913
15110
|
}
|
|
14914
15111
|
|
|
14915
15112
|
/*
|
|
@@ -14977,7 +15174,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
14977
15174
|
*/
|
|
14978
15175
|
async executeCodeFlow(request) {
|
|
14979
15176
|
const correlationId = request.correlationId;
|
|
14980
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15177
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14981
15178
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
14982
15179
|
const redirectRequest = {
|
|
14983
15180
|
...request,
|
|
@@ -15063,7 +15260,9 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15063
15260
|
* @param options {HandleRedirectPromiseOptions} options for handling redirect promise
|
|
15064
15261
|
*/
|
|
15065
15262
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
15066
|
-
const
|
|
15263
|
+
const originalTitle = document.title;
|
|
15264
|
+
document.title = "Microsoft Authentication";
|
|
15265
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15067
15266
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
15068
15267
|
try {
|
|
15069
15268
|
const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
|
|
@@ -15082,8 +15281,8 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15082
15281
|
}
|
|
15083
15282
|
// If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
|
|
15084
15283
|
const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
|
|
15085
|
-
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
|
|
15086
|
-
const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
|
|
15284
|
+
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
|
|
15285
|
+
const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
|
|
15087
15286
|
if (loginRequestUrlNormalized === currentUrlNormalized &&
|
|
15088
15287
|
navigateToLoginRequestUrl) {
|
|
15089
15288
|
// We are on the page we need to navigate to - handle hash
|
|
@@ -15116,8 +15315,8 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15116
15315
|
* The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
|
|
15117
15316
|
*/
|
|
15118
15317
|
let processHashOnRedirect = true;
|
|
15119
|
-
if (!loginRequestUrl
|
|
15120
|
-
// Redirect to home page if login request url is
|
|
15318
|
+
if (!loginRequestUrl) {
|
|
15319
|
+
// Redirect to home page if login request url is empty
|
|
15121
15320
|
const homepage = getHomepage();
|
|
15122
15321
|
// Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
|
|
15123
15322
|
this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
|
|
@@ -15145,6 +15344,9 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15145
15344
|
}
|
|
15146
15345
|
throw e;
|
|
15147
15346
|
}
|
|
15347
|
+
finally {
|
|
15348
|
+
document.title = originalTitle;
|
|
15349
|
+
}
|
|
15148
15350
|
}
|
|
15149
15351
|
/**
|
|
15150
15352
|
* Gets the response hash for a redirect request
|
|
@@ -15260,7 +15462,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15260
15462
|
async logout(logoutRequest) {
|
|
15261
15463
|
this.logger.verbose("1rkurh", this.correlationId);
|
|
15262
15464
|
const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
|
|
15263
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15465
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15264
15466
|
try {
|
|
15265
15467
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Redirect, logoutRequest);
|
|
15266
15468
|
// Clear cache on logout
|
|
@@ -15341,7 +15543,10 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15341
15543
|
*/
|
|
15342
15544
|
getRedirectStartPage(requestStartPage) {
|
|
15343
15545
|
const redirectStartPage = requestStartPage || window.location.href;
|
|
15344
|
-
|
|
15546
|
+
const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
|
|
15547
|
+
// Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
|
|
15548
|
+
validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
|
|
15549
|
+
return absoluteRedirectStartPage;
|
|
15345
15550
|
}
|
|
15346
15551
|
}
|
|
15347
15552
|
|
|
@@ -15350,20 +15555,20 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15350
15555
|
* Licensed under the MIT License.
|
|
15351
15556
|
*/
|
|
15352
15557
|
/**
|
|
15353
|
-
*
|
|
15354
|
-
* @param
|
|
15355
|
-
* @param
|
|
15558
|
+
* Navigates the given hidden iframe to the provided URL.
|
|
15559
|
+
* @param frame
|
|
15560
|
+
* @param requestUrl
|
|
15356
15561
|
*/
|
|
15357
|
-
async function initiateCodeRequest(
|
|
15562
|
+
async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
|
|
15358
15563
|
if (!requestUrl) {
|
|
15359
15564
|
// Throw error if request URL is empty.
|
|
15360
15565
|
logger.info("1l7hyp", correlationId);
|
|
15361
15566
|
throw createBrowserAuthError(emptyNavigateUri);
|
|
15362
15567
|
}
|
|
15363
|
-
|
|
15568
|
+
frame.src = requestUrl;
|
|
15569
|
+
return frame;
|
|
15364
15570
|
}
|
|
15365
|
-
async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
|
|
15366
|
-
const frame = createHiddenIframe();
|
|
15571
|
+
async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
|
|
15367
15572
|
if (!frame.contentDocument) {
|
|
15368
15573
|
throw "No document associated with iframe!";
|
|
15369
15574
|
}
|
|
@@ -15371,8 +15576,7 @@ async function initiateCodeFlowWithPost(config, authority, request, logger, perf
|
|
|
15371
15576
|
form.submit();
|
|
15372
15577
|
return frame;
|
|
15373
15578
|
}
|
|
15374
|
-
async function initiateEarRequest(config, authority, request, logger, performanceClient) {
|
|
15375
|
-
const frame = createHiddenIframe();
|
|
15579
|
+
async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
|
|
15376
15580
|
if (!frame.contentDocument) {
|
|
15377
15581
|
throw "No document associated with iframe!";
|
|
15378
15582
|
}
|
|
@@ -15382,24 +15586,14 @@ async function initiateEarRequest(config, authority, request, logger, performanc
|
|
|
15382
15586
|
}
|
|
15383
15587
|
/**
|
|
15384
15588
|
* @hidden
|
|
15385
|
-
*
|
|
15386
|
-
*
|
|
15387
|
-
* @param frameName
|
|
15388
|
-
* @param logger
|
|
15389
|
-
*/
|
|
15390
|
-
function loadFrameSync(urlNavigate) {
|
|
15391
|
-
const frameHandle = createHiddenIframe();
|
|
15392
|
-
frameHandle.src = urlNavigate;
|
|
15393
|
-
return frameHandle;
|
|
15394
|
-
}
|
|
15395
|
-
/**
|
|
15396
|
-
* @hidden
|
|
15397
|
-
* Creates a new hidden iframe or gets an existing one for silent token renewal.
|
|
15589
|
+
* Creates a new hidden iframe for silent token renewal. Callers navigate it
|
|
15590
|
+
* (set `src` or submit a form) after registering the response listener.
|
|
15398
15591
|
* @ignore
|
|
15399
15592
|
*/
|
|
15400
15593
|
function createHiddenIframe() {
|
|
15401
15594
|
const authFrame = document.createElement("iframe");
|
|
15402
15595
|
authFrame.className = "msalSilentIframe";
|
|
15596
|
+
authFrame.title = "Microsoft Authentication";
|
|
15403
15597
|
authFrame.style.visibility = "hidden";
|
|
15404
15598
|
authFrame.style.position = "absolute";
|
|
15405
15599
|
authFrame.style.width = authFrame.style.height = "0";
|
|
@@ -15425,10 +15619,11 @@ function removeHiddenIframe(iframe) {
|
|
|
15425
15619
|
* Licensed under the MIT License.
|
|
15426
15620
|
*/
|
|
15427
15621
|
class SilentIframeClient extends StandardInteractionClient {
|
|
15428
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
|
|
15622
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
|
|
15429
15623
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
|
|
15430
15624
|
this.apiId = apiId;
|
|
15431
15625
|
this.nativeStorage = nativeStorageImpl;
|
|
15626
|
+
this.waitForIframeResponseHook = waitForIframeResponseHook;
|
|
15432
15627
|
}
|
|
15433
15628
|
/**
|
|
15434
15629
|
* Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
|
|
@@ -15471,7 +15666,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15471
15666
|
*/
|
|
15472
15667
|
async executeCodeFlow(request) {
|
|
15473
15668
|
let authClient;
|
|
15474
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15669
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15475
15670
|
try {
|
|
15476
15671
|
// Initialize the client
|
|
15477
15672
|
authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
|
|
@@ -15513,11 +15708,22 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15513
15708
|
earJwk: earJwk,
|
|
15514
15709
|
codeChallenge: pkceCodes.challenge,
|
|
15515
15710
|
};
|
|
15516
|
-
|
|
15711
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
15712
|
+
const iframe = createHiddenIframe();
|
|
15517
15713
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15518
15714
|
let responseString;
|
|
15519
15715
|
try {
|
|
15520
|
-
|
|
15716
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15717
|
+
responsePromise.catch(() => {
|
|
15718
|
+
/*
|
|
15719
|
+
* If navigation below throws before responsePromise is awaited,
|
|
15720
|
+
* the listener still rejects on timeout. Swallow it here so it
|
|
15721
|
+
* does not surface as an unhandled rejection; the navigation
|
|
15722
|
+
* error is propagated instead.
|
|
15723
|
+
*/
|
|
15724
|
+
});
|
|
15725
|
+
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
15726
|
+
responseString = await responsePromise;
|
|
15521
15727
|
}
|
|
15522
15728
|
finally {
|
|
15523
15729
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15526,7 +15732,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15526
15732
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
15527
15733
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
15528
15734
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
15529
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
15735
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
15530
15736
|
requestAuthority: request.authority,
|
|
15531
15737
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
15532
15738
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -15553,7 +15759,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15553
15759
|
// Create silent request
|
|
15554
15760
|
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
15555
15761
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
15556
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
15762
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
15557
15763
|
requestAuthority: silentRequest.authority,
|
|
15558
15764
|
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
15559
15765
|
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
@@ -15601,21 +15807,32 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15601
15807
|
...request,
|
|
15602
15808
|
codeChallenge: pkceCodes.challenge,
|
|
15603
15809
|
};
|
|
15604
|
-
|
|
15605
|
-
|
|
15606
|
-
iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15607
|
-
}
|
|
15608
|
-
else {
|
|
15609
|
-
// Create authorize request url
|
|
15610
|
-
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15611
|
-
// Get the frame handle for the silent request
|
|
15612
|
-
iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
15613
|
-
}
|
|
15810
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
15811
|
+
const iframe = createHiddenIframe();
|
|
15614
15812
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15615
15813
|
// Wait for response from the redirect bridge.
|
|
15616
15814
|
let responseString;
|
|
15617
15815
|
try {
|
|
15618
|
-
|
|
15816
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15817
|
+
responsePromise.catch(() => {
|
|
15818
|
+
/*
|
|
15819
|
+
* If URL creation or navigation below throws before
|
|
15820
|
+
* responsePromise is awaited, the listener still rejects on
|
|
15821
|
+
* timeout. Swallow it here so it does not surface as an
|
|
15822
|
+
* unhandled rejection; the navigation error is propagated
|
|
15823
|
+
* instead.
|
|
15824
|
+
*/
|
|
15825
|
+
});
|
|
15826
|
+
if (request.httpMethod === HttpMethod.POST) {
|
|
15827
|
+
await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15828
|
+
}
|
|
15829
|
+
else {
|
|
15830
|
+
// Create authorize request url
|
|
15831
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15832
|
+
// Navigate the iframe to the authorize request url
|
|
15833
|
+
await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
|
|
15834
|
+
}
|
|
15835
|
+
responseString = await responsePromise;
|
|
15619
15836
|
}
|
|
15620
15837
|
finally {
|
|
15621
15838
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15623,6 +15840,12 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15623
15840
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15624
15841
|
return { serverParams, pkceCodes, silentRequest };
|
|
15625
15842
|
}
|
|
15843
|
+
async waitForIframeResponse(iframe, request) {
|
|
15844
|
+
if (this.waitForIframeResponseHook) {
|
|
15845
|
+
return this.waitForIframeResponseHook(iframe, request);
|
|
15846
|
+
}
|
|
15847
|
+
return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
|
|
15848
|
+
}
|
|
15626
15849
|
}
|
|
15627
15850
|
|
|
15628
15851
|
/*
|
|
@@ -15644,7 +15867,7 @@ class SilentRefreshClient extends StandardInteractionClient {
|
|
|
15644
15867
|
// Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
|
|
15645
15868
|
silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
15646
15869
|
}
|
|
15647
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15870
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15648
15871
|
const refreshTokenClient = await this.createRefreshTokenClient({
|
|
15649
15872
|
serverTelemetryManager,
|
|
15650
15873
|
authorityUrl: silentRequest.authority,
|
|
@@ -15724,7 +15947,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
|
|
|
15724
15947
|
* Each auth request creates a new instance of *Client so we can safely use this.correlationId.
|
|
15725
15948
|
*/
|
|
15726
15949
|
this.correlationId);
|
|
15727
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15950
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15728
15951
|
try {
|
|
15729
15952
|
// Create auth code request (PKCE not needed)
|
|
15730
15953
|
const authCodeRequest = {
|
|
@@ -16089,6 +16312,8 @@ class StandardController {
|
|
|
16089
16312
|
// Preflight request
|
|
16090
16313
|
const correlationId = this.getRequestCorrelationId(request);
|
|
16091
16314
|
this.logger.verbose("0os66p", correlationId);
|
|
16315
|
+
redirectPreflightCheck(this.initialized, this.config);
|
|
16316
|
+
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
16092
16317
|
const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
|
|
16093
16318
|
atrMeasurement.add({
|
|
16094
16319
|
scenarioId: request.scenarioId,
|
|
@@ -16106,9 +16331,7 @@ class StandardController {
|
|
|
16106
16331
|
return navigate;
|
|
16107
16332
|
};
|
|
16108
16333
|
try {
|
|
16109
|
-
redirectPreflightCheck(this.initialized, this.config);
|
|
16110
16334
|
enforceResourceParameter(this.config.auth.isMcp, request);
|
|
16111
|
-
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
16112
16335
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
|
|
16113
16336
|
let result;
|
|
16114
16337
|
if (this.platformAuthProvider &&
|
|
@@ -16836,7 +17059,7 @@ class StandardController {
|
|
|
16836
17059
|
* @param correlationId
|
|
16837
17060
|
*/
|
|
16838
17061
|
createPopupClient(correlationId) {
|
|
16839
|
-
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
17062
|
+
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
|
|
16840
17063
|
}
|
|
16841
17064
|
/**
|
|
16842
17065
|
* Returns new instance of the Redirect Interaction Client
|
|
@@ -16850,7 +17073,7 @@ class StandardController {
|
|
|
16850
17073
|
* @param correlationId
|
|
16851
17074
|
*/
|
|
16852
17075
|
createSilentIframeClient(correlationId) {
|
|
16853
|
-
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
17076
|
+
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
|
|
16854
17077
|
}
|
|
16855
17078
|
/**
|
|
16856
17079
|
* Returns new instance of the Silent Cache Interaction Client
|
|
@@ -17324,7 +17547,7 @@ class BaseOperatingContext {
|
|
|
17324
17547
|
return;
|
|
17325
17548
|
}
|
|
17326
17549
|
}
|
|
17327
|
-
constructor(config) {
|
|
17550
|
+
constructor(config, responseHandlers) {
|
|
17328
17551
|
/*
|
|
17329
17552
|
* If loaded in an environment where window is not available,
|
|
17330
17553
|
* set internal flag to false so that further requests fail.
|
|
@@ -17332,6 +17555,7 @@ class BaseOperatingContext {
|
|
|
17332
17555
|
*/
|
|
17333
17556
|
this.browserEnvironment = typeof window !== "undefined";
|
|
17334
17557
|
this.config = buildConfiguration(config, this.browserEnvironment);
|
|
17558
|
+
this.responseHandlers = responseHandlers;
|
|
17335
17559
|
let sessionStorage;
|
|
17336
17560
|
try {
|
|
17337
17561
|
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
@@ -17368,6 +17592,13 @@ class BaseOperatingContext {
|
|
|
17368
17592
|
getConfig() {
|
|
17369
17593
|
return this.config;
|
|
17370
17594
|
}
|
|
17595
|
+
/**
|
|
17596
|
+
* Returns the internal response handlers supplied by PublicClientApplication, if any.
|
|
17597
|
+
* @returns AuthResponseHandlers | undefined
|
|
17598
|
+
*/
|
|
17599
|
+
getResponseHandlers() {
|
|
17600
|
+
return this.responseHandlers;
|
|
17601
|
+
}
|
|
17371
17602
|
/**
|
|
17372
17603
|
* Returns the MSAL Logger
|
|
17373
17604
|
* @returns Logger
|
|
@@ -18389,7 +18620,48 @@ class PublicClientApplication {
|
|
|
18389
18620
|
constructor(configuration, controller) {
|
|
18390
18621
|
this.controller =
|
|
18391
18622
|
controller ||
|
|
18392
|
-
new StandardController(new StandardOperatingContext(configuration
|
|
18623
|
+
new StandardController(new StandardOperatingContext(configuration, {
|
|
18624
|
+
waitForPopupResponse: this.waitForPopupResponse.bind(this),
|
|
18625
|
+
waitForIframeResponse: this.waitForIframeResponse.bind(this),
|
|
18626
|
+
}));
|
|
18627
|
+
}
|
|
18628
|
+
/**
|
|
18629
|
+
* Waits for the auth response from a popup window opened by MSAL.
|
|
18630
|
+
*
|
|
18631
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
18632
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
18633
|
+
* with an `AuthError` on failure.
|
|
18634
|
+
*
|
|
18635
|
+
* @internal
|
|
18636
|
+
* @param request The in-flight authorization or end-session request.
|
|
18637
|
+
* @param popupWindow The popup window opened by MSAL.
|
|
18638
|
+
* @param popupWindowParent The parent window that opened the popup.
|
|
18639
|
+
*/
|
|
18640
|
+
async waitForPopupResponse(request,
|
|
18641
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18642
|
+
popupWindow,
|
|
18643
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18644
|
+
popupWindowParent) {
|
|
18645
|
+
const controller = this.controller;
|
|
18646
|
+
return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
|
|
18647
|
+
}
|
|
18648
|
+
/**
|
|
18649
|
+
* Waits for the auth response from a hidden iframe used by MSAL silent flows.
|
|
18650
|
+
*
|
|
18651
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
18652
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
18653
|
+
* with an `AuthError` on failure.
|
|
18654
|
+
*
|
|
18655
|
+
* @internal
|
|
18656
|
+
* @param iframe The hidden iframe MSAL attached to the document.
|
|
18657
|
+
* @param request The in-flight authorization request.
|
|
18658
|
+
*/
|
|
18659
|
+
async waitForIframeResponse(
|
|
18660
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18661
|
+
iframe, request) {
|
|
18662
|
+
const controller = this.controller;
|
|
18663
|
+
const config = controller.getConfiguration();
|
|
18664
|
+
return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
|
|
18393
18665
|
}
|
|
18394
18666
|
/**
|
|
18395
18667
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|