@azure/msal-browser 5.11.0 → 5.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +44 -2
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +99 -15
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +3 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +5 -5
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +4 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +7 -6
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +30 -10
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +17 -9
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +2 -2
- package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +49 -20
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
- package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +13 -26
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1202 -1194
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +4 -5
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +15 -5
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +19 -11
- package/lib/custom-auth-path/msal-custom-auth.cjs +511 -263
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +511 -263
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +11 -3
- package/lib/msal-browser.cjs +539 -267
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +539 -267
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +2 -2
- package/src/app/PublicClientApplication.ts +85 -1
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
- package/src/cache/BrowserCacheManager.ts +157 -33
- package/src/config/Configuration.ts +6 -0
- package/src/controllers/StandardController.ts +10 -8
- package/src/error/NativeAuthError.ts +2 -2
- package/src/interaction_client/BaseInteractionClient.ts +12 -1
- package/src/interaction_client/PlatformAuthInteractionClient.ts +14 -4
- package/src/interaction_client/PopupClient.ts +74 -30
- package/src/interaction_client/RedirectClient.ts +32 -8
- package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
- package/src/interaction_client/SilentCacheClient.ts +3 -1
- package/src/interaction_client/SilentIframeClient.ts +140 -74
- package/src/interaction_client/SilentRefreshClient.ts +3 -1
- package/src/interaction_handler/SilentHandler.ts +12 -32
- package/src/operatingcontext/BaseOperatingContext.ts +15 -1
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +3 -7
- package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
- package/src/utils/BrowserUtils.ts +28 -7
- package/types/app/PublicClientApplication.d.ts +37 -1
- package/types/app/PublicClientApplication.d.ts.map +1 -1
- package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
- package/types/cache/BrowserCacheManager.d.ts +18 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +5 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
- package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +11 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts +20 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts +13 -6
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/redirect_bridge/index.d.ts.map +1 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/types/utils/BrowserUtils.d.ts +17 -2
- package/types/utils/BrowserUtils.d.ts.map +1 -1
package/lib/msal-browser.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.13.0 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.
|
|
9
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
// Token renewal offset default in seconds
|
|
239
239
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
240
240
|
|
|
241
|
-
/*! @azure/msal-common v16.
|
|
241
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
242
242
|
/*
|
|
243
243
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
244
244
|
* Licensed under the MIT License.
|
|
@@ -290,7 +290,7 @@
|
|
|
290
290
|
const RESOURCE = "resource";
|
|
291
291
|
const CLI_DATA = "clidata";
|
|
292
292
|
|
|
293
|
-
/*! @azure/msal-common v16.
|
|
293
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
294
294
|
/*
|
|
295
295
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
296
296
|
* Licensed under the MIT License.
|
|
@@ -321,7 +321,7 @@
|
|
|
321
321
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
322
322
|
}
|
|
323
323
|
|
|
324
|
-
/*! @azure/msal-common v16.
|
|
324
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
325
325
|
|
|
326
326
|
/*
|
|
327
327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -341,7 +341,7 @@
|
|
|
341
341
|
return new ClientConfigurationError(errorCode);
|
|
342
342
|
}
|
|
343
343
|
|
|
344
|
-
/*! @azure/msal-common v16.
|
|
344
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
345
345
|
/*
|
|
346
346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
347
347
|
* Licensed under the MIT License.
|
|
@@ -421,7 +421,7 @@
|
|
|
421
421
|
}
|
|
422
422
|
}
|
|
423
423
|
|
|
424
|
-
/*! @azure/msal-common v16.
|
|
424
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
425
425
|
|
|
426
426
|
/*
|
|
427
427
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -444,7 +444,7 @@
|
|
|
444
444
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
445
445
|
}
|
|
446
446
|
|
|
447
|
-
/*! @azure/msal-common v16.
|
|
447
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
448
448
|
/*
|
|
449
449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
450
450
|
* Licensed under the MIT License.
|
|
@@ -502,7 +502,7 @@
|
|
|
502
502
|
urlParseError: urlParseError
|
|
503
503
|
});
|
|
504
504
|
|
|
505
|
-
/*! @azure/msal-common v16.
|
|
505
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
506
506
|
/*
|
|
507
507
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
508
508
|
* Licensed under the MIT License.
|
|
@@ -590,7 +590,7 @@
|
|
|
590
590
|
userCanceled: userCanceled
|
|
591
591
|
});
|
|
592
592
|
|
|
593
|
-
/*! @azure/msal-common v16.
|
|
593
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
594
594
|
|
|
595
595
|
/*
|
|
596
596
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -785,7 +785,7 @@
|
|
|
785
785
|
}
|
|
786
786
|
}
|
|
787
787
|
|
|
788
|
-
/*! @azure/msal-common v16.
|
|
788
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
789
789
|
|
|
790
790
|
/*
|
|
791
791
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1134,8 +1134,14 @@
|
|
|
1134
1134
|
* @param serverTelemetryManager
|
|
1135
1135
|
*/
|
|
1136
1136
|
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
1137
|
-
|
|
1138
|
-
|
|
1137
|
+
const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
|
|
1138
|
+
const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
|
|
1139
|
+
if (currentTelemetryHeader) {
|
|
1140
|
+
parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
|
|
1141
|
+
}
|
|
1142
|
+
if (lastTelemetryHeader) {
|
|
1143
|
+
parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
|
|
1144
|
+
}
|
|
1139
1145
|
}
|
|
1140
1146
|
/**
|
|
1141
1147
|
* Adds parameter that indicates to the server that throttling is supported
|
|
@@ -1174,34 +1180,12 @@
|
|
|
1174
1180
|
}
|
|
1175
1181
|
}
|
|
1176
1182
|
|
|
1177
|
-
/*! @azure/msal-common v16.
|
|
1183
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1178
1184
|
|
|
1179
1185
|
/*
|
|
1180
1186
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1181
1187
|
* Licensed under the MIT License.
|
|
1182
1188
|
*/
|
|
1183
|
-
/**
|
|
1184
|
-
* Canonicalizes a URL by making it lowercase and ensuring it ends with /
|
|
1185
|
-
* Inlined version of UrlString.canonicalizeUri to avoid circular dependency
|
|
1186
|
-
* @param url - URL to canonicalize
|
|
1187
|
-
* @returns Canonicalized URL
|
|
1188
|
-
*/
|
|
1189
|
-
function canonicalizeUrl(url) {
|
|
1190
|
-
if (!url) {
|
|
1191
|
-
return url;
|
|
1192
|
-
}
|
|
1193
|
-
let lowerCaseUrl = url.toLowerCase();
|
|
1194
|
-
if (StringUtils.endsWith(lowerCaseUrl, "?")) {
|
|
1195
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -1);
|
|
1196
|
-
}
|
|
1197
|
-
else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
|
|
1198
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -2);
|
|
1199
|
-
}
|
|
1200
|
-
if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
|
|
1201
|
-
lowerCaseUrl += "/";
|
|
1202
|
-
}
|
|
1203
|
-
return lowerCaseUrl;
|
|
1204
|
-
}
|
|
1205
1189
|
/**
|
|
1206
1190
|
* Parses hash string from given string. Returns empty string if no hash symbol is found.
|
|
1207
1191
|
* @param hashString
|
|
@@ -1254,36 +1238,71 @@
|
|
|
1254
1238
|
return queryParameterArray.join("&");
|
|
1255
1239
|
}
|
|
1256
1240
|
/**
|
|
1257
|
-
* Normalizes URLs for comparison
|
|
1258
|
-
*
|
|
1259
|
-
*
|
|
1241
|
+
* Normalizes URLs for comparison per MDN & RFC 3986 standards:
|
|
1242
|
+
* - Hash/fragment is removed
|
|
1243
|
+
* - Scheme and host are lowercased (case-insensitive per spec)
|
|
1244
|
+
* - Path and query parameters preserve original casing (case-sensitive per spec)
|
|
1245
|
+
* - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
|
|
1246
|
+
* - Ensures pathname ends with /
|
|
1247
|
+
* Throws a urlParseError if the provided URL is malformed and cannot be parsed.
|
|
1260
1248
|
* @param url - URL to normalize
|
|
1249
|
+
* @param logger - Optional logger used to log parse failures
|
|
1250
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1261
1251
|
* @returns Normalized URL string for comparison
|
|
1262
1252
|
*/
|
|
1263
|
-
function normalizeUrlForComparison(url) {
|
|
1253
|
+
function normalizeUrlForComparison(url, logger, correlationId) {
|
|
1264
1254
|
if (!url) {
|
|
1265
1255
|
return url;
|
|
1266
1256
|
}
|
|
1267
|
-
// Remove hash first
|
|
1268
1257
|
const urlWithoutHash = url.split("#")[0];
|
|
1258
|
+
if (!urlWithoutHash) {
|
|
1259
|
+
return urlWithoutHash;
|
|
1260
|
+
}
|
|
1269
1261
|
try {
|
|
1270
|
-
// Parse the URL to handle encoding consistently
|
|
1271
1262
|
const urlObj = new URL(urlWithoutHash);
|
|
1272
|
-
|
|
1273
|
-
|
|
1274
|
-
|
|
1275
|
-
|
|
1276
|
-
|
|
1277
|
-
|
|
1278
|
-
|
|
1263
|
+
// Treat an empty query string (a bare trailing "?") as equivalent to no query
|
|
1264
|
+
if (!urlObj.search) {
|
|
1265
|
+
urlObj.search = "";
|
|
1266
|
+
}
|
|
1267
|
+
// Decode the pathname to normalize percent-encoding and ensure trailing slash
|
|
1268
|
+
let pathname;
|
|
1269
|
+
try {
|
|
1270
|
+
pathname = decodeURIComponent(urlObj.pathname);
|
|
1271
|
+
}
|
|
1272
|
+
catch (e) {
|
|
1273
|
+
pathname = urlObj.pathname;
|
|
1274
|
+
}
|
|
1275
|
+
if (!pathname.endsWith("/")) {
|
|
1276
|
+
pathname += "/";
|
|
1277
|
+
}
|
|
1278
|
+
urlObj.pathname = pathname;
|
|
1279
|
+
return urlObj.href;
|
|
1280
|
+
}
|
|
1281
|
+
catch (e) {
|
|
1282
|
+
logger?.error("15apdm", correlationId || "");
|
|
1283
|
+
throw createClientConfigurationError(urlParseError);
|
|
1284
|
+
}
|
|
1285
|
+
}
|
|
1286
|
+
/**
|
|
1287
|
+
* Validates that the provided value is a well-formed, parseable absolute URL.
|
|
1288
|
+
* Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
|
|
1289
|
+
* literal string "null", an empty string, or any malformed/relative URL). Use this
|
|
1290
|
+
* to guard against persisting an invalid value (such as a redirect URL) to the cache.
|
|
1291
|
+
* @param url - URL to validate
|
|
1292
|
+
* @param logger - Optional logger used to log validation failures
|
|
1293
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1294
|
+
*/
|
|
1295
|
+
function validateUrl(url, logger, correlationId) {
|
|
1296
|
+
try {
|
|
1297
|
+
new URL(url);
|
|
1279
1298
|
}
|
|
1280
1299
|
catch (e) {
|
|
1281
|
-
|
|
1282
|
-
|
|
1300
|
+
logger?.error("1lrjz7", correlationId || "");
|
|
1301
|
+
throw createClientConfigurationError(urlParseError);
|
|
1283
1302
|
}
|
|
1284
1303
|
}
|
|
1285
1304
|
|
|
1286
|
-
/*! @azure/msal-common v16.
|
|
1305
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1287
1306
|
|
|
1288
1307
|
/*
|
|
1289
1308
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1322,7 +1341,7 @@
|
|
|
1322
1341
|
},
|
|
1323
1342
|
};
|
|
1324
1343
|
|
|
1325
|
-
/*! @azure/msal-common v16.
|
|
1344
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1326
1345
|
/*
|
|
1327
1346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1328
1347
|
* Licensed under the MIT License.
|
|
@@ -1370,7 +1389,7 @@
|
|
|
1370
1389
|
// Remove LRU (first entry) if capacity exceeded
|
|
1371
1390
|
if (correlationCache.size > CACHE_CAPACITY) {
|
|
1372
1391
|
const firstKey = correlationCache.keys().next().value;
|
|
1373
|
-
if (firstKey) {
|
|
1392
|
+
if (firstKey !== undefined) {
|
|
1374
1393
|
correlationCache.delete(firstKey);
|
|
1375
1394
|
}
|
|
1376
1395
|
}
|
|
@@ -1597,12 +1616,12 @@
|
|
|
1597
1616
|
}
|
|
1598
1617
|
}
|
|
1599
1618
|
|
|
1600
|
-
/*! @azure/msal-common v16.
|
|
1619
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1601
1620
|
/* eslint-disable header/header */
|
|
1602
1621
|
const name$1 = "@azure/msal-common";
|
|
1603
|
-
const version$1 = "16.
|
|
1622
|
+
const version$1 = "16.8.0";
|
|
1604
1623
|
|
|
1605
|
-
/*! @azure/msal-common v16.
|
|
1624
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1606
1625
|
/*
|
|
1607
1626
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1608
1627
|
* Licensed under the MIT License.
|
|
@@ -1622,7 +1641,7 @@
|
|
|
1622
1641
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1623
1642
|
};
|
|
1624
1643
|
|
|
1625
|
-
/*! @azure/msal-common v16.
|
|
1644
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1626
1645
|
/*
|
|
1627
1646
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1628
1647
|
* Licensed under the MIT License.
|
|
@@ -1705,7 +1724,7 @@
|
|
|
1705
1724
|
return updatedAccountInfo;
|
|
1706
1725
|
}
|
|
1707
1726
|
|
|
1708
|
-
/*! @azure/msal-common v16.
|
|
1727
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1709
1728
|
|
|
1710
1729
|
/*
|
|
1711
1730
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1785,7 +1804,7 @@
|
|
|
1785
1804
|
}
|
|
1786
1805
|
}
|
|
1787
1806
|
|
|
1788
|
-
/*! @azure/msal-common v16.
|
|
1807
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1789
1808
|
|
|
1790
1809
|
/*
|
|
1791
1810
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1942,7 +1961,7 @@
|
|
|
1942
1961
|
}
|
|
1943
1962
|
}
|
|
1944
1963
|
|
|
1945
|
-
/*! @azure/msal-common v16.
|
|
1964
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1946
1965
|
|
|
1947
1966
|
/*
|
|
1948
1967
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2108,7 +2127,7 @@
|
|
|
2108
2127
|
return null;
|
|
2109
2128
|
}
|
|
2110
2129
|
|
|
2111
|
-
/*! @azure/msal-common v16.
|
|
2130
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2112
2131
|
/*
|
|
2113
2132
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2114
2133
|
* Licensed under the MIT License.
|
|
@@ -2116,7 +2135,7 @@
|
|
|
2116
2135
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2117
2136
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2118
2137
|
|
|
2119
|
-
/*! @azure/msal-common v16.
|
|
2138
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2120
2139
|
|
|
2121
2140
|
/*
|
|
2122
2141
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2154,7 +2173,7 @@
|
|
|
2154
2173
|
}
|
|
2155
2174
|
}
|
|
2156
2175
|
|
|
2157
|
-
/*! @azure/msal-common v16.
|
|
2176
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2158
2177
|
|
|
2159
2178
|
/*
|
|
2160
2179
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2192,7 +2211,7 @@
|
|
|
2192
2211
|
};
|
|
2193
2212
|
}
|
|
2194
2213
|
|
|
2195
|
-
/*! @azure/msal-common v16.
|
|
2214
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2196
2215
|
/*
|
|
2197
2216
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2198
2217
|
* Licensed under the MIT License.
|
|
@@ -2207,7 +2226,7 @@
|
|
|
2207
2226
|
Ciam: 3,
|
|
2208
2227
|
};
|
|
2209
2228
|
|
|
2210
|
-
/*! @azure/msal-common v16.
|
|
2229
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2211
2230
|
/*
|
|
2212
2231
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2213
2232
|
* Licensed under the MIT License.
|
|
@@ -2229,7 +2248,7 @@
|
|
|
2229
2248
|
return null;
|
|
2230
2249
|
}
|
|
2231
2250
|
|
|
2232
|
-
/*! @azure/msal-common v16.
|
|
2251
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2233
2252
|
/*
|
|
2234
2253
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2235
2254
|
* Licensed under the MIT License.
|
|
@@ -2253,7 +2272,7 @@
|
|
|
2253
2272
|
EAR: "EAR",
|
|
2254
2273
|
};
|
|
2255
2274
|
|
|
2256
|
-
/*! @azure/msal-common v16.
|
|
2275
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2257
2276
|
/**
|
|
2258
2277
|
* Returns the AccountInfo interface for this account.
|
|
2259
2278
|
*/
|
|
@@ -2428,7 +2447,7 @@
|
|
|
2428
2447
|
entity.hasOwnProperty("authorityType"));
|
|
2429
2448
|
}
|
|
2430
2449
|
|
|
2431
|
-
/*! @azure/msal-common v16.
|
|
2450
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2432
2451
|
|
|
2433
2452
|
/*
|
|
2434
2453
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2568,8 +2587,8 @@
|
|
|
2568
2587
|
return false;
|
|
2569
2588
|
}
|
|
2570
2589
|
if (!!tenantProfileFilter.username &&
|
|
2571
|
-
!
|
|
2572
|
-
|
|
2590
|
+
!this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
|
|
2591
|
+
!this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
|
|
2573
2592
|
return false;
|
|
2574
2593
|
}
|
|
2575
2594
|
if (!!tenantProfileFilter.loginHint &&
|
|
@@ -3560,7 +3579,7 @@
|
|
|
3560
3579
|
}
|
|
3561
3580
|
}
|
|
3562
3581
|
|
|
3563
|
-
/*! @azure/msal-common v16.
|
|
3582
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3564
3583
|
/*
|
|
3565
3584
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3566
3585
|
* Licensed under the MIT License.
|
|
@@ -3603,7 +3622,20 @@
|
|
|
3603
3622
|
"currAccessCount",
|
|
3604
3623
|
"currIdCount",
|
|
3605
3624
|
"currRefreshCount",
|
|
3606
|
-
"
|
|
3625
|
+
"ttlExpiredAcntCount",
|
|
3626
|
+
"ttlExpiredITCount",
|
|
3627
|
+
"ttlExpiredATCount",
|
|
3628
|
+
"ttlExpiredRTCount",
|
|
3629
|
+
"decryptFailedAcntCount",
|
|
3630
|
+
"decryptFailedITCount",
|
|
3631
|
+
"decryptFailedATCount",
|
|
3632
|
+
"decryptFailedRTCount",
|
|
3633
|
+
"invalidAcntCount",
|
|
3634
|
+
"invalidITCount",
|
|
3635
|
+
"invalidATCount",
|
|
3636
|
+
"invalidRTCount",
|
|
3637
|
+
"expiredATCount",
|
|
3638
|
+
"expiredRTCount",
|
|
3607
3639
|
"upgradedCacheCount",
|
|
3608
3640
|
"cacheMatchedAccounts",
|
|
3609
3641
|
"networkRtt",
|
|
@@ -3611,7 +3643,7 @@
|
|
|
3611
3643
|
"redirectBridgeMessageVersion",
|
|
3612
3644
|
]);
|
|
3613
3645
|
|
|
3614
|
-
/*! @azure/msal-common v16.
|
|
3646
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3615
3647
|
|
|
3616
3648
|
/*
|
|
3617
3649
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3666,7 +3698,7 @@
|
|
|
3666
3698
|
}
|
|
3667
3699
|
}
|
|
3668
3700
|
|
|
3669
|
-
/*! @azure/msal-common v16.
|
|
3701
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3670
3702
|
|
|
3671
3703
|
/*
|
|
3672
3704
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3761,7 +3793,7 @@
|
|
|
3761
3793
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3762
3794
|
}
|
|
3763
3795
|
|
|
3764
|
-
/*! @azure/msal-common v16.
|
|
3796
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3765
3797
|
/*
|
|
3766
3798
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3767
3799
|
* Licensed under the MIT License.
|
|
@@ -3788,7 +3820,7 @@
|
|
|
3788
3820
|
}
|
|
3789
3821
|
}
|
|
3790
3822
|
|
|
3791
|
-
/*! @azure/msal-common v16.
|
|
3823
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3792
3824
|
/*
|
|
3793
3825
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3794
3826
|
* Licensed under the MIT License.
|
|
@@ -3853,7 +3885,7 @@
|
|
|
3853
3885
|
return cachedAtSec > nowSeconds();
|
|
3854
3886
|
}
|
|
3855
3887
|
|
|
3856
|
-
/*! @azure/msal-common v16.
|
|
3888
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3857
3889
|
|
|
3858
3890
|
/*
|
|
3859
3891
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4112,7 +4144,7 @@
|
|
|
4112
4144
|
return metadata.expiresAt <= nowSeconds();
|
|
4113
4145
|
}
|
|
4114
4146
|
|
|
4115
|
-
/*! @azure/msal-common v16.
|
|
4147
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4116
4148
|
/*
|
|
4117
4149
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4118
4150
|
* Licensed under the MIT License.
|
|
@@ -4183,7 +4215,7 @@
|
|
|
4183
4215
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4184
4216
|
const SetUserData = "setUserData";
|
|
4185
4217
|
|
|
4186
|
-
/*! @azure/msal-common v16.
|
|
4218
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4187
4219
|
/*
|
|
4188
4220
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4189
4221
|
* Licensed under the MIT License.
|
|
@@ -4276,7 +4308,7 @@
|
|
|
4276
4308
|
};
|
|
4277
4309
|
};
|
|
4278
4310
|
|
|
4279
|
-
/*! @azure/msal-common v16.
|
|
4311
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4280
4312
|
|
|
4281
4313
|
/*
|
|
4282
4314
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4356,7 +4388,7 @@
|
|
|
4356
4388
|
}
|
|
4357
4389
|
}
|
|
4358
4390
|
|
|
4359
|
-
/*! @azure/msal-common v16.
|
|
4391
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4360
4392
|
/*
|
|
4361
4393
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4362
4394
|
* Licensed under the MIT License.
|
|
@@ -4380,7 +4412,7 @@
|
|
|
4380
4412
|
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4381
4413
|
* @public
|
|
4382
4414
|
*/
|
|
4383
|
-
const
|
|
4415
|
+
const uiNotAllowed = "ui_not_allowed";
|
|
4384
4416
|
/**
|
|
4385
4417
|
* Server-originated error code indicating interaction is required to complete the request.
|
|
4386
4418
|
* @public
|
|
@@ -4417,10 +4449,10 @@
|
|
|
4417
4449
|
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
4418
4450
|
noTokensFound: noTokensFound,
|
|
4419
4451
|
refreshTokenExpired: refreshTokenExpired,
|
|
4420
|
-
|
|
4452
|
+
uiNotAllowed: uiNotAllowed
|
|
4421
4453
|
});
|
|
4422
4454
|
|
|
4423
|
-
/*! @azure/msal-common v16.
|
|
4455
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4424
4456
|
|
|
4425
4457
|
/*
|
|
4426
4458
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4434,7 +4466,7 @@
|
|
|
4434
4466
|
consentRequired,
|
|
4435
4467
|
loginRequired,
|
|
4436
4468
|
badToken,
|
|
4437
|
-
|
|
4469
|
+
uiNotAllowed,
|
|
4438
4470
|
interruptedUser,
|
|
4439
4471
|
];
|
|
4440
4472
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
@@ -4444,7 +4476,7 @@
|
|
|
4444
4476
|
"user_password_expired",
|
|
4445
4477
|
"consent_required",
|
|
4446
4478
|
"bad_token",
|
|
4447
|
-
"
|
|
4479
|
+
"ui_not_allowed",
|
|
4448
4480
|
"interrupted_user",
|
|
4449
4481
|
];
|
|
4450
4482
|
/**
|
|
@@ -4488,7 +4520,7 @@
|
|
|
4488
4520
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4489
4521
|
}
|
|
4490
4522
|
|
|
4491
|
-
/*! @azure/msal-common v16.
|
|
4523
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4492
4524
|
|
|
4493
4525
|
/*
|
|
4494
4526
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4507,7 +4539,7 @@
|
|
|
4507
4539
|
}
|
|
4508
4540
|
}
|
|
4509
4541
|
|
|
4510
|
-
/*! @azure/msal-common v16.
|
|
4542
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4511
4543
|
|
|
4512
4544
|
/*
|
|
4513
4545
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4575,7 +4607,7 @@
|
|
|
4575
4607
|
}
|
|
4576
4608
|
}
|
|
4577
4609
|
|
|
4578
|
-
/*! @azure/msal-common v16.
|
|
4610
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4579
4611
|
|
|
4580
4612
|
/*
|
|
4581
4613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4923,7 +4955,7 @@
|
|
|
4923
4955
|
return baseAccount;
|
|
4924
4956
|
}
|
|
4925
4957
|
|
|
4926
|
-
/*! @azure/msal-common v16.
|
|
4958
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4927
4959
|
/*
|
|
4928
4960
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4929
4961
|
* Licensed under the MIT License.
|
|
@@ -4933,7 +4965,7 @@
|
|
|
4933
4965
|
UPN: "UPN",
|
|
4934
4966
|
};
|
|
4935
4967
|
|
|
4936
|
-
/*! @azure/msal-common v16.
|
|
4968
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4937
4969
|
/*
|
|
4938
4970
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4939
4971
|
* Licensed under the MIT License.
|
|
@@ -4951,7 +4983,7 @@
|
|
|
4951
4983
|
}
|
|
4952
4984
|
}
|
|
4953
4985
|
|
|
4954
|
-
/*! @azure/msal-common v16.
|
|
4986
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4955
4987
|
/*
|
|
4956
4988
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4957
4989
|
* Licensed under the MIT License.
|
|
@@ -4972,7 +5004,7 @@
|
|
|
4972
5004
|
};
|
|
4973
5005
|
}
|
|
4974
5006
|
|
|
4975
|
-
/*! @azure/msal-common v16.
|
|
5007
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4976
5008
|
|
|
4977
5009
|
/*
|
|
4978
5010
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5058,7 +5090,7 @@
|
|
|
5058
5090
|
}
|
|
5059
5091
|
}
|
|
5060
5092
|
|
|
5061
|
-
/*! @azure/msal-common v16.
|
|
5093
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5062
5094
|
|
|
5063
5095
|
/*
|
|
5064
5096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5089,7 +5121,7 @@
|
|
|
5089
5121
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5090
5122
|
}
|
|
5091
5123
|
|
|
5092
|
-
/*! @azure/msal-common v16.
|
|
5124
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5093
5125
|
|
|
5094
5126
|
/*
|
|
5095
5127
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5203,7 +5235,7 @@
|
|
|
5203
5235
|
return response;
|
|
5204
5236
|
}
|
|
5205
5237
|
|
|
5206
|
-
/*! @azure/msal-common v16.
|
|
5238
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5207
5239
|
/*
|
|
5208
5240
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5209
5241
|
* Licensed under the MIT License.
|
|
@@ -5215,7 +5247,7 @@
|
|
|
5215
5247
|
response.hasOwnProperty("jwks_uri"));
|
|
5216
5248
|
}
|
|
5217
5249
|
|
|
5218
|
-
/*! @azure/msal-common v16.
|
|
5250
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5219
5251
|
/*
|
|
5220
5252
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5221
5253
|
* Licensed under the MIT License.
|
|
@@ -5225,7 +5257,7 @@
|
|
|
5225
5257
|
response.hasOwnProperty("metadata"));
|
|
5226
5258
|
}
|
|
5227
5259
|
|
|
5228
|
-
/*! @azure/msal-common v16.
|
|
5260
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5229
5261
|
/*
|
|
5230
5262
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5231
5263
|
* Licensed under the MIT License.
|
|
@@ -5235,7 +5267,7 @@
|
|
|
5235
5267
|
response.hasOwnProperty("error_description"));
|
|
5236
5268
|
}
|
|
5237
5269
|
|
|
5238
|
-
/*! @azure/msal-common v16.
|
|
5270
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5239
5271
|
|
|
5240
5272
|
/*
|
|
5241
5273
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5340,7 +5372,7 @@
|
|
|
5340
5372
|
},
|
|
5341
5373
|
};
|
|
5342
5374
|
|
|
5343
|
-
/*! @azure/msal-common v16.
|
|
5375
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5344
5376
|
|
|
5345
5377
|
/*
|
|
5346
5378
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5897,7 +5929,7 @@
|
|
|
5897
5929
|
}
|
|
5898
5930
|
}
|
|
5899
5931
|
// If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
|
|
5900
|
-
if (this.isInKnownAuthorities()) {
|
|
5932
|
+
if (this.isInKnownAuthorities(this.hostnameAndPort)) {
|
|
5901
5933
|
this.logger.verbose("0mt9al", this.correlationId);
|
|
5902
5934
|
return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
|
|
5903
5935
|
}
|
|
@@ -5964,13 +5996,14 @@
|
|
|
5964
5996
|
return match;
|
|
5965
5997
|
}
|
|
5966
5998
|
/**
|
|
5967
|
-
* Helper function to determine if
|
|
5999
|
+
* Helper function to determine if a host is included in the knownAuthorities config option.
|
|
5968
6000
|
*/
|
|
5969
|
-
isInKnownAuthorities() {
|
|
6001
|
+
isInKnownAuthorities(host) {
|
|
6002
|
+
const normalizedHost = host.toLowerCase();
|
|
5970
6003
|
const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
|
|
5971
6004
|
return (authority &&
|
|
5972
6005
|
UrlString.getDomainFromUrl(authority).toLowerCase() ===
|
|
5973
|
-
|
|
6006
|
+
normalizedHost);
|
|
5974
6007
|
});
|
|
5975
6008
|
return matches.length > 0;
|
|
5976
6009
|
}
|
|
@@ -6047,6 +6080,10 @@
|
|
|
6047
6080
|
* 4. Same as (2), but the issuer host matches the CIAM tenant pattern
|
|
6048
6081
|
* `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
|
|
6049
6082
|
* path.
|
|
6083
|
+
* 5. The issuer host is HTTPS and is explicitly listed in the
|
|
6084
|
+
* developer-configured `knownAuthorities`. This covers scenarios where
|
|
6085
|
+
* the OIDC discovery document returns an issuer host that differs from
|
|
6086
|
+
* the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
|
|
6050
6087
|
*
|
|
6051
6088
|
* @param issuer The `issuer` value returned in the OIDC discovery document.
|
|
6052
6089
|
* @throws ClientConfigurationError("issuer_validation_failed") on failure.
|
|
@@ -6083,11 +6120,19 @@
|
|
|
6083
6120
|
* have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
|
|
6084
6121
|
*/
|
|
6085
6122
|
const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
|
|
6123
|
+
/*
|
|
6124
|
+
* Rule 5: The issuer host is explicitly listed in the developer-configured
|
|
6125
|
+
* knownAuthorities. This covers scenarios where the OIDC discovery document
|
|
6126
|
+
* returns an issuer with a different host than the authority
|
|
6127
|
+
* (e.g., a GUID-based issuer for a name-based authority).
|
|
6128
|
+
*/
|
|
6129
|
+
const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
|
|
6086
6130
|
// Each rule is an independent boolean; the issuer is valid if ANY rule matches.
|
|
6087
6131
|
if (matchesAuthorityOrigin ||
|
|
6088
6132
|
matchesKnownMicrosoftHost ||
|
|
6089
6133
|
matchesRegionalMicrosoftHost ||
|
|
6090
|
-
matchesCiamTenantPattern
|
|
6134
|
+
matchesCiamTenantPattern ||
|
|
6135
|
+
matchesKnownAuthority) {
|
|
6091
6136
|
return;
|
|
6092
6137
|
}
|
|
6093
6138
|
// issuer validation fails if none of the above rules are satisfied
|
|
@@ -6295,7 +6340,7 @@
|
|
|
6295
6340
|
};
|
|
6296
6341
|
}
|
|
6297
6342
|
|
|
6298
|
-
/*! @azure/msal-common v16.
|
|
6343
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6299
6344
|
|
|
6300
6345
|
/*
|
|
6301
6346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6329,7 +6374,7 @@
|
|
|
6329
6374
|
}
|
|
6330
6375
|
}
|
|
6331
6376
|
|
|
6332
|
-
/*! @azure/msal-common v16.
|
|
6377
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6333
6378
|
|
|
6334
6379
|
/*
|
|
6335
6380
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6586,7 +6631,7 @@
|
|
|
6586
6631
|
}
|
|
6587
6632
|
}
|
|
6588
6633
|
|
|
6589
|
-
/*! @azure/msal-common v16.
|
|
6634
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6590
6635
|
|
|
6591
6636
|
/*
|
|
6592
6637
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6807,7 +6852,7 @@
|
|
|
6807
6852
|
}
|
|
6808
6853
|
}
|
|
6809
6854
|
|
|
6810
|
-
/*! @azure/msal-common v16.
|
|
6855
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6811
6856
|
|
|
6812
6857
|
/*
|
|
6813
6858
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6923,7 +6968,7 @@
|
|
|
6923
6968
|
}
|
|
6924
6969
|
}
|
|
6925
6970
|
|
|
6926
|
-
/*! @azure/msal-common v16.
|
|
6971
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6927
6972
|
|
|
6928
6973
|
/*
|
|
6929
6974
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6938,7 +6983,7 @@
|
|
|
6938
6983
|
},
|
|
6939
6984
|
};
|
|
6940
6985
|
|
|
6941
|
-
/*! @azure/msal-common v16.
|
|
6986
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6942
6987
|
|
|
6943
6988
|
/*
|
|
6944
6989
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7161,7 +7206,7 @@
|
|
|
7161
7206
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7162
7207
|
}
|
|
7163
7208
|
|
|
7164
|
-
/*! @azure/msal-common v16.
|
|
7209
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7165
7210
|
|
|
7166
7211
|
/*
|
|
7167
7212
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7194,7 +7239,7 @@
|
|
|
7194
7239
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7195
7240
|
}
|
|
7196
7241
|
|
|
7197
|
-
/*! @azure/msal-common v16.
|
|
7242
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7198
7243
|
|
|
7199
7244
|
/*
|
|
7200
7245
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7252,7 +7297,7 @@
|
|
|
7252
7297
|
}
|
|
7253
7298
|
}
|
|
7254
7299
|
|
|
7255
|
-
/*! @azure/msal-common v16.
|
|
7300
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7256
7301
|
/*
|
|
7257
7302
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7258
7303
|
* Licensed under the MIT License.
|
|
@@ -7269,7 +7314,7 @@
|
|
|
7269
7314
|
unexpectedError: unexpectedError
|
|
7270
7315
|
});
|
|
7271
7316
|
|
|
7272
|
-
/*! @azure/msal-common v16.
|
|
7317
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7273
7318
|
|
|
7274
7319
|
/*
|
|
7275
7320
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7380,35 +7425,40 @@
|
|
|
7380
7425
|
* @param error
|
|
7381
7426
|
*/
|
|
7382
7427
|
cacheFailedRequest(error) {
|
|
7383
|
-
|
|
7384
|
-
|
|
7385
|
-
|
|
7386
|
-
|
|
7387
|
-
|
|
7388
|
-
|
|
7389
|
-
|
|
7390
|
-
|
|
7391
|
-
|
|
7392
|
-
|
|
7393
|
-
if (error instanceof
|
|
7394
|
-
if (error
|
|
7395
|
-
|
|
7396
|
-
|
|
7397
|
-
|
|
7398
|
-
|
|
7428
|
+
try {
|
|
7429
|
+
const lastRequests = this.getLastRequests();
|
|
7430
|
+
if (lastRequests.errors.length >=
|
|
7431
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
7432
|
+
// Remove a cached error to make room, first in first out
|
|
7433
|
+
lastRequests.failedRequests.shift(); // apiId
|
|
7434
|
+
lastRequests.failedRequests.shift(); // correlationId
|
|
7435
|
+
lastRequests.errors.shift();
|
|
7436
|
+
}
|
|
7437
|
+
lastRequests.failedRequests.push(this.apiId, this.correlationId);
|
|
7438
|
+
if (error instanceof Error && !!error && error.toString()) {
|
|
7439
|
+
if (error instanceof AuthError) {
|
|
7440
|
+
if (error.subError) {
|
|
7441
|
+
lastRequests.errors.push(error.subError);
|
|
7442
|
+
}
|
|
7443
|
+
else if (error.errorCode) {
|
|
7444
|
+
lastRequests.errors.push(error.errorCode);
|
|
7445
|
+
}
|
|
7446
|
+
else {
|
|
7447
|
+
lastRequests.errors.push(error.toString());
|
|
7448
|
+
}
|
|
7399
7449
|
}
|
|
7400
7450
|
else {
|
|
7401
7451
|
lastRequests.errors.push(error.toString());
|
|
7402
7452
|
}
|
|
7403
7453
|
}
|
|
7404
7454
|
else {
|
|
7405
|
-
lastRequests.errors.push(
|
|
7455
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
7406
7456
|
}
|
|
7457
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7407
7458
|
}
|
|
7408
|
-
|
|
7409
|
-
|
|
7459
|
+
catch {
|
|
7460
|
+
// Ignore telemetry cache failures to avoid masking the original auth error path.
|
|
7410
7461
|
}
|
|
7411
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7412
7462
|
return;
|
|
7413
7463
|
}
|
|
7414
7464
|
/**
|
|
@@ -7528,9 +7578,36 @@
|
|
|
7528
7578
|
static makeExtraSkuString(params) {
|
|
7529
7579
|
return makeExtraSkuString(params);
|
|
7530
7580
|
}
|
|
7581
|
+
}
|
|
7582
|
+
/** @internal */
|
|
7583
|
+
class StubServerTelemetryManager extends ServerTelemetryManager {
|
|
7584
|
+
constructor() {
|
|
7585
|
+
super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
|
|
7586
|
+
}
|
|
7587
|
+
generateCurrentRequestHeaderValue() {
|
|
7588
|
+
return "";
|
|
7589
|
+
}
|
|
7590
|
+
generateLastRequestHeaderValue() {
|
|
7591
|
+
return "";
|
|
7592
|
+
}
|
|
7593
|
+
cacheFailedRequest() { }
|
|
7594
|
+
incrementCacheHits() {
|
|
7595
|
+
return 0;
|
|
7596
|
+
}
|
|
7597
|
+
clearTelemetryCache() { }
|
|
7598
|
+
getRegionDiscoveryFields() {
|
|
7599
|
+
return "";
|
|
7600
|
+
}
|
|
7601
|
+
updateRegionDiscoveryMetadata() { }
|
|
7602
|
+
setCacheOutcome() { }
|
|
7603
|
+
setNativeBrokerErrorCode() { }
|
|
7604
|
+
getNativeBrokerErrorCode() {
|
|
7605
|
+
return undefined;
|
|
7606
|
+
}
|
|
7607
|
+
clearNativeBrokerErrorCode() { }
|
|
7531
7608
|
}
|
|
7532
7609
|
|
|
7533
|
-
/*! @azure/msal-common v16.
|
|
7610
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7534
7611
|
|
|
7535
7612
|
/*
|
|
7536
7613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7551,7 +7628,7 @@
|
|
|
7551
7628
|
return new JoseHeaderError(code);
|
|
7552
7629
|
}
|
|
7553
7630
|
|
|
7554
|
-
/*! @azure/msal-common v16.
|
|
7631
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7555
7632
|
/*
|
|
7556
7633
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7557
7634
|
* Licensed under the MIT License.
|
|
@@ -7559,7 +7636,7 @@
|
|
|
7559
7636
|
const missingKidError = "missing_kid_error";
|
|
7560
7637
|
const missingAlgError = "missing_alg_error";
|
|
7561
7638
|
|
|
7562
|
-
/*! @azure/msal-common v16.
|
|
7639
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7563
7640
|
|
|
7564
7641
|
/*
|
|
7565
7642
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7599,7 +7676,7 @@
|
|
|
7599
7676
|
}
|
|
7600
7677
|
}
|
|
7601
7678
|
|
|
7602
|
-
/*! @azure/msal-common v16.
|
|
7679
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7603
7680
|
|
|
7604
7681
|
/*
|
|
7605
7682
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8212,7 +8289,6 @@
|
|
|
8212
8289
|
*/
|
|
8213
8290
|
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8214
8291
|
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8215
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8216
8292
|
/**
|
|
8217
8293
|
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8218
8294
|
*/
|
|
@@ -8394,6 +8470,43 @@
|
|
|
8394
8470
|
return new BrowserAuthError(errorCode, subError);
|
|
8395
8471
|
}
|
|
8396
8472
|
|
|
8473
|
+
/*
|
|
8474
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8475
|
+
* Licensed under the MIT License.
|
|
8476
|
+
*/
|
|
8477
|
+
/**
|
|
8478
|
+
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8479
|
+
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8480
|
+
*/
|
|
8481
|
+
/**
|
|
8482
|
+
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8483
|
+
* @param input
|
|
8484
|
+
*/
|
|
8485
|
+
function base64Decode(input) {
|
|
8486
|
+
return new TextDecoder().decode(base64DecToArr(input));
|
|
8487
|
+
}
|
|
8488
|
+
/**
|
|
8489
|
+
* Decodes base64 into Uint8Array
|
|
8490
|
+
* @param base64String
|
|
8491
|
+
*/
|
|
8492
|
+
function base64DecToArr(base64String) {
|
|
8493
|
+
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8494
|
+
switch (encodedString.length % 4) {
|
|
8495
|
+
case 0:
|
|
8496
|
+
break;
|
|
8497
|
+
case 2:
|
|
8498
|
+
encodedString += "==";
|
|
8499
|
+
break;
|
|
8500
|
+
case 3:
|
|
8501
|
+
encodedString += "=";
|
|
8502
|
+
break;
|
|
8503
|
+
default:
|
|
8504
|
+
throw createBrowserAuthError(invalidBase64String);
|
|
8505
|
+
}
|
|
8506
|
+
const binString = atob(encodedString);
|
|
8507
|
+
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8508
|
+
}
|
|
8509
|
+
|
|
8397
8510
|
/*
|
|
8398
8511
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8399
8512
|
* Licensed under the MIT License.
|
|
@@ -8653,43 +8766,6 @@
|
|
|
8653
8766
|
return btoa(binString);
|
|
8654
8767
|
}
|
|
8655
8768
|
|
|
8656
|
-
/*
|
|
8657
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8658
|
-
* Licensed under the MIT License.
|
|
8659
|
-
*/
|
|
8660
|
-
/**
|
|
8661
|
-
* Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
|
|
8662
|
-
* https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
|
|
8663
|
-
*/
|
|
8664
|
-
/**
|
|
8665
|
-
* Returns a URL-safe plaintext decoded string from b64 encoded input.
|
|
8666
|
-
* @param input
|
|
8667
|
-
*/
|
|
8668
|
-
function base64Decode(input) {
|
|
8669
|
-
return new TextDecoder().decode(base64DecToArr(input));
|
|
8670
|
-
}
|
|
8671
|
-
/**
|
|
8672
|
-
* Decodes base64 into Uint8Array
|
|
8673
|
-
* @param base64String
|
|
8674
|
-
*/
|
|
8675
|
-
function base64DecToArr(base64String) {
|
|
8676
|
-
let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
|
|
8677
|
-
switch (encodedString.length % 4) {
|
|
8678
|
-
case 0:
|
|
8679
|
-
break;
|
|
8680
|
-
case 2:
|
|
8681
|
-
encodedString += "==";
|
|
8682
|
-
break;
|
|
8683
|
-
case 3:
|
|
8684
|
-
encodedString += "=";
|
|
8685
|
-
break;
|
|
8686
|
-
default:
|
|
8687
|
-
throw createBrowserAuthError(invalidBase64String);
|
|
8688
|
-
}
|
|
8689
|
-
const binString = atob(encodedString);
|
|
8690
|
-
return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
|
|
8691
|
-
}
|
|
8692
|
-
|
|
8693
8769
|
/*
|
|
8694
8770
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8695
8771
|
* Licensed under the MIT License.
|
|
@@ -9108,6 +9184,16 @@
|
|
|
9108
9184
|
contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`);
|
|
9109
9185
|
}
|
|
9110
9186
|
}
|
|
9187
|
+
/**
|
|
9188
|
+
* Strips both hash and query string from the given window's URL by replacing
|
|
9189
|
+
* with origin + pathname only. Used to remove auth response parameters
|
|
9190
|
+
* (auth code, state, etc.) before the window is closed or navigated away.
|
|
9191
|
+
*/
|
|
9192
|
+
function clearAuthResponseFromUrl(contentWindow) {
|
|
9193
|
+
if (typeof contentWindow.history?.replaceState === "function") {
|
|
9194
|
+
contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}`);
|
|
9195
|
+
}
|
|
9196
|
+
}
|
|
9111
9197
|
/**
|
|
9112
9198
|
* Replaces current hash with hash from provided url
|
|
9113
9199
|
*/
|
|
@@ -9166,7 +9252,7 @@
|
|
|
9166
9252
|
activeBridgeMonitor = null;
|
|
9167
9253
|
}
|
|
9168
9254
|
}
|
|
9169
|
-
async function waitForBridgeResponse(timeoutMs, logger,
|
|
9255
|
+
async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
|
|
9170
9256
|
return new Promise((resolve, reject) => {
|
|
9171
9257
|
logger.verbose("1rf6em", request.correlationId);
|
|
9172
9258
|
const correlationId = request.correlationId;
|
|
@@ -9174,7 +9260,7 @@
|
|
|
9174
9260
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9175
9261
|
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9176
9262
|
}, correlationId);
|
|
9177
|
-
const { libraryState } = parseRequestState(
|
|
9263
|
+
const { libraryState } = parseRequestState(base64Decode, request.state || "");
|
|
9178
9264
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9179
9265
|
let responseString = undefined;
|
|
9180
9266
|
let timedOut$1 = false;
|
|
@@ -9362,6 +9448,7 @@
|
|
|
9362
9448
|
blockRedirectInIframe: blockRedirectInIframe,
|
|
9363
9449
|
blockReloadInHiddenIframes: blockReloadInHiddenIframes,
|
|
9364
9450
|
cancelPendingBridgeResponse: cancelPendingBridgeResponse,
|
|
9451
|
+
clearAuthResponseFromUrl: clearAuthResponseFromUrl,
|
|
9365
9452
|
clearHash: clearHash,
|
|
9366
9453
|
createGuid: createGuid,
|
|
9367
9454
|
getCurrentUri: getCurrentUri,
|
|
@@ -10536,7 +10623,7 @@
|
|
|
10536
10623
|
|
|
10537
10624
|
/* eslint-disable header/header */
|
|
10538
10625
|
const name = "@azure/msal-browser";
|
|
10539
|
-
const version = "5.
|
|
10626
|
+
const version = "5.13.0";
|
|
10540
10627
|
|
|
10541
10628
|
/*
|
|
10542
10629
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10558,6 +10645,15 @@
|
|
|
10558
10645
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10559
10646
|
* Licensed under the MIT License.
|
|
10560
10647
|
*/
|
|
10648
|
+
/**
|
|
10649
|
+
* Reason an old-schema cache entry was removed during migration.
|
|
10650
|
+
*/
|
|
10651
|
+
const MigrationRemovalReason = {
|
|
10652
|
+
Invalid: "invalid",
|
|
10653
|
+
TtlExpired: "ttlExpired",
|
|
10654
|
+
DecryptFailed: "decryptFailed",
|
|
10655
|
+
Expired: "expired",
|
|
10656
|
+
};
|
|
10561
10657
|
/**
|
|
10562
10658
|
* This class implements the cache storage interface for MSAL through browser local or session storage.
|
|
10563
10659
|
*/
|
|
@@ -10627,7 +10723,10 @@
|
|
|
10627
10723
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10628
10724
|
if (!parsedValue) {
|
|
10629
10725
|
this.browserStorage.removeItem(key);
|
|
10630
|
-
return
|
|
10726
|
+
return {
|
|
10727
|
+
entry: null,
|
|
10728
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
10729
|
+
};
|
|
10631
10730
|
}
|
|
10632
10731
|
if (!parsedValue.lastUpdatedAt) {
|
|
10633
10732
|
// Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
|
|
@@ -10636,25 +10735,42 @@
|
|
|
10636
10735
|
}
|
|
10637
10736
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
10638
10737
|
this.browserStorage.removeItem(key);
|
|
10639
|
-
|
|
10640
|
-
|
|
10738
|
+
return {
|
|
10739
|
+
entry: null,
|
|
10740
|
+
removalReason: MigrationRemovalReason.TtlExpired,
|
|
10741
|
+
};
|
|
10641
10742
|
}
|
|
10642
|
-
const
|
|
10743
|
+
const wasEncrypted = isEncrypted(parsedValue);
|
|
10744
|
+
const decryptedData = wasEncrypted
|
|
10643
10745
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
10644
10746
|
: parsedValue;
|
|
10645
|
-
if (!decryptedData
|
|
10646
|
-
this.
|
|
10647
|
-
return
|
|
10747
|
+
if (!decryptedData) {
|
|
10748
|
+
this.browserStorage.removeItem(key);
|
|
10749
|
+
return {
|
|
10750
|
+
entry: null,
|
|
10751
|
+
removalReason: wasEncrypted
|
|
10752
|
+
? MigrationRemovalReason.DecryptFailed
|
|
10753
|
+
: MigrationRemovalReason.Invalid,
|
|
10754
|
+
};
|
|
10755
|
+
}
|
|
10756
|
+
if (!isCredentialEntity(decryptedData)) {
|
|
10757
|
+
this.browserStorage.removeItem(key);
|
|
10758
|
+
return {
|
|
10759
|
+
entry: null,
|
|
10760
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
10761
|
+
};
|
|
10648
10762
|
}
|
|
10649
10763
|
if ((isAccessTokenEntity(decryptedData) ||
|
|
10650
10764
|
isRefreshTokenEntity(decryptedData)) &&
|
|
10651
10765
|
decryptedData.expiresOn &&
|
|
10652
10766
|
isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
|
|
10653
10767
|
this.browserStorage.removeItem(key);
|
|
10654
|
-
|
|
10655
|
-
|
|
10768
|
+
return {
|
|
10769
|
+
entry: null,
|
|
10770
|
+
removalReason: MigrationRemovalReason.Expired,
|
|
10771
|
+
};
|
|
10656
10772
|
}
|
|
10657
|
-
return decryptedData;
|
|
10773
|
+
return { entry: decryptedData };
|
|
10658
10774
|
}
|
|
10659
10775
|
/**
|
|
10660
10776
|
* Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
|
|
@@ -10673,6 +10789,8 @@
|
|
|
10673
10789
|
const rawValue = this.browserStorage.getItem(accountKey);
|
|
10674
10790
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10675
10791
|
if (!parsedValue) {
|
|
10792
|
+
this.browserStorage.removeItem(accountKey);
|
|
10793
|
+
this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
|
|
10676
10794
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10677
10795
|
continue;
|
|
10678
10796
|
}
|
|
@@ -10685,8 +10803,20 @@
|
|
|
10685
10803
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
10686
10804
|
// Cache expired remove account and associated tokens
|
|
10687
10805
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
10806
|
+
this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
|
|
10688
10807
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10689
10808
|
}
|
|
10809
|
+
else if (isEncrypted(parsedValue)) {
|
|
10810
|
+
// Remove accounts encrypted with a different key (session cookie expired/changed)
|
|
10811
|
+
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
10812
|
+
if (!decrypted) {
|
|
10813
|
+
this.browserStorage.removeItem(accountKey);
|
|
10814
|
+
this.performanceClient.incrementFields({
|
|
10815
|
+
decryptFailedAcntCount: 1,
|
|
10816
|
+
}, correlationId);
|
|
10817
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10818
|
+
}
|
|
10819
|
+
}
|
|
10690
10820
|
}
|
|
10691
10821
|
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
10692
10822
|
}
|
|
@@ -10724,7 +10854,6 @@
|
|
|
10724
10854
|
});
|
|
10725
10855
|
this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
|
|
10726
10856
|
}
|
|
10727
|
-
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
10728
10857
|
this.browserStorage.removeItem(accountKey);
|
|
10729
10858
|
}
|
|
10730
10859
|
/**
|
|
@@ -10763,8 +10892,20 @@
|
|
|
10763
10892
|
const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
|
|
10764
10893
|
for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
|
|
10765
10894
|
this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
|
|
10766
|
-
const
|
|
10895
|
+
const result = await this.updateOldEntry(idTokenKey, correlationId);
|
|
10896
|
+
const oldSchemaData = result.entry;
|
|
10767
10897
|
if (!oldSchemaData) {
|
|
10898
|
+
switch (result.removalReason) {
|
|
10899
|
+
case MigrationRemovalReason.TtlExpired:
|
|
10900
|
+
this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
|
|
10901
|
+
break;
|
|
10902
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
10903
|
+
this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
|
|
10904
|
+
break;
|
|
10905
|
+
case MigrationRemovalReason.Invalid:
|
|
10906
|
+
this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
|
|
10907
|
+
break;
|
|
10908
|
+
}
|
|
10768
10909
|
removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
|
|
10769
10910
|
continue;
|
|
10770
10911
|
}
|
|
@@ -10843,8 +10984,23 @@
|
|
|
10843
10984
|
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
10844
10985
|
for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
|
|
10845
10986
|
this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
|
|
10846
|
-
const
|
|
10987
|
+
const result = await this.updateOldEntry(accessTokenKey, correlationId);
|
|
10988
|
+
const oldSchemaData = result.entry;
|
|
10847
10989
|
if (!oldSchemaData) {
|
|
10990
|
+
switch (result.removalReason) {
|
|
10991
|
+
case MigrationRemovalReason.TtlExpired:
|
|
10992
|
+
this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
|
|
10993
|
+
break;
|
|
10994
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
10995
|
+
this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
|
|
10996
|
+
break;
|
|
10997
|
+
case MigrationRemovalReason.Expired:
|
|
10998
|
+
this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
|
|
10999
|
+
break;
|
|
11000
|
+
case MigrationRemovalReason.Invalid:
|
|
11001
|
+
this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
|
|
11002
|
+
break;
|
|
11003
|
+
}
|
|
10848
11004
|
removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
|
|
10849
11005
|
continue;
|
|
10850
11006
|
}
|
|
@@ -10890,8 +11046,23 @@
|
|
|
10890
11046
|
...credentialKeysToMigrate.refreshToken,
|
|
10891
11047
|
]) {
|
|
10892
11048
|
this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
|
|
10893
|
-
const
|
|
11049
|
+
const result = await this.updateOldEntry(refreshTokenKey, correlationId);
|
|
11050
|
+
const oldSchemaData = result.entry;
|
|
10894
11051
|
if (!oldSchemaData) {
|
|
11052
|
+
switch (result.removalReason) {
|
|
11053
|
+
case MigrationRemovalReason.TtlExpired:
|
|
11054
|
+
this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
|
|
11055
|
+
break;
|
|
11056
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
11057
|
+
this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
|
|
11058
|
+
break;
|
|
11059
|
+
case MigrationRemovalReason.Expired:
|
|
11060
|
+
this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
|
|
11061
|
+
break;
|
|
11062
|
+
case MigrationRemovalReason.Invalid:
|
|
11063
|
+
this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
|
|
11064
|
+
break;
|
|
11065
|
+
}
|
|
10895
11066
|
removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
|
|
10896
11067
|
continue;
|
|
10897
11068
|
}
|
|
@@ -12091,10 +12262,15 @@
|
|
|
12091
12262
|
* @param browserStorage - Browser cache manager instance for storing telemetry data
|
|
12092
12263
|
* @param logger - Optional logger instance for verbose logging
|
|
12093
12264
|
* @param forceRefresh - Optional flag to force refresh of telemetry data
|
|
12265
|
+
* @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
|
|
12094
12266
|
* @returns Configured ServerTelemetryManager instance
|
|
12095
12267
|
*/
|
|
12096
|
-
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
|
|
12268
|
+
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
|
|
12097
12269
|
logger.verbose("1p12tq", correlationId);
|
|
12270
|
+
if (!enabled) {
|
|
12271
|
+
logger.verbose("0tajnr", correlationId);
|
|
12272
|
+
return new StubServerTelemetryManager();
|
|
12273
|
+
}
|
|
12098
12274
|
const telemetryPayload = {
|
|
12099
12275
|
clientId: clientId,
|
|
12100
12276
|
correlationId: correlationId,
|
|
@@ -12630,7 +12806,7 @@
|
|
|
12630
12806
|
const NO_NETWORK = "NO_NETWORK";
|
|
12631
12807
|
const DISABLED = "DISABLED";
|
|
12632
12808
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
12633
|
-
const
|
|
12809
|
+
const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
|
|
12634
12810
|
|
|
12635
12811
|
/*
|
|
12636
12812
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12685,8 +12861,8 @@
|
|
|
12685
12861
|
return createBrowserAuthError(userCancelled);
|
|
12686
12862
|
case NO_NETWORK:
|
|
12687
12863
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
12688
|
-
case
|
|
12689
|
-
return createInteractionRequiredAuthError(
|
|
12864
|
+
case UI_NOT_ALLOWED:
|
|
12865
|
+
return createInteractionRequiredAuthError(uiNotAllowed);
|
|
12690
12866
|
}
|
|
12691
12867
|
}
|
|
12692
12868
|
return new NativeAuthError(code, description, ext);
|
|
@@ -12703,7 +12879,7 @@
|
|
|
12703
12879
|
*/
|
|
12704
12880
|
async acquireToken(silentRequest) {
|
|
12705
12881
|
// Telemetry manager only used to increment cacheHits here
|
|
12706
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12882
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12707
12883
|
const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
|
|
12708
12884
|
serverTelemetryManager,
|
|
12709
12885
|
requestAuthority: silentRequest.authority,
|
|
@@ -12779,7 +12955,7 @@
|
|
|
12779
12955
|
// start the perf measurement
|
|
12780
12956
|
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
12781
12957
|
const reqTimestamp = nowSeconds();
|
|
12782
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12958
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12783
12959
|
try {
|
|
12784
12960
|
// initialize native request
|
|
12785
12961
|
const nativeRequest = await this.initializePlatformRequest(request);
|
|
@@ -12903,7 +13079,7 @@
|
|
|
12903
13079
|
catch (e) {
|
|
12904
13080
|
// Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
|
|
12905
13081
|
if (e instanceof NativeAuthError) {
|
|
12906
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
13082
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12907
13083
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
12908
13084
|
if (isFatalNativeAuthError(e)) {
|
|
12909
13085
|
throw e;
|
|
@@ -12917,7 +13093,7 @@
|
|
|
12917
13093
|
noHistory: false,
|
|
12918
13094
|
};
|
|
12919
13095
|
const redirectUri = navigateToLoginRequestUrl
|
|
12920
|
-
? window.location.href
|
|
13096
|
+
? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
|
|
12921
13097
|
: getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
12922
13098
|
rootMeasurement.end({ success: true });
|
|
12923
13099
|
await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
|
|
@@ -12950,7 +13126,7 @@
|
|
|
12950
13126
|
this.logger.verbose("003x5a", this.correlationId);
|
|
12951
13127
|
const response = await this.platformAuthProvider.sendMessage(request);
|
|
12952
13128
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
12953
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
13129
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12954
13130
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
12955
13131
|
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
12956
13132
|
return authResult;
|
|
@@ -13957,6 +14133,7 @@
|
|
|
13957
14133
|
nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
|
|
13958
14134
|
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
|
|
13959
14135
|
protocolMode: ProtocolMode.AAD,
|
|
14136
|
+
serverTelemetryEnabled: false,
|
|
13960
14137
|
};
|
|
13961
14138
|
const providedSystemOptions = {
|
|
13962
14139
|
...DEFAULT_BROWSER_SYSTEM_OPTIONS,
|
|
@@ -14503,10 +14680,11 @@
|
|
|
14503
14680
|
* Licensed under the MIT License.
|
|
14504
14681
|
*/
|
|
14505
14682
|
class PopupClient extends StandardInteractionClient {
|
|
14506
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
|
|
14683
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
|
|
14507
14684
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
|
|
14508
14685
|
this.nativeStorage = nativeStorageImpl;
|
|
14509
14686
|
this.eventHandler = eventHandler;
|
|
14687
|
+
this.waitForPopupResponseHook = waitForPopupResponseHook;
|
|
14510
14688
|
}
|
|
14511
14689
|
/**
|
|
14512
14690
|
* Acquires tokens by opening a popup window to the /authorize endpoint of the authority
|
|
@@ -14614,7 +14792,7 @@
|
|
|
14614
14792
|
*/
|
|
14615
14793
|
async executeCodeFlow(request, popupParams, pkceCodes) {
|
|
14616
14794
|
const correlationId = request.correlationId;
|
|
14617
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
14795
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14618
14796
|
const pkce = pkceCodes ||
|
|
14619
14797
|
(await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
|
|
14620
14798
|
const popupRequest = {
|
|
@@ -14640,7 +14818,7 @@
|
|
|
14640
14818
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
14641
14819
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14642
14820
|
// Wait for the redirect bridge response
|
|
14643
|
-
const responseString = await
|
|
14821
|
+
const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
|
|
14644
14822
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14645
14823
|
return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14646
14824
|
}
|
|
@@ -14675,11 +14853,11 @@
|
|
|
14675
14853
|
const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
|
|
14676
14854
|
form.submit();
|
|
14677
14855
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14678
|
-
const responseString = await invokeAsync(
|
|
14856
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
|
|
14679
14857
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14680
14858
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
14681
14859
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
14682
|
-
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
14860
|
+
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
14683
14861
|
requestAuthority: request.authority,
|
|
14684
14862
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
14685
14863
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -14700,7 +14878,7 @@
|
|
|
14700
14878
|
const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
|
|
14701
14879
|
form.submit();
|
|
14702
14880
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14703
|
-
const responseString = await invokeAsync(
|
|
14881
|
+
const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
|
|
14704
14882
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14705
14883
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14706
14884
|
}
|
|
@@ -14716,7 +14894,7 @@
|
|
|
14716
14894
|
async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
|
|
14717
14895
|
this.logger.verbose("0b7yrk", this.correlationId);
|
|
14718
14896
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Popup, validRequest);
|
|
14719
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
14897
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14720
14898
|
try {
|
|
14721
14899
|
// Clear cache on logout
|
|
14722
14900
|
await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
|
|
@@ -14757,7 +14935,7 @@
|
|
|
14757
14935
|
// Open the popup window to requestUrl.
|
|
14758
14936
|
const popupWindow = this.openPopup(logoutUri, popupParams);
|
|
14759
14937
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14760
|
-
await
|
|
14938
|
+
await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
|
|
14761
14939
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
14762
14940
|
});
|
|
14763
14941
|
if (mainWindowRedirectUri) {
|
|
@@ -14836,6 +15014,19 @@
|
|
|
14836
15014
|
if (!popupWindow) {
|
|
14837
15015
|
throw createBrowserAuthError(emptyWindowError);
|
|
14838
15016
|
}
|
|
15017
|
+
try {
|
|
15018
|
+
popupWindow.document.title = "Microsoft Authentication";
|
|
15019
|
+
}
|
|
15020
|
+
catch (e) {
|
|
15021
|
+
if (typeof DOMException !== "undefined" &&
|
|
15022
|
+
e instanceof DOMException &&
|
|
15023
|
+
e.name === "SecurityError") {
|
|
15024
|
+
// Cross-origin - title cannot be set
|
|
15025
|
+
}
|
|
15026
|
+
else {
|
|
15027
|
+
this.logger.verbose("1s1yfs", this.correlationId);
|
|
15028
|
+
}
|
|
15029
|
+
}
|
|
14839
15030
|
if (popupWindow.focus) {
|
|
14840
15031
|
popupWindow.focus();
|
|
14841
15032
|
}
|
|
@@ -14914,6 +15105,12 @@
|
|
|
14914
15105
|
const homeAccountId = request.account && request.account.homeAccountId;
|
|
14915
15106
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
14916
15107
|
}
|
|
15108
|
+
async waitForPopupResponse(request, popupWindow, popupWindowParent) {
|
|
15109
|
+
if (this.waitForPopupResponseHook) {
|
|
15110
|
+
return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
|
|
15111
|
+
}
|
|
15112
|
+
return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
|
|
15113
|
+
}
|
|
14917
15114
|
}
|
|
14918
15115
|
|
|
14919
15116
|
/*
|
|
@@ -14981,7 +15178,7 @@
|
|
|
14981
15178
|
*/
|
|
14982
15179
|
async executeCodeFlow(request) {
|
|
14983
15180
|
const correlationId = request.correlationId;
|
|
14984
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15181
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14985
15182
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
14986
15183
|
const redirectRequest = {
|
|
14987
15184
|
...request,
|
|
@@ -15067,7 +15264,9 @@
|
|
|
15067
15264
|
* @param options {HandleRedirectPromiseOptions} options for handling redirect promise
|
|
15068
15265
|
*/
|
|
15069
15266
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
15070
|
-
const
|
|
15267
|
+
const originalTitle = document.title;
|
|
15268
|
+
document.title = "Microsoft Authentication";
|
|
15269
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15071
15270
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
15072
15271
|
try {
|
|
15073
15272
|
const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
|
|
@@ -15086,8 +15285,8 @@
|
|
|
15086
15285
|
}
|
|
15087
15286
|
// If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
|
|
15088
15287
|
const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
|
|
15089
|
-
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
|
|
15090
|
-
const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
|
|
15288
|
+
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
|
|
15289
|
+
const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
|
|
15091
15290
|
if (loginRequestUrlNormalized === currentUrlNormalized &&
|
|
15092
15291
|
navigateToLoginRequestUrl) {
|
|
15093
15292
|
// We are on the page we need to navigate to - handle hash
|
|
@@ -15120,8 +15319,8 @@
|
|
|
15120
15319
|
* The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
|
|
15121
15320
|
*/
|
|
15122
15321
|
let processHashOnRedirect = true;
|
|
15123
|
-
if (!loginRequestUrl
|
|
15124
|
-
// Redirect to home page if login request url is
|
|
15322
|
+
if (!loginRequestUrl) {
|
|
15323
|
+
// Redirect to home page if login request url is empty
|
|
15125
15324
|
const homepage = getHomepage();
|
|
15126
15325
|
// Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
|
|
15127
15326
|
this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
|
|
@@ -15149,6 +15348,9 @@
|
|
|
15149
15348
|
}
|
|
15150
15349
|
throw e;
|
|
15151
15350
|
}
|
|
15351
|
+
finally {
|
|
15352
|
+
document.title = originalTitle;
|
|
15353
|
+
}
|
|
15152
15354
|
}
|
|
15153
15355
|
/**
|
|
15154
15356
|
* Gets the response hash for a redirect request
|
|
@@ -15264,7 +15466,7 @@
|
|
|
15264
15466
|
async logout(logoutRequest) {
|
|
15265
15467
|
this.logger.verbose("1rkurh", this.correlationId);
|
|
15266
15468
|
const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
|
|
15267
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15469
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15268
15470
|
try {
|
|
15269
15471
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Redirect, logoutRequest);
|
|
15270
15472
|
// Clear cache on logout
|
|
@@ -15345,7 +15547,10 @@
|
|
|
15345
15547
|
*/
|
|
15346
15548
|
getRedirectStartPage(requestStartPage) {
|
|
15347
15549
|
const redirectStartPage = requestStartPage || window.location.href;
|
|
15348
|
-
|
|
15550
|
+
const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
|
|
15551
|
+
// Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
|
|
15552
|
+
validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
|
|
15553
|
+
return absoluteRedirectStartPage;
|
|
15349
15554
|
}
|
|
15350
15555
|
}
|
|
15351
15556
|
|
|
@@ -15354,20 +15559,20 @@
|
|
|
15354
15559
|
* Licensed under the MIT License.
|
|
15355
15560
|
*/
|
|
15356
15561
|
/**
|
|
15357
|
-
*
|
|
15358
|
-
* @param
|
|
15359
|
-
* @param
|
|
15562
|
+
* Navigates the given hidden iframe to the provided URL.
|
|
15563
|
+
* @param frame
|
|
15564
|
+
* @param requestUrl
|
|
15360
15565
|
*/
|
|
15361
|
-
async function initiateCodeRequest(
|
|
15566
|
+
async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
|
|
15362
15567
|
if (!requestUrl) {
|
|
15363
15568
|
// Throw error if request URL is empty.
|
|
15364
15569
|
logger.info("1l7hyp", correlationId);
|
|
15365
15570
|
throw createBrowserAuthError(emptyNavigateUri);
|
|
15366
15571
|
}
|
|
15367
|
-
|
|
15572
|
+
frame.src = requestUrl;
|
|
15573
|
+
return frame;
|
|
15368
15574
|
}
|
|
15369
|
-
async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
|
|
15370
|
-
const frame = createHiddenIframe();
|
|
15575
|
+
async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
|
|
15371
15576
|
if (!frame.contentDocument) {
|
|
15372
15577
|
throw "No document associated with iframe!";
|
|
15373
15578
|
}
|
|
@@ -15375,8 +15580,7 @@
|
|
|
15375
15580
|
form.submit();
|
|
15376
15581
|
return frame;
|
|
15377
15582
|
}
|
|
15378
|
-
async function initiateEarRequest(config, authority, request, logger, performanceClient) {
|
|
15379
|
-
const frame = createHiddenIframe();
|
|
15583
|
+
async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
|
|
15380
15584
|
if (!frame.contentDocument) {
|
|
15381
15585
|
throw "No document associated with iframe!";
|
|
15382
15586
|
}
|
|
@@ -15386,24 +15590,14 @@
|
|
|
15386
15590
|
}
|
|
15387
15591
|
/**
|
|
15388
15592
|
* @hidden
|
|
15389
|
-
*
|
|
15390
|
-
*
|
|
15391
|
-
* @param frameName
|
|
15392
|
-
* @param logger
|
|
15393
|
-
*/
|
|
15394
|
-
function loadFrameSync(urlNavigate) {
|
|
15395
|
-
const frameHandle = createHiddenIframe();
|
|
15396
|
-
frameHandle.src = urlNavigate;
|
|
15397
|
-
return frameHandle;
|
|
15398
|
-
}
|
|
15399
|
-
/**
|
|
15400
|
-
* @hidden
|
|
15401
|
-
* Creates a new hidden iframe or gets an existing one for silent token renewal.
|
|
15593
|
+
* Creates a new hidden iframe for silent token renewal. Callers navigate it
|
|
15594
|
+
* (set `src` or submit a form) after registering the response listener.
|
|
15402
15595
|
* @ignore
|
|
15403
15596
|
*/
|
|
15404
15597
|
function createHiddenIframe() {
|
|
15405
15598
|
const authFrame = document.createElement("iframe");
|
|
15406
15599
|
authFrame.className = "msalSilentIframe";
|
|
15600
|
+
authFrame.title = "Microsoft Authentication";
|
|
15407
15601
|
authFrame.style.visibility = "hidden";
|
|
15408
15602
|
authFrame.style.position = "absolute";
|
|
15409
15603
|
authFrame.style.width = authFrame.style.height = "0";
|
|
@@ -15429,10 +15623,11 @@
|
|
|
15429
15623
|
* Licensed under the MIT License.
|
|
15430
15624
|
*/
|
|
15431
15625
|
class SilentIframeClient extends StandardInteractionClient {
|
|
15432
|
-
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
|
|
15626
|
+
constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
|
|
15433
15627
|
super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
|
|
15434
15628
|
this.apiId = apiId;
|
|
15435
15629
|
this.nativeStorage = nativeStorageImpl;
|
|
15630
|
+
this.waitForIframeResponseHook = waitForIframeResponseHook;
|
|
15436
15631
|
}
|
|
15437
15632
|
/**
|
|
15438
15633
|
* Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
|
|
@@ -15475,7 +15670,7 @@
|
|
|
15475
15670
|
*/
|
|
15476
15671
|
async executeCodeFlow(request) {
|
|
15477
15672
|
let authClient;
|
|
15478
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15673
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15479
15674
|
try {
|
|
15480
15675
|
// Initialize the client
|
|
15481
15676
|
authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
|
|
@@ -15517,11 +15712,22 @@
|
|
|
15517
15712
|
earJwk: earJwk,
|
|
15518
15713
|
codeChallenge: pkceCodes.challenge,
|
|
15519
15714
|
};
|
|
15520
|
-
|
|
15715
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
15716
|
+
const iframe = createHiddenIframe();
|
|
15521
15717
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15522
15718
|
let responseString;
|
|
15523
15719
|
try {
|
|
15524
|
-
|
|
15720
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15721
|
+
responsePromise.catch(() => {
|
|
15722
|
+
/*
|
|
15723
|
+
* If navigation below throws before responsePromise is awaited,
|
|
15724
|
+
* the listener still rejects on timeout. Swallow it here so it
|
|
15725
|
+
* does not surface as an unhandled rejection; the navigation
|
|
15726
|
+
* error is propagated instead.
|
|
15727
|
+
*/
|
|
15728
|
+
});
|
|
15729
|
+
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
15730
|
+
responseString = await responsePromise;
|
|
15525
15731
|
}
|
|
15526
15732
|
finally {
|
|
15527
15733
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15530,7 +15736,7 @@
|
|
|
15530
15736
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
15531
15737
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
15532
15738
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
15533
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
15739
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
15534
15740
|
requestAuthority: request.authority,
|
|
15535
15741
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
15536
15742
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -15557,7 +15763,7 @@
|
|
|
15557
15763
|
// Create silent request
|
|
15558
15764
|
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
15559
15765
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
15560
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
15766
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
15561
15767
|
requestAuthority: silentRequest.authority,
|
|
15562
15768
|
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
15563
15769
|
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
@@ -15605,21 +15811,32 @@
|
|
|
15605
15811
|
...request,
|
|
15606
15812
|
codeChallenge: pkceCodes.challenge,
|
|
15607
15813
|
};
|
|
15608
|
-
|
|
15609
|
-
|
|
15610
|
-
iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15611
|
-
}
|
|
15612
|
-
else {
|
|
15613
|
-
// Create authorize request url
|
|
15614
|
-
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15615
|
-
// Get the frame handle for the silent request
|
|
15616
|
-
iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
15617
|
-
}
|
|
15814
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
15815
|
+
const iframe = createHiddenIframe();
|
|
15618
15816
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15619
15817
|
// Wait for response from the redirect bridge.
|
|
15620
15818
|
let responseString;
|
|
15621
15819
|
try {
|
|
15622
|
-
|
|
15820
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15821
|
+
responsePromise.catch(() => {
|
|
15822
|
+
/*
|
|
15823
|
+
* If URL creation or navigation below throws before
|
|
15824
|
+
* responsePromise is awaited, the listener still rejects on
|
|
15825
|
+
* timeout. Swallow it here so it does not surface as an
|
|
15826
|
+
* unhandled rejection; the navigation error is propagated
|
|
15827
|
+
* instead.
|
|
15828
|
+
*/
|
|
15829
|
+
});
|
|
15830
|
+
if (request.httpMethod === HttpMethod.POST) {
|
|
15831
|
+
await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15832
|
+
}
|
|
15833
|
+
else {
|
|
15834
|
+
// Create authorize request url
|
|
15835
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15836
|
+
// Navigate the iframe to the authorize request url
|
|
15837
|
+
await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
|
|
15838
|
+
}
|
|
15839
|
+
responseString = await responsePromise;
|
|
15623
15840
|
}
|
|
15624
15841
|
finally {
|
|
15625
15842
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15627,6 +15844,12 @@
|
|
|
15627
15844
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15628
15845
|
return { serverParams, pkceCodes, silentRequest };
|
|
15629
15846
|
}
|
|
15847
|
+
async waitForIframeResponse(iframe, request) {
|
|
15848
|
+
if (this.waitForIframeResponseHook) {
|
|
15849
|
+
return this.waitForIframeResponseHook(iframe, request);
|
|
15850
|
+
}
|
|
15851
|
+
return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
|
|
15852
|
+
}
|
|
15630
15853
|
}
|
|
15631
15854
|
|
|
15632
15855
|
/*
|
|
@@ -15648,7 +15871,7 @@
|
|
|
15648
15871
|
// Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
|
|
15649
15872
|
silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
15650
15873
|
}
|
|
15651
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15874
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15652
15875
|
const refreshTokenClient = await this.createRefreshTokenClient({
|
|
15653
15876
|
serverTelemetryManager,
|
|
15654
15877
|
authorityUrl: silentRequest.authority,
|
|
@@ -15728,7 +15951,7 @@
|
|
|
15728
15951
|
* Each auth request creates a new instance of *Client so we can safely use this.correlationId.
|
|
15729
15952
|
*/
|
|
15730
15953
|
this.correlationId);
|
|
15731
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15954
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15732
15955
|
try {
|
|
15733
15956
|
// Create auth code request (PKCE not needed)
|
|
15734
15957
|
const authCodeRequest = {
|
|
@@ -16093,6 +16316,8 @@
|
|
|
16093
16316
|
// Preflight request
|
|
16094
16317
|
const correlationId = this.getRequestCorrelationId(request);
|
|
16095
16318
|
this.logger.verbose("0os66p", correlationId);
|
|
16319
|
+
redirectPreflightCheck(this.initialized, this.config);
|
|
16320
|
+
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
16096
16321
|
const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
|
|
16097
16322
|
atrMeasurement.add({
|
|
16098
16323
|
scenarioId: request.scenarioId,
|
|
@@ -16110,9 +16335,7 @@
|
|
|
16110
16335
|
return navigate;
|
|
16111
16336
|
};
|
|
16112
16337
|
try {
|
|
16113
|
-
redirectPreflightCheck(this.initialized, this.config);
|
|
16114
16338
|
enforceResourceParameter(this.config.auth.isMcp, request);
|
|
16115
|
-
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
16116
16339
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
|
|
16117
16340
|
let result;
|
|
16118
16341
|
if (this.platformAuthProvider &&
|
|
@@ -16840,7 +17063,7 @@
|
|
|
16840
17063
|
* @param correlationId
|
|
16841
17064
|
*/
|
|
16842
17065
|
createPopupClient(correlationId) {
|
|
16843
|
-
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
17066
|
+
return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
|
|
16844
17067
|
}
|
|
16845
17068
|
/**
|
|
16846
17069
|
* Returns new instance of the Redirect Interaction Client
|
|
@@ -16854,7 +17077,7 @@
|
|
|
16854
17077
|
* @param correlationId
|
|
16855
17078
|
*/
|
|
16856
17079
|
createSilentIframeClient(correlationId) {
|
|
16857
|
-
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
|
|
17080
|
+
return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
|
|
16858
17081
|
}
|
|
16859
17082
|
/**
|
|
16860
17083
|
* Returns new instance of the Silent Cache Interaction Client
|
|
@@ -17328,7 +17551,7 @@
|
|
|
17328
17551
|
return;
|
|
17329
17552
|
}
|
|
17330
17553
|
}
|
|
17331
|
-
constructor(config) {
|
|
17554
|
+
constructor(config, responseHandlers) {
|
|
17332
17555
|
/*
|
|
17333
17556
|
* If loaded in an environment where window is not available,
|
|
17334
17557
|
* set internal flag to false so that further requests fail.
|
|
@@ -17336,6 +17559,7 @@
|
|
|
17336
17559
|
*/
|
|
17337
17560
|
this.browserEnvironment = typeof window !== "undefined";
|
|
17338
17561
|
this.config = buildConfiguration(config, this.browserEnvironment);
|
|
17562
|
+
this.responseHandlers = responseHandlers;
|
|
17339
17563
|
let sessionStorage;
|
|
17340
17564
|
try {
|
|
17341
17565
|
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
@@ -17372,6 +17596,13 @@
|
|
|
17372
17596
|
getConfig() {
|
|
17373
17597
|
return this.config;
|
|
17374
17598
|
}
|
|
17599
|
+
/**
|
|
17600
|
+
* Returns the internal response handlers supplied by PublicClientApplication, if any.
|
|
17601
|
+
* @returns AuthResponseHandlers | undefined
|
|
17602
|
+
*/
|
|
17603
|
+
getResponseHandlers() {
|
|
17604
|
+
return this.responseHandlers;
|
|
17605
|
+
}
|
|
17375
17606
|
/**
|
|
17376
17607
|
* Returns the MSAL Logger
|
|
17377
17608
|
* @returns Logger
|
|
@@ -18393,7 +18624,48 @@
|
|
|
18393
18624
|
constructor(configuration, controller) {
|
|
18394
18625
|
this.controller =
|
|
18395
18626
|
controller ||
|
|
18396
|
-
new StandardController(new StandardOperatingContext(configuration
|
|
18627
|
+
new StandardController(new StandardOperatingContext(configuration, {
|
|
18628
|
+
waitForPopupResponse: this.waitForPopupResponse.bind(this),
|
|
18629
|
+
waitForIframeResponse: this.waitForIframeResponse.bind(this),
|
|
18630
|
+
}));
|
|
18631
|
+
}
|
|
18632
|
+
/**
|
|
18633
|
+
* Waits for the auth response from a popup window opened by MSAL.
|
|
18634
|
+
*
|
|
18635
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
18636
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
18637
|
+
* with an `AuthError` on failure.
|
|
18638
|
+
*
|
|
18639
|
+
* @internal
|
|
18640
|
+
* @param request The in-flight authorization or end-session request.
|
|
18641
|
+
* @param popupWindow The popup window opened by MSAL.
|
|
18642
|
+
* @param popupWindowParent The parent window that opened the popup.
|
|
18643
|
+
*/
|
|
18644
|
+
async waitForPopupResponse(request,
|
|
18645
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18646
|
+
popupWindow,
|
|
18647
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18648
|
+
popupWindowParent) {
|
|
18649
|
+
const controller = this.controller;
|
|
18650
|
+
return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
|
|
18651
|
+
}
|
|
18652
|
+
/**
|
|
18653
|
+
* Waits for the auth response from a hidden iframe used by MSAL silent flows.
|
|
18654
|
+
*
|
|
18655
|
+
* The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
|
|
18656
|
+
* Subclasses must return the raw response string (hash/query/fragment), or reject
|
|
18657
|
+
* with an `AuthError` on failure.
|
|
18658
|
+
*
|
|
18659
|
+
* @internal
|
|
18660
|
+
* @param iframe The hidden iframe MSAL attached to the document.
|
|
18661
|
+
* @param request The in-flight authorization request.
|
|
18662
|
+
*/
|
|
18663
|
+
async waitForIframeResponse(
|
|
18664
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
18665
|
+
iframe, request) {
|
|
18666
|
+
const controller = this.controller;
|
|
18667
|
+
const config = controller.getConfiguration();
|
|
18668
|
+
return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
|
|
18397
18669
|
}
|
|
18398
18670
|
/**
|
|
18399
18671
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|