@azure/msal-browser 5.11.0 → 5.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (267) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +44 -2
  4. package/dist/app/PublicClientApplication.mjs.map +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  9. package/dist/cache/AccountManager.mjs +1 -1
  10. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  11. package/dist/cache/BrowserCacheManager.mjs +99 -15
  12. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.mjs +1 -1
  15. package/dist/cache/CookieStorage.mjs +1 -1
  16. package/dist/cache/DatabaseStorage.mjs +1 -1
  17. package/dist/cache/EncryptedData.mjs +1 -1
  18. package/dist/cache/LocalStorage.mjs +1 -1
  19. package/dist/cache/MemoryStorage.mjs +1 -1
  20. package/dist/cache/SessionStorage.mjs +1 -1
  21. package/dist/cache/TokenCache.mjs +1 -1
  22. package/dist/config/Configuration.mjs +3 -2
  23. package/dist/config/Configuration.mjs.map +1 -1
  24. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  25. package/dist/controllers/StandardController.mjs +5 -5
  26. package/dist/controllers/StandardController.mjs.map +1 -1
  27. package/dist/crypto/BrowserCrypto.mjs +1 -1
  28. package/dist/crypto/CryptoOps.mjs +1 -1
  29. package/dist/crypto/PkceGenerator.mjs +1 -1
  30. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  31. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  32. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  33. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  34. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  51. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  52. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  53. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  54. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  55. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  57. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  58. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  59. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  60. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  61. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  62. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  63. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  64. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  66. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  83. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  84. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  85. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  86. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  87. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  90. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  91. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  92. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  93. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  94. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  95. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  96. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  97. package/dist/custom_auth/index.mjs +1 -1
  98. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  103. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  104. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  105. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  109. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  116. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  122. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  123. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  130. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  136. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  137. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  138. package/dist/encode/Base64Decode.mjs +1 -1
  139. package/dist/encode/Base64Encode.mjs +1 -1
  140. package/dist/error/BrowserAuthError.mjs +1 -1
  141. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  142. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  143. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  144. package/dist/error/NativeAuthError.mjs +4 -4
  145. package/dist/error/NativeAuthError.mjs.map +1 -1
  146. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  147. package/dist/error/NestedAppAuthError.mjs +1 -1
  148. package/dist/event/EventHandler.mjs +1 -1
  149. package/dist/event/EventMessage.mjs +1 -1
  150. package/dist/event/EventType.mjs +1 -1
  151. package/dist/index.mjs +1 -1
  152. package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
  153. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  154. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  155. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +7 -6
  156. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  157. package/dist/interaction_client/PopupClient.mjs +30 -10
  158. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  159. package/dist/interaction_client/RedirectClient.mjs +17 -9
  160. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  161. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  162. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  163. package/dist/interaction_client/SilentCacheClient.mjs +2 -2
  164. package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
  165. package/dist/interaction_client/SilentIframeClient.mjs +49 -20
  166. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  167. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  168. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  169. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  170. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  171. package/dist/interaction_handler/SilentHandler.mjs +13 -26
  172. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  173. package/dist/log-strings-mapping.json +1202 -1194
  174. package/dist/naa/BridgeError.mjs +1 -1
  175. package/dist/naa/BridgeProxy.mjs +1 -1
  176. package/dist/naa/BridgeStatusCode.mjs +1 -1
  177. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  178. package/dist/navigation/NavigationClient.mjs +1 -1
  179. package/dist/network/FetchClient.mjs +1 -1
  180. package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
  181. package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
  182. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  183. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  184. package/dist/packageMetadata.mjs +2 -2
  185. package/dist/protocol/Authorize.mjs +1 -1
  186. package/dist/redirect_bridge/index.mjs +4 -5
  187. package/dist/redirect_bridge/index.mjs.map +1 -1
  188. package/dist/request/RequestHelpers.mjs +1 -1
  189. package/dist/response/ResponseHandler.mjs +1 -1
  190. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  191. package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
  192. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  193. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  194. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  195. package/dist/utils/BrowserConstants.mjs +1 -1
  196. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  197. package/dist/utils/BrowserUtils.mjs +15 -5
  198. package/dist/utils/BrowserUtils.mjs.map +1 -1
  199. package/dist/utils/Helpers.mjs +1 -1
  200. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  201. package/lib/custom-auth-path/log-strings-mapping.json +19 -11
  202. package/lib/custom-auth-path/msal-custom-auth.cjs +511 -263
  203. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  204. package/lib/custom-auth-path/msal-custom-auth.js +511 -263
  205. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  206. package/lib/log-strings-mapping.json +11 -3
  207. package/lib/msal-browser.cjs +539 -267
  208. package/lib/msal-browser.cjs.map +1 -1
  209. package/lib/msal-browser.js +539 -267
  210. package/lib/msal-browser.js.map +1 -1
  211. package/lib/msal-browser.min.js +2 -2
  212. package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
  213. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  214. package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
  215. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  216. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  217. package/package.json +2 -2
  218. package/src/app/PublicClientApplication.ts +85 -1
  219. package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
  220. package/src/cache/BrowserCacheManager.ts +157 -33
  221. package/src/config/Configuration.ts +6 -0
  222. package/src/controllers/StandardController.ts +10 -8
  223. package/src/error/NativeAuthError.ts +2 -2
  224. package/src/interaction_client/BaseInteractionClient.ts +12 -1
  225. package/src/interaction_client/PlatformAuthInteractionClient.ts +14 -4
  226. package/src/interaction_client/PopupClient.ts +74 -30
  227. package/src/interaction_client/RedirectClient.ts +32 -8
  228. package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
  229. package/src/interaction_client/SilentCacheClient.ts +3 -1
  230. package/src/interaction_client/SilentIframeClient.ts +140 -74
  231. package/src/interaction_client/SilentRefreshClient.ts +3 -1
  232. package/src/interaction_handler/SilentHandler.ts +12 -32
  233. package/src/operatingcontext/BaseOperatingContext.ts +15 -1
  234. package/src/packageMetadata.ts +1 -1
  235. package/src/redirect_bridge/index.ts +3 -7
  236. package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
  237. package/src/utils/BrowserUtils.ts +28 -7
  238. package/types/app/PublicClientApplication.d.ts +37 -1
  239. package/types/app/PublicClientApplication.d.ts.map +1 -1
  240. package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
  241. package/types/cache/BrowserCacheManager.d.ts +18 -1
  242. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  243. package/types/config/Configuration.d.ts +5 -0
  244. package/types/config/Configuration.d.ts.map +1 -1
  245. package/types/controllers/StandardController.d.ts.map +1 -1
  246. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  247. package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
  248. package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  249. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  250. package/types/interaction_client/PopupClient.d.ts +11 -1
  251. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  252. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  253. package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  254. package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
  255. package/types/interaction_client/SilentIframeClient.d.ts +20 -1
  256. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  257. package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  258. package/types/interaction_handler/SilentHandler.d.ts +13 -6
  259. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  260. package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
  261. package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
  262. package/types/packageMetadata.d.ts +1 -1
  263. package/types/redirect_bridge/index.d.ts.map +1 -1
  264. package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
  265. package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  266. package/types/utils/BrowserUtils.d.ts +17 -2
  267. package/types/utils/BrowserUtils.d.ts.map +1 -1
@@ -77,6 +77,23 @@ import { EncryptedData, isEncrypted } from "./EncryptedData.js";
77
77
 
78
78
  type KmsiMap = { [homeAccountId: string]: boolean };
79
79
 
80
+ /**
81
+ * Reason an old-schema cache entry was removed during migration.
82
+ */
83
+ const MigrationRemovalReason = {
84
+ Invalid: "invalid",
85
+ TtlExpired: "ttlExpired",
86
+ DecryptFailed: "decryptFailed",
87
+ Expired: "expired",
88
+ } as const;
89
+
90
+ type MigrationRemovalReason =
91
+ (typeof MigrationRemovalReason)[keyof typeof MigrationRemovalReason];
92
+
93
+ type UpdateOldEntryResult =
94
+ | { entry: CredentialEntity; removalReason?: undefined }
95
+ | { entry: null; removalReason: MigrationRemovalReason };
96
+
80
97
  /**
81
98
  * This class implements the cache storage interface for MSAL through browser local or session storage.
82
99
  */
@@ -198,7 +215,7 @@ export class BrowserCacheManager extends CacheManager {
198
215
  async updateOldEntry(
199
216
  key: string,
200
217
  correlationId: string
201
- ): Promise<CredentialEntity | null> {
218
+ ): Promise<UpdateOldEntryResult> {
202
219
  const rawValue = this.browserStorage.getItem(key);
203
220
  const parsedValue = this.validateAndParseJson(rawValue || "") as
204
221
  | CredentialEntity
@@ -207,7 +224,10 @@ export class BrowserCacheManager extends CacheManager {
207
224
 
208
225
  if (!parsedValue) {
209
226
  this.browserStorage.removeItem(key);
210
- return null;
227
+ return {
228
+ entry: null,
229
+ removalReason: MigrationRemovalReason.Invalid,
230
+ };
211
231
  }
212
232
 
213
233
  if (!parsedValue.lastUpdatedAt) {
@@ -221,26 +241,38 @@ export class BrowserCacheManager extends CacheManager {
221
241
  )
222
242
  ) {
223
243
  this.browserStorage.removeItem(key);
224
- this.performanceClient.incrementFields(
225
- { expiredCacheRemovedCount: 1 },
226
- correlationId
227
- );
228
- return null;
244
+ return {
245
+ entry: null,
246
+ removalReason: MigrationRemovalReason.TtlExpired,
247
+ };
229
248
  }
230
249
 
231
- const decryptedData = isEncrypted(parsedValue)
250
+ const wasEncrypted = isEncrypted(parsedValue);
251
+ const decryptedData = wasEncrypted
232
252
  ? await this.browserStorage.decryptData(
233
253
  key,
234
254
  parsedValue,
235
255
  correlationId
236
256
  )
237
257
  : parsedValue;
238
- if (!decryptedData || !CacheHelpers.isCredentialEntity(decryptedData)) {
239
- this.performanceClient.incrementFields(
240
- { invalidCacheCount: 1 },
241
- correlationId
242
- );
243
- return null;
258
+
259
+ if (!decryptedData) {
260
+ this.browserStorage.removeItem(key);
261
+
262
+ return {
263
+ entry: null,
264
+ removalReason: wasEncrypted
265
+ ? MigrationRemovalReason.DecryptFailed
266
+ : MigrationRemovalReason.Invalid,
267
+ };
268
+ }
269
+
270
+ if (!CacheHelpers.isCredentialEntity(decryptedData)) {
271
+ this.browserStorage.removeItem(key);
272
+ return {
273
+ entry: null,
274
+ removalReason: MigrationRemovalReason.Invalid,
275
+ };
244
276
  }
245
277
 
246
278
  if (
@@ -253,14 +285,13 @@ export class BrowserCacheManager extends CacheManager {
253
285
  )
254
286
  ) {
255
287
  this.browserStorage.removeItem(key);
256
- this.performanceClient.incrementFields(
257
- { expiredCacheRemovedCount: 1 },
258
- correlationId
259
- );
260
- return null;
288
+ return {
289
+ entry: null,
290
+ removalReason: MigrationRemovalReason.Expired,
291
+ };
261
292
  }
262
293
 
263
- return decryptedData;
294
+ return { entry: decryptedData };
264
295
  }
265
296
 
266
297
  /**
@@ -295,6 +326,11 @@ export class BrowserCacheManager extends CacheManager {
295
326
  | null;
296
327
 
297
328
  if (!parsedValue) {
329
+ this.browserStorage.removeItem(accountKey);
330
+ this.performanceClient.incrementFields(
331
+ { invalidAcntCount: 1 },
332
+ correlationId
333
+ );
298
334
  removeElementFromArray(accountKeysToCheck, accountKey);
299
335
  continue;
300
336
  }
@@ -321,7 +357,28 @@ export class BrowserCacheManager extends CacheManager {
321
357
  credentialSchema,
322
358
  correlationId
323
359
  );
360
+ this.performanceClient.incrementFields(
361
+ { ttlExpiredAcntCount: 1 },
362
+ correlationId
363
+ );
324
364
  removeElementFromArray(accountKeysToCheck, accountKey);
365
+ } else if (isEncrypted(parsedValue)) {
366
+ // Remove accounts encrypted with a different key (session cookie expired/changed)
367
+ const decrypted = await this.browserStorage.decryptData(
368
+ accountKey,
369
+ parsedValue,
370
+ correlationId
371
+ );
372
+ if (!decrypted) {
373
+ this.browserStorage.removeItem(accountKey);
374
+ this.performanceClient.incrementFields(
375
+ {
376
+ decryptFailedAcntCount: 1,
377
+ },
378
+ correlationId
379
+ );
380
+ removeElementFromArray(accountKeysToCheck, accountKey);
381
+ }
325
382
  }
326
383
  }
327
384
 
@@ -373,11 +430,6 @@ export class BrowserCacheManager extends CacheManager {
373
430
  this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
374
431
  }
375
432
 
376
- this.performanceClient.incrementFields(
377
- { expiredAcntRemovedCount: 1 },
378
- correlationId
379
- );
380
-
381
433
  this.browserStorage.removeItem(accountKey);
382
434
  }
383
435
 
@@ -442,11 +494,29 @@ export class BrowserCacheManager extends CacheManager {
442
494
  correlationId
443
495
  );
444
496
 
445
- const oldSchemaData = (await this.updateOldEntry(
446
- idTokenKey,
447
- correlationId
448
- )) as IdTokenEntity | null;
497
+ const result = await this.updateOldEntry(idTokenKey, correlationId);
498
+ const oldSchemaData = result.entry as IdTokenEntity | null;
449
499
  if (!oldSchemaData) {
500
+ switch (result.removalReason) {
501
+ case MigrationRemovalReason.TtlExpired:
502
+ this.performanceClient.incrementFields(
503
+ { ttlExpiredITCount: 1 },
504
+ correlationId
505
+ );
506
+ break;
507
+ case MigrationRemovalReason.DecryptFailed:
508
+ this.performanceClient.incrementFields(
509
+ { decryptFailedITCount: 1 },
510
+ correlationId
511
+ );
512
+ break;
513
+ case MigrationRemovalReason.Invalid:
514
+ this.performanceClient.incrementFields(
515
+ { invalidITCount: 1 },
516
+ correlationId
517
+ );
518
+ break;
519
+ }
450
520
  removeElementFromArray(
451
521
  credentialKeysToMigrate.idToken,
452
522
  idTokenKey
@@ -611,11 +681,38 @@ export class BrowserCacheManager extends CacheManager {
611
681
  correlationId
612
682
  );
613
683
 
614
- const oldSchemaData = (await this.updateOldEntry(
684
+ const result = await this.updateOldEntry(
615
685
  accessTokenKey,
616
686
  correlationId
617
- )) as AccessTokenEntity | null;
687
+ );
688
+ const oldSchemaData = result.entry as AccessTokenEntity | null;
618
689
  if (!oldSchemaData) {
690
+ switch (result.removalReason) {
691
+ case MigrationRemovalReason.TtlExpired:
692
+ this.performanceClient.incrementFields(
693
+ { ttlExpiredATCount: 1 },
694
+ correlationId
695
+ );
696
+ break;
697
+ case MigrationRemovalReason.DecryptFailed:
698
+ this.performanceClient.incrementFields(
699
+ { decryptFailedATCount: 1 },
700
+ correlationId
701
+ );
702
+ break;
703
+ case MigrationRemovalReason.Expired:
704
+ this.performanceClient.incrementFields(
705
+ { expiredATCount: 1 },
706
+ correlationId
707
+ );
708
+ break;
709
+ case MigrationRemovalReason.Invalid:
710
+ this.performanceClient.incrementFields(
711
+ { invalidATCount: 1 },
712
+ correlationId
713
+ );
714
+ break;
715
+ }
619
716
  removeElementFromArray(
620
717
  credentialKeysToMigrate.accessToken,
621
718
  accessTokenKey
@@ -715,11 +812,38 @@ export class BrowserCacheManager extends CacheManager {
715
812
  correlationId
716
813
  );
717
814
 
718
- const oldSchemaData = (await this.updateOldEntry(
815
+ const result = await this.updateOldEntry(
719
816
  refreshTokenKey,
720
817
  correlationId
721
- )) as RefreshTokenEntity | null;
818
+ );
819
+ const oldSchemaData = result.entry as RefreshTokenEntity | null;
722
820
  if (!oldSchemaData) {
821
+ switch (result.removalReason) {
822
+ case MigrationRemovalReason.TtlExpired:
823
+ this.performanceClient.incrementFields(
824
+ { ttlExpiredRTCount: 1 },
825
+ correlationId
826
+ );
827
+ break;
828
+ case MigrationRemovalReason.DecryptFailed:
829
+ this.performanceClient.incrementFields(
830
+ { decryptFailedRTCount: 1 },
831
+ correlationId
832
+ );
833
+ break;
834
+ case MigrationRemovalReason.Expired:
835
+ this.performanceClient.incrementFields(
836
+ { expiredRTCount: 1 },
837
+ correlationId
838
+ );
839
+ break;
840
+ case MigrationRemovalReason.Invalid:
841
+ this.performanceClient.incrementFields(
842
+ { invalidRTCount: 1 },
843
+ correlationId
844
+ );
845
+ break;
846
+ }
723
847
  removeElementFromArray(
724
848
  credentialKeysToMigrate.refreshToken,
725
849
  refreshTokenKey
@@ -167,6 +167,11 @@ export type BrowserSystemOptions = SystemOptions & {
167
167
  * Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
168
168
  */
169
169
  protocolMode?: ProtocolMode;
170
+ /**
171
+ * @deprecated This option will be removed in a future release.
172
+ * Flag to enable emitting telemetry to the STS. When disabled, failed requests are not cached to browser storage and x-client-current-telemetry, x-client-last-telemetry parameters are not sent to the STS. Defaults to false.
173
+ */
174
+ serverTelemetryEnabled?: boolean;
170
175
  };
171
176
 
172
177
  /** @internal */
@@ -315,6 +320,7 @@ export function buildConfiguration(
315
320
  userInputSystem?.nativeBrokerHandshakeTimeout ||
316
321
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
317
322
  protocolMode: ProtocolMode.AAD,
323
+ serverTelemetryEnabled: false,
318
324
  };
319
325
 
320
326
  const providedSystemOptions: Required<BrowserSystemOptions> = {
@@ -657,6 +657,12 @@ export class StandardController implements IController {
657
657
  const correlationId = this.getRequestCorrelationId(request);
658
658
  this.logger.verbose("acquireTokenRedirect called", correlationId);
659
659
 
660
+ BrowserUtils.redirectPreflightCheck(this.initialized, this.config);
661
+ this.browserStorage.setInteractionInProgress(
662
+ true,
663
+ INTERACTION_TYPE.SIGNIN
664
+ );
665
+
660
666
  const atrMeasurement = this.performanceClient.startMeasurement(
661
667
  BrowserRootPerformanceEvents.AcquireTokenPreRedirect,
662
668
  correlationId
@@ -684,13 +690,7 @@ export class StandardController implements IController {
684
690
  };
685
691
 
686
692
  try {
687
- BrowserUtils.redirectPreflightCheck(this.initialized, this.config);
688
693
  enforceResourceParameter(this.config.auth.isMcp, request);
689
- this.browserStorage.setInteractionInProgress(
690
- true,
691
- INTERACTION_TYPE.SIGNIN
692
- );
693
-
694
694
  this.eventHandler.emitEvent(
695
695
  EventType.ACQUIRE_TOKEN_START,
696
696
  correlationId,
@@ -1912,7 +1912,8 @@ export class StandardController implements IController {
1912
1912
  this.performanceClient,
1913
1913
  this.nativeInternalStorage,
1914
1914
  correlationId,
1915
- this.platformAuthProvider
1915
+ this.platformAuthProvider,
1916
+ this.operatingContext.getResponseHandlers()?.waitForPopupResponse
1916
1917
  );
1917
1918
  }
1918
1919
 
@@ -1951,7 +1952,8 @@ export class StandardController implements IController {
1951
1952
  this.performanceClient,
1952
1953
  this.nativeInternalStorage,
1953
1954
  correlationId,
1954
- this.platformAuthProvider
1955
+ this.platformAuthProvider,
1956
+ this.operatingContext.getResponseHandlers()?.waitForIframeResponse
1955
1957
  );
1956
1958
  }
1957
1959
 
@@ -99,9 +99,9 @@ export function createNativeAuthError(
99
99
  return createBrowserAuthError(
100
100
  BrowserAuthErrorCodes.noNetworkConnectivity
101
101
  );
102
- case NativeStatusCodes.UX_NOT_ALLOWED:
102
+ case NativeStatusCodes.UI_NOT_ALLOWED:
103
103
  return createInteractionRequiredAuthError(
104
- InteractionRequiredAuthErrorCodes.uxNotAllowed
104
+ InteractionRequiredAuthErrorCodes.uiNotAllowed
105
105
  );
106
106
  }
107
107
  }
@@ -10,6 +10,7 @@ import {
10
10
  AccountInfo,
11
11
  UrlString,
12
12
  ServerTelemetryManager,
13
+ StubServerTelemetryManager,
13
14
  ServerTelemetryRequest,
14
15
  createClientConfigurationError,
15
16
  ClientConfigurationErrorCodes,
@@ -108,6 +109,7 @@ export function getRedirectUri(
108
109
  * @param browserStorage - Browser cache manager instance for storing telemetry data
109
110
  * @param logger - Optional logger instance for verbose logging
110
111
  * @param forceRefresh - Optional flag to force refresh of telemetry data
112
+ * @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
111
113
  * @returns Configured ServerTelemetryManager instance
112
114
  */
113
115
  export function initializeServerTelemetryManager(
@@ -116,9 +118,18 @@ export function initializeServerTelemetryManager(
116
118
  correlationId: string,
117
119
  browserStorage: BrowserCacheManager,
118
120
  logger: Logger,
119
- forceRefresh?: boolean
121
+ forceRefresh?: boolean,
122
+ enabled: boolean = true
120
123
  ): ServerTelemetryManager {
121
124
  logger.verbose("initializeServerTelemetryManager called", correlationId);
125
+ if (!enabled) {
126
+ logger.verbose(
127
+ "Server telemetry is disabled in configuration. Skipping telemetry manager initialization.",
128
+ correlationId
129
+ );
130
+ return new StubServerTelemetryManager();
131
+ }
132
+
122
133
  const telemetryPayload: ServerTelemetryRequest = {
123
134
  clientId: clientId,
124
135
  correlationId: correlationId,
@@ -72,6 +72,7 @@ import {
72
72
  PlatformAuthConstants,
73
73
  TemporaryCacheKeys,
74
74
  } from "../utils/BrowserConstants.js";
75
+ import { getCurrentUri } from "../utils/BrowserUtils.js";
75
76
  import {
76
77
  BaseInteractionClient,
77
78
  getDiscoveredAuthority,
@@ -176,7 +177,9 @@ export class PlatformAuthInteractionClient extends BaseInteractionClient {
176
177
  this.config.auth.clientId,
177
178
  this.correlationId,
178
179
  this.browserStorage,
179
- this.logger
180
+ this.logger,
181
+ undefined,
182
+ this.config.system.serverTelemetryEnabled
180
183
  );
181
184
 
182
185
  try {
@@ -368,7 +371,9 @@ export class PlatformAuthInteractionClient extends BaseInteractionClient {
368
371
  this.config.auth.clientId,
369
372
  this.correlationId,
370
373
  this.browserStorage,
371
- this.logger
374
+ this.logger,
375
+ undefined,
376
+ this.config.system.serverTelemetryEnabled
372
377
  );
373
378
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
374
379
  if (isFatalNativeAuthError(e)) {
@@ -388,7 +393,10 @@ export class PlatformAuthInteractionClient extends BaseInteractionClient {
388
393
  noHistory: false,
389
394
  };
390
395
  const redirectUri = navigateToLoginRequestUrl
391
- ? window.location.href
396
+ ? UrlString.getAbsoluteUrl(
397
+ request.redirectStartPage || window.location.href,
398
+ getCurrentUri()
399
+ )
392
400
  : getRedirectUri(
393
401
  request.redirectUri,
394
402
  this.config.auth.redirectUri,
@@ -468,7 +476,9 @@ export class PlatformAuthInteractionClient extends BaseInteractionClient {
468
476
  this.config.auth.clientId,
469
477
  this.correlationId,
470
478
  this.browserStorage,
471
- this.logger
479
+ this.logger,
480
+ undefined,
481
+ this.config.system.serverTelemetryEnabled
472
482
  );
473
483
  serverTelemetryManager.clearNativeBrokerErrorCode();
474
484
  this.performanceClient?.addFields(
@@ -59,6 +59,19 @@ import {
59
59
  } from "./BaseInteractionClient.js";
60
60
  import { validateRequestMethod } from "../request/RequestHelpers.js";
61
61
 
62
+ /**
63
+ * Signature of the popup-response handler supplied by
64
+ * {@link PublicClientApplication} to {@link PopupClient} via the operating
65
+ * context.
66
+ *
67
+ * @internal
68
+ */
69
+ export type WaitForPopupResponseFn = (
70
+ request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
71
+ popupWindow: Window,
72
+ popupWindowParent: Window
73
+ ) => Promise<string>;
74
+
62
75
  export type PopupParams = {
63
76
  popup?: Window | null;
64
77
  popupName: string;
@@ -69,6 +82,9 @@ export type PopupParams = {
69
82
  export class PopupClient extends StandardInteractionClient {
70
83
  private currentWindow: Window | undefined;
71
84
  protected nativeStorage: BrowserCacheManager;
85
+ private readonly waitForPopupResponseHook:
86
+ | WaitForPopupResponseFn
87
+ | undefined;
72
88
 
73
89
  constructor(
74
90
  config: BrowserConfiguration,
@@ -80,7 +96,8 @@ export class PopupClient extends StandardInteractionClient {
80
96
  performanceClient: IPerformanceClient,
81
97
  nativeStorageImpl: BrowserCacheManager,
82
98
  correlationId: string,
83
- platformAuthHandler?: IPlatformAuthHandler
99
+ platformAuthHandler?: IPlatformAuthHandler,
100
+ waitForPopupResponseHook?: WaitForPopupResponseFn
84
101
  ) {
85
102
  super(
86
103
  config,
@@ -95,6 +112,7 @@ export class PopupClient extends StandardInteractionClient {
95
112
  );
96
113
  this.nativeStorage = nativeStorageImpl;
97
114
  this.eventHandler = eventHandler;
115
+ this.waitForPopupResponseHook = waitForPopupResponseHook;
98
116
  }
99
117
 
100
118
  /**
@@ -298,7 +316,9 @@ export class PopupClient extends StandardInteractionClient {
298
316
  this.config.auth.clientId,
299
317
  this.correlationId,
300
318
  this.browserStorage,
301
- this.logger
319
+ this.logger,
320
+ undefined,
321
+ this.config.system.serverTelemetryEnabled
302
322
  );
303
323
 
304
324
  const pkce =
@@ -369,12 +389,10 @@ export class PopupClient extends StandardInteractionClient {
369
389
  );
370
390
 
371
391
  // Wait for the redirect bridge response
372
- const responseString = await BrowserUtils.waitForBridgeResponse(
373
- this.config.system.popupBridgeTimeout,
374
- this.logger,
375
- this.browserCrypto,
392
+ const responseString = await this.waitForPopupResponse(
376
393
  request,
377
- this.performanceClient
394
+ popupWindow,
395
+ popupParams.popupWindowParent
378
396
  );
379
397
 
380
398
  const serverParams = invoke(
@@ -494,18 +512,12 @@ export class PopupClient extends StandardInteractionClient {
494
512
 
495
513
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
496
514
  const responseString = await invokeAsync(
497
- BrowserUtils.waitForBridgeResponse,
515
+ this.waitForPopupResponse.bind(this),
498
516
  BrowserPerformanceEvents.SilentHandlerMonitorIframeForHash,
499
517
  this.logger,
500
518
  this.performanceClient,
501
519
  correlationId
502
- )(
503
- this.config.system.popupBridgeTimeout,
504
- this.logger,
505
- this.browserCrypto,
506
- popupRequest,
507
- this.performanceClient
508
- );
520
+ )(popupRequest, popupWindow, popupParams.popupWindowParent);
509
521
 
510
522
  const serverParams = invoke(
511
523
  ResponseHandler.deserializeResponse,
@@ -533,7 +545,9 @@ export class PopupClient extends StandardInteractionClient {
533
545
  this.config.auth.clientId,
534
546
  correlationId,
535
547
  this.browserStorage,
536
- this.logger
548
+ this.logger,
549
+ undefined,
550
+ this.config.system.serverTelemetryEnabled
537
551
  ),
538
552
  requestAuthority: request.authority,
539
553
  requestAzureCloudOptions: request.azureCloudOptions,
@@ -623,18 +637,12 @@ export class PopupClient extends StandardInteractionClient {
623
637
 
624
638
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
625
639
  const responseString = await invokeAsync(
626
- BrowserUtils.waitForBridgeResponse,
640
+ this.waitForPopupResponse.bind(this),
627
641
  BrowserPerformanceEvents.SilentHandlerMonitorIframeForHash,
628
642
  this.logger,
629
643
  this.performanceClient,
630
644
  correlationId
631
- )(
632
- this.config.system.popupBridgeTimeout,
633
- this.logger,
634
- this.browserCrypto,
635
- request,
636
- this.performanceClient
637
- );
645
+ )(request, popupWindow, popupParams.popupWindowParent);
638
646
 
639
647
  const serverParams = invoke(
640
648
  ResponseHandler.deserializeResponse,
@@ -699,7 +707,9 @@ export class PopupClient extends StandardInteractionClient {
699
707
  this.config.auth.clientId,
700
708
  this.correlationId,
701
709
  this.browserStorage,
702
- this.logger
710
+ this.logger,
711
+ undefined,
712
+ this.config.system.serverTelemetryEnabled
703
713
  );
704
714
 
705
715
  try {
@@ -792,12 +802,10 @@ export class PopupClient extends StandardInteractionClient {
792
802
  null
793
803
  );
794
804
 
795
- await BrowserUtils.waitForBridgeResponse(
796
- this.config.system.popupBridgeTimeout,
797
- this.logger,
798
- this.browserCrypto,
805
+ await this.waitForPopupResponse(
799
806
  validRequest,
800
- this.performanceClient
807
+ popupWindow,
808
+ popupParams.popupWindowParent
801
809
  ).catch(() => {
802
810
  // Swallow any errors related to monitoring the window. Server logout is best effort
803
811
  });
@@ -922,6 +930,22 @@ export class PopupClient extends StandardInteractionClient {
922
930
  BrowserAuthErrorCodes.emptyWindowError
923
931
  );
924
932
  }
933
+ try {
934
+ popupWindow.document.title = "Microsoft Authentication";
935
+ } catch (e) {
936
+ if (
937
+ typeof DOMException !== "undefined" &&
938
+ e instanceof DOMException &&
939
+ e.name === "SecurityError"
940
+ ) {
941
+ // Cross-origin - title cannot be set
942
+ } else {
943
+ this.logger.verbose(
944
+ "Could not set document.title on popup window",
945
+ this.correlationId
946
+ );
947
+ }
948
+ }
925
949
  if (popupWindow.focus) {
926
950
  popupWindow.focus();
927
951
  }
@@ -1043,4 +1067,24 @@ export class PopupClient extends StandardInteractionClient {
1043
1067
  const homeAccountId = request.account && request.account.homeAccountId;
1044
1068
  return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
1045
1069
  }
1070
+
1071
+ protected async waitForPopupResponse(
1072
+ request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
1073
+ popupWindow: Window,
1074
+ popupWindowParent: Window
1075
+ ): Promise<string> {
1076
+ if (this.waitForPopupResponseHook) {
1077
+ return this.waitForPopupResponseHook(
1078
+ request,
1079
+ popupWindow,
1080
+ popupWindowParent
1081
+ );
1082
+ }
1083
+ return BrowserUtils.waitForBridgeResponse(
1084
+ this.config.system.popupBridgeTimeout,
1085
+ this.logger,
1086
+ request,
1087
+ this.performanceClient
1088
+ );
1089
+ }
1046
1090
  }