@azure/msal-browser 5.12.0 → 5.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (245) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +89 -16
  11. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  12. package/dist/cache/CacheHelpers.mjs +1 -1
  13. package/dist/cache/CacheKeys.mjs +1 -1
  14. package/dist/cache/CookieStorage.mjs +1 -1
  15. package/dist/cache/DatabaseStorage.mjs +1 -1
  16. package/dist/cache/EncryptedData.mjs +1 -1
  17. package/dist/cache/LocalStorage.mjs +1 -1
  18. package/dist/cache/MemoryStorage.mjs +1 -1
  19. package/dist/cache/SessionStorage.mjs +1 -1
  20. package/dist/cache/TokenCache.mjs +1 -1
  21. package/dist/config/Configuration.mjs +2 -1
  22. package/dist/config/Configuration.mjs.map +1 -1
  23. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  24. package/dist/controllers/StandardController.mjs +3 -3
  25. package/dist/controllers/StandardController.mjs.map +1 -1
  26. package/dist/crypto/BrowserCrypto.mjs +1 -1
  27. package/dist/crypto/CryptoOps.mjs +1 -1
  28. package/dist/crypto/PkceGenerator.mjs +1 -1
  29. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  30. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  31. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  32. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  33. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  34. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  50. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  51. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  52. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  53. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  54. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  55. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  57. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  58. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  59. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  60. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  61. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  62. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  63. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  64. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  66. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  72. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  83. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  84. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  85. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  86. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  87. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  90. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  91. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  92. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  93. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  94. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  95. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  96. package/dist/custom_auth/index.mjs +1 -1
  97. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  98. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  103. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  104. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  105. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  108. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  109. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  116. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  121. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  122. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  123. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  130. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  135. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  136. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  137. package/dist/encode/Base64Decode.mjs +1 -1
  138. package/dist/encode/Base64Encode.mjs +1 -1
  139. package/dist/error/BrowserAuthError.mjs +1 -1
  140. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  141. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  142. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  143. package/dist/error/NativeAuthError.mjs +1 -1
  144. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  145. package/dist/error/NestedAppAuthError.mjs +1 -1
  146. package/dist/event/EventHandler.mjs +1 -1
  147. package/dist/event/EventMessage.mjs +1 -1
  148. package/dist/event/EventType.mjs +1 -1
  149. package/dist/index.mjs +1 -1
  150. package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
  151. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  152. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  153. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -4
  154. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  155. package/dist/interaction_client/PopupClient.mjs +4 -4
  156. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  157. package/dist/interaction_client/RedirectClient.mjs +12 -9
  158. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  159. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  160. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  161. package/dist/interaction_client/SilentCacheClient.mjs +2 -2
  162. package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
  163. package/dist/interaction_client/SilentIframeClient.mjs +41 -19
  164. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  165. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  166. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  167. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  168. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  169. package/dist/interaction_handler/SilentHandler.mjs +12 -26
  170. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  171. package/dist/log-strings-mapping.json +1199 -1195
  172. package/dist/naa/BridgeError.mjs +1 -1
  173. package/dist/naa/BridgeProxy.mjs +1 -1
  174. package/dist/naa/BridgeStatusCode.mjs +1 -1
  175. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  176. package/dist/navigation/NavigationClient.mjs +1 -1
  177. package/dist/network/FetchClient.mjs +1 -1
  178. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  180. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  181. package/dist/packageMetadata.mjs +2 -2
  182. package/dist/protocol/Authorize.mjs +1 -1
  183. package/dist/redirect_bridge/index.mjs +1 -1
  184. package/dist/request/RequestHelpers.mjs +1 -1
  185. package/dist/response/ResponseHandler.mjs +1 -1
  186. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  187. package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
  188. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  189. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  190. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  191. package/dist/utils/BrowserConstants.mjs +1 -1
  192. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  193. package/dist/utils/BrowserUtils.mjs +1 -1
  194. package/dist/utils/Helpers.mjs +1 -1
  195. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  196. package/lib/custom-auth-path/log-strings-mapping.json +7 -3
  197. package/lib/custom-auth-path/msal-custom-auth.cjs +343 -201
  198. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  199. package/lib/custom-auth-path/msal-custom-auth.js +343 -201
  200. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  201. package/lib/log-strings-mapping.json +7 -3
  202. package/lib/msal-browser.cjs +359 -204
  203. package/lib/msal-browser.cjs.map +1 -1
  204. package/lib/msal-browser.js +359 -204
  205. package/lib/msal-browser.js.map +1 -1
  206. package/lib/msal-browser.min.js +2 -2
  207. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  208. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  209. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  210. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  211. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  212. package/package.json +2 -2
  213. package/src/cache/BrowserCacheManager.ts +141 -34
  214. package/src/config/Configuration.ts +6 -0
  215. package/src/controllers/StandardController.ts +6 -6
  216. package/src/interaction_client/BaseInteractionClient.ts +12 -1
  217. package/src/interaction_client/PlatformAuthInteractionClient.ts +9 -3
  218. package/src/interaction_client/PopupClient.ts +9 -3
  219. package/src/interaction_client/RedirectClient.ts +27 -8
  220. package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
  221. package/src/interaction_client/SilentCacheClient.ts +3 -1
  222. package/src/interaction_client/SilentIframeClient.ts +94 -58
  223. package/src/interaction_client/SilentRefreshClient.ts +3 -1
  224. package/src/interaction_handler/SilentHandler.ts +11 -32
  225. package/src/packageMetadata.ts +1 -1
  226. package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
  227. package/types/cache/BrowserCacheManager.d.ts +18 -1
  228. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  229. package/types/config/Configuration.d.ts +5 -0
  230. package/types/config/Configuration.d.ts.map +1 -1
  231. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  232. package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
  233. package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  234. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  235. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  236. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  237. package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  238. package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
  239. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  240. package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  241. package/types/interaction_handler/SilentHandler.d.ts +13 -6
  242. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  243. package/types/packageMetadata.d.ts +1 -1
  244. package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
  245. package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.12.0 2026-06-05 */
1
+ /*! @azure/msal-browser v5.13.0 2026-06-10 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msalCustomAuth = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.7.0 2026-06-05 */
9
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -233,7 +233,7 @@
233
233
  // Token renewal offset default in seconds
234
234
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
235
235
 
236
- /*! @azure/msal-common v16.7.0 2026-06-05 */
236
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
237
237
  /*
238
238
  * Copyright (c) Microsoft Corporation. All rights reserved.
239
239
  * Licensed under the MIT License.
@@ -285,7 +285,7 @@
285
285
  const RESOURCE = "resource";
286
286
  const CLI_DATA = "clidata";
287
287
 
288
- /*! @azure/msal-common v16.7.0 2026-06-05 */
288
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
289
289
  /*
290
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
291
291
  * Licensed under the MIT License.
@@ -316,7 +316,7 @@
316
316
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
317
317
  }
318
318
 
319
- /*! @azure/msal-common v16.7.0 2026-06-05 */
319
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
320
320
 
321
321
  /*
322
322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -336,7 +336,7 @@
336
336
  return new ClientConfigurationError(errorCode);
337
337
  }
338
338
 
339
- /*! @azure/msal-common v16.7.0 2026-06-05 */
339
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
340
340
  /*
341
341
  * Copyright (c) Microsoft Corporation. All rights reserved.
342
342
  * Licensed under the MIT License.
@@ -416,7 +416,7 @@
416
416
  }
417
417
  }
418
418
 
419
- /*! @azure/msal-common v16.7.0 2026-06-05 */
419
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
420
420
 
421
421
  /*
422
422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -439,7 +439,7 @@
439
439
  return new ClientAuthError(errorCode, additionalMessage);
440
440
  }
441
441
 
442
- /*! @azure/msal-common v16.7.0 2026-06-05 */
442
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
443
443
  /*
444
444
  * Copyright (c) Microsoft Corporation. All rights reserved.
445
445
  * Licensed under the MIT License.
@@ -465,7 +465,7 @@
465
465
  const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
466
466
  const issuerValidationFailed = "issuer_validation_failed";
467
467
 
468
- /*! @azure/msal-common v16.7.0 2026-06-05 */
468
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
469
469
  /*
470
470
  * Copyright (c) Microsoft Corporation. All rights reserved.
471
471
  * Licensed under the MIT License.
@@ -504,7 +504,7 @@
504
504
  const resourceParameterRequired = "resource_parameter_required";
505
505
  const misplacedResourceParam = "misplaced_resource_parameter";
506
506
 
507
- /*! @azure/msal-common v16.7.0 2026-06-05 */
507
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
508
508
 
509
509
  /*
510
510
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -699,7 +699,7 @@
699
699
  }
700
700
  }
701
701
 
702
- /*! @azure/msal-common v16.7.0 2026-06-05 */
702
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
703
703
 
704
704
  /*
705
705
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1048,8 +1048,14 @@
1048
1048
  * @param serverTelemetryManager
1049
1049
  */
1050
1050
  function addServerTelemetry(parameters, serverTelemetryManager) {
1051
- parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
1052
- parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
1051
+ const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
1052
+ const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
1053
+ if (currentTelemetryHeader) {
1054
+ parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
1055
+ }
1056
+ if (lastTelemetryHeader) {
1057
+ parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
1058
+ }
1053
1059
  }
1054
1060
  /**
1055
1061
  * Adds parameter that indicates to the server that throttling is supported
@@ -1088,34 +1094,12 @@
1088
1094
  }
1089
1095
  }
1090
1096
 
1091
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1097
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1092
1098
 
1093
1099
  /*
1094
1100
  * Copyright (c) Microsoft Corporation. All rights reserved.
1095
1101
  * Licensed under the MIT License.
1096
1102
  */
1097
- /**
1098
- * Canonicalizes a URL by making it lowercase and ensuring it ends with /
1099
- * Inlined version of UrlString.canonicalizeUri to avoid circular dependency
1100
- * @param url - URL to canonicalize
1101
- * @returns Canonicalized URL
1102
- */
1103
- function canonicalizeUrl(url) {
1104
- if (!url) {
1105
- return url;
1106
- }
1107
- let lowerCaseUrl = url.toLowerCase();
1108
- if (StringUtils.endsWith(lowerCaseUrl, "?")) {
1109
- lowerCaseUrl = lowerCaseUrl.slice(0, -1);
1110
- }
1111
- else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
1112
- lowerCaseUrl = lowerCaseUrl.slice(0, -2);
1113
- }
1114
- if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
1115
- lowerCaseUrl += "/";
1116
- }
1117
- return lowerCaseUrl;
1118
- }
1119
1103
  /**
1120
1104
  * Parses hash string from given string. Returns empty string if no hash symbol is found.
1121
1105
  * @param hashString
@@ -1168,36 +1152,71 @@
1168
1152
  return queryParameterArray.join("&");
1169
1153
  }
1170
1154
  /**
1171
- * Normalizes URLs for comparison by removing hash, canonicalizing,
1172
- * and ensuring consistent URL encoding in query parameters.
1173
- * This fixes redirect loops when URLs contain encoded characters like apostrophes (%27).
1155
+ * Normalizes URLs for comparison per MDN & RFC 3986 standards:
1156
+ * - Hash/fragment is removed
1157
+ * - Scheme and host are lowercased (case-insensitive per spec)
1158
+ * - Path and query parameters preserve original casing (case-sensitive per spec)
1159
+ * - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
1160
+ * - Ensures pathname ends with /
1161
+ * Throws a urlParseError if the provided URL is malformed and cannot be parsed.
1174
1162
  * @param url - URL to normalize
1163
+ * @param logger - Optional logger used to log parse failures
1164
+ * @param correlationId - Optional correlationId associated with the log entry
1175
1165
  * @returns Normalized URL string for comparison
1176
1166
  */
1177
- function normalizeUrlForComparison(url) {
1167
+ function normalizeUrlForComparison(url, logger, correlationId) {
1178
1168
  if (!url) {
1179
1169
  return url;
1180
1170
  }
1181
- // Remove hash first
1182
1171
  const urlWithoutHash = url.split("#")[0];
1172
+ if (!urlWithoutHash) {
1173
+ return urlWithoutHash;
1174
+ }
1183
1175
  try {
1184
- // Parse the URL to handle encoding consistently
1185
1176
  const urlObj = new URL(urlWithoutHash);
1186
- /*
1187
- * Reconstruct the URL with properly decoded query parameters
1188
- * This ensures that %27 and ' are treated as equivalent
1189
- */
1190
- const normalizedUrl = urlObj.origin + urlObj.pathname + urlObj.search;
1191
- // Apply canonicalization logic inline to avoid circular dependency
1192
- return canonicalizeUrl(normalizedUrl);
1177
+ // Treat an empty query string (a bare trailing "?") as equivalent to no query
1178
+ if (!urlObj.search) {
1179
+ urlObj.search = "";
1180
+ }
1181
+ // Decode the pathname to normalize percent-encoding and ensure trailing slash
1182
+ let pathname;
1183
+ try {
1184
+ pathname = decodeURIComponent(urlObj.pathname);
1185
+ }
1186
+ catch (e) {
1187
+ pathname = urlObj.pathname;
1188
+ }
1189
+ if (!pathname.endsWith("/")) {
1190
+ pathname += "/";
1191
+ }
1192
+ urlObj.pathname = pathname;
1193
+ return urlObj.href;
1193
1194
  }
1194
1195
  catch (e) {
1195
- // Fallback to original logic if URL parsing fails
1196
- return canonicalizeUrl(urlWithoutHash);
1196
+ logger?.error("15apdm", correlationId || "");
1197
+ throw createClientConfigurationError(urlParseError);
1198
+ }
1199
+ }
1200
+ /**
1201
+ * Validates that the provided value is a well-formed, parseable absolute URL.
1202
+ * Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
1203
+ * literal string "null", an empty string, or any malformed/relative URL). Use this
1204
+ * to guard against persisting an invalid value (such as a redirect URL) to the cache.
1205
+ * @param url - URL to validate
1206
+ * @param logger - Optional logger used to log validation failures
1207
+ * @param correlationId - Optional correlationId associated with the log entry
1208
+ */
1209
+ function validateUrl(url, logger, correlationId) {
1210
+ try {
1211
+ new URL(url);
1212
+ }
1213
+ catch (e) {
1214
+ logger?.error("1lrjz7", correlationId || "");
1215
+ throw createClientConfigurationError(urlParseError);
1197
1216
  }
1198
1217
  }
1199
1218
 
1200
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1219
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1201
1220
 
1202
1221
  /*
1203
1222
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1236,7 +1255,7 @@
1236
1255
  },
1237
1256
  };
1238
1257
 
1239
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1258
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1240
1259
  /*
1241
1260
  * Copyright (c) Microsoft Corporation. All rights reserved.
1242
1261
  * Licensed under the MIT License.
@@ -1284,7 +1303,7 @@
1284
1303
  // Remove LRU (first entry) if capacity exceeded
1285
1304
  if (correlationCache.size > CACHE_CAPACITY) {
1286
1305
  const firstKey = correlationCache.keys().next().value;
1287
- if (firstKey) {
1306
+ if (firstKey !== undefined) {
1288
1307
  correlationCache.delete(firstKey);
1289
1308
  }
1290
1309
  }
@@ -1497,12 +1516,12 @@
1497
1516
  }
1498
1517
  }
1499
1518
 
1500
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1519
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1501
1520
  /* eslint-disable header/header */
1502
1521
  const name$1 = "@azure/msal-common";
1503
- const version$1 = "16.7.0";
1522
+ const version$1 = "16.8.0";
1504
1523
 
1505
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1524
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1506
1525
  /*
1507
1526
  * Copyright (c) Microsoft Corporation. All rights reserved.
1508
1527
  * Licensed under the MIT License.
@@ -1511,7 +1530,7 @@
1511
1530
  // AzureCloudInstance is not specified.
1512
1531
  None: "none"};
1513
1532
 
1514
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1533
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1515
1534
  /*
1516
1535
  * Copyright (c) Microsoft Corporation. All rights reserved.
1517
1536
  * Licensed under the MIT License.
@@ -1594,7 +1613,7 @@
1594
1613
  return updatedAccountInfo;
1595
1614
  }
1596
1615
 
1597
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1616
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1598
1617
 
1599
1618
  /*
1600
1619
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1674,7 +1693,7 @@
1674
1693
  }
1675
1694
  }
1676
1695
 
1677
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1696
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1678
1697
 
1679
1698
  /*
1680
1699
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1831,7 +1850,7 @@
1831
1850
  }
1832
1851
  }
1833
1852
 
1834
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1853
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1835
1854
 
1836
1855
  /*
1837
1856
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1997,7 +2016,7 @@
1997
2016
  return null;
1998
2017
  }
1999
2018
 
2000
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2019
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2001
2020
  /*
2002
2021
  * Copyright (c) Microsoft Corporation. All rights reserved.
2003
2022
  * Licensed under the MIT License.
@@ -2005,7 +2024,7 @@
2005
2024
  const cacheQuotaExceeded = "cache_quota_exceeded";
2006
2025
  const cacheErrorUnknown = "cache_error_unknown";
2007
2026
 
2008
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2027
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2009
2028
 
2010
2029
  /*
2011
2030
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2043,7 +2062,7 @@
2043
2062
  }
2044
2063
  }
2045
2064
 
2046
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2065
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2047
2066
 
2048
2067
  /*
2049
2068
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2081,7 +2100,7 @@
2081
2100
  };
2082
2101
  }
2083
2102
 
2084
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2103
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2085
2104
  /*
2086
2105
  * Copyright (c) Microsoft Corporation. All rights reserved.
2087
2106
  * Licensed under the MIT License.
@@ -2096,7 +2115,7 @@
2096
2115
  Ciam: 3,
2097
2116
  };
2098
2117
 
2099
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2118
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2100
2119
  /*
2101
2120
  * Copyright (c) Microsoft Corporation. All rights reserved.
2102
2121
  * Licensed under the MIT License.
@@ -2118,7 +2137,7 @@
2118
2137
  return null;
2119
2138
  }
2120
2139
 
2121
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2140
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2122
2141
  /*
2123
2142
  * Copyright (c) Microsoft Corporation. All rights reserved.
2124
2143
  * Licensed under the MIT License.
@@ -2142,7 +2161,7 @@
2142
2161
  EAR: "EAR",
2143
2162
  };
2144
2163
 
2145
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2164
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2146
2165
  /**
2147
2166
  * Returns the AccountInfo interface for this account.
2148
2167
  */
@@ -2317,7 +2336,7 @@
2317
2336
  entity.hasOwnProperty("authorityType"));
2318
2337
  }
2319
2338
 
2320
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2339
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2321
2340
 
2322
2341
  /*
2323
2342
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3448,7 +3467,7 @@
3448
3467
  }
3449
3468
  }
3450
3469
 
3451
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3470
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3452
3471
  /*
3453
3472
  * Copyright (c) Microsoft Corporation. All rights reserved.
3454
3473
  * Licensed under the MIT License.
@@ -3462,7 +3481,7 @@
3462
3481
  const PerformanceEventStatus = {
3463
3482
  InProgress: 1};
3464
3483
 
3465
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3484
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3466
3485
 
3467
3486
  /*
3468
3487
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3517,7 +3536,7 @@
3517
3536
  }
3518
3537
  }
3519
3538
 
3520
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3539
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3521
3540
 
3522
3541
  /*
3523
3542
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3612,7 +3631,7 @@
3612
3631
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3613
3632
  }
3614
3633
 
3615
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3634
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3616
3635
  /*
3617
3636
  * Copyright (c) Microsoft Corporation. All rights reserved.
3618
3637
  * Licensed under the MIT License.
@@ -3639,7 +3658,7 @@
3639
3658
  }
3640
3659
  }
3641
3660
 
3642
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3661
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3643
3662
  /*
3644
3663
  * Copyright (c) Microsoft Corporation. All rights reserved.
3645
3664
  * Licensed under the MIT License.
@@ -3704,7 +3723,7 @@
3704
3723
  return cachedAtSec > nowSeconds();
3705
3724
  }
3706
3725
 
3707
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3726
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3708
3727
 
3709
3728
  /*
3710
3729
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3963,7 +3982,7 @@
3963
3982
  return metadata.expiresAt <= nowSeconds();
3964
3983
  }
3965
3984
 
3966
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3985
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3967
3986
  /*
3968
3987
  * Copyright (c) Microsoft Corporation. All rights reserved.
3969
3988
  * Licensed under the MIT License.
@@ -4034,7 +4053,7 @@
4034
4053
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4035
4054
  const SetUserData = "setUserData";
4036
4055
 
4037
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4056
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4038
4057
  /*
4039
4058
  * Copyright (c) Microsoft Corporation. All rights reserved.
4040
4059
  * Licensed under the MIT License.
@@ -4127,7 +4146,7 @@
4127
4146
  };
4128
4147
  };
4129
4148
 
4130
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4149
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4131
4150
 
4132
4151
  /*
4133
4152
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4207,7 +4226,7 @@
4207
4226
  }
4208
4227
  }
4209
4228
 
4210
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4229
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4211
4230
  /*
4212
4231
  * Copyright (c) Microsoft Corporation. All rights reserved.
4213
4232
  * Licensed under the MIT License.
@@ -4258,7 +4277,7 @@
4258
4277
  */
4259
4278
  const interruptedUser = "interrupted_user";
4260
4279
 
4261
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4280
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4262
4281
 
4263
4282
  /*
4264
4283
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4326,7 +4345,7 @@
4326
4345
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4327
4346
  }
4328
4347
 
4329
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4348
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4330
4349
 
4331
4350
  /*
4332
4351
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4345,7 +4364,7 @@
4345
4364
  }
4346
4365
  }
4347
4366
 
4348
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4367
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4349
4368
 
4350
4369
  /*
4351
4370
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4413,7 +4432,7 @@
4413
4432
  }
4414
4433
  }
4415
4434
 
4416
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4435
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4417
4436
 
4418
4437
  /*
4419
4438
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4761,7 +4780,7 @@
4761
4780
  return baseAccount;
4762
4781
  }
4763
4782
 
4764
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4783
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4765
4784
  /*
4766
4785
  * Copyright (c) Microsoft Corporation. All rights reserved.
4767
4786
  * Licensed under the MIT License.
@@ -4771,7 +4790,7 @@
4771
4790
  UPN: "UPN",
4772
4791
  };
4773
4792
 
4774
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4793
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4775
4794
  /*
4776
4795
  * Copyright (c) Microsoft Corporation. All rights reserved.
4777
4796
  * Licensed under the MIT License.
@@ -4789,7 +4808,7 @@
4789
4808
  }
4790
4809
  }
4791
4810
 
4792
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4811
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4793
4812
  /*
4794
4813
  * Copyright (c) Microsoft Corporation. All rights reserved.
4795
4814
  * Licensed under the MIT License.
@@ -4810,7 +4829,7 @@
4810
4829
  };
4811
4830
  }
4812
4831
 
4813
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4832
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4814
4833
 
4815
4834
  /*
4816
4835
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4896,7 +4915,7 @@
4896
4915
  }
4897
4916
  }
4898
4917
 
4899
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4918
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4900
4919
 
4901
4920
  /*
4902
4921
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4927,7 +4946,7 @@
4927
4946
  return new NetworkError(error, httpStatus, responseHeaders);
4928
4947
  }
4929
4948
 
4930
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4949
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4931
4950
 
4932
4951
  /*
4933
4952
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5041,7 +5060,7 @@
5041
5060
  return response;
5042
5061
  }
5043
5062
 
5044
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5063
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5045
5064
  /*
5046
5065
  * Copyright (c) Microsoft Corporation. All rights reserved.
5047
5066
  * Licensed under the MIT License.
@@ -5053,7 +5072,7 @@
5053
5072
  response.hasOwnProperty("jwks_uri"));
5054
5073
  }
5055
5074
 
5056
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5075
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5057
5076
  /*
5058
5077
  * Copyright (c) Microsoft Corporation. All rights reserved.
5059
5078
  * Licensed under the MIT License.
@@ -5063,7 +5082,7 @@
5063
5082
  response.hasOwnProperty("metadata"));
5064
5083
  }
5065
5084
 
5066
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5085
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5067
5086
  /*
5068
5087
  * Copyright (c) Microsoft Corporation. All rights reserved.
5069
5088
  * Licensed under the MIT License.
@@ -5073,7 +5092,7 @@
5073
5092
  response.hasOwnProperty("error_description"));
5074
5093
  }
5075
5094
 
5076
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5095
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5077
5096
 
5078
5097
  /*
5079
5098
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5178,7 +5197,7 @@
5178
5197
  },
5179
5198
  };
5180
5199
 
5181
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5200
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5182
5201
 
5183
5202
  /*
5184
5203
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6146,7 +6165,7 @@
6146
6165
  };
6147
6166
  }
6148
6167
 
6149
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6168
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6150
6169
 
6151
6170
  /*
6152
6171
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6180,7 +6199,7 @@
6180
6199
  }
6181
6200
  }
6182
6201
 
6183
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6202
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6184
6203
 
6185
6204
  /*
6186
6205
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6437,7 +6456,7 @@
6437
6456
  }
6438
6457
  }
6439
6458
 
6440
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6459
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6441
6460
 
6442
6461
  /*
6443
6462
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6658,7 +6677,7 @@
6658
6677
  }
6659
6678
  }
6660
6679
 
6661
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6680
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6662
6681
 
6663
6682
  /*
6664
6683
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6774,7 +6793,7 @@
6774
6793
  }
6775
6794
  }
6776
6795
 
6777
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6796
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6778
6797
 
6779
6798
  /*
6780
6799
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6789,7 +6808,7 @@
6789
6808
  },
6790
6809
  };
6791
6810
 
6792
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6811
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6793
6812
 
6794
6813
  /*
6795
6814
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7012,7 +7031,7 @@
7012
7031
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7013
7032
  }
7014
7033
 
7015
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7034
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7016
7035
 
7017
7036
  /*
7018
7037
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7045,7 +7064,7 @@
7045
7064
  return Object.prototype.hasOwnProperty.call(params, "resource");
7046
7065
  }
7047
7066
 
7048
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7067
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7049
7068
  /*
7050
7069
  * Copyright (c) Microsoft Corporation. All rights reserved.
7051
7070
  * Licensed under the MIT License.
@@ -7055,7 +7074,7 @@
7055
7074
  */
7056
7075
  const unexpectedError = "unexpected_error";
7057
7076
 
7058
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7077
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7059
7078
 
7060
7079
  /*
7061
7080
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7166,35 +7185,40 @@
7166
7185
  * @param error
7167
7186
  */
7168
7187
  cacheFailedRequest(error) {
7169
- const lastRequests = this.getLastRequests();
7170
- if (lastRequests.errors.length >=
7171
- SERVER_TELEM_MAX_CACHED_ERRORS) {
7172
- // Remove a cached error to make room, first in first out
7173
- lastRequests.failedRequests.shift(); // apiId
7174
- lastRequests.failedRequests.shift(); // correlationId
7175
- lastRequests.errors.shift();
7176
- }
7177
- lastRequests.failedRequests.push(this.apiId, this.correlationId);
7178
- if (error instanceof Error && !!error && error.toString()) {
7179
- if (error instanceof AuthError) {
7180
- if (error.subError) {
7181
- lastRequests.errors.push(error.subError);
7182
- }
7183
- else if (error.errorCode) {
7184
- lastRequests.errors.push(error.errorCode);
7188
+ try {
7189
+ const lastRequests = this.getLastRequests();
7190
+ if (lastRequests.errors.length >=
7191
+ SERVER_TELEM_MAX_CACHED_ERRORS) {
7192
+ // Remove a cached error to make room, first in first out
7193
+ lastRequests.failedRequests.shift(); // apiId
7194
+ lastRequests.failedRequests.shift(); // correlationId
7195
+ lastRequests.errors.shift();
7196
+ }
7197
+ lastRequests.failedRequests.push(this.apiId, this.correlationId);
7198
+ if (error instanceof Error && !!error && error.toString()) {
7199
+ if (error instanceof AuthError) {
7200
+ if (error.subError) {
7201
+ lastRequests.errors.push(error.subError);
7202
+ }
7203
+ else if (error.errorCode) {
7204
+ lastRequests.errors.push(error.errorCode);
7205
+ }
7206
+ else {
7207
+ lastRequests.errors.push(error.toString());
7208
+ }
7185
7209
  }
7186
7210
  else {
7187
7211
  lastRequests.errors.push(error.toString());
7188
7212
  }
7189
7213
  }
7190
7214
  else {
7191
- lastRequests.errors.push(error.toString());
7215
+ lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7192
7216
  }
7217
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7193
7218
  }
7194
- else {
7195
- lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7219
+ catch {
7220
+ // Ignore telemetry cache failures to avoid masking the original auth error path.
7196
7221
  }
7197
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7198
7222
  return;
7199
7223
  }
7200
7224
  /**
@@ -7314,9 +7338,36 @@
7314
7338
  static makeExtraSkuString(params) {
7315
7339
  return makeExtraSkuString(params);
7316
7340
  }
7341
+ }
7342
+ /** @internal */
7343
+ class StubServerTelemetryManager extends ServerTelemetryManager {
7344
+ constructor() {
7345
+ super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
7346
+ }
7347
+ generateCurrentRequestHeaderValue() {
7348
+ return "";
7349
+ }
7350
+ generateLastRequestHeaderValue() {
7351
+ return "";
7352
+ }
7353
+ cacheFailedRequest() { }
7354
+ incrementCacheHits() {
7355
+ return 0;
7356
+ }
7357
+ clearTelemetryCache() { }
7358
+ getRegionDiscoveryFields() {
7359
+ return "";
7360
+ }
7361
+ updateRegionDiscoveryMetadata() { }
7362
+ setCacheOutcome() { }
7363
+ setNativeBrokerErrorCode() { }
7364
+ getNativeBrokerErrorCode() {
7365
+ return undefined;
7366
+ }
7367
+ clearNativeBrokerErrorCode() { }
7317
7368
  }
7318
7369
 
7319
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7370
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7320
7371
 
7321
7372
  /*
7322
7373
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7337,7 +7388,7 @@
7337
7388
  return new JoseHeaderError(code);
7338
7389
  }
7339
7390
 
7340
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7391
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7341
7392
  /*
7342
7393
  * Copyright (c) Microsoft Corporation. All rights reserved.
7343
7394
  * Licensed under the MIT License.
@@ -7345,7 +7396,7 @@
7345
7396
  const missingKidError = "missing_kid_error";
7346
7397
  const missingAlgError = "missing_alg_error";
7347
7398
 
7348
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7399
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7349
7400
 
7350
7401
  /*
7351
7402
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7780,7 +7831,7 @@
7780
7831
 
7781
7832
  /* eslint-disable header/header */
7782
7833
  const name = "@azure/msal-browser";
7783
- const version = "5.12.0";
7834
+ const version = "5.13.0";
7784
7835
 
7785
7836
  /*
7786
7837
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8373,7 +8424,6 @@
8373
8424
  */
8374
8425
  const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
8375
8426
  const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
8376
- const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
8377
8427
  /**
8378
8428
  * Helper functions in StandardInteractionClient class (msal-browser)
8379
8429
  */
@@ -9448,10 +9498,15 @@
9448
9498
  * @param browserStorage - Browser cache manager instance for storing telemetry data
9449
9499
  * @param logger - Optional logger instance for verbose logging
9450
9500
  * @param forceRefresh - Optional flag to force refresh of telemetry data
9501
+ * @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
9451
9502
  * @returns Configured ServerTelemetryManager instance
9452
9503
  */
9453
- function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
9504
+ function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
9454
9505
  logger.verbose("initializeServerTelemetryManager called", correlationId);
9506
+ if (!enabled) {
9507
+ logger.verbose("Server telemetry is disabled in configuration. Skipping telemetry manager initialization.", correlationId);
9508
+ return new StubServerTelemetryManager();
9509
+ }
9455
9510
  const telemetryPayload = {
9456
9511
  clientId: clientId,
9457
9512
  correlationId: correlationId,
@@ -15011,6 +15066,15 @@
15011
15066
  * Copyright (c) Microsoft Corporation. All rights reserved.
15012
15067
  * Licensed under the MIT License.
15013
15068
  */
15069
+ /**
15070
+ * Reason an old-schema cache entry was removed during migration.
15071
+ */
15072
+ const MigrationRemovalReason = {
15073
+ Invalid: "invalid",
15074
+ TtlExpired: "ttlExpired",
15075
+ DecryptFailed: "decryptFailed",
15076
+ Expired: "expired",
15077
+ };
15014
15078
  /**
15015
15079
  * This class implements the cache storage interface for MSAL through browser local or session storage.
15016
15080
  */
@@ -15080,7 +15144,10 @@
15080
15144
  const parsedValue = this.validateAndParseJson(rawValue || "");
15081
15145
  if (!parsedValue) {
15082
15146
  this.browserStorage.removeItem(key);
15083
- return null;
15147
+ return {
15148
+ entry: null,
15149
+ removalReason: MigrationRemovalReason.Invalid,
15150
+ };
15084
15151
  }
15085
15152
  if (!parsedValue.lastUpdatedAt) {
15086
15153
  // Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
@@ -15089,26 +15156,42 @@
15089
15156
  }
15090
15157
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
15091
15158
  this.browserStorage.removeItem(key);
15092
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
15093
- return null;
15159
+ return {
15160
+ entry: null,
15161
+ removalReason: MigrationRemovalReason.TtlExpired,
15162
+ };
15094
15163
  }
15095
- const decryptedData = isEncrypted(parsedValue)
15164
+ const wasEncrypted = isEncrypted(parsedValue);
15165
+ const decryptedData = wasEncrypted
15096
15166
  ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
15097
15167
  : parsedValue;
15098
- if (!decryptedData || !isCredentialEntity(decryptedData)) {
15168
+ if (!decryptedData) {
15099
15169
  this.browserStorage.removeItem(key);
15100
- this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
15101
- return null;
15170
+ return {
15171
+ entry: null,
15172
+ removalReason: wasEncrypted
15173
+ ? MigrationRemovalReason.DecryptFailed
15174
+ : MigrationRemovalReason.Invalid,
15175
+ };
15176
+ }
15177
+ if (!isCredentialEntity(decryptedData)) {
15178
+ this.browserStorage.removeItem(key);
15179
+ return {
15180
+ entry: null,
15181
+ removalReason: MigrationRemovalReason.Invalid,
15182
+ };
15102
15183
  }
15103
15184
  if ((isAccessTokenEntity(decryptedData) ||
15104
15185
  isRefreshTokenEntity(decryptedData)) &&
15105
15186
  decryptedData.expiresOn &&
15106
15187
  isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
15107
15188
  this.browserStorage.removeItem(key);
15108
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
15109
- return null;
15189
+ return {
15190
+ entry: null,
15191
+ removalReason: MigrationRemovalReason.Expired,
15192
+ };
15110
15193
  }
15111
- return decryptedData;
15194
+ return { entry: decryptedData };
15112
15195
  }
15113
15196
  /**
15114
15197
  * Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
@@ -15128,6 +15211,7 @@
15128
15211
  const parsedValue = this.validateAndParseJson(rawValue || "");
15129
15212
  if (!parsedValue) {
15130
15213
  this.browserStorage.removeItem(accountKey);
15214
+ this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
15131
15215
  removeElementFromArray(accountKeysToCheck, accountKey);
15132
15216
  continue;
15133
15217
  }
@@ -15140,6 +15224,7 @@
15140
15224
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
15141
15225
  // Cache expired remove account and associated tokens
15142
15226
  await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
15227
+ this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
15143
15228
  removeElementFromArray(accountKeysToCheck, accountKey);
15144
15229
  }
15145
15230
  else if (isEncrypted(parsedValue)) {
@@ -15147,7 +15232,9 @@
15147
15232
  const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
15148
15233
  if (!decrypted) {
15149
15234
  this.browserStorage.removeItem(accountKey);
15150
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
15235
+ this.performanceClient.incrementFields({
15236
+ decryptFailedAcntCount: 1,
15237
+ }, correlationId);
15151
15238
  removeElementFromArray(accountKeysToCheck, accountKey);
15152
15239
  }
15153
15240
  }
@@ -15188,7 +15275,6 @@
15188
15275
  });
15189
15276
  this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
15190
15277
  }
15191
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
15192
15278
  this.browserStorage.removeItem(accountKey);
15193
15279
  }
15194
15280
  /**
@@ -15227,8 +15313,20 @@
15227
15313
  const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
15228
15314
  for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
15229
15315
  this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
15230
- const oldSchemaData = (await this.updateOldEntry(idTokenKey, correlationId));
15316
+ const result = await this.updateOldEntry(idTokenKey, correlationId);
15317
+ const oldSchemaData = result.entry;
15231
15318
  if (!oldSchemaData) {
15319
+ switch (result.removalReason) {
15320
+ case MigrationRemovalReason.TtlExpired:
15321
+ this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
15322
+ break;
15323
+ case MigrationRemovalReason.DecryptFailed:
15324
+ this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
15325
+ break;
15326
+ case MigrationRemovalReason.Invalid:
15327
+ this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
15328
+ break;
15329
+ }
15232
15330
  removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
15233
15331
  continue;
15234
15332
  }
@@ -15307,8 +15405,23 @@
15307
15405
  const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
15308
15406
  for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
15309
15407
  this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
15310
- const oldSchemaData = (await this.updateOldEntry(accessTokenKey, correlationId));
15408
+ const result = await this.updateOldEntry(accessTokenKey, correlationId);
15409
+ const oldSchemaData = result.entry;
15311
15410
  if (!oldSchemaData) {
15411
+ switch (result.removalReason) {
15412
+ case MigrationRemovalReason.TtlExpired:
15413
+ this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
15414
+ break;
15415
+ case MigrationRemovalReason.DecryptFailed:
15416
+ this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
15417
+ break;
15418
+ case MigrationRemovalReason.Expired:
15419
+ this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
15420
+ break;
15421
+ case MigrationRemovalReason.Invalid:
15422
+ this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
15423
+ break;
15424
+ }
15312
15425
  removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
15313
15426
  continue;
15314
15427
  }
@@ -15354,8 +15467,23 @@
15354
15467
  ...credentialKeysToMigrate.refreshToken,
15355
15468
  ]) {
15356
15469
  this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
15357
- const oldSchemaData = (await this.updateOldEntry(refreshTokenKey, correlationId));
15470
+ const result = await this.updateOldEntry(refreshTokenKey, correlationId);
15471
+ const oldSchemaData = result.entry;
15358
15472
  if (!oldSchemaData) {
15473
+ switch (result.removalReason) {
15474
+ case MigrationRemovalReason.TtlExpired:
15475
+ this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
15476
+ break;
15477
+ case MigrationRemovalReason.DecryptFailed:
15478
+ this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
15479
+ break;
15480
+ case MigrationRemovalReason.Expired:
15481
+ this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
15482
+ break;
15483
+ case MigrationRemovalReason.Invalid:
15484
+ this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
15485
+ break;
15486
+ }
15359
15487
  removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
15360
15488
  continue;
15361
15489
  }
@@ -16753,7 +16881,7 @@
16753
16881
  */
16754
16882
  async acquireToken(silentRequest) {
16755
16883
  // Telemetry manager only used to increment cacheHits here
16756
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
16884
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16757
16885
  const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
16758
16886
  serverTelemetryManager,
16759
16887
  requestAuthority: silentRequest.authority,
@@ -16829,7 +16957,7 @@
16829
16957
  // start the perf measurement
16830
16958
  const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
16831
16959
  const reqTimestamp = nowSeconds();
16832
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
16960
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16833
16961
  try {
16834
16962
  // initialize native request
16835
16963
  const nativeRequest = await this.initializePlatformRequest(request);
@@ -16953,7 +17081,7 @@
16953
17081
  catch (e) {
16954
17082
  // Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
16955
17083
  if (e instanceof NativeAuthError) {
16956
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
17084
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16957
17085
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
16958
17086
  if (isFatalNativeAuthError(e)) {
16959
17087
  throw e;
@@ -17000,7 +17128,7 @@
17000
17128
  this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker.", this.correlationId);
17001
17129
  const response = await this.platformAuthProvider.sendMessage(request);
17002
17130
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
17003
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
17131
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
17004
17132
  serverTelemetryManager.clearNativeBrokerErrorCode();
17005
17133
  this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
17006
17134
  return authResult;
@@ -18007,6 +18135,7 @@
18007
18135
  nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
18008
18136
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
18009
18137
  protocolMode: ProtocolMode.AAD,
18138
+ serverTelemetryEnabled: false,
18010
18139
  };
18011
18140
  const providedSystemOptions = {
18012
18141
  ...DEFAULT_BROWSER_SYSTEM_OPTIONS,
@@ -18648,7 +18777,7 @@
18648
18777
  */
18649
18778
  async executeCodeFlow(request, popupParams, pkceCodes) {
18650
18779
  const correlationId = request.correlationId;
18651
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
18780
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
18652
18781
  const pkce = pkceCodes ||
18653
18782
  (await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
18654
18783
  const popupRequest = {
@@ -18713,7 +18842,7 @@
18713
18842
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18714
18843
  if (!serverParams.ear_jwe && serverParams.code) {
18715
18844
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
18716
- serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
18845
+ serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
18717
18846
  requestAuthority: request.authority,
18718
18847
  requestAzureCloudOptions: request.azureCloudOptions,
18719
18848
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -18750,7 +18879,7 @@
18750
18879
  async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
18751
18880
  this.logger.verbose("logoutPopupAsync called", this.correlationId);
18752
18881
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Popup, validRequest);
18753
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
18882
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
18754
18883
  try {
18755
18884
  // Clear cache on logout
18756
18885
  await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
@@ -19034,7 +19163,7 @@
19034
19163
  */
19035
19164
  async executeCodeFlow(request) {
19036
19165
  const correlationId = request.correlationId;
19037
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19166
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19038
19167
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
19039
19168
  const redirectRequest = {
19040
19169
  ...request,
@@ -19122,7 +19251,7 @@
19122
19251
  async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
19123
19252
  const originalTitle = document.title;
19124
19253
  document.title = "Microsoft Authentication";
19125
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19254
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19126
19255
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
19127
19256
  try {
19128
19257
  const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
@@ -19141,8 +19270,8 @@
19141
19270
  }
19142
19271
  // If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
19143
19272
  const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
19144
- const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
19145
- const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
19273
+ const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
19274
+ const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
19146
19275
  if (loginRequestUrlNormalized === currentUrlNormalized &&
19147
19276
  navigateToLoginRequestUrl) {
19148
19277
  // We are on the page we need to navigate to - handle hash
@@ -19175,8 +19304,8 @@
19175
19304
  * The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
19176
19305
  */
19177
19306
  let processHashOnRedirect = true;
19178
- if (!loginRequestUrl || loginRequestUrl === "null") {
19179
- // Redirect to home page if login request url is null (real null or the string null)
19307
+ if (!loginRequestUrl) {
19308
+ // Redirect to home page if login request url is empty
19180
19309
  const homepage = getHomepage();
19181
19310
  // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
19182
19311
  this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
@@ -19322,7 +19451,7 @@
19322
19451
  async logout(logoutRequest) {
19323
19452
  this.logger.verbose("logoutRedirect called", this.correlationId);
19324
19453
  const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
19325
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19454
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19326
19455
  try {
19327
19456
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Redirect, logoutRequest);
19328
19457
  // Clear cache on logout
@@ -19403,7 +19532,10 @@
19403
19532
  */
19404
19533
  getRedirectStartPage(requestStartPage) {
19405
19534
  const redirectStartPage = requestStartPage || window.location.href;
19406
- return UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
19535
+ const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
19536
+ // Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
19537
+ validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
19538
+ return absoluteRedirectStartPage;
19407
19539
  }
19408
19540
  }
19409
19541
 
@@ -19412,20 +19544,20 @@
19412
19544
  * Licensed under the MIT License.
19413
19545
  */
19414
19546
  /**
19415
- * Creates a hidden iframe to given URL using user-requested scopes as an id.
19416
- * @param urlNavigate
19417
- * @param userRequestScopes
19547
+ * Navigates the given hidden iframe to the provided URL.
19548
+ * @param frame
19549
+ * @param requestUrl
19418
19550
  */
19419
- async function initiateCodeRequest(requestUrl, performanceClient, logger, correlationId) {
19551
+ async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
19420
19552
  if (!requestUrl) {
19421
19553
  // Throw error if request URL is empty.
19422
19554
  logger.info("Navigate url is empty", correlationId);
19423
19555
  throw createBrowserAuthError(emptyNavigateUri);
19424
19556
  }
19425
- return invoke(loadFrameSync, SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl);
19557
+ frame.src = requestUrl;
19558
+ return frame;
19426
19559
  }
19427
- async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
19428
- const frame = createHiddenIframe();
19560
+ async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
19429
19561
  if (!frame.contentDocument) {
19430
19562
  throw "No document associated with iframe!";
19431
19563
  }
@@ -19433,8 +19565,7 @@
19433
19565
  form.submit();
19434
19566
  return frame;
19435
19567
  }
19436
- async function initiateEarRequest(config, authority, request, logger, performanceClient) {
19437
- const frame = createHiddenIframe();
19568
+ async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
19438
19569
  if (!frame.contentDocument) {
19439
19570
  throw "No document associated with iframe!";
19440
19571
  }
@@ -19444,19 +19575,8 @@
19444
19575
  }
19445
19576
  /**
19446
19577
  * @hidden
19447
- * Loads the iframe synchronously when the navigateTimeFrame is set to `0`
19448
- * @param urlNavigate
19449
- * @param frameName
19450
- * @param logger
19451
- */
19452
- function loadFrameSync(urlNavigate) {
19453
- const frameHandle = createHiddenIframe();
19454
- frameHandle.src = urlNavigate;
19455
- return frameHandle;
19456
- }
19457
- /**
19458
- * @hidden
19459
- * Creates a new hidden iframe or gets an existing one for silent token renewal.
19578
+ * Creates a new hidden iframe for silent token renewal. Callers navigate it
19579
+ * (set `src` or submit a form) after registering the response listener.
19460
19580
  * @ignore
19461
19581
  */
19462
19582
  function createHiddenIframe() {
@@ -19535,7 +19655,7 @@
19535
19655
  */
19536
19656
  async executeCodeFlow(request) {
19537
19657
  let authClient;
19538
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19658
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19539
19659
  try {
19540
19660
  // Initialize the client
19541
19661
  authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
@@ -19577,11 +19697,22 @@
19577
19697
  earJwk: earJwk,
19578
19698
  codeChallenge: pkceCodes.challenge,
19579
19699
  };
19580
- const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19700
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
19701
+ const iframe = createHiddenIframe();
19581
19702
  const responseType = this.config.auth.OIDCOptions.responseMode;
19582
19703
  let responseString;
19583
19704
  try {
19584
- responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19705
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19706
+ responsePromise.catch(() => {
19707
+ /*
19708
+ * If navigation below throws before responsePromise is awaited,
19709
+ * the listener still rejects on timeout. Swallow it here so it
19710
+ * does not surface as an unhandled rejection; the navigation
19711
+ * error is propagated instead.
19712
+ */
19713
+ });
19714
+ await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19715
+ responseString = await responsePromise;
19585
19716
  }
19586
19717
  finally {
19587
19718
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19590,7 +19721,7 @@
19590
19721
  if (!serverParams.ear_jwe && serverParams.code) {
19591
19722
  // If server doesn't support EAR, they may fallback to auth code flow instead
19592
19723
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
19593
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
19724
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
19594
19725
  requestAuthority: request.authority,
19595
19726
  requestAzureCloudOptions: request.azureCloudOptions,
19596
19727
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -19617,7 +19748,7 @@
19617
19748
  // Create silent request
19618
19749
  const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
19619
19750
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
19620
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
19751
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
19621
19752
  requestAuthority: silentRequest.authority,
19622
19753
  requestAzureCloudOptions: silentRequest.azureCloudOptions,
19623
19754
  requestExtraQueryParameters: silentRequest.extraQueryParameters,
@@ -19665,21 +19796,32 @@
19665
19796
  ...request,
19666
19797
  codeChallenge: pkceCodes.challenge,
19667
19798
  };
19668
- let iframe;
19669
- if (request.httpMethod === HttpMethod$1.POST) {
19670
- iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19671
- }
19672
- else {
19673
- // Create authorize request url
19674
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19675
- // Get the frame handle for the silent request
19676
- iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
19677
- }
19799
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
19800
+ const iframe = createHiddenIframe();
19678
19801
  const responseType = this.config.auth.OIDCOptions.responseMode;
19679
19802
  // Wait for response from the redirect bridge.
19680
19803
  let responseString;
19681
19804
  try {
19682
- responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19805
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19806
+ responsePromise.catch(() => {
19807
+ /*
19808
+ * If URL creation or navigation below throws before
19809
+ * responsePromise is awaited, the listener still rejects on
19810
+ * timeout. Swallow it here so it does not surface as an
19811
+ * unhandled rejection; the navigation error is propagated
19812
+ * instead.
19813
+ */
19814
+ });
19815
+ if (request.httpMethod === HttpMethod$1.POST) {
19816
+ await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19817
+ }
19818
+ else {
19819
+ // Create authorize request url
19820
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19821
+ // Navigate the iframe to the authorize request url
19822
+ await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
19823
+ }
19824
+ responseString = await responsePromise;
19683
19825
  }
19684
19826
  finally {
19685
19827
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19714,7 +19856,7 @@
19714
19856
  // Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
19715
19857
  silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
19716
19858
  }
19717
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19859
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19718
19860
  const refreshTokenClient = await this.createRefreshTokenClient({
19719
19861
  serverTelemetryManager,
19720
19862
  authorityUrl: silentRequest.authority,
@@ -19794,7 +19936,7 @@
19794
19936
  * Each auth request creates a new instance of *Client so we can safely use this.correlationId.
19795
19937
  */
19796
19938
  this.correlationId);
19797
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19939
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19798
19940
  try {
19799
19941
  // Create auth code request (PKCE not needed)
19800
19942
  const authCodeRequest = {
@@ -20147,6 +20289,8 @@
20147
20289
  // Preflight request
20148
20290
  const correlationId = this.getRequestCorrelationId(request);
20149
20291
  this.logger.verbose("acquireTokenRedirect called", correlationId);
20292
+ redirectPreflightCheck(this.initialized, this.config);
20293
+ this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
20150
20294
  const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
20151
20295
  atrMeasurement.add({
20152
20296
  scenarioId: request.scenarioId,
@@ -20164,9 +20308,7 @@
20164
20308
  return navigate;
20165
20309
  };
20166
20310
  try {
20167
- redirectPreflightCheck(this.initialized, this.config);
20168
20311
  enforceResourceParameter(this.config.auth.isMcp, request);
20169
- this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
20170
20312
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Redirect, request);
20171
20313
  let result;
20172
20314
  if (this.platformAuthProvider &&