@azure/msal-browser 5.12.0 → 5.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (245) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +89 -16
  11. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  12. package/dist/cache/CacheHelpers.mjs +1 -1
  13. package/dist/cache/CacheKeys.mjs +1 -1
  14. package/dist/cache/CookieStorage.mjs +1 -1
  15. package/dist/cache/DatabaseStorage.mjs +1 -1
  16. package/dist/cache/EncryptedData.mjs +1 -1
  17. package/dist/cache/LocalStorage.mjs +1 -1
  18. package/dist/cache/MemoryStorage.mjs +1 -1
  19. package/dist/cache/SessionStorage.mjs +1 -1
  20. package/dist/cache/TokenCache.mjs +1 -1
  21. package/dist/config/Configuration.mjs +2 -1
  22. package/dist/config/Configuration.mjs.map +1 -1
  23. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  24. package/dist/controllers/StandardController.mjs +3 -3
  25. package/dist/controllers/StandardController.mjs.map +1 -1
  26. package/dist/crypto/BrowserCrypto.mjs +1 -1
  27. package/dist/crypto/CryptoOps.mjs +1 -1
  28. package/dist/crypto/PkceGenerator.mjs +1 -1
  29. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  30. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  31. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  32. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  33. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  34. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  50. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  51. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  52. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  53. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  54. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  55. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  57. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  58. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  59. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  60. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  61. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  62. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  63. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  64. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  66. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  72. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  83. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  84. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  85. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  86. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  87. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  90. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  91. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  92. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  93. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  94. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  95. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  96. package/dist/custom_auth/index.mjs +1 -1
  97. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  98. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  103. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  104. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  105. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  108. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  109. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  116. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  121. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  122. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  123. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  130. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  135. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  136. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  137. package/dist/encode/Base64Decode.mjs +1 -1
  138. package/dist/encode/Base64Encode.mjs +1 -1
  139. package/dist/error/BrowserAuthError.mjs +1 -1
  140. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  141. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  142. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  143. package/dist/error/NativeAuthError.mjs +1 -1
  144. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  145. package/dist/error/NestedAppAuthError.mjs +1 -1
  146. package/dist/event/EventHandler.mjs +1 -1
  147. package/dist/event/EventMessage.mjs +1 -1
  148. package/dist/event/EventType.mjs +1 -1
  149. package/dist/index.mjs +1 -1
  150. package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
  151. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  152. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  153. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -4
  154. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  155. package/dist/interaction_client/PopupClient.mjs +4 -4
  156. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  157. package/dist/interaction_client/RedirectClient.mjs +12 -9
  158. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  159. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  160. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  161. package/dist/interaction_client/SilentCacheClient.mjs +2 -2
  162. package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
  163. package/dist/interaction_client/SilentIframeClient.mjs +41 -19
  164. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  165. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  166. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  167. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  168. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  169. package/dist/interaction_handler/SilentHandler.mjs +12 -26
  170. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  171. package/dist/log-strings-mapping.json +1199 -1195
  172. package/dist/naa/BridgeError.mjs +1 -1
  173. package/dist/naa/BridgeProxy.mjs +1 -1
  174. package/dist/naa/BridgeStatusCode.mjs +1 -1
  175. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  176. package/dist/navigation/NavigationClient.mjs +1 -1
  177. package/dist/network/FetchClient.mjs +1 -1
  178. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  180. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  181. package/dist/packageMetadata.mjs +2 -2
  182. package/dist/protocol/Authorize.mjs +1 -1
  183. package/dist/redirect_bridge/index.mjs +1 -1
  184. package/dist/request/RequestHelpers.mjs +1 -1
  185. package/dist/response/ResponseHandler.mjs +1 -1
  186. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  187. package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
  188. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  189. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  190. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  191. package/dist/utils/BrowserConstants.mjs +1 -1
  192. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  193. package/dist/utils/BrowserUtils.mjs +1 -1
  194. package/dist/utils/Helpers.mjs +1 -1
  195. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  196. package/lib/custom-auth-path/log-strings-mapping.json +7 -3
  197. package/lib/custom-auth-path/msal-custom-auth.cjs +343 -201
  198. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  199. package/lib/custom-auth-path/msal-custom-auth.js +343 -201
  200. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  201. package/lib/log-strings-mapping.json +7 -3
  202. package/lib/msal-browser.cjs +359 -204
  203. package/lib/msal-browser.cjs.map +1 -1
  204. package/lib/msal-browser.js +359 -204
  205. package/lib/msal-browser.js.map +1 -1
  206. package/lib/msal-browser.min.js +2 -2
  207. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  208. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  209. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  210. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  211. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  212. package/package.json +2 -2
  213. package/src/cache/BrowserCacheManager.ts +141 -34
  214. package/src/config/Configuration.ts +6 -0
  215. package/src/controllers/StandardController.ts +6 -6
  216. package/src/interaction_client/BaseInteractionClient.ts +12 -1
  217. package/src/interaction_client/PlatformAuthInteractionClient.ts +9 -3
  218. package/src/interaction_client/PopupClient.ts +9 -3
  219. package/src/interaction_client/RedirectClient.ts +27 -8
  220. package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
  221. package/src/interaction_client/SilentCacheClient.ts +3 -1
  222. package/src/interaction_client/SilentIframeClient.ts +94 -58
  223. package/src/interaction_client/SilentRefreshClient.ts +3 -1
  224. package/src/interaction_handler/SilentHandler.ts +11 -32
  225. package/src/packageMetadata.ts +1 -1
  226. package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
  227. package/types/cache/BrowserCacheManager.d.ts +18 -1
  228. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  229. package/types/config/Configuration.d.ts +5 -0
  230. package/types/config/Configuration.d.ts.map +1 -1
  231. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  232. package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
  233. package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  234. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  235. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  236. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  237. package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  238. package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
  239. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  240. package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  241. package/types/interaction_handler/SilentHandler.d.ts +13 -6
  242. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  243. package/types/packageMetadata.d.ts +1 -1
  244. package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
  245. package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.12.0 2026-06-05 */
1
+ /*! @azure/msal-browser v5.13.0 2026-06-10 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.7.0 2026-06-05 */
237
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
286
  const RESOURCE = "resource";
287
287
  const CLI_DATA = "clidata";
288
288
 
289
- /*! @azure/msal-common v16.7.0 2026-06-05 */
289
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
290
290
  /*
291
291
  * Copyright (c) Microsoft Corporation. All rights reserved.
292
292
  * Licensed under the MIT License.
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
317
317
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
318
318
  }
319
319
 
320
- /*! @azure/msal-common v16.7.0 2026-06-05 */
320
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
321
321
 
322
322
  /*
323
323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
337
337
  return new ClientConfigurationError(errorCode);
338
338
  }
339
339
 
340
- /*! @azure/msal-common v16.7.0 2026-06-05 */
340
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
341
341
  /*
342
342
  * Copyright (c) Microsoft Corporation. All rights reserved.
343
343
  * Licensed under the MIT License.
@@ -417,7 +417,7 @@ class StringUtils {
417
417
  }
418
418
  }
419
419
 
420
- /*! @azure/msal-common v16.7.0 2026-06-05 */
420
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
421
421
 
422
422
  /*
423
423
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
440
440
  return new ClientAuthError(errorCode, additionalMessage);
441
441
  }
442
442
 
443
- /*! @azure/msal-common v16.7.0 2026-06-05 */
443
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
444
444
  /*
445
445
  * Copyright (c) Microsoft Corporation. All rights reserved.
446
446
  * Licensed under the MIT License.
@@ -498,7 +498,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
498
498
  urlParseError: urlParseError
499
499
  });
500
500
 
501
- /*! @azure/msal-common v16.7.0 2026-06-05 */
501
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
502
502
  /*
503
503
  * Copyright (c) Microsoft Corporation. All rights reserved.
504
504
  * Licensed under the MIT License.
@@ -586,7 +586,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
586
586
  userCanceled: userCanceled
587
587
  });
588
588
 
589
- /*! @azure/msal-common v16.7.0 2026-06-05 */
589
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
590
590
 
591
591
  /*
592
592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -781,7 +781,7 @@ class ScopeSet {
781
781
  }
782
782
  }
783
783
 
784
- /*! @azure/msal-common v16.7.0 2026-06-05 */
784
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
785
785
 
786
786
  /*
787
787
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1130,8 +1130,14 @@ function addSshJwk(parameters, sshJwkString) {
1130
1130
  * @param serverTelemetryManager
1131
1131
  */
1132
1132
  function addServerTelemetry(parameters, serverTelemetryManager) {
1133
- parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
1134
- parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
1133
+ const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
1134
+ const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
1135
+ if (currentTelemetryHeader) {
1136
+ parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
1137
+ }
1138
+ if (lastTelemetryHeader) {
1139
+ parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
1140
+ }
1135
1141
  }
1136
1142
  /**
1137
1143
  * Adds parameter that indicates to the server that throttling is supported
@@ -1170,34 +1176,12 @@ function addResource(parameters, resource) {
1170
1176
  }
1171
1177
  }
1172
1178
 
1173
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1179
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1174
1180
 
1175
1181
  /*
1176
1182
  * Copyright (c) Microsoft Corporation. All rights reserved.
1177
1183
  * Licensed under the MIT License.
1178
1184
  */
1179
- /**
1180
- * Canonicalizes a URL by making it lowercase and ensuring it ends with /
1181
- * Inlined version of UrlString.canonicalizeUri to avoid circular dependency
1182
- * @param url - URL to canonicalize
1183
- * @returns Canonicalized URL
1184
- */
1185
- function canonicalizeUrl(url) {
1186
- if (!url) {
1187
- return url;
1188
- }
1189
- let lowerCaseUrl = url.toLowerCase();
1190
- if (StringUtils.endsWith(lowerCaseUrl, "?")) {
1191
- lowerCaseUrl = lowerCaseUrl.slice(0, -1);
1192
- }
1193
- else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
1194
- lowerCaseUrl = lowerCaseUrl.slice(0, -2);
1195
- }
1196
- if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
1197
- lowerCaseUrl += "/";
1198
- }
1199
- return lowerCaseUrl;
1200
- }
1201
1185
  /**
1202
1186
  * Parses hash string from given string. Returns empty string if no hash symbol is found.
1203
1187
  * @param hashString
@@ -1250,36 +1234,71 @@ function mapToQueryString(parameters) {
1250
1234
  return queryParameterArray.join("&");
1251
1235
  }
1252
1236
  /**
1253
- * Normalizes URLs for comparison by removing hash, canonicalizing,
1254
- * and ensuring consistent URL encoding in query parameters.
1255
- * This fixes redirect loops when URLs contain encoded characters like apostrophes (%27).
1237
+ * Normalizes URLs for comparison per MDN & RFC 3986 standards:
1238
+ * - Hash/fragment is removed
1239
+ * - Scheme and host are lowercased (case-insensitive per spec)
1240
+ * - Path and query parameters preserve original casing (case-sensitive per spec)
1241
+ * - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
1242
+ * - Ensures pathname ends with /
1243
+ * Throws a urlParseError if the provided URL is malformed and cannot be parsed.
1256
1244
  * @param url - URL to normalize
1245
+ * @param logger - Optional logger used to log parse failures
1246
+ * @param correlationId - Optional correlationId associated with the log entry
1257
1247
  * @returns Normalized URL string for comparison
1258
1248
  */
1259
- function normalizeUrlForComparison(url) {
1249
+ function normalizeUrlForComparison(url, logger, correlationId) {
1260
1250
  if (!url) {
1261
1251
  return url;
1262
1252
  }
1263
- // Remove hash first
1264
1253
  const urlWithoutHash = url.split("#")[0];
1254
+ if (!urlWithoutHash) {
1255
+ return urlWithoutHash;
1256
+ }
1265
1257
  try {
1266
- // Parse the URL to handle encoding consistently
1267
1258
  const urlObj = new URL(urlWithoutHash);
1268
- /*
1269
- * Reconstruct the URL with properly decoded query parameters
1270
- * This ensures that %27 and ' are treated as equivalent
1271
- */
1272
- const normalizedUrl = urlObj.origin + urlObj.pathname + urlObj.search;
1273
- // Apply canonicalization logic inline to avoid circular dependency
1274
- return canonicalizeUrl(normalizedUrl);
1259
+ // Treat an empty query string (a bare trailing "?") as equivalent to no query
1260
+ if (!urlObj.search) {
1261
+ urlObj.search = "";
1262
+ }
1263
+ // Decode the pathname to normalize percent-encoding and ensure trailing slash
1264
+ let pathname;
1265
+ try {
1266
+ pathname = decodeURIComponent(urlObj.pathname);
1267
+ }
1268
+ catch (e) {
1269
+ pathname = urlObj.pathname;
1270
+ }
1271
+ if (!pathname.endsWith("/")) {
1272
+ pathname += "/";
1273
+ }
1274
+ urlObj.pathname = pathname;
1275
+ return urlObj.href;
1276
+ }
1277
+ catch (e) {
1278
+ logger?.error("15apdm", correlationId || "");
1279
+ throw createClientConfigurationError(urlParseError);
1280
+ }
1281
+ }
1282
+ /**
1283
+ * Validates that the provided value is a well-formed, parseable absolute URL.
1284
+ * Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
1285
+ * literal string "null", an empty string, or any malformed/relative URL). Use this
1286
+ * to guard against persisting an invalid value (such as a redirect URL) to the cache.
1287
+ * @param url - URL to validate
1288
+ * @param logger - Optional logger used to log validation failures
1289
+ * @param correlationId - Optional correlationId associated with the log entry
1290
+ */
1291
+ function validateUrl(url, logger, correlationId) {
1292
+ try {
1293
+ new URL(url);
1275
1294
  }
1276
1295
  catch (e) {
1277
- // Fallback to original logic if URL parsing fails
1278
- return canonicalizeUrl(urlWithoutHash);
1296
+ logger?.error("1lrjz7", correlationId || "");
1297
+ throw createClientConfigurationError(urlParseError);
1279
1298
  }
1280
1299
  }
1281
1300
 
1282
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1301
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1283
1302
 
1284
1303
  /*
1285
1304
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1318,7 +1337,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1318
1337
  },
1319
1338
  };
1320
1339
 
1321
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1340
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1322
1341
  /*
1323
1342
  * Copyright (c) Microsoft Corporation. All rights reserved.
1324
1343
  * Licensed under the MIT License.
@@ -1366,7 +1385,7 @@ function addLogToCache(correlationId, loggedMessage) {
1366
1385
  // Remove LRU (first entry) if capacity exceeded
1367
1386
  if (correlationCache.size > CACHE_CAPACITY) {
1368
1387
  const firstKey = correlationCache.keys().next().value;
1369
- if (firstKey) {
1388
+ if (firstKey !== undefined) {
1370
1389
  correlationCache.delete(firstKey);
1371
1390
  }
1372
1391
  }
@@ -1593,12 +1612,12 @@ class Logger {
1593
1612
  }
1594
1613
  }
1595
1614
 
1596
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1615
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1597
1616
  /* eslint-disable header/header */
1598
1617
  const name$1 = "@azure/msal-common";
1599
- const version$1 = "16.7.0";
1618
+ const version$1 = "16.8.0";
1600
1619
 
1601
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1620
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1602
1621
  /*
1603
1622
  * Copyright (c) Microsoft Corporation. All rights reserved.
1604
1623
  * Licensed under the MIT License.
@@ -1618,7 +1637,7 @@ const AzureCloudInstance = {
1618
1637
  AzureUsGovernment: "https://login.microsoftonline.us",
1619
1638
  };
1620
1639
 
1621
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1640
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1622
1641
  /*
1623
1642
  * Copyright (c) Microsoft Corporation. All rights reserved.
1624
1643
  * Licensed under the MIT License.
@@ -1701,7 +1720,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1701
1720
  return updatedAccountInfo;
1702
1721
  }
1703
1722
 
1704
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1723
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1705
1724
 
1706
1725
  /*
1707
1726
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1781,7 +1800,7 @@ function checkMaxAge(authTime, maxAge) {
1781
1800
  }
1782
1801
  }
1783
1802
 
1784
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1803
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1785
1804
 
1786
1805
  /*
1787
1806
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1938,7 +1957,7 @@ class UrlString {
1938
1957
  }
1939
1958
  }
1940
1959
 
1941
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1960
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1942
1961
 
1943
1962
  /*
1944
1963
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2104,7 +2123,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2104
2123
  return null;
2105
2124
  }
2106
2125
 
2107
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2126
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2108
2127
  /*
2109
2128
  * Copyright (c) Microsoft Corporation. All rights reserved.
2110
2129
  * Licensed under the MIT License.
@@ -2112,7 +2131,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2112
2131
  const cacheQuotaExceeded = "cache_quota_exceeded";
2113
2132
  const cacheErrorUnknown = "cache_error_unknown";
2114
2133
 
2115
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2134
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2116
2135
 
2117
2136
  /*
2118
2137
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2150,7 +2169,7 @@ function createCacheError(e) {
2150
2169
  }
2151
2170
  }
2152
2171
 
2153
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2172
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2154
2173
 
2155
2174
  /*
2156
2175
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2188,7 +2207,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2188
2207
  };
2189
2208
  }
2190
2209
 
2191
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2210
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2192
2211
  /*
2193
2212
  * Copyright (c) Microsoft Corporation. All rights reserved.
2194
2213
  * Licensed under the MIT License.
@@ -2203,7 +2222,7 @@ const AuthorityType = {
2203
2222
  Ciam: 3,
2204
2223
  };
2205
2224
 
2206
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2225
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2207
2226
  /*
2208
2227
  * Copyright (c) Microsoft Corporation. All rights reserved.
2209
2228
  * Licensed under the MIT License.
@@ -2225,7 +2244,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2225
2244
  return null;
2226
2245
  }
2227
2246
 
2228
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2247
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2229
2248
  /*
2230
2249
  * Copyright (c) Microsoft Corporation. All rights reserved.
2231
2250
  * Licensed under the MIT License.
@@ -2249,7 +2268,7 @@ const ProtocolMode = {
2249
2268
  EAR: "EAR",
2250
2269
  };
2251
2270
 
2252
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2271
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2253
2272
  /**
2254
2273
  * Returns the AccountInfo interface for this account.
2255
2274
  */
@@ -2424,7 +2443,7 @@ function isAccountEntity(entity) {
2424
2443
  entity.hasOwnProperty("authorityType"));
2425
2444
  }
2426
2445
 
2427
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2446
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2428
2447
 
2429
2448
  /*
2430
2449
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3556,7 +3575,7 @@ class DefaultStorageClass extends CacheManager {
3556
3575
  }
3557
3576
  }
3558
3577
 
3559
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3578
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3560
3579
  /*
3561
3580
  * Copyright (c) Microsoft Corporation. All rights reserved.
3562
3581
  * Licensed under the MIT License.
@@ -3599,7 +3618,20 @@ const IntFields = new Set([
3599
3618
  "currAccessCount",
3600
3619
  "currIdCount",
3601
3620
  "currRefreshCount",
3602
- "expiredCacheRemovedCount",
3621
+ "ttlExpiredAcntCount",
3622
+ "ttlExpiredITCount",
3623
+ "ttlExpiredATCount",
3624
+ "ttlExpiredRTCount",
3625
+ "decryptFailedAcntCount",
3626
+ "decryptFailedITCount",
3627
+ "decryptFailedATCount",
3628
+ "decryptFailedRTCount",
3629
+ "invalidAcntCount",
3630
+ "invalidITCount",
3631
+ "invalidATCount",
3632
+ "invalidRTCount",
3633
+ "expiredATCount",
3634
+ "expiredRTCount",
3603
3635
  "upgradedCacheCount",
3604
3636
  "cacheMatchedAccounts",
3605
3637
  "networkRtt",
@@ -3607,7 +3639,7 @@ const IntFields = new Set([
3607
3639
  "redirectBridgeMessageVersion",
3608
3640
  ]);
3609
3641
 
3610
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3642
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3611
3643
 
3612
3644
  /*
3613
3645
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3662,7 +3694,7 @@ class StubPerformanceClient {
3662
3694
  }
3663
3695
  }
3664
3696
 
3665
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3697
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3666
3698
 
3667
3699
  /*
3668
3700
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3757,7 +3789,7 @@ function isOidcProtocolMode(config) {
3757
3789
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3758
3790
  }
3759
3791
 
3760
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3792
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3761
3793
  /*
3762
3794
  * Copyright (c) Microsoft Corporation. All rights reserved.
3763
3795
  * Licensed under the MIT License.
@@ -3784,7 +3816,7 @@ function isOidcProtocolMode(config) {
3784
3816
  }
3785
3817
  }
3786
3818
 
3787
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3819
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3788
3820
  /*
3789
3821
  * Copyright (c) Microsoft Corporation. All rights reserved.
3790
3822
  * Licensed under the MIT License.
@@ -3849,7 +3881,7 @@ function wasClockTurnedBack(cachedAt) {
3849
3881
  return cachedAtSec > nowSeconds();
3850
3882
  }
3851
3883
 
3852
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3884
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3853
3885
 
3854
3886
  /*
3855
3887
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4108,7 +4140,7 @@ function isAuthorityMetadataExpired(metadata) {
4108
4140
  return metadata.expiresAt <= nowSeconds();
4109
4141
  }
4110
4142
 
4111
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4143
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4112
4144
  /*
4113
4145
  * Copyright (c) Microsoft Corporation. All rights reserved.
4114
4146
  * Licensed under the MIT License.
@@ -4179,7 +4211,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4179
4211
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4180
4212
  const SetUserData = "setUserData";
4181
4213
 
4182
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4214
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4183
4215
  /*
4184
4216
  * Copyright (c) Microsoft Corporation. All rights reserved.
4185
4217
  * Licensed under the MIT License.
@@ -4272,7 +4304,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4272
4304
  };
4273
4305
  };
4274
4306
 
4275
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4307
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4276
4308
 
4277
4309
  /*
4278
4310
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4352,7 +4384,7 @@ class PopTokenGenerator {
4352
4384
  }
4353
4385
  }
4354
4386
 
4355
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4387
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4356
4388
  /*
4357
4389
  * Copyright (c) Microsoft Corporation. All rights reserved.
4358
4390
  * Licensed under the MIT License.
@@ -4416,7 +4448,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
4416
4448
  uiNotAllowed: uiNotAllowed
4417
4449
  });
4418
4450
 
4419
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4451
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4420
4452
 
4421
4453
  /*
4422
4454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4484,7 +4516,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4484
4516
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4485
4517
  }
4486
4518
 
4487
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4519
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4488
4520
 
4489
4521
  /*
4490
4522
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4503,7 +4535,7 @@ class ServerError extends AuthError {
4503
4535
  }
4504
4536
  }
4505
4537
 
4506
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4538
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4507
4539
 
4508
4540
  /*
4509
4541
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4571,7 +4603,7 @@ function parseRequestState(base64Decode, state) {
4571
4603
  }
4572
4604
  }
4573
4605
 
4574
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4606
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4575
4607
 
4576
4608
  /*
4577
4609
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4919,7 +4951,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4919
4951
  return baseAccount;
4920
4952
  }
4921
4953
 
4922
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4954
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4923
4955
  /*
4924
4956
  * Copyright (c) Microsoft Corporation. All rights reserved.
4925
4957
  * Licensed under the MIT License.
@@ -4929,7 +4961,7 @@ const CcsCredentialType = {
4929
4961
  UPN: "UPN",
4930
4962
  };
4931
4963
 
4932
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4964
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4933
4965
  /*
4934
4966
  * Copyright (c) Microsoft Corporation. All rights reserved.
4935
4967
  * Licensed under the MIT License.
@@ -4947,7 +4979,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4947
4979
  }
4948
4980
  }
4949
4981
 
4950
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4982
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4951
4983
  /*
4952
4984
  * Copyright (c) Microsoft Corporation. All rights reserved.
4953
4985
  * Licensed under the MIT License.
@@ -4968,7 +5000,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4968
5000
  };
4969
5001
  }
4970
5002
 
4971
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5003
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4972
5004
 
4973
5005
  /*
4974
5006
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5054,7 +5086,7 @@ class ThrottlingUtils {
5054
5086
  }
5055
5087
  }
5056
5088
 
5057
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5089
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5058
5090
 
5059
5091
  /*
5060
5092
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5085,7 +5117,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5085
5117
  return new NetworkError(error, httpStatus, responseHeaders);
5086
5118
  }
5087
5119
 
5088
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5120
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5089
5121
 
5090
5122
  /*
5091
5123
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5199,7 +5231,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5199
5231
  return response;
5200
5232
  }
5201
5233
 
5202
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5234
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5203
5235
  /*
5204
5236
  * Copyright (c) Microsoft Corporation. All rights reserved.
5205
5237
  * Licensed under the MIT License.
@@ -5211,7 +5243,7 @@ function isOpenIdConfigResponse(response) {
5211
5243
  response.hasOwnProperty("jwks_uri"));
5212
5244
  }
5213
5245
 
5214
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5246
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5215
5247
  /*
5216
5248
  * Copyright (c) Microsoft Corporation. All rights reserved.
5217
5249
  * Licensed under the MIT License.
@@ -5221,7 +5253,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5221
5253
  response.hasOwnProperty("metadata"));
5222
5254
  }
5223
5255
 
5224
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5256
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5225
5257
  /*
5226
5258
  * Copyright (c) Microsoft Corporation. All rights reserved.
5227
5259
  * Licensed under the MIT License.
@@ -5231,7 +5263,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5231
5263
  response.hasOwnProperty("error_description"));
5232
5264
  }
5233
5265
 
5234
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5266
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5235
5267
 
5236
5268
  /*
5237
5269
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5336,7 +5368,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5336
5368
  },
5337
5369
  };
5338
5370
 
5339
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5371
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5340
5372
 
5341
5373
  /*
5342
5374
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6304,7 +6336,7 @@ function buildStaticAuthorityOptions(authOptions) {
6304
6336
  };
6305
6337
  }
6306
6338
 
6307
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6339
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6308
6340
 
6309
6341
  /*
6310
6342
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6338,7 +6370,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6338
6370
  }
6339
6371
  }
6340
6372
 
6341
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6373
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6342
6374
 
6343
6375
  /*
6344
6376
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6595,7 +6627,7 @@ class AuthorizationCodeClient {
6595
6627
  }
6596
6628
  }
6597
6629
 
6598
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6630
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6599
6631
 
6600
6632
  /*
6601
6633
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6816,7 +6848,7 @@ class RefreshTokenClient {
6816
6848
  }
6817
6849
  }
6818
6850
 
6819
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6851
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6820
6852
 
6821
6853
  /*
6822
6854
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6932,7 +6964,7 @@ class SilentFlowClient {
6932
6964
  }
6933
6965
  }
6934
6966
 
6935
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6967
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6936
6968
 
6937
6969
  /*
6938
6970
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6947,7 +6979,7 @@ const StubbedNetworkModule = {
6947
6979
  },
6948
6980
  };
6949
6981
 
6950
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6982
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6951
6983
 
6952
6984
  /*
6953
6985
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7170,7 +7202,7 @@ function extractLoginHint(account) {
7170
7202
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7171
7203
  }
7172
7204
 
7173
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7205
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7174
7206
 
7175
7207
  /*
7176
7208
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7203,7 +7235,7 @@ function containsResourceParam(params) {
7203
7235
  return Object.prototype.hasOwnProperty.call(params, "resource");
7204
7236
  }
7205
7237
 
7206
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7238
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7207
7239
 
7208
7240
  /*
7209
7241
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7261,7 +7293,7 @@ class AuthenticationHeaderParser {
7261
7293
  }
7262
7294
  }
7263
7295
 
7264
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7296
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7265
7297
  /*
7266
7298
  * Copyright (c) Microsoft Corporation. All rights reserved.
7267
7299
  * Licensed under the MIT License.
@@ -7278,7 +7310,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7278
7310
  unexpectedError: unexpectedError
7279
7311
  });
7280
7312
 
7281
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7313
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7282
7314
 
7283
7315
  /*
7284
7316
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7389,35 +7421,40 @@ class ServerTelemetryManager {
7389
7421
  * @param error
7390
7422
  */
7391
7423
  cacheFailedRequest(error) {
7392
- const lastRequests = this.getLastRequests();
7393
- if (lastRequests.errors.length >=
7394
- SERVER_TELEM_MAX_CACHED_ERRORS) {
7395
- // Remove a cached error to make room, first in first out
7396
- lastRequests.failedRequests.shift(); // apiId
7397
- lastRequests.failedRequests.shift(); // correlationId
7398
- lastRequests.errors.shift();
7399
- }
7400
- lastRequests.failedRequests.push(this.apiId, this.correlationId);
7401
- if (error instanceof Error && !!error && error.toString()) {
7402
- if (error instanceof AuthError) {
7403
- if (error.subError) {
7404
- lastRequests.errors.push(error.subError);
7405
- }
7406
- else if (error.errorCode) {
7407
- lastRequests.errors.push(error.errorCode);
7424
+ try {
7425
+ const lastRequests = this.getLastRequests();
7426
+ if (lastRequests.errors.length >=
7427
+ SERVER_TELEM_MAX_CACHED_ERRORS) {
7428
+ // Remove a cached error to make room, first in first out
7429
+ lastRequests.failedRequests.shift(); // apiId
7430
+ lastRequests.failedRequests.shift(); // correlationId
7431
+ lastRequests.errors.shift();
7432
+ }
7433
+ lastRequests.failedRequests.push(this.apiId, this.correlationId);
7434
+ if (error instanceof Error && !!error && error.toString()) {
7435
+ if (error instanceof AuthError) {
7436
+ if (error.subError) {
7437
+ lastRequests.errors.push(error.subError);
7438
+ }
7439
+ else if (error.errorCode) {
7440
+ lastRequests.errors.push(error.errorCode);
7441
+ }
7442
+ else {
7443
+ lastRequests.errors.push(error.toString());
7444
+ }
7408
7445
  }
7409
7446
  else {
7410
7447
  lastRequests.errors.push(error.toString());
7411
7448
  }
7412
7449
  }
7413
7450
  else {
7414
- lastRequests.errors.push(error.toString());
7451
+ lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7415
7452
  }
7453
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7416
7454
  }
7417
- else {
7418
- lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7455
+ catch {
7456
+ // Ignore telemetry cache failures to avoid masking the original auth error path.
7419
7457
  }
7420
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7421
7458
  return;
7422
7459
  }
7423
7460
  /**
@@ -7537,9 +7574,36 @@ class ServerTelemetryManager {
7537
7574
  static makeExtraSkuString(params) {
7538
7575
  return makeExtraSkuString(params);
7539
7576
  }
7577
+ }
7578
+ /** @internal */
7579
+ class StubServerTelemetryManager extends ServerTelemetryManager {
7580
+ constructor() {
7581
+ super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
7582
+ }
7583
+ generateCurrentRequestHeaderValue() {
7584
+ return "";
7585
+ }
7586
+ generateLastRequestHeaderValue() {
7587
+ return "";
7588
+ }
7589
+ cacheFailedRequest() { }
7590
+ incrementCacheHits() {
7591
+ return 0;
7592
+ }
7593
+ clearTelemetryCache() { }
7594
+ getRegionDiscoveryFields() {
7595
+ return "";
7596
+ }
7597
+ updateRegionDiscoveryMetadata() { }
7598
+ setCacheOutcome() { }
7599
+ setNativeBrokerErrorCode() { }
7600
+ getNativeBrokerErrorCode() {
7601
+ return undefined;
7602
+ }
7603
+ clearNativeBrokerErrorCode() { }
7540
7604
  }
7541
7605
 
7542
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7606
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7543
7607
 
7544
7608
  /*
7545
7609
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7560,7 +7624,7 @@ function createJoseHeaderError(code) {
7560
7624
  return new JoseHeaderError(code);
7561
7625
  }
7562
7626
 
7563
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7627
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7564
7628
  /*
7565
7629
  * Copyright (c) Microsoft Corporation. All rights reserved.
7566
7630
  * Licensed under the MIT License.
@@ -7568,7 +7632,7 @@ function createJoseHeaderError(code) {
7568
7632
  const missingKidError = "missing_kid_error";
7569
7633
  const missingAlgError = "missing_alg_error";
7570
7634
 
7571
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7635
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7572
7636
 
7573
7637
  /*
7574
7638
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7608,7 +7672,7 @@ class JoseHeader {
7608
7672
  }
7609
7673
  }
7610
7674
 
7611
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7675
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7612
7676
 
7613
7677
  /*
7614
7678
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8221,7 +8285,6 @@ const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
8221
8285
  */
8222
8286
  const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
8223
8287
  const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
8224
- const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
8225
8288
  /**
8226
8289
  * Helper functions in StandardInteractionClient class (msal-browser)
8227
8290
  */
@@ -10556,7 +10619,7 @@ const EventType = {
10556
10619
 
10557
10620
  /* eslint-disable header/header */
10558
10621
  const name = "@azure/msal-browser";
10559
- const version = "5.12.0";
10622
+ const version = "5.13.0";
10560
10623
 
10561
10624
  /*
10562
10625
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10578,6 +10641,15 @@ function removeElementFromArray(array, element) {
10578
10641
  * Copyright (c) Microsoft Corporation. All rights reserved.
10579
10642
  * Licensed under the MIT License.
10580
10643
  */
10644
+ /**
10645
+ * Reason an old-schema cache entry was removed during migration.
10646
+ */
10647
+ const MigrationRemovalReason = {
10648
+ Invalid: "invalid",
10649
+ TtlExpired: "ttlExpired",
10650
+ DecryptFailed: "decryptFailed",
10651
+ Expired: "expired",
10652
+ };
10581
10653
  /**
10582
10654
  * This class implements the cache storage interface for MSAL through browser local or session storage.
10583
10655
  */
@@ -10647,7 +10719,10 @@ class BrowserCacheManager extends CacheManager {
10647
10719
  const parsedValue = this.validateAndParseJson(rawValue || "");
10648
10720
  if (!parsedValue) {
10649
10721
  this.browserStorage.removeItem(key);
10650
- return null;
10722
+ return {
10723
+ entry: null,
10724
+ removalReason: MigrationRemovalReason.Invalid,
10725
+ };
10651
10726
  }
10652
10727
  if (!parsedValue.lastUpdatedAt) {
10653
10728
  // Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
@@ -10656,26 +10731,42 @@ class BrowserCacheManager extends CacheManager {
10656
10731
  }
10657
10732
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
10658
10733
  this.browserStorage.removeItem(key);
10659
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
10660
- return null;
10734
+ return {
10735
+ entry: null,
10736
+ removalReason: MigrationRemovalReason.TtlExpired,
10737
+ };
10661
10738
  }
10662
- const decryptedData = isEncrypted(parsedValue)
10739
+ const wasEncrypted = isEncrypted(parsedValue);
10740
+ const decryptedData = wasEncrypted
10663
10741
  ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
10664
10742
  : parsedValue;
10665
- if (!decryptedData || !isCredentialEntity(decryptedData)) {
10743
+ if (!decryptedData) {
10666
10744
  this.browserStorage.removeItem(key);
10667
- this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
10668
- return null;
10745
+ return {
10746
+ entry: null,
10747
+ removalReason: wasEncrypted
10748
+ ? MigrationRemovalReason.DecryptFailed
10749
+ : MigrationRemovalReason.Invalid,
10750
+ };
10751
+ }
10752
+ if (!isCredentialEntity(decryptedData)) {
10753
+ this.browserStorage.removeItem(key);
10754
+ return {
10755
+ entry: null,
10756
+ removalReason: MigrationRemovalReason.Invalid,
10757
+ };
10669
10758
  }
10670
10759
  if ((isAccessTokenEntity(decryptedData) ||
10671
10760
  isRefreshTokenEntity(decryptedData)) &&
10672
10761
  decryptedData.expiresOn &&
10673
10762
  isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
10674
10763
  this.browserStorage.removeItem(key);
10675
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
10676
- return null;
10764
+ return {
10765
+ entry: null,
10766
+ removalReason: MigrationRemovalReason.Expired,
10767
+ };
10677
10768
  }
10678
- return decryptedData;
10769
+ return { entry: decryptedData };
10679
10770
  }
10680
10771
  /**
10681
10772
  * Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
@@ -10695,6 +10786,7 @@ class BrowserCacheManager extends CacheManager {
10695
10786
  const parsedValue = this.validateAndParseJson(rawValue || "");
10696
10787
  if (!parsedValue) {
10697
10788
  this.browserStorage.removeItem(accountKey);
10789
+ this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
10698
10790
  removeElementFromArray(accountKeysToCheck, accountKey);
10699
10791
  continue;
10700
10792
  }
@@ -10707,6 +10799,7 @@ class BrowserCacheManager extends CacheManager {
10707
10799
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
10708
10800
  // Cache expired remove account and associated tokens
10709
10801
  await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
10802
+ this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
10710
10803
  removeElementFromArray(accountKeysToCheck, accountKey);
10711
10804
  }
10712
10805
  else if (isEncrypted(parsedValue)) {
@@ -10714,7 +10807,9 @@ class BrowserCacheManager extends CacheManager {
10714
10807
  const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
10715
10808
  if (!decrypted) {
10716
10809
  this.browserStorage.removeItem(accountKey);
10717
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
10810
+ this.performanceClient.incrementFields({
10811
+ decryptFailedAcntCount: 1,
10812
+ }, correlationId);
10718
10813
  removeElementFromArray(accountKeysToCheck, accountKey);
10719
10814
  }
10720
10815
  }
@@ -10755,7 +10850,6 @@ class BrowserCacheManager extends CacheManager {
10755
10850
  });
10756
10851
  this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
10757
10852
  }
10758
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
10759
10853
  this.browserStorage.removeItem(accountKey);
10760
10854
  }
10761
10855
  /**
@@ -10794,8 +10888,20 @@ class BrowserCacheManager extends CacheManager {
10794
10888
  const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
10795
10889
  for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
10796
10890
  this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
10797
- const oldSchemaData = (await this.updateOldEntry(idTokenKey, correlationId));
10891
+ const result = await this.updateOldEntry(idTokenKey, correlationId);
10892
+ const oldSchemaData = result.entry;
10798
10893
  if (!oldSchemaData) {
10894
+ switch (result.removalReason) {
10895
+ case MigrationRemovalReason.TtlExpired:
10896
+ this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
10897
+ break;
10898
+ case MigrationRemovalReason.DecryptFailed:
10899
+ this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
10900
+ break;
10901
+ case MigrationRemovalReason.Invalid:
10902
+ this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
10903
+ break;
10904
+ }
10799
10905
  removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
10800
10906
  continue;
10801
10907
  }
@@ -10874,8 +10980,23 @@ class BrowserCacheManager extends CacheManager {
10874
10980
  const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
10875
10981
  for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
10876
10982
  this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
10877
- const oldSchemaData = (await this.updateOldEntry(accessTokenKey, correlationId));
10983
+ const result = await this.updateOldEntry(accessTokenKey, correlationId);
10984
+ const oldSchemaData = result.entry;
10878
10985
  if (!oldSchemaData) {
10986
+ switch (result.removalReason) {
10987
+ case MigrationRemovalReason.TtlExpired:
10988
+ this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
10989
+ break;
10990
+ case MigrationRemovalReason.DecryptFailed:
10991
+ this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
10992
+ break;
10993
+ case MigrationRemovalReason.Expired:
10994
+ this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
10995
+ break;
10996
+ case MigrationRemovalReason.Invalid:
10997
+ this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
10998
+ break;
10999
+ }
10879
11000
  removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
10880
11001
  continue;
10881
11002
  }
@@ -10921,8 +11042,23 @@ class BrowserCacheManager extends CacheManager {
10921
11042
  ...credentialKeysToMigrate.refreshToken,
10922
11043
  ]) {
10923
11044
  this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
10924
- const oldSchemaData = (await this.updateOldEntry(refreshTokenKey, correlationId));
11045
+ const result = await this.updateOldEntry(refreshTokenKey, correlationId);
11046
+ const oldSchemaData = result.entry;
10925
11047
  if (!oldSchemaData) {
11048
+ switch (result.removalReason) {
11049
+ case MigrationRemovalReason.TtlExpired:
11050
+ this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
11051
+ break;
11052
+ case MigrationRemovalReason.DecryptFailed:
11053
+ this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
11054
+ break;
11055
+ case MigrationRemovalReason.Expired:
11056
+ this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
11057
+ break;
11058
+ case MigrationRemovalReason.Invalid:
11059
+ this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
11060
+ break;
11061
+ }
10926
11062
  removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
10927
11063
  continue;
10928
11064
  }
@@ -12122,10 +12258,15 @@ function getRedirectUri(requestRedirectUri, clientConfigRedirectUri, logger, cor
12122
12258
  * @param browserStorage - Browser cache manager instance for storing telemetry data
12123
12259
  * @param logger - Optional logger instance for verbose logging
12124
12260
  * @param forceRefresh - Optional flag to force refresh of telemetry data
12261
+ * @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
12125
12262
  * @returns Configured ServerTelemetryManager instance
12126
12263
  */
12127
- function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
12264
+ function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
12128
12265
  logger.verbose("1p12tq", correlationId);
12266
+ if (!enabled) {
12267
+ logger.verbose("0tajnr", correlationId);
12268
+ return new StubServerTelemetryManager();
12269
+ }
12129
12270
  const telemetryPayload = {
12130
12271
  clientId: clientId,
12131
12272
  correlationId: correlationId,
@@ -12734,7 +12875,7 @@ class SilentCacheClient extends StandardInteractionClient {
12734
12875
  */
12735
12876
  async acquireToken(silentRequest) {
12736
12877
  // Telemetry manager only used to increment cacheHits here
12737
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12878
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
12738
12879
  const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
12739
12880
  serverTelemetryManager,
12740
12881
  requestAuthority: silentRequest.authority,
@@ -12810,7 +12951,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12810
12951
  // start the perf measurement
12811
12952
  const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
12812
12953
  const reqTimestamp = nowSeconds();
12813
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12954
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
12814
12955
  try {
12815
12956
  // initialize native request
12816
12957
  const nativeRequest = await this.initializePlatformRequest(request);
@@ -12934,7 +13075,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12934
13075
  catch (e) {
12935
13076
  // Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
12936
13077
  if (e instanceof NativeAuthError) {
12937
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
13078
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
12938
13079
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
12939
13080
  if (isFatalNativeAuthError(e)) {
12940
13081
  throw e;
@@ -12981,7 +13122,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12981
13122
  this.logger.verbose("003x5a", this.correlationId);
12982
13123
  const response = await this.platformAuthProvider.sendMessage(request);
12983
13124
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
12984
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
13125
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
12985
13126
  serverTelemetryManager.clearNativeBrokerErrorCode();
12986
13127
  this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
12987
13128
  return authResult;
@@ -13988,6 +14129,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
13988
14129
  nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
13989
14130
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
13990
14131
  protocolMode: ProtocolMode.AAD,
14132
+ serverTelemetryEnabled: false,
13991
14133
  };
13992
14134
  const providedSystemOptions = {
13993
14135
  ...DEFAULT_BROWSER_SYSTEM_OPTIONS,
@@ -14646,7 +14788,7 @@ class PopupClient extends StandardInteractionClient {
14646
14788
  */
14647
14789
  async executeCodeFlow(request, popupParams, pkceCodes) {
14648
14790
  const correlationId = request.correlationId;
14649
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
14791
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
14650
14792
  const pkce = pkceCodes ||
14651
14793
  (await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
14652
14794
  const popupRequest = {
@@ -14711,7 +14853,7 @@ class PopupClient extends StandardInteractionClient {
14711
14853
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14712
14854
  if (!serverParams.ear_jwe && serverParams.code) {
14713
14855
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
14714
- serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
14856
+ serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
14715
14857
  requestAuthority: request.authority,
14716
14858
  requestAzureCloudOptions: request.azureCloudOptions,
14717
14859
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -14748,7 +14890,7 @@ class PopupClient extends StandardInteractionClient {
14748
14890
  async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
14749
14891
  this.logger.verbose("0b7yrk", this.correlationId);
14750
14892
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Popup, validRequest);
14751
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
14893
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
14752
14894
  try {
14753
14895
  // Clear cache on logout
14754
14896
  await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
@@ -15032,7 +15174,7 @@ class RedirectClient extends StandardInteractionClient {
15032
15174
  */
15033
15175
  async executeCodeFlow(request) {
15034
15176
  const correlationId = request.correlationId;
15035
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15177
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15036
15178
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
15037
15179
  const redirectRequest = {
15038
15180
  ...request,
@@ -15120,7 +15262,7 @@ class RedirectClient extends StandardInteractionClient {
15120
15262
  async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
15121
15263
  const originalTitle = document.title;
15122
15264
  document.title = "Microsoft Authentication";
15123
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15265
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15124
15266
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
15125
15267
  try {
15126
15268
  const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
@@ -15139,8 +15281,8 @@ class RedirectClient extends StandardInteractionClient {
15139
15281
  }
15140
15282
  // If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
15141
15283
  const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
15142
- const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
15143
- const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
15284
+ const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
15285
+ const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
15144
15286
  if (loginRequestUrlNormalized === currentUrlNormalized &&
15145
15287
  navigateToLoginRequestUrl) {
15146
15288
  // We are on the page we need to navigate to - handle hash
@@ -15173,8 +15315,8 @@ class RedirectClient extends StandardInteractionClient {
15173
15315
  * The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
15174
15316
  */
15175
15317
  let processHashOnRedirect = true;
15176
- if (!loginRequestUrl || loginRequestUrl === "null") {
15177
- // Redirect to home page if login request url is null (real null or the string null)
15318
+ if (!loginRequestUrl) {
15319
+ // Redirect to home page if login request url is empty
15178
15320
  const homepage = getHomepage();
15179
15321
  // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
15180
15322
  this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
@@ -15320,7 +15462,7 @@ class RedirectClient extends StandardInteractionClient {
15320
15462
  async logout(logoutRequest) {
15321
15463
  this.logger.verbose("1rkurh", this.correlationId);
15322
15464
  const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
15323
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15465
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15324
15466
  try {
15325
15467
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Redirect, logoutRequest);
15326
15468
  // Clear cache on logout
@@ -15401,7 +15543,10 @@ class RedirectClient extends StandardInteractionClient {
15401
15543
  */
15402
15544
  getRedirectStartPage(requestStartPage) {
15403
15545
  const redirectStartPage = requestStartPage || window.location.href;
15404
- return UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
15546
+ const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
15547
+ // Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
15548
+ validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
15549
+ return absoluteRedirectStartPage;
15405
15550
  }
15406
15551
  }
15407
15552
 
@@ -15410,20 +15555,20 @@ class RedirectClient extends StandardInteractionClient {
15410
15555
  * Licensed under the MIT License.
15411
15556
  */
15412
15557
  /**
15413
- * Creates a hidden iframe to given URL using user-requested scopes as an id.
15414
- * @param urlNavigate
15415
- * @param userRequestScopes
15558
+ * Navigates the given hidden iframe to the provided URL.
15559
+ * @param frame
15560
+ * @param requestUrl
15416
15561
  */
15417
- async function initiateCodeRequest(requestUrl, performanceClient, logger, correlationId) {
15562
+ async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
15418
15563
  if (!requestUrl) {
15419
15564
  // Throw error if request URL is empty.
15420
15565
  logger.info("1l7hyp", correlationId);
15421
15566
  throw createBrowserAuthError(emptyNavigateUri);
15422
15567
  }
15423
- return invoke(loadFrameSync, SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl);
15568
+ frame.src = requestUrl;
15569
+ return frame;
15424
15570
  }
15425
- async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
15426
- const frame = createHiddenIframe();
15571
+ async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
15427
15572
  if (!frame.contentDocument) {
15428
15573
  throw "No document associated with iframe!";
15429
15574
  }
@@ -15431,8 +15576,7 @@ async function initiateCodeFlowWithPost(config, authority, request, logger, perf
15431
15576
  form.submit();
15432
15577
  return frame;
15433
15578
  }
15434
- async function initiateEarRequest(config, authority, request, logger, performanceClient) {
15435
- const frame = createHiddenIframe();
15579
+ async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
15436
15580
  if (!frame.contentDocument) {
15437
15581
  throw "No document associated with iframe!";
15438
15582
  }
@@ -15442,19 +15586,8 @@ async function initiateEarRequest(config, authority, request, logger, performanc
15442
15586
  }
15443
15587
  /**
15444
15588
  * @hidden
15445
- * Loads the iframe synchronously when the navigateTimeFrame is set to `0`
15446
- * @param urlNavigate
15447
- * @param frameName
15448
- * @param logger
15449
- */
15450
- function loadFrameSync(urlNavigate) {
15451
- const frameHandle = createHiddenIframe();
15452
- frameHandle.src = urlNavigate;
15453
- return frameHandle;
15454
- }
15455
- /**
15456
- * @hidden
15457
- * Creates a new hidden iframe or gets an existing one for silent token renewal.
15589
+ * Creates a new hidden iframe for silent token renewal. Callers navigate it
15590
+ * (set `src` or submit a form) after registering the response listener.
15458
15591
  * @ignore
15459
15592
  */
15460
15593
  function createHiddenIframe() {
@@ -15533,7 +15666,7 @@ class SilentIframeClient extends StandardInteractionClient {
15533
15666
  */
15534
15667
  async executeCodeFlow(request) {
15535
15668
  let authClient;
15536
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15669
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15537
15670
  try {
15538
15671
  // Initialize the client
15539
15672
  authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
@@ -15575,11 +15708,22 @@ class SilentIframeClient extends StandardInteractionClient {
15575
15708
  earJwk: earJwk,
15576
15709
  codeChallenge: pkceCodes.challenge,
15577
15710
  };
15578
- const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15711
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
15712
+ const iframe = createHiddenIframe();
15579
15713
  const responseType = this.config.auth.OIDCOptions.responseMode;
15580
15714
  let responseString;
15581
15715
  try {
15582
- responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15716
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15717
+ responsePromise.catch(() => {
15718
+ /*
15719
+ * If navigation below throws before responsePromise is awaited,
15720
+ * the listener still rejects on timeout. Swallow it here so it
15721
+ * does not surface as an unhandled rejection; the navigation
15722
+ * error is propagated instead.
15723
+ */
15724
+ });
15725
+ await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15726
+ responseString = await responsePromise;
15583
15727
  }
15584
15728
  finally {
15585
15729
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15588,7 +15732,7 @@ class SilentIframeClient extends StandardInteractionClient {
15588
15732
  if (!serverParams.ear_jwe && serverParams.code) {
15589
15733
  // If server doesn't support EAR, they may fallback to auth code flow instead
15590
15734
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
15591
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
15735
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
15592
15736
  requestAuthority: request.authority,
15593
15737
  requestAzureCloudOptions: request.azureCloudOptions,
15594
15738
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -15615,7 +15759,7 @@ class SilentIframeClient extends StandardInteractionClient {
15615
15759
  // Create silent request
15616
15760
  const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
15617
15761
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15618
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
15762
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
15619
15763
  requestAuthority: silentRequest.authority,
15620
15764
  requestAzureCloudOptions: silentRequest.azureCloudOptions,
15621
15765
  requestExtraQueryParameters: silentRequest.extraQueryParameters,
@@ -15663,21 +15807,32 @@ class SilentIframeClient extends StandardInteractionClient {
15663
15807
  ...request,
15664
15808
  codeChallenge: pkceCodes.challenge,
15665
15809
  };
15666
- let iframe;
15667
- if (request.httpMethod === HttpMethod.POST) {
15668
- iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15669
- }
15670
- else {
15671
- // Create authorize request url
15672
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15673
- // Get the frame handle for the silent request
15674
- iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
15675
- }
15810
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
15811
+ const iframe = createHiddenIframe();
15676
15812
  const responseType = this.config.auth.OIDCOptions.responseMode;
15677
15813
  // Wait for response from the redirect bridge.
15678
15814
  let responseString;
15679
15815
  try {
15680
- responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15816
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15817
+ responsePromise.catch(() => {
15818
+ /*
15819
+ * If URL creation or navigation below throws before
15820
+ * responsePromise is awaited, the listener still rejects on
15821
+ * timeout. Swallow it here so it does not surface as an
15822
+ * unhandled rejection; the navigation error is propagated
15823
+ * instead.
15824
+ */
15825
+ });
15826
+ if (request.httpMethod === HttpMethod.POST) {
15827
+ await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15828
+ }
15829
+ else {
15830
+ // Create authorize request url
15831
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15832
+ // Navigate the iframe to the authorize request url
15833
+ await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
15834
+ }
15835
+ responseString = await responsePromise;
15681
15836
  }
15682
15837
  finally {
15683
15838
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15712,7 +15867,7 @@ class SilentRefreshClient extends StandardInteractionClient {
15712
15867
  // Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
15713
15868
  silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
15714
15869
  }
15715
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15870
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15716
15871
  const refreshTokenClient = await this.createRefreshTokenClient({
15717
15872
  serverTelemetryManager,
15718
15873
  authorityUrl: silentRequest.authority,
@@ -15792,7 +15947,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
15792
15947
  * Each auth request creates a new instance of *Client so we can safely use this.correlationId.
15793
15948
  */
15794
15949
  this.correlationId);
15795
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15950
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15796
15951
  try {
15797
15952
  // Create auth code request (PKCE not needed)
15798
15953
  const authCodeRequest = {
@@ -16157,6 +16312,8 @@ class StandardController {
16157
16312
  // Preflight request
16158
16313
  const correlationId = this.getRequestCorrelationId(request);
16159
16314
  this.logger.verbose("0os66p", correlationId);
16315
+ redirectPreflightCheck(this.initialized, this.config);
16316
+ this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
16160
16317
  const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
16161
16318
  atrMeasurement.add({
16162
16319
  scenarioId: request.scenarioId,
@@ -16174,9 +16331,7 @@ class StandardController {
16174
16331
  return navigate;
16175
16332
  };
16176
16333
  try {
16177
- redirectPreflightCheck(this.initialized, this.config);
16178
16334
  enforceResourceParameter(this.config.auth.isMcp, request);
16179
- this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
16180
16335
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
16181
16336
  let result;
16182
16337
  if (this.platformAuthProvider &&