@azure/msal-browser 5.12.0 → 5.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +89 -16
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +3 -3
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -4
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +4 -4
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +12 -9
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +2 -2
- package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +41 -19
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
- package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +12 -26
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1199 -1195
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +7 -3
- package/lib/custom-auth-path/msal-custom-auth.cjs +343 -201
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +343 -201
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +7 -3
- package/lib/msal-browser.cjs +359 -204
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +359 -204
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +141 -34
- package/src/config/Configuration.ts +6 -0
- package/src/controllers/StandardController.ts +6 -6
- package/src/interaction_client/BaseInteractionClient.ts +12 -1
- package/src/interaction_client/PlatformAuthInteractionClient.ts +9 -3
- package/src/interaction_client/PopupClient.ts +9 -3
- package/src/interaction_client/RedirectClient.ts +27 -8
- package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
- package/src/interaction_client/SilentCacheClient.ts +3 -1
- package/src/interaction_client/SilentIframeClient.ts +94 -58
- package/src/interaction_client/SilentRefreshClient.ts +3 -1
- package/src/interaction_handler/SilentHandler.ts +11 -32
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
- package/types/cache/BrowserCacheManager.d.ts +18 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +5 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
- package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts +13 -6
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.13.0 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.
|
|
5
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
|
|
|
234
234
|
// Token renewal offset default in seconds
|
|
235
235
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
236
236
|
|
|
237
|
-
/*! @azure/msal-common v16.
|
|
237
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
238
238
|
/*
|
|
239
239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
240
240
|
* Licensed under the MIT License.
|
|
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
286
286
|
const RESOURCE = "resource";
|
|
287
287
|
const CLI_DATA = "clidata";
|
|
288
288
|
|
|
289
|
-
/*! @azure/msal-common v16.
|
|
289
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
290
290
|
/*
|
|
291
291
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
292
292
|
* Licensed under the MIT License.
|
|
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
317
317
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
318
318
|
}
|
|
319
319
|
|
|
320
|
-
/*! @azure/msal-common v16.
|
|
320
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
321
321
|
|
|
322
322
|
/*
|
|
323
323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
337
337
|
return new ClientConfigurationError(errorCode);
|
|
338
338
|
}
|
|
339
339
|
|
|
340
|
-
/*! @azure/msal-common v16.
|
|
340
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
341
341
|
/*
|
|
342
342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
343
343
|
* Licensed under the MIT License.
|
|
@@ -417,7 +417,7 @@ class StringUtils {
|
|
|
417
417
|
}
|
|
418
418
|
}
|
|
419
419
|
|
|
420
|
-
/*! @azure/msal-common v16.
|
|
420
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
421
421
|
|
|
422
422
|
/*
|
|
423
423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
440
440
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
441
441
|
}
|
|
442
442
|
|
|
443
|
-
/*! @azure/msal-common v16.
|
|
443
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
444
444
|
/*
|
|
445
445
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
446
446
|
* Licensed under the MIT License.
|
|
@@ -498,7 +498,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
498
498
|
urlParseError: urlParseError
|
|
499
499
|
});
|
|
500
500
|
|
|
501
|
-
/*! @azure/msal-common v16.
|
|
501
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
502
502
|
/*
|
|
503
503
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
504
504
|
* Licensed under the MIT License.
|
|
@@ -586,7 +586,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
586
586
|
userCanceled: userCanceled
|
|
587
587
|
});
|
|
588
588
|
|
|
589
|
-
/*! @azure/msal-common v16.
|
|
589
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
590
590
|
|
|
591
591
|
/*
|
|
592
592
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -781,7 +781,7 @@ class ScopeSet {
|
|
|
781
781
|
}
|
|
782
782
|
}
|
|
783
783
|
|
|
784
|
-
/*! @azure/msal-common v16.
|
|
784
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
785
785
|
|
|
786
786
|
/*
|
|
787
787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1130,8 +1130,14 @@ function addSshJwk(parameters, sshJwkString) {
|
|
|
1130
1130
|
* @param serverTelemetryManager
|
|
1131
1131
|
*/
|
|
1132
1132
|
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
1133
|
-
|
|
1134
|
-
|
|
1133
|
+
const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
|
|
1134
|
+
const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
|
|
1135
|
+
if (currentTelemetryHeader) {
|
|
1136
|
+
parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
|
|
1137
|
+
}
|
|
1138
|
+
if (lastTelemetryHeader) {
|
|
1139
|
+
parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
|
|
1140
|
+
}
|
|
1135
1141
|
}
|
|
1136
1142
|
/**
|
|
1137
1143
|
* Adds parameter that indicates to the server that throttling is supported
|
|
@@ -1170,34 +1176,12 @@ function addResource(parameters, resource) {
|
|
|
1170
1176
|
}
|
|
1171
1177
|
}
|
|
1172
1178
|
|
|
1173
|
-
/*! @azure/msal-common v16.
|
|
1179
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1174
1180
|
|
|
1175
1181
|
/*
|
|
1176
1182
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1177
1183
|
* Licensed under the MIT License.
|
|
1178
1184
|
*/
|
|
1179
|
-
/**
|
|
1180
|
-
* Canonicalizes a URL by making it lowercase and ensuring it ends with /
|
|
1181
|
-
* Inlined version of UrlString.canonicalizeUri to avoid circular dependency
|
|
1182
|
-
* @param url - URL to canonicalize
|
|
1183
|
-
* @returns Canonicalized URL
|
|
1184
|
-
*/
|
|
1185
|
-
function canonicalizeUrl(url) {
|
|
1186
|
-
if (!url) {
|
|
1187
|
-
return url;
|
|
1188
|
-
}
|
|
1189
|
-
let lowerCaseUrl = url.toLowerCase();
|
|
1190
|
-
if (StringUtils.endsWith(lowerCaseUrl, "?")) {
|
|
1191
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -1);
|
|
1192
|
-
}
|
|
1193
|
-
else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
|
|
1194
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -2);
|
|
1195
|
-
}
|
|
1196
|
-
if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
|
|
1197
|
-
lowerCaseUrl += "/";
|
|
1198
|
-
}
|
|
1199
|
-
return lowerCaseUrl;
|
|
1200
|
-
}
|
|
1201
1185
|
/**
|
|
1202
1186
|
* Parses hash string from given string. Returns empty string if no hash symbol is found.
|
|
1203
1187
|
* @param hashString
|
|
@@ -1250,36 +1234,71 @@ function mapToQueryString(parameters) {
|
|
|
1250
1234
|
return queryParameterArray.join("&");
|
|
1251
1235
|
}
|
|
1252
1236
|
/**
|
|
1253
|
-
* Normalizes URLs for comparison
|
|
1254
|
-
*
|
|
1255
|
-
*
|
|
1237
|
+
* Normalizes URLs for comparison per MDN & RFC 3986 standards:
|
|
1238
|
+
* - Hash/fragment is removed
|
|
1239
|
+
* - Scheme and host are lowercased (case-insensitive per spec)
|
|
1240
|
+
* - Path and query parameters preserve original casing (case-sensitive per spec)
|
|
1241
|
+
* - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
|
|
1242
|
+
* - Ensures pathname ends with /
|
|
1243
|
+
* Throws a urlParseError if the provided URL is malformed and cannot be parsed.
|
|
1256
1244
|
* @param url - URL to normalize
|
|
1245
|
+
* @param logger - Optional logger used to log parse failures
|
|
1246
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1257
1247
|
* @returns Normalized URL string for comparison
|
|
1258
1248
|
*/
|
|
1259
|
-
function normalizeUrlForComparison(url) {
|
|
1249
|
+
function normalizeUrlForComparison(url, logger, correlationId) {
|
|
1260
1250
|
if (!url) {
|
|
1261
1251
|
return url;
|
|
1262
1252
|
}
|
|
1263
|
-
// Remove hash first
|
|
1264
1253
|
const urlWithoutHash = url.split("#")[0];
|
|
1254
|
+
if (!urlWithoutHash) {
|
|
1255
|
+
return urlWithoutHash;
|
|
1256
|
+
}
|
|
1265
1257
|
try {
|
|
1266
|
-
// Parse the URL to handle encoding consistently
|
|
1267
1258
|
const urlObj = new URL(urlWithoutHash);
|
|
1268
|
-
|
|
1269
|
-
|
|
1270
|
-
|
|
1271
|
-
|
|
1272
|
-
|
|
1273
|
-
|
|
1274
|
-
|
|
1259
|
+
// Treat an empty query string (a bare trailing "?") as equivalent to no query
|
|
1260
|
+
if (!urlObj.search) {
|
|
1261
|
+
urlObj.search = "";
|
|
1262
|
+
}
|
|
1263
|
+
// Decode the pathname to normalize percent-encoding and ensure trailing slash
|
|
1264
|
+
let pathname;
|
|
1265
|
+
try {
|
|
1266
|
+
pathname = decodeURIComponent(urlObj.pathname);
|
|
1267
|
+
}
|
|
1268
|
+
catch (e) {
|
|
1269
|
+
pathname = urlObj.pathname;
|
|
1270
|
+
}
|
|
1271
|
+
if (!pathname.endsWith("/")) {
|
|
1272
|
+
pathname += "/";
|
|
1273
|
+
}
|
|
1274
|
+
urlObj.pathname = pathname;
|
|
1275
|
+
return urlObj.href;
|
|
1276
|
+
}
|
|
1277
|
+
catch (e) {
|
|
1278
|
+
logger?.error("15apdm", correlationId || "");
|
|
1279
|
+
throw createClientConfigurationError(urlParseError);
|
|
1280
|
+
}
|
|
1281
|
+
}
|
|
1282
|
+
/**
|
|
1283
|
+
* Validates that the provided value is a well-formed, parseable absolute URL.
|
|
1284
|
+
* Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
|
|
1285
|
+
* literal string "null", an empty string, or any malformed/relative URL). Use this
|
|
1286
|
+
* to guard against persisting an invalid value (such as a redirect URL) to the cache.
|
|
1287
|
+
* @param url - URL to validate
|
|
1288
|
+
* @param logger - Optional logger used to log validation failures
|
|
1289
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1290
|
+
*/
|
|
1291
|
+
function validateUrl(url, logger, correlationId) {
|
|
1292
|
+
try {
|
|
1293
|
+
new URL(url);
|
|
1275
1294
|
}
|
|
1276
1295
|
catch (e) {
|
|
1277
|
-
|
|
1278
|
-
|
|
1296
|
+
logger?.error("1lrjz7", correlationId || "");
|
|
1297
|
+
throw createClientConfigurationError(urlParseError);
|
|
1279
1298
|
}
|
|
1280
1299
|
}
|
|
1281
1300
|
|
|
1282
|
-
/*! @azure/msal-common v16.
|
|
1301
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1283
1302
|
|
|
1284
1303
|
/*
|
|
1285
1304
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1318,7 +1337,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1318
1337
|
},
|
|
1319
1338
|
};
|
|
1320
1339
|
|
|
1321
|
-
/*! @azure/msal-common v16.
|
|
1340
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1322
1341
|
/*
|
|
1323
1342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1324
1343
|
* Licensed under the MIT License.
|
|
@@ -1366,7 +1385,7 @@ function addLogToCache(correlationId, loggedMessage) {
|
|
|
1366
1385
|
// Remove LRU (first entry) if capacity exceeded
|
|
1367
1386
|
if (correlationCache.size > CACHE_CAPACITY) {
|
|
1368
1387
|
const firstKey = correlationCache.keys().next().value;
|
|
1369
|
-
if (firstKey) {
|
|
1388
|
+
if (firstKey !== undefined) {
|
|
1370
1389
|
correlationCache.delete(firstKey);
|
|
1371
1390
|
}
|
|
1372
1391
|
}
|
|
@@ -1593,12 +1612,12 @@ class Logger {
|
|
|
1593
1612
|
}
|
|
1594
1613
|
}
|
|
1595
1614
|
|
|
1596
|
-
/*! @azure/msal-common v16.
|
|
1615
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1597
1616
|
/* eslint-disable header/header */
|
|
1598
1617
|
const name$1 = "@azure/msal-common";
|
|
1599
|
-
const version$1 = "16.
|
|
1618
|
+
const version$1 = "16.8.0";
|
|
1600
1619
|
|
|
1601
|
-
/*! @azure/msal-common v16.
|
|
1620
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1602
1621
|
/*
|
|
1603
1622
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1604
1623
|
* Licensed under the MIT License.
|
|
@@ -1618,7 +1637,7 @@ const AzureCloudInstance = {
|
|
|
1618
1637
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1619
1638
|
};
|
|
1620
1639
|
|
|
1621
|
-
/*! @azure/msal-common v16.
|
|
1640
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1622
1641
|
/*
|
|
1623
1642
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1624
1643
|
* Licensed under the MIT License.
|
|
@@ -1701,7 +1720,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1701
1720
|
return updatedAccountInfo;
|
|
1702
1721
|
}
|
|
1703
1722
|
|
|
1704
|
-
/*! @azure/msal-common v16.
|
|
1723
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1705
1724
|
|
|
1706
1725
|
/*
|
|
1707
1726
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1781,7 +1800,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1781
1800
|
}
|
|
1782
1801
|
}
|
|
1783
1802
|
|
|
1784
|
-
/*! @azure/msal-common v16.
|
|
1803
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1785
1804
|
|
|
1786
1805
|
/*
|
|
1787
1806
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1938,7 +1957,7 @@ class UrlString {
|
|
|
1938
1957
|
}
|
|
1939
1958
|
}
|
|
1940
1959
|
|
|
1941
|
-
/*! @azure/msal-common v16.
|
|
1960
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1942
1961
|
|
|
1943
1962
|
/*
|
|
1944
1963
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2104,7 +2123,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2104
2123
|
return null;
|
|
2105
2124
|
}
|
|
2106
2125
|
|
|
2107
|
-
/*! @azure/msal-common v16.
|
|
2126
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2108
2127
|
/*
|
|
2109
2128
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2110
2129
|
* Licensed under the MIT License.
|
|
@@ -2112,7 +2131,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2112
2131
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2113
2132
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2114
2133
|
|
|
2115
|
-
/*! @azure/msal-common v16.
|
|
2134
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2116
2135
|
|
|
2117
2136
|
/*
|
|
2118
2137
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2150,7 +2169,7 @@ function createCacheError(e) {
|
|
|
2150
2169
|
}
|
|
2151
2170
|
}
|
|
2152
2171
|
|
|
2153
|
-
/*! @azure/msal-common v16.
|
|
2172
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2154
2173
|
|
|
2155
2174
|
/*
|
|
2156
2175
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2188,7 +2207,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2188
2207
|
};
|
|
2189
2208
|
}
|
|
2190
2209
|
|
|
2191
|
-
/*! @azure/msal-common v16.
|
|
2210
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2192
2211
|
/*
|
|
2193
2212
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2194
2213
|
* Licensed under the MIT License.
|
|
@@ -2203,7 +2222,7 @@ const AuthorityType = {
|
|
|
2203
2222
|
Ciam: 3,
|
|
2204
2223
|
};
|
|
2205
2224
|
|
|
2206
|
-
/*! @azure/msal-common v16.
|
|
2225
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2207
2226
|
/*
|
|
2208
2227
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2209
2228
|
* Licensed under the MIT License.
|
|
@@ -2225,7 +2244,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2225
2244
|
return null;
|
|
2226
2245
|
}
|
|
2227
2246
|
|
|
2228
|
-
/*! @azure/msal-common v16.
|
|
2247
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2229
2248
|
/*
|
|
2230
2249
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2231
2250
|
* Licensed under the MIT License.
|
|
@@ -2249,7 +2268,7 @@ const ProtocolMode = {
|
|
|
2249
2268
|
EAR: "EAR",
|
|
2250
2269
|
};
|
|
2251
2270
|
|
|
2252
|
-
/*! @azure/msal-common v16.
|
|
2271
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2253
2272
|
/**
|
|
2254
2273
|
* Returns the AccountInfo interface for this account.
|
|
2255
2274
|
*/
|
|
@@ -2424,7 +2443,7 @@ function isAccountEntity(entity) {
|
|
|
2424
2443
|
entity.hasOwnProperty("authorityType"));
|
|
2425
2444
|
}
|
|
2426
2445
|
|
|
2427
|
-
/*! @azure/msal-common v16.
|
|
2446
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2428
2447
|
|
|
2429
2448
|
/*
|
|
2430
2449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3556,7 +3575,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3556
3575
|
}
|
|
3557
3576
|
}
|
|
3558
3577
|
|
|
3559
|
-
/*! @azure/msal-common v16.
|
|
3578
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3560
3579
|
/*
|
|
3561
3580
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3562
3581
|
* Licensed under the MIT License.
|
|
@@ -3599,7 +3618,20 @@ const IntFields = new Set([
|
|
|
3599
3618
|
"currAccessCount",
|
|
3600
3619
|
"currIdCount",
|
|
3601
3620
|
"currRefreshCount",
|
|
3602
|
-
"
|
|
3621
|
+
"ttlExpiredAcntCount",
|
|
3622
|
+
"ttlExpiredITCount",
|
|
3623
|
+
"ttlExpiredATCount",
|
|
3624
|
+
"ttlExpiredRTCount",
|
|
3625
|
+
"decryptFailedAcntCount",
|
|
3626
|
+
"decryptFailedITCount",
|
|
3627
|
+
"decryptFailedATCount",
|
|
3628
|
+
"decryptFailedRTCount",
|
|
3629
|
+
"invalidAcntCount",
|
|
3630
|
+
"invalidITCount",
|
|
3631
|
+
"invalidATCount",
|
|
3632
|
+
"invalidRTCount",
|
|
3633
|
+
"expiredATCount",
|
|
3634
|
+
"expiredRTCount",
|
|
3603
3635
|
"upgradedCacheCount",
|
|
3604
3636
|
"cacheMatchedAccounts",
|
|
3605
3637
|
"networkRtt",
|
|
@@ -3607,7 +3639,7 @@ const IntFields = new Set([
|
|
|
3607
3639
|
"redirectBridgeMessageVersion",
|
|
3608
3640
|
]);
|
|
3609
3641
|
|
|
3610
|
-
/*! @azure/msal-common v16.
|
|
3642
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3611
3643
|
|
|
3612
3644
|
/*
|
|
3613
3645
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3662,7 +3694,7 @@ class StubPerformanceClient {
|
|
|
3662
3694
|
}
|
|
3663
3695
|
}
|
|
3664
3696
|
|
|
3665
|
-
/*! @azure/msal-common v16.
|
|
3697
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3666
3698
|
|
|
3667
3699
|
/*
|
|
3668
3700
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3757,7 +3789,7 @@ function isOidcProtocolMode(config) {
|
|
|
3757
3789
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3758
3790
|
}
|
|
3759
3791
|
|
|
3760
|
-
/*! @azure/msal-common v16.
|
|
3792
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3761
3793
|
/*
|
|
3762
3794
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3763
3795
|
* Licensed under the MIT License.
|
|
@@ -3784,7 +3816,7 @@ function isOidcProtocolMode(config) {
|
|
|
3784
3816
|
}
|
|
3785
3817
|
}
|
|
3786
3818
|
|
|
3787
|
-
/*! @azure/msal-common v16.
|
|
3819
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3788
3820
|
/*
|
|
3789
3821
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3790
3822
|
* Licensed under the MIT License.
|
|
@@ -3849,7 +3881,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3849
3881
|
return cachedAtSec > nowSeconds();
|
|
3850
3882
|
}
|
|
3851
3883
|
|
|
3852
|
-
/*! @azure/msal-common v16.
|
|
3884
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3853
3885
|
|
|
3854
3886
|
/*
|
|
3855
3887
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4108,7 +4140,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
4108
4140
|
return metadata.expiresAt <= nowSeconds();
|
|
4109
4141
|
}
|
|
4110
4142
|
|
|
4111
|
-
/*! @azure/msal-common v16.
|
|
4143
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4112
4144
|
/*
|
|
4113
4145
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4114
4146
|
* Licensed under the MIT License.
|
|
@@ -4179,7 +4211,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4179
4211
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4180
4212
|
const SetUserData = "setUserData";
|
|
4181
4213
|
|
|
4182
|
-
/*! @azure/msal-common v16.
|
|
4214
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4183
4215
|
/*
|
|
4184
4216
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4185
4217
|
* Licensed under the MIT License.
|
|
@@ -4272,7 +4304,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4272
4304
|
};
|
|
4273
4305
|
};
|
|
4274
4306
|
|
|
4275
|
-
/*! @azure/msal-common v16.
|
|
4307
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4276
4308
|
|
|
4277
4309
|
/*
|
|
4278
4310
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4352,7 +4384,7 @@ class PopTokenGenerator {
|
|
|
4352
4384
|
}
|
|
4353
4385
|
}
|
|
4354
4386
|
|
|
4355
|
-
/*! @azure/msal-common v16.
|
|
4387
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4356
4388
|
/*
|
|
4357
4389
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4358
4390
|
* Licensed under the MIT License.
|
|
@@ -4416,7 +4448,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
4416
4448
|
uiNotAllowed: uiNotAllowed
|
|
4417
4449
|
});
|
|
4418
4450
|
|
|
4419
|
-
/*! @azure/msal-common v16.
|
|
4451
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4420
4452
|
|
|
4421
4453
|
/*
|
|
4422
4454
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4484,7 +4516,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4484
4516
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4485
4517
|
}
|
|
4486
4518
|
|
|
4487
|
-
/*! @azure/msal-common v16.
|
|
4519
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4488
4520
|
|
|
4489
4521
|
/*
|
|
4490
4522
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4503,7 +4535,7 @@ class ServerError extends AuthError {
|
|
|
4503
4535
|
}
|
|
4504
4536
|
}
|
|
4505
4537
|
|
|
4506
|
-
/*! @azure/msal-common v16.
|
|
4538
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4507
4539
|
|
|
4508
4540
|
/*
|
|
4509
4541
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4571,7 +4603,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4571
4603
|
}
|
|
4572
4604
|
}
|
|
4573
4605
|
|
|
4574
|
-
/*! @azure/msal-common v16.
|
|
4606
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4575
4607
|
|
|
4576
4608
|
/*
|
|
4577
4609
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4919,7 +4951,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4919
4951
|
return baseAccount;
|
|
4920
4952
|
}
|
|
4921
4953
|
|
|
4922
|
-
/*! @azure/msal-common v16.
|
|
4954
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4923
4955
|
/*
|
|
4924
4956
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4925
4957
|
* Licensed under the MIT License.
|
|
@@ -4929,7 +4961,7 @@ const CcsCredentialType = {
|
|
|
4929
4961
|
UPN: "UPN",
|
|
4930
4962
|
};
|
|
4931
4963
|
|
|
4932
|
-
/*! @azure/msal-common v16.
|
|
4964
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4933
4965
|
/*
|
|
4934
4966
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4935
4967
|
* Licensed under the MIT License.
|
|
@@ -4947,7 +4979,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4947
4979
|
}
|
|
4948
4980
|
}
|
|
4949
4981
|
|
|
4950
|
-
/*! @azure/msal-common v16.
|
|
4982
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4951
4983
|
/*
|
|
4952
4984
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4953
4985
|
* Licensed under the MIT License.
|
|
@@ -4968,7 +5000,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4968
5000
|
};
|
|
4969
5001
|
}
|
|
4970
5002
|
|
|
4971
|
-
/*! @azure/msal-common v16.
|
|
5003
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4972
5004
|
|
|
4973
5005
|
/*
|
|
4974
5006
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5054,7 +5086,7 @@ class ThrottlingUtils {
|
|
|
5054
5086
|
}
|
|
5055
5087
|
}
|
|
5056
5088
|
|
|
5057
|
-
/*! @azure/msal-common v16.
|
|
5089
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5058
5090
|
|
|
5059
5091
|
/*
|
|
5060
5092
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5085,7 +5117,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
5085
5117
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5086
5118
|
}
|
|
5087
5119
|
|
|
5088
|
-
/*! @azure/msal-common v16.
|
|
5120
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5089
5121
|
|
|
5090
5122
|
/*
|
|
5091
5123
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5199,7 +5231,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5199
5231
|
return response;
|
|
5200
5232
|
}
|
|
5201
5233
|
|
|
5202
|
-
/*! @azure/msal-common v16.
|
|
5234
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5203
5235
|
/*
|
|
5204
5236
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5205
5237
|
* Licensed under the MIT License.
|
|
@@ -5211,7 +5243,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5211
5243
|
response.hasOwnProperty("jwks_uri"));
|
|
5212
5244
|
}
|
|
5213
5245
|
|
|
5214
|
-
/*! @azure/msal-common v16.
|
|
5246
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5215
5247
|
/*
|
|
5216
5248
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5217
5249
|
* Licensed under the MIT License.
|
|
@@ -5221,7 +5253,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5221
5253
|
response.hasOwnProperty("metadata"));
|
|
5222
5254
|
}
|
|
5223
5255
|
|
|
5224
|
-
/*! @azure/msal-common v16.
|
|
5256
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5225
5257
|
/*
|
|
5226
5258
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5227
5259
|
* Licensed under the MIT License.
|
|
@@ -5231,7 +5263,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5231
5263
|
response.hasOwnProperty("error_description"));
|
|
5232
5264
|
}
|
|
5233
5265
|
|
|
5234
|
-
/*! @azure/msal-common v16.
|
|
5266
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5235
5267
|
|
|
5236
5268
|
/*
|
|
5237
5269
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5336,7 +5368,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5336
5368
|
},
|
|
5337
5369
|
};
|
|
5338
5370
|
|
|
5339
|
-
/*! @azure/msal-common v16.
|
|
5371
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5340
5372
|
|
|
5341
5373
|
/*
|
|
5342
5374
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6304,7 +6336,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6304
6336
|
};
|
|
6305
6337
|
}
|
|
6306
6338
|
|
|
6307
|
-
/*! @azure/msal-common v16.
|
|
6339
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6308
6340
|
|
|
6309
6341
|
/*
|
|
6310
6342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6338,7 +6370,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6338
6370
|
}
|
|
6339
6371
|
}
|
|
6340
6372
|
|
|
6341
|
-
/*! @azure/msal-common v16.
|
|
6373
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6342
6374
|
|
|
6343
6375
|
/*
|
|
6344
6376
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6595,7 +6627,7 @@ class AuthorizationCodeClient {
|
|
|
6595
6627
|
}
|
|
6596
6628
|
}
|
|
6597
6629
|
|
|
6598
|
-
/*! @azure/msal-common v16.
|
|
6630
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6599
6631
|
|
|
6600
6632
|
/*
|
|
6601
6633
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6816,7 +6848,7 @@ class RefreshTokenClient {
|
|
|
6816
6848
|
}
|
|
6817
6849
|
}
|
|
6818
6850
|
|
|
6819
|
-
/*! @azure/msal-common v16.
|
|
6851
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6820
6852
|
|
|
6821
6853
|
/*
|
|
6822
6854
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6932,7 +6964,7 @@ class SilentFlowClient {
|
|
|
6932
6964
|
}
|
|
6933
6965
|
}
|
|
6934
6966
|
|
|
6935
|
-
/*! @azure/msal-common v16.
|
|
6967
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6936
6968
|
|
|
6937
6969
|
/*
|
|
6938
6970
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6947,7 +6979,7 @@ const StubbedNetworkModule = {
|
|
|
6947
6979
|
},
|
|
6948
6980
|
};
|
|
6949
6981
|
|
|
6950
|
-
/*! @azure/msal-common v16.
|
|
6982
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6951
6983
|
|
|
6952
6984
|
/*
|
|
6953
6985
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7170,7 +7202,7 @@ function extractLoginHint(account) {
|
|
|
7170
7202
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7171
7203
|
}
|
|
7172
7204
|
|
|
7173
|
-
/*! @azure/msal-common v16.
|
|
7205
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7174
7206
|
|
|
7175
7207
|
/*
|
|
7176
7208
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7203,7 +7235,7 @@ function containsResourceParam(params) {
|
|
|
7203
7235
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7204
7236
|
}
|
|
7205
7237
|
|
|
7206
|
-
/*! @azure/msal-common v16.
|
|
7238
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7207
7239
|
|
|
7208
7240
|
/*
|
|
7209
7241
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7261,7 +7293,7 @@ class AuthenticationHeaderParser {
|
|
|
7261
7293
|
}
|
|
7262
7294
|
}
|
|
7263
7295
|
|
|
7264
|
-
/*! @azure/msal-common v16.
|
|
7296
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7265
7297
|
/*
|
|
7266
7298
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7267
7299
|
* Licensed under the MIT License.
|
|
@@ -7278,7 +7310,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
7278
7310
|
unexpectedError: unexpectedError
|
|
7279
7311
|
});
|
|
7280
7312
|
|
|
7281
|
-
/*! @azure/msal-common v16.
|
|
7313
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7282
7314
|
|
|
7283
7315
|
/*
|
|
7284
7316
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7389,35 +7421,40 @@ class ServerTelemetryManager {
|
|
|
7389
7421
|
* @param error
|
|
7390
7422
|
*/
|
|
7391
7423
|
cacheFailedRequest(error) {
|
|
7392
|
-
|
|
7393
|
-
|
|
7394
|
-
|
|
7395
|
-
|
|
7396
|
-
|
|
7397
|
-
|
|
7398
|
-
|
|
7399
|
-
|
|
7400
|
-
|
|
7401
|
-
|
|
7402
|
-
if (error instanceof
|
|
7403
|
-
if (error
|
|
7404
|
-
|
|
7405
|
-
|
|
7406
|
-
|
|
7407
|
-
|
|
7424
|
+
try {
|
|
7425
|
+
const lastRequests = this.getLastRequests();
|
|
7426
|
+
if (lastRequests.errors.length >=
|
|
7427
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
7428
|
+
// Remove a cached error to make room, first in first out
|
|
7429
|
+
lastRequests.failedRequests.shift(); // apiId
|
|
7430
|
+
lastRequests.failedRequests.shift(); // correlationId
|
|
7431
|
+
lastRequests.errors.shift();
|
|
7432
|
+
}
|
|
7433
|
+
lastRequests.failedRequests.push(this.apiId, this.correlationId);
|
|
7434
|
+
if (error instanceof Error && !!error && error.toString()) {
|
|
7435
|
+
if (error instanceof AuthError) {
|
|
7436
|
+
if (error.subError) {
|
|
7437
|
+
lastRequests.errors.push(error.subError);
|
|
7438
|
+
}
|
|
7439
|
+
else if (error.errorCode) {
|
|
7440
|
+
lastRequests.errors.push(error.errorCode);
|
|
7441
|
+
}
|
|
7442
|
+
else {
|
|
7443
|
+
lastRequests.errors.push(error.toString());
|
|
7444
|
+
}
|
|
7408
7445
|
}
|
|
7409
7446
|
else {
|
|
7410
7447
|
lastRequests.errors.push(error.toString());
|
|
7411
7448
|
}
|
|
7412
7449
|
}
|
|
7413
7450
|
else {
|
|
7414
|
-
lastRequests.errors.push(
|
|
7451
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
7415
7452
|
}
|
|
7453
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7416
7454
|
}
|
|
7417
|
-
|
|
7418
|
-
|
|
7455
|
+
catch {
|
|
7456
|
+
// Ignore telemetry cache failures to avoid masking the original auth error path.
|
|
7419
7457
|
}
|
|
7420
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7421
7458
|
return;
|
|
7422
7459
|
}
|
|
7423
7460
|
/**
|
|
@@ -7537,9 +7574,36 @@ class ServerTelemetryManager {
|
|
|
7537
7574
|
static makeExtraSkuString(params) {
|
|
7538
7575
|
return makeExtraSkuString(params);
|
|
7539
7576
|
}
|
|
7577
|
+
}
|
|
7578
|
+
/** @internal */
|
|
7579
|
+
class StubServerTelemetryManager extends ServerTelemetryManager {
|
|
7580
|
+
constructor() {
|
|
7581
|
+
super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
|
|
7582
|
+
}
|
|
7583
|
+
generateCurrentRequestHeaderValue() {
|
|
7584
|
+
return "";
|
|
7585
|
+
}
|
|
7586
|
+
generateLastRequestHeaderValue() {
|
|
7587
|
+
return "";
|
|
7588
|
+
}
|
|
7589
|
+
cacheFailedRequest() { }
|
|
7590
|
+
incrementCacheHits() {
|
|
7591
|
+
return 0;
|
|
7592
|
+
}
|
|
7593
|
+
clearTelemetryCache() { }
|
|
7594
|
+
getRegionDiscoveryFields() {
|
|
7595
|
+
return "";
|
|
7596
|
+
}
|
|
7597
|
+
updateRegionDiscoveryMetadata() { }
|
|
7598
|
+
setCacheOutcome() { }
|
|
7599
|
+
setNativeBrokerErrorCode() { }
|
|
7600
|
+
getNativeBrokerErrorCode() {
|
|
7601
|
+
return undefined;
|
|
7602
|
+
}
|
|
7603
|
+
clearNativeBrokerErrorCode() { }
|
|
7540
7604
|
}
|
|
7541
7605
|
|
|
7542
|
-
/*! @azure/msal-common v16.
|
|
7606
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7543
7607
|
|
|
7544
7608
|
/*
|
|
7545
7609
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7560,7 +7624,7 @@ function createJoseHeaderError(code) {
|
|
|
7560
7624
|
return new JoseHeaderError(code);
|
|
7561
7625
|
}
|
|
7562
7626
|
|
|
7563
|
-
/*! @azure/msal-common v16.
|
|
7627
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7564
7628
|
/*
|
|
7565
7629
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7566
7630
|
* Licensed under the MIT License.
|
|
@@ -7568,7 +7632,7 @@ function createJoseHeaderError(code) {
|
|
|
7568
7632
|
const missingKidError = "missing_kid_error";
|
|
7569
7633
|
const missingAlgError = "missing_alg_error";
|
|
7570
7634
|
|
|
7571
|
-
/*! @azure/msal-common v16.
|
|
7635
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7572
7636
|
|
|
7573
7637
|
/*
|
|
7574
7638
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7608,7 +7672,7 @@ class JoseHeader {
|
|
|
7608
7672
|
}
|
|
7609
7673
|
}
|
|
7610
7674
|
|
|
7611
|
-
/*! @azure/msal-common v16.
|
|
7675
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7612
7676
|
|
|
7613
7677
|
/*
|
|
7614
7678
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8221,7 +8285,6 @@ const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
|
8221
8285
|
*/
|
|
8222
8286
|
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8223
8287
|
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8224
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8225
8288
|
/**
|
|
8226
8289
|
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8227
8290
|
*/
|
|
@@ -10556,7 +10619,7 @@ const EventType = {
|
|
|
10556
10619
|
|
|
10557
10620
|
/* eslint-disable header/header */
|
|
10558
10621
|
const name = "@azure/msal-browser";
|
|
10559
|
-
const version = "5.
|
|
10622
|
+
const version = "5.13.0";
|
|
10560
10623
|
|
|
10561
10624
|
/*
|
|
10562
10625
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10578,6 +10641,15 @@ function removeElementFromArray(array, element) {
|
|
|
10578
10641
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10579
10642
|
* Licensed under the MIT License.
|
|
10580
10643
|
*/
|
|
10644
|
+
/**
|
|
10645
|
+
* Reason an old-schema cache entry was removed during migration.
|
|
10646
|
+
*/
|
|
10647
|
+
const MigrationRemovalReason = {
|
|
10648
|
+
Invalid: "invalid",
|
|
10649
|
+
TtlExpired: "ttlExpired",
|
|
10650
|
+
DecryptFailed: "decryptFailed",
|
|
10651
|
+
Expired: "expired",
|
|
10652
|
+
};
|
|
10581
10653
|
/**
|
|
10582
10654
|
* This class implements the cache storage interface for MSAL through browser local or session storage.
|
|
10583
10655
|
*/
|
|
@@ -10647,7 +10719,10 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10647
10719
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10648
10720
|
if (!parsedValue) {
|
|
10649
10721
|
this.browserStorage.removeItem(key);
|
|
10650
|
-
return
|
|
10722
|
+
return {
|
|
10723
|
+
entry: null,
|
|
10724
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
10725
|
+
};
|
|
10651
10726
|
}
|
|
10652
10727
|
if (!parsedValue.lastUpdatedAt) {
|
|
10653
10728
|
// Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
|
|
@@ -10656,26 +10731,42 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10656
10731
|
}
|
|
10657
10732
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
10658
10733
|
this.browserStorage.removeItem(key);
|
|
10659
|
-
|
|
10660
|
-
|
|
10734
|
+
return {
|
|
10735
|
+
entry: null,
|
|
10736
|
+
removalReason: MigrationRemovalReason.TtlExpired,
|
|
10737
|
+
};
|
|
10661
10738
|
}
|
|
10662
|
-
const
|
|
10739
|
+
const wasEncrypted = isEncrypted(parsedValue);
|
|
10740
|
+
const decryptedData = wasEncrypted
|
|
10663
10741
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
10664
10742
|
: parsedValue;
|
|
10665
|
-
if (!decryptedData
|
|
10743
|
+
if (!decryptedData) {
|
|
10666
10744
|
this.browserStorage.removeItem(key);
|
|
10667
|
-
|
|
10668
|
-
|
|
10745
|
+
return {
|
|
10746
|
+
entry: null,
|
|
10747
|
+
removalReason: wasEncrypted
|
|
10748
|
+
? MigrationRemovalReason.DecryptFailed
|
|
10749
|
+
: MigrationRemovalReason.Invalid,
|
|
10750
|
+
};
|
|
10751
|
+
}
|
|
10752
|
+
if (!isCredentialEntity(decryptedData)) {
|
|
10753
|
+
this.browserStorage.removeItem(key);
|
|
10754
|
+
return {
|
|
10755
|
+
entry: null,
|
|
10756
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
10757
|
+
};
|
|
10669
10758
|
}
|
|
10670
10759
|
if ((isAccessTokenEntity(decryptedData) ||
|
|
10671
10760
|
isRefreshTokenEntity(decryptedData)) &&
|
|
10672
10761
|
decryptedData.expiresOn &&
|
|
10673
10762
|
isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
|
|
10674
10763
|
this.browserStorage.removeItem(key);
|
|
10675
|
-
|
|
10676
|
-
|
|
10764
|
+
return {
|
|
10765
|
+
entry: null,
|
|
10766
|
+
removalReason: MigrationRemovalReason.Expired,
|
|
10767
|
+
};
|
|
10677
10768
|
}
|
|
10678
|
-
return decryptedData;
|
|
10769
|
+
return { entry: decryptedData };
|
|
10679
10770
|
}
|
|
10680
10771
|
/**
|
|
10681
10772
|
* Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
|
|
@@ -10695,6 +10786,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10695
10786
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10696
10787
|
if (!parsedValue) {
|
|
10697
10788
|
this.browserStorage.removeItem(accountKey);
|
|
10789
|
+
this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
|
|
10698
10790
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10699
10791
|
continue;
|
|
10700
10792
|
}
|
|
@@ -10707,6 +10799,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10707
10799
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
10708
10800
|
// Cache expired remove account and associated tokens
|
|
10709
10801
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
10802
|
+
this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
|
|
10710
10803
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10711
10804
|
}
|
|
10712
10805
|
else if (isEncrypted(parsedValue)) {
|
|
@@ -10714,7 +10807,9 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10714
10807
|
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
10715
10808
|
if (!decrypted) {
|
|
10716
10809
|
this.browserStorage.removeItem(accountKey);
|
|
10717
|
-
this.performanceClient.incrementFields({
|
|
10810
|
+
this.performanceClient.incrementFields({
|
|
10811
|
+
decryptFailedAcntCount: 1,
|
|
10812
|
+
}, correlationId);
|
|
10718
10813
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10719
10814
|
}
|
|
10720
10815
|
}
|
|
@@ -10755,7 +10850,6 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10755
10850
|
});
|
|
10756
10851
|
this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
|
|
10757
10852
|
}
|
|
10758
|
-
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
10759
10853
|
this.browserStorage.removeItem(accountKey);
|
|
10760
10854
|
}
|
|
10761
10855
|
/**
|
|
@@ -10794,8 +10888,20 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10794
10888
|
const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
|
|
10795
10889
|
for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
|
|
10796
10890
|
this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
|
|
10797
|
-
const
|
|
10891
|
+
const result = await this.updateOldEntry(idTokenKey, correlationId);
|
|
10892
|
+
const oldSchemaData = result.entry;
|
|
10798
10893
|
if (!oldSchemaData) {
|
|
10894
|
+
switch (result.removalReason) {
|
|
10895
|
+
case MigrationRemovalReason.TtlExpired:
|
|
10896
|
+
this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
|
|
10897
|
+
break;
|
|
10898
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
10899
|
+
this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
|
|
10900
|
+
break;
|
|
10901
|
+
case MigrationRemovalReason.Invalid:
|
|
10902
|
+
this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
|
|
10903
|
+
break;
|
|
10904
|
+
}
|
|
10799
10905
|
removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
|
|
10800
10906
|
continue;
|
|
10801
10907
|
}
|
|
@@ -10874,8 +10980,23 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10874
10980
|
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
10875
10981
|
for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
|
|
10876
10982
|
this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
|
|
10877
|
-
const
|
|
10983
|
+
const result = await this.updateOldEntry(accessTokenKey, correlationId);
|
|
10984
|
+
const oldSchemaData = result.entry;
|
|
10878
10985
|
if (!oldSchemaData) {
|
|
10986
|
+
switch (result.removalReason) {
|
|
10987
|
+
case MigrationRemovalReason.TtlExpired:
|
|
10988
|
+
this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
|
|
10989
|
+
break;
|
|
10990
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
10991
|
+
this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
|
|
10992
|
+
break;
|
|
10993
|
+
case MigrationRemovalReason.Expired:
|
|
10994
|
+
this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
|
|
10995
|
+
break;
|
|
10996
|
+
case MigrationRemovalReason.Invalid:
|
|
10997
|
+
this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
|
|
10998
|
+
break;
|
|
10999
|
+
}
|
|
10879
11000
|
removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
|
|
10880
11001
|
continue;
|
|
10881
11002
|
}
|
|
@@ -10921,8 +11042,23 @@ class BrowserCacheManager extends CacheManager {
|
|
|
10921
11042
|
...credentialKeysToMigrate.refreshToken,
|
|
10922
11043
|
]) {
|
|
10923
11044
|
this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
|
|
10924
|
-
const
|
|
11045
|
+
const result = await this.updateOldEntry(refreshTokenKey, correlationId);
|
|
11046
|
+
const oldSchemaData = result.entry;
|
|
10925
11047
|
if (!oldSchemaData) {
|
|
11048
|
+
switch (result.removalReason) {
|
|
11049
|
+
case MigrationRemovalReason.TtlExpired:
|
|
11050
|
+
this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
|
|
11051
|
+
break;
|
|
11052
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
11053
|
+
this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
|
|
11054
|
+
break;
|
|
11055
|
+
case MigrationRemovalReason.Expired:
|
|
11056
|
+
this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
|
|
11057
|
+
break;
|
|
11058
|
+
case MigrationRemovalReason.Invalid:
|
|
11059
|
+
this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
|
|
11060
|
+
break;
|
|
11061
|
+
}
|
|
10926
11062
|
removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
|
|
10927
11063
|
continue;
|
|
10928
11064
|
}
|
|
@@ -12122,10 +12258,15 @@ function getRedirectUri(requestRedirectUri, clientConfigRedirectUri, logger, cor
|
|
|
12122
12258
|
* @param browserStorage - Browser cache manager instance for storing telemetry data
|
|
12123
12259
|
* @param logger - Optional logger instance for verbose logging
|
|
12124
12260
|
* @param forceRefresh - Optional flag to force refresh of telemetry data
|
|
12261
|
+
* @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
|
|
12125
12262
|
* @returns Configured ServerTelemetryManager instance
|
|
12126
12263
|
*/
|
|
12127
|
-
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
|
|
12264
|
+
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
|
|
12128
12265
|
logger.verbose("1p12tq", correlationId);
|
|
12266
|
+
if (!enabled) {
|
|
12267
|
+
logger.verbose("0tajnr", correlationId);
|
|
12268
|
+
return new StubServerTelemetryManager();
|
|
12269
|
+
}
|
|
12129
12270
|
const telemetryPayload = {
|
|
12130
12271
|
clientId: clientId,
|
|
12131
12272
|
correlationId: correlationId,
|
|
@@ -12734,7 +12875,7 @@ class SilentCacheClient extends StandardInteractionClient {
|
|
|
12734
12875
|
*/
|
|
12735
12876
|
async acquireToken(silentRequest) {
|
|
12736
12877
|
// Telemetry manager only used to increment cacheHits here
|
|
12737
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12878
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12738
12879
|
const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
|
|
12739
12880
|
serverTelemetryManager,
|
|
12740
12881
|
requestAuthority: silentRequest.authority,
|
|
@@ -12810,7 +12951,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12810
12951
|
// start the perf measurement
|
|
12811
12952
|
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
12812
12953
|
const reqTimestamp = nowSeconds();
|
|
12813
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12954
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12814
12955
|
try {
|
|
12815
12956
|
// initialize native request
|
|
12816
12957
|
const nativeRequest = await this.initializePlatformRequest(request);
|
|
@@ -12934,7 +13075,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12934
13075
|
catch (e) {
|
|
12935
13076
|
// Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
|
|
12936
13077
|
if (e instanceof NativeAuthError) {
|
|
12937
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
13078
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12938
13079
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
12939
13080
|
if (isFatalNativeAuthError(e)) {
|
|
12940
13081
|
throw e;
|
|
@@ -12981,7 +13122,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12981
13122
|
this.logger.verbose("003x5a", this.correlationId);
|
|
12982
13123
|
const response = await this.platformAuthProvider.sendMessage(request);
|
|
12983
13124
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
12984
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
13125
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12985
13126
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
12986
13127
|
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
12987
13128
|
return authResult;
|
|
@@ -13988,6 +14129,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13988
14129
|
nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
|
|
13989
14130
|
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
|
|
13990
14131
|
protocolMode: ProtocolMode.AAD,
|
|
14132
|
+
serverTelemetryEnabled: false,
|
|
13991
14133
|
};
|
|
13992
14134
|
const providedSystemOptions = {
|
|
13993
14135
|
...DEFAULT_BROWSER_SYSTEM_OPTIONS,
|
|
@@ -14646,7 +14788,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14646
14788
|
*/
|
|
14647
14789
|
async executeCodeFlow(request, popupParams, pkceCodes) {
|
|
14648
14790
|
const correlationId = request.correlationId;
|
|
14649
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
14791
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14650
14792
|
const pkce = pkceCodes ||
|
|
14651
14793
|
(await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
|
|
14652
14794
|
const popupRequest = {
|
|
@@ -14711,7 +14853,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14711
14853
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14712
14854
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
14713
14855
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
14714
|
-
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
14856
|
+
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
14715
14857
|
requestAuthority: request.authority,
|
|
14716
14858
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
14717
14859
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -14748,7 +14890,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14748
14890
|
async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
|
|
14749
14891
|
this.logger.verbose("0b7yrk", this.correlationId);
|
|
14750
14892
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Popup, validRequest);
|
|
14751
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
14893
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14752
14894
|
try {
|
|
14753
14895
|
// Clear cache on logout
|
|
14754
14896
|
await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
|
|
@@ -15032,7 +15174,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15032
15174
|
*/
|
|
15033
15175
|
async executeCodeFlow(request) {
|
|
15034
15176
|
const correlationId = request.correlationId;
|
|
15035
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15177
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15036
15178
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
15037
15179
|
const redirectRequest = {
|
|
15038
15180
|
...request,
|
|
@@ -15120,7 +15262,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15120
15262
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
15121
15263
|
const originalTitle = document.title;
|
|
15122
15264
|
document.title = "Microsoft Authentication";
|
|
15123
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15265
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15124
15266
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
15125
15267
|
try {
|
|
15126
15268
|
const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
|
|
@@ -15139,8 +15281,8 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15139
15281
|
}
|
|
15140
15282
|
// If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
|
|
15141
15283
|
const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
|
|
15142
|
-
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
|
|
15143
|
-
const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
|
|
15284
|
+
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
|
|
15285
|
+
const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
|
|
15144
15286
|
if (loginRequestUrlNormalized === currentUrlNormalized &&
|
|
15145
15287
|
navigateToLoginRequestUrl) {
|
|
15146
15288
|
// We are on the page we need to navigate to - handle hash
|
|
@@ -15173,8 +15315,8 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15173
15315
|
* The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
|
|
15174
15316
|
*/
|
|
15175
15317
|
let processHashOnRedirect = true;
|
|
15176
|
-
if (!loginRequestUrl
|
|
15177
|
-
// Redirect to home page if login request url is
|
|
15318
|
+
if (!loginRequestUrl) {
|
|
15319
|
+
// Redirect to home page if login request url is empty
|
|
15178
15320
|
const homepage = getHomepage();
|
|
15179
15321
|
// Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
|
|
15180
15322
|
this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
|
|
@@ -15320,7 +15462,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15320
15462
|
async logout(logoutRequest) {
|
|
15321
15463
|
this.logger.verbose("1rkurh", this.correlationId);
|
|
15322
15464
|
const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
|
|
15323
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15465
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15324
15466
|
try {
|
|
15325
15467
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Redirect, logoutRequest);
|
|
15326
15468
|
// Clear cache on logout
|
|
@@ -15401,7 +15543,10 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15401
15543
|
*/
|
|
15402
15544
|
getRedirectStartPage(requestStartPage) {
|
|
15403
15545
|
const redirectStartPage = requestStartPage || window.location.href;
|
|
15404
|
-
|
|
15546
|
+
const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
|
|
15547
|
+
// Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
|
|
15548
|
+
validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
|
|
15549
|
+
return absoluteRedirectStartPage;
|
|
15405
15550
|
}
|
|
15406
15551
|
}
|
|
15407
15552
|
|
|
@@ -15410,20 +15555,20 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15410
15555
|
* Licensed under the MIT License.
|
|
15411
15556
|
*/
|
|
15412
15557
|
/**
|
|
15413
|
-
*
|
|
15414
|
-
* @param
|
|
15415
|
-
* @param
|
|
15558
|
+
* Navigates the given hidden iframe to the provided URL.
|
|
15559
|
+
* @param frame
|
|
15560
|
+
* @param requestUrl
|
|
15416
15561
|
*/
|
|
15417
|
-
async function initiateCodeRequest(
|
|
15562
|
+
async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
|
|
15418
15563
|
if (!requestUrl) {
|
|
15419
15564
|
// Throw error if request URL is empty.
|
|
15420
15565
|
logger.info("1l7hyp", correlationId);
|
|
15421
15566
|
throw createBrowserAuthError(emptyNavigateUri);
|
|
15422
15567
|
}
|
|
15423
|
-
|
|
15568
|
+
frame.src = requestUrl;
|
|
15569
|
+
return frame;
|
|
15424
15570
|
}
|
|
15425
|
-
async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
|
|
15426
|
-
const frame = createHiddenIframe();
|
|
15571
|
+
async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
|
|
15427
15572
|
if (!frame.contentDocument) {
|
|
15428
15573
|
throw "No document associated with iframe!";
|
|
15429
15574
|
}
|
|
@@ -15431,8 +15576,7 @@ async function initiateCodeFlowWithPost(config, authority, request, logger, perf
|
|
|
15431
15576
|
form.submit();
|
|
15432
15577
|
return frame;
|
|
15433
15578
|
}
|
|
15434
|
-
async function initiateEarRequest(config, authority, request, logger, performanceClient) {
|
|
15435
|
-
const frame = createHiddenIframe();
|
|
15579
|
+
async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
|
|
15436
15580
|
if (!frame.contentDocument) {
|
|
15437
15581
|
throw "No document associated with iframe!";
|
|
15438
15582
|
}
|
|
@@ -15442,19 +15586,8 @@ async function initiateEarRequest(config, authority, request, logger, performanc
|
|
|
15442
15586
|
}
|
|
15443
15587
|
/**
|
|
15444
15588
|
* @hidden
|
|
15445
|
-
*
|
|
15446
|
-
*
|
|
15447
|
-
* @param frameName
|
|
15448
|
-
* @param logger
|
|
15449
|
-
*/
|
|
15450
|
-
function loadFrameSync(urlNavigate) {
|
|
15451
|
-
const frameHandle = createHiddenIframe();
|
|
15452
|
-
frameHandle.src = urlNavigate;
|
|
15453
|
-
return frameHandle;
|
|
15454
|
-
}
|
|
15455
|
-
/**
|
|
15456
|
-
* @hidden
|
|
15457
|
-
* Creates a new hidden iframe or gets an existing one for silent token renewal.
|
|
15589
|
+
* Creates a new hidden iframe for silent token renewal. Callers navigate it
|
|
15590
|
+
* (set `src` or submit a form) after registering the response listener.
|
|
15458
15591
|
* @ignore
|
|
15459
15592
|
*/
|
|
15460
15593
|
function createHiddenIframe() {
|
|
@@ -15533,7 +15666,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15533
15666
|
*/
|
|
15534
15667
|
async executeCodeFlow(request) {
|
|
15535
15668
|
let authClient;
|
|
15536
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15669
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15537
15670
|
try {
|
|
15538
15671
|
// Initialize the client
|
|
15539
15672
|
authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
|
|
@@ -15575,11 +15708,22 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15575
15708
|
earJwk: earJwk,
|
|
15576
15709
|
codeChallenge: pkceCodes.challenge,
|
|
15577
15710
|
};
|
|
15578
|
-
|
|
15711
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
15712
|
+
const iframe = createHiddenIframe();
|
|
15579
15713
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15580
15714
|
let responseString;
|
|
15581
15715
|
try {
|
|
15582
|
-
|
|
15716
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15717
|
+
responsePromise.catch(() => {
|
|
15718
|
+
/*
|
|
15719
|
+
* If navigation below throws before responsePromise is awaited,
|
|
15720
|
+
* the listener still rejects on timeout. Swallow it here so it
|
|
15721
|
+
* does not surface as an unhandled rejection; the navigation
|
|
15722
|
+
* error is propagated instead.
|
|
15723
|
+
*/
|
|
15724
|
+
});
|
|
15725
|
+
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
15726
|
+
responseString = await responsePromise;
|
|
15583
15727
|
}
|
|
15584
15728
|
finally {
|
|
15585
15729
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15588,7 +15732,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15588
15732
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
15589
15733
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
15590
15734
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
15591
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
15735
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
15592
15736
|
requestAuthority: request.authority,
|
|
15593
15737
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
15594
15738
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -15615,7 +15759,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15615
15759
|
// Create silent request
|
|
15616
15760
|
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
15617
15761
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
15618
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
15762
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
15619
15763
|
requestAuthority: silentRequest.authority,
|
|
15620
15764
|
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
15621
15765
|
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
@@ -15663,21 +15807,32 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15663
15807
|
...request,
|
|
15664
15808
|
codeChallenge: pkceCodes.challenge,
|
|
15665
15809
|
};
|
|
15666
|
-
|
|
15667
|
-
|
|
15668
|
-
iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15669
|
-
}
|
|
15670
|
-
else {
|
|
15671
|
-
// Create authorize request url
|
|
15672
|
-
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15673
|
-
// Get the frame handle for the silent request
|
|
15674
|
-
iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
15675
|
-
}
|
|
15810
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
15811
|
+
const iframe = createHiddenIframe();
|
|
15676
15812
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15677
15813
|
// Wait for response from the redirect bridge.
|
|
15678
15814
|
let responseString;
|
|
15679
15815
|
try {
|
|
15680
|
-
|
|
15816
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15817
|
+
responsePromise.catch(() => {
|
|
15818
|
+
/*
|
|
15819
|
+
* If URL creation or navigation below throws before
|
|
15820
|
+
* responsePromise is awaited, the listener still rejects on
|
|
15821
|
+
* timeout. Swallow it here so it does not surface as an
|
|
15822
|
+
* unhandled rejection; the navigation error is propagated
|
|
15823
|
+
* instead.
|
|
15824
|
+
*/
|
|
15825
|
+
});
|
|
15826
|
+
if (request.httpMethod === HttpMethod.POST) {
|
|
15827
|
+
await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15828
|
+
}
|
|
15829
|
+
else {
|
|
15830
|
+
// Create authorize request url
|
|
15831
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15832
|
+
// Navigate the iframe to the authorize request url
|
|
15833
|
+
await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
|
|
15834
|
+
}
|
|
15835
|
+
responseString = await responsePromise;
|
|
15681
15836
|
}
|
|
15682
15837
|
finally {
|
|
15683
15838
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15712,7 +15867,7 @@ class SilentRefreshClient extends StandardInteractionClient {
|
|
|
15712
15867
|
// Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
|
|
15713
15868
|
silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
15714
15869
|
}
|
|
15715
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15870
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15716
15871
|
const refreshTokenClient = await this.createRefreshTokenClient({
|
|
15717
15872
|
serverTelemetryManager,
|
|
15718
15873
|
authorityUrl: silentRequest.authority,
|
|
@@ -15792,7 +15947,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
|
|
|
15792
15947
|
* Each auth request creates a new instance of *Client so we can safely use this.correlationId.
|
|
15793
15948
|
*/
|
|
15794
15949
|
this.correlationId);
|
|
15795
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15950
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15796
15951
|
try {
|
|
15797
15952
|
// Create auth code request (PKCE not needed)
|
|
15798
15953
|
const authCodeRequest = {
|
|
@@ -16157,6 +16312,8 @@ class StandardController {
|
|
|
16157
16312
|
// Preflight request
|
|
16158
16313
|
const correlationId = this.getRequestCorrelationId(request);
|
|
16159
16314
|
this.logger.verbose("0os66p", correlationId);
|
|
16315
|
+
redirectPreflightCheck(this.initialized, this.config);
|
|
16316
|
+
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
16160
16317
|
const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
|
|
16161
16318
|
atrMeasurement.add({
|
|
16162
16319
|
scenarioId: request.scenarioId,
|
|
@@ -16174,9 +16331,7 @@ class StandardController {
|
|
|
16174
16331
|
return navigate;
|
|
16175
16332
|
};
|
|
16176
16333
|
try {
|
|
16177
|
-
redirectPreflightCheck(this.initialized, this.config);
|
|
16178
16334
|
enforceResourceParameter(this.config.auth.isMcp, request);
|
|
16179
|
-
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
16180
16335
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
|
|
16181
16336
|
let result;
|
|
16182
16337
|
if (this.platformAuthProvider &&
|