@azure/msal-browser 5.12.0 → 5.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +89 -16
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +3 -3
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -4
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +4 -4
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +12 -9
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +2 -2
- package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +41 -19
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
- package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +12 -26
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1199 -1195
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +7 -3
- package/lib/custom-auth-path/msal-custom-auth.cjs +343 -201
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +343 -201
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +7 -3
- package/lib/msal-browser.cjs +359 -204
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +359 -204
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +141 -34
- package/src/config/Configuration.ts +6 -0
- package/src/controllers/StandardController.ts +6 -6
- package/src/interaction_client/BaseInteractionClient.ts +12 -1
- package/src/interaction_client/PlatformAuthInteractionClient.ts +9 -3
- package/src/interaction_client/PopupClient.ts +9 -3
- package/src/interaction_client/RedirectClient.ts +27 -8
- package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
- package/src/interaction_client/SilentCacheClient.ts +3 -1
- package/src/interaction_client/SilentIframeClient.ts +94 -58
- package/src/interaction_client/SilentRefreshClient.ts +3 -1
- package/src/interaction_handler/SilentHandler.ts +11 -32
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
- package/types/cache/BrowserCacheManager.d.ts +18 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +5 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
- package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts +13 -6
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
package/lib/msal-browser.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.13.0 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.
|
|
9
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
// Token renewal offset default in seconds
|
|
239
239
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
240
240
|
|
|
241
|
-
/*! @azure/msal-common v16.
|
|
241
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
242
242
|
/*
|
|
243
243
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
244
244
|
* Licensed under the MIT License.
|
|
@@ -290,7 +290,7 @@
|
|
|
290
290
|
const RESOURCE = "resource";
|
|
291
291
|
const CLI_DATA = "clidata";
|
|
292
292
|
|
|
293
|
-
/*! @azure/msal-common v16.
|
|
293
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
294
294
|
/*
|
|
295
295
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
296
296
|
* Licensed under the MIT License.
|
|
@@ -321,7 +321,7 @@
|
|
|
321
321
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
322
322
|
}
|
|
323
323
|
|
|
324
|
-
/*! @azure/msal-common v16.
|
|
324
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
325
325
|
|
|
326
326
|
/*
|
|
327
327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -341,7 +341,7 @@
|
|
|
341
341
|
return new ClientConfigurationError(errorCode);
|
|
342
342
|
}
|
|
343
343
|
|
|
344
|
-
/*! @azure/msal-common v16.
|
|
344
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
345
345
|
/*
|
|
346
346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
347
347
|
* Licensed under the MIT License.
|
|
@@ -421,7 +421,7 @@
|
|
|
421
421
|
}
|
|
422
422
|
}
|
|
423
423
|
|
|
424
|
-
/*! @azure/msal-common v16.
|
|
424
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
425
425
|
|
|
426
426
|
/*
|
|
427
427
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -444,7 +444,7 @@
|
|
|
444
444
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
445
445
|
}
|
|
446
446
|
|
|
447
|
-
/*! @azure/msal-common v16.
|
|
447
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
448
448
|
/*
|
|
449
449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
450
450
|
* Licensed under the MIT License.
|
|
@@ -502,7 +502,7 @@
|
|
|
502
502
|
urlParseError: urlParseError
|
|
503
503
|
});
|
|
504
504
|
|
|
505
|
-
/*! @azure/msal-common v16.
|
|
505
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
506
506
|
/*
|
|
507
507
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
508
508
|
* Licensed under the MIT License.
|
|
@@ -590,7 +590,7 @@
|
|
|
590
590
|
userCanceled: userCanceled
|
|
591
591
|
});
|
|
592
592
|
|
|
593
|
-
/*! @azure/msal-common v16.
|
|
593
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
594
594
|
|
|
595
595
|
/*
|
|
596
596
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -785,7 +785,7 @@
|
|
|
785
785
|
}
|
|
786
786
|
}
|
|
787
787
|
|
|
788
|
-
/*! @azure/msal-common v16.
|
|
788
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
789
789
|
|
|
790
790
|
/*
|
|
791
791
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1134,8 +1134,14 @@
|
|
|
1134
1134
|
* @param serverTelemetryManager
|
|
1135
1135
|
*/
|
|
1136
1136
|
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
1137
|
-
|
|
1138
|
-
|
|
1137
|
+
const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
|
|
1138
|
+
const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
|
|
1139
|
+
if (currentTelemetryHeader) {
|
|
1140
|
+
parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
|
|
1141
|
+
}
|
|
1142
|
+
if (lastTelemetryHeader) {
|
|
1143
|
+
parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
|
|
1144
|
+
}
|
|
1139
1145
|
}
|
|
1140
1146
|
/**
|
|
1141
1147
|
* Adds parameter that indicates to the server that throttling is supported
|
|
@@ -1174,34 +1180,12 @@
|
|
|
1174
1180
|
}
|
|
1175
1181
|
}
|
|
1176
1182
|
|
|
1177
|
-
/*! @azure/msal-common v16.
|
|
1183
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1178
1184
|
|
|
1179
1185
|
/*
|
|
1180
1186
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1181
1187
|
* Licensed under the MIT License.
|
|
1182
1188
|
*/
|
|
1183
|
-
/**
|
|
1184
|
-
* Canonicalizes a URL by making it lowercase and ensuring it ends with /
|
|
1185
|
-
* Inlined version of UrlString.canonicalizeUri to avoid circular dependency
|
|
1186
|
-
* @param url - URL to canonicalize
|
|
1187
|
-
* @returns Canonicalized URL
|
|
1188
|
-
*/
|
|
1189
|
-
function canonicalizeUrl(url) {
|
|
1190
|
-
if (!url) {
|
|
1191
|
-
return url;
|
|
1192
|
-
}
|
|
1193
|
-
let lowerCaseUrl = url.toLowerCase();
|
|
1194
|
-
if (StringUtils.endsWith(lowerCaseUrl, "?")) {
|
|
1195
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -1);
|
|
1196
|
-
}
|
|
1197
|
-
else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
|
|
1198
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -2);
|
|
1199
|
-
}
|
|
1200
|
-
if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
|
|
1201
|
-
lowerCaseUrl += "/";
|
|
1202
|
-
}
|
|
1203
|
-
return lowerCaseUrl;
|
|
1204
|
-
}
|
|
1205
1189
|
/**
|
|
1206
1190
|
* Parses hash string from given string. Returns empty string if no hash symbol is found.
|
|
1207
1191
|
* @param hashString
|
|
@@ -1254,36 +1238,71 @@
|
|
|
1254
1238
|
return queryParameterArray.join("&");
|
|
1255
1239
|
}
|
|
1256
1240
|
/**
|
|
1257
|
-
* Normalizes URLs for comparison
|
|
1258
|
-
*
|
|
1259
|
-
*
|
|
1241
|
+
* Normalizes URLs for comparison per MDN & RFC 3986 standards:
|
|
1242
|
+
* - Hash/fragment is removed
|
|
1243
|
+
* - Scheme and host are lowercased (case-insensitive per spec)
|
|
1244
|
+
* - Path and query parameters preserve original casing (case-sensitive per spec)
|
|
1245
|
+
* - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
|
|
1246
|
+
* - Ensures pathname ends with /
|
|
1247
|
+
* Throws a urlParseError if the provided URL is malformed and cannot be parsed.
|
|
1260
1248
|
* @param url - URL to normalize
|
|
1249
|
+
* @param logger - Optional logger used to log parse failures
|
|
1250
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1261
1251
|
* @returns Normalized URL string for comparison
|
|
1262
1252
|
*/
|
|
1263
|
-
function normalizeUrlForComparison(url) {
|
|
1253
|
+
function normalizeUrlForComparison(url, logger, correlationId) {
|
|
1264
1254
|
if (!url) {
|
|
1265
1255
|
return url;
|
|
1266
1256
|
}
|
|
1267
|
-
// Remove hash first
|
|
1268
1257
|
const urlWithoutHash = url.split("#")[0];
|
|
1258
|
+
if (!urlWithoutHash) {
|
|
1259
|
+
return urlWithoutHash;
|
|
1260
|
+
}
|
|
1269
1261
|
try {
|
|
1270
|
-
// Parse the URL to handle encoding consistently
|
|
1271
1262
|
const urlObj = new URL(urlWithoutHash);
|
|
1272
|
-
|
|
1273
|
-
|
|
1274
|
-
|
|
1275
|
-
|
|
1276
|
-
|
|
1277
|
-
|
|
1278
|
-
|
|
1263
|
+
// Treat an empty query string (a bare trailing "?") as equivalent to no query
|
|
1264
|
+
if (!urlObj.search) {
|
|
1265
|
+
urlObj.search = "";
|
|
1266
|
+
}
|
|
1267
|
+
// Decode the pathname to normalize percent-encoding and ensure trailing slash
|
|
1268
|
+
let pathname;
|
|
1269
|
+
try {
|
|
1270
|
+
pathname = decodeURIComponent(urlObj.pathname);
|
|
1271
|
+
}
|
|
1272
|
+
catch (e) {
|
|
1273
|
+
pathname = urlObj.pathname;
|
|
1274
|
+
}
|
|
1275
|
+
if (!pathname.endsWith("/")) {
|
|
1276
|
+
pathname += "/";
|
|
1277
|
+
}
|
|
1278
|
+
urlObj.pathname = pathname;
|
|
1279
|
+
return urlObj.href;
|
|
1280
|
+
}
|
|
1281
|
+
catch (e) {
|
|
1282
|
+
logger?.error("15apdm", correlationId || "");
|
|
1283
|
+
throw createClientConfigurationError(urlParseError);
|
|
1284
|
+
}
|
|
1285
|
+
}
|
|
1286
|
+
/**
|
|
1287
|
+
* Validates that the provided value is a well-formed, parseable absolute URL.
|
|
1288
|
+
* Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
|
|
1289
|
+
* literal string "null", an empty string, or any malformed/relative URL). Use this
|
|
1290
|
+
* to guard against persisting an invalid value (such as a redirect URL) to the cache.
|
|
1291
|
+
* @param url - URL to validate
|
|
1292
|
+
* @param logger - Optional logger used to log validation failures
|
|
1293
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1294
|
+
*/
|
|
1295
|
+
function validateUrl(url, logger, correlationId) {
|
|
1296
|
+
try {
|
|
1297
|
+
new URL(url);
|
|
1279
1298
|
}
|
|
1280
1299
|
catch (e) {
|
|
1281
|
-
|
|
1282
|
-
|
|
1300
|
+
logger?.error("1lrjz7", correlationId || "");
|
|
1301
|
+
throw createClientConfigurationError(urlParseError);
|
|
1283
1302
|
}
|
|
1284
1303
|
}
|
|
1285
1304
|
|
|
1286
|
-
/*! @azure/msal-common v16.
|
|
1305
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1287
1306
|
|
|
1288
1307
|
/*
|
|
1289
1308
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1322,7 +1341,7 @@
|
|
|
1322
1341
|
},
|
|
1323
1342
|
};
|
|
1324
1343
|
|
|
1325
|
-
/*! @azure/msal-common v16.
|
|
1344
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1326
1345
|
/*
|
|
1327
1346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1328
1347
|
* Licensed under the MIT License.
|
|
@@ -1370,7 +1389,7 @@
|
|
|
1370
1389
|
// Remove LRU (first entry) if capacity exceeded
|
|
1371
1390
|
if (correlationCache.size > CACHE_CAPACITY) {
|
|
1372
1391
|
const firstKey = correlationCache.keys().next().value;
|
|
1373
|
-
if (firstKey) {
|
|
1392
|
+
if (firstKey !== undefined) {
|
|
1374
1393
|
correlationCache.delete(firstKey);
|
|
1375
1394
|
}
|
|
1376
1395
|
}
|
|
@@ -1597,12 +1616,12 @@
|
|
|
1597
1616
|
}
|
|
1598
1617
|
}
|
|
1599
1618
|
|
|
1600
|
-
/*! @azure/msal-common v16.
|
|
1619
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1601
1620
|
/* eslint-disable header/header */
|
|
1602
1621
|
const name$1 = "@azure/msal-common";
|
|
1603
|
-
const version$1 = "16.
|
|
1622
|
+
const version$1 = "16.8.0";
|
|
1604
1623
|
|
|
1605
|
-
/*! @azure/msal-common v16.
|
|
1624
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1606
1625
|
/*
|
|
1607
1626
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1608
1627
|
* Licensed under the MIT License.
|
|
@@ -1622,7 +1641,7 @@
|
|
|
1622
1641
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1623
1642
|
};
|
|
1624
1643
|
|
|
1625
|
-
/*! @azure/msal-common v16.
|
|
1644
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1626
1645
|
/*
|
|
1627
1646
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1628
1647
|
* Licensed under the MIT License.
|
|
@@ -1705,7 +1724,7 @@
|
|
|
1705
1724
|
return updatedAccountInfo;
|
|
1706
1725
|
}
|
|
1707
1726
|
|
|
1708
|
-
/*! @azure/msal-common v16.
|
|
1727
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1709
1728
|
|
|
1710
1729
|
/*
|
|
1711
1730
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1785,7 +1804,7 @@
|
|
|
1785
1804
|
}
|
|
1786
1805
|
}
|
|
1787
1806
|
|
|
1788
|
-
/*! @azure/msal-common v16.
|
|
1807
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1789
1808
|
|
|
1790
1809
|
/*
|
|
1791
1810
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1942,7 +1961,7 @@
|
|
|
1942
1961
|
}
|
|
1943
1962
|
}
|
|
1944
1963
|
|
|
1945
|
-
/*! @azure/msal-common v16.
|
|
1964
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1946
1965
|
|
|
1947
1966
|
/*
|
|
1948
1967
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2108,7 +2127,7 @@
|
|
|
2108
2127
|
return null;
|
|
2109
2128
|
}
|
|
2110
2129
|
|
|
2111
|
-
/*! @azure/msal-common v16.
|
|
2130
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2112
2131
|
/*
|
|
2113
2132
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2114
2133
|
* Licensed under the MIT License.
|
|
@@ -2116,7 +2135,7 @@
|
|
|
2116
2135
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2117
2136
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2118
2137
|
|
|
2119
|
-
/*! @azure/msal-common v16.
|
|
2138
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2120
2139
|
|
|
2121
2140
|
/*
|
|
2122
2141
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2154,7 +2173,7 @@
|
|
|
2154
2173
|
}
|
|
2155
2174
|
}
|
|
2156
2175
|
|
|
2157
|
-
/*! @azure/msal-common v16.
|
|
2176
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2158
2177
|
|
|
2159
2178
|
/*
|
|
2160
2179
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2192,7 +2211,7 @@
|
|
|
2192
2211
|
};
|
|
2193
2212
|
}
|
|
2194
2213
|
|
|
2195
|
-
/*! @azure/msal-common v16.
|
|
2214
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2196
2215
|
/*
|
|
2197
2216
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2198
2217
|
* Licensed under the MIT License.
|
|
@@ -2207,7 +2226,7 @@
|
|
|
2207
2226
|
Ciam: 3,
|
|
2208
2227
|
};
|
|
2209
2228
|
|
|
2210
|
-
/*! @azure/msal-common v16.
|
|
2229
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2211
2230
|
/*
|
|
2212
2231
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2213
2232
|
* Licensed under the MIT License.
|
|
@@ -2229,7 +2248,7 @@
|
|
|
2229
2248
|
return null;
|
|
2230
2249
|
}
|
|
2231
2250
|
|
|
2232
|
-
/*! @azure/msal-common v16.
|
|
2251
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2233
2252
|
/*
|
|
2234
2253
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2235
2254
|
* Licensed under the MIT License.
|
|
@@ -2253,7 +2272,7 @@
|
|
|
2253
2272
|
EAR: "EAR",
|
|
2254
2273
|
};
|
|
2255
2274
|
|
|
2256
|
-
/*! @azure/msal-common v16.
|
|
2275
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2257
2276
|
/**
|
|
2258
2277
|
* Returns the AccountInfo interface for this account.
|
|
2259
2278
|
*/
|
|
@@ -2428,7 +2447,7 @@
|
|
|
2428
2447
|
entity.hasOwnProperty("authorityType"));
|
|
2429
2448
|
}
|
|
2430
2449
|
|
|
2431
|
-
/*! @azure/msal-common v16.
|
|
2450
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2432
2451
|
|
|
2433
2452
|
/*
|
|
2434
2453
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3560,7 +3579,7 @@
|
|
|
3560
3579
|
}
|
|
3561
3580
|
}
|
|
3562
3581
|
|
|
3563
|
-
/*! @azure/msal-common v16.
|
|
3582
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3564
3583
|
/*
|
|
3565
3584
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3566
3585
|
* Licensed under the MIT License.
|
|
@@ -3603,7 +3622,20 @@
|
|
|
3603
3622
|
"currAccessCount",
|
|
3604
3623
|
"currIdCount",
|
|
3605
3624
|
"currRefreshCount",
|
|
3606
|
-
"
|
|
3625
|
+
"ttlExpiredAcntCount",
|
|
3626
|
+
"ttlExpiredITCount",
|
|
3627
|
+
"ttlExpiredATCount",
|
|
3628
|
+
"ttlExpiredRTCount",
|
|
3629
|
+
"decryptFailedAcntCount",
|
|
3630
|
+
"decryptFailedITCount",
|
|
3631
|
+
"decryptFailedATCount",
|
|
3632
|
+
"decryptFailedRTCount",
|
|
3633
|
+
"invalidAcntCount",
|
|
3634
|
+
"invalidITCount",
|
|
3635
|
+
"invalidATCount",
|
|
3636
|
+
"invalidRTCount",
|
|
3637
|
+
"expiredATCount",
|
|
3638
|
+
"expiredRTCount",
|
|
3607
3639
|
"upgradedCacheCount",
|
|
3608
3640
|
"cacheMatchedAccounts",
|
|
3609
3641
|
"networkRtt",
|
|
@@ -3611,7 +3643,7 @@
|
|
|
3611
3643
|
"redirectBridgeMessageVersion",
|
|
3612
3644
|
]);
|
|
3613
3645
|
|
|
3614
|
-
/*! @azure/msal-common v16.
|
|
3646
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3615
3647
|
|
|
3616
3648
|
/*
|
|
3617
3649
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3666,7 +3698,7 @@
|
|
|
3666
3698
|
}
|
|
3667
3699
|
}
|
|
3668
3700
|
|
|
3669
|
-
/*! @azure/msal-common v16.
|
|
3701
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3670
3702
|
|
|
3671
3703
|
/*
|
|
3672
3704
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3761,7 +3793,7 @@
|
|
|
3761
3793
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3762
3794
|
}
|
|
3763
3795
|
|
|
3764
|
-
/*! @azure/msal-common v16.
|
|
3796
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3765
3797
|
/*
|
|
3766
3798
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3767
3799
|
* Licensed under the MIT License.
|
|
@@ -3788,7 +3820,7 @@
|
|
|
3788
3820
|
}
|
|
3789
3821
|
}
|
|
3790
3822
|
|
|
3791
|
-
/*! @azure/msal-common v16.
|
|
3823
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3792
3824
|
/*
|
|
3793
3825
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3794
3826
|
* Licensed under the MIT License.
|
|
@@ -3853,7 +3885,7 @@
|
|
|
3853
3885
|
return cachedAtSec > nowSeconds();
|
|
3854
3886
|
}
|
|
3855
3887
|
|
|
3856
|
-
/*! @azure/msal-common v16.
|
|
3888
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3857
3889
|
|
|
3858
3890
|
/*
|
|
3859
3891
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4112,7 +4144,7 @@
|
|
|
4112
4144
|
return metadata.expiresAt <= nowSeconds();
|
|
4113
4145
|
}
|
|
4114
4146
|
|
|
4115
|
-
/*! @azure/msal-common v16.
|
|
4147
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4116
4148
|
/*
|
|
4117
4149
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4118
4150
|
* Licensed under the MIT License.
|
|
@@ -4183,7 +4215,7 @@
|
|
|
4183
4215
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4184
4216
|
const SetUserData = "setUserData";
|
|
4185
4217
|
|
|
4186
|
-
/*! @azure/msal-common v16.
|
|
4218
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4187
4219
|
/*
|
|
4188
4220
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4189
4221
|
* Licensed under the MIT License.
|
|
@@ -4276,7 +4308,7 @@
|
|
|
4276
4308
|
};
|
|
4277
4309
|
};
|
|
4278
4310
|
|
|
4279
|
-
/*! @azure/msal-common v16.
|
|
4311
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4280
4312
|
|
|
4281
4313
|
/*
|
|
4282
4314
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4356,7 +4388,7 @@
|
|
|
4356
4388
|
}
|
|
4357
4389
|
}
|
|
4358
4390
|
|
|
4359
|
-
/*! @azure/msal-common v16.
|
|
4391
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4360
4392
|
/*
|
|
4361
4393
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4362
4394
|
* Licensed under the MIT License.
|
|
@@ -4420,7 +4452,7 @@
|
|
|
4420
4452
|
uiNotAllowed: uiNotAllowed
|
|
4421
4453
|
});
|
|
4422
4454
|
|
|
4423
|
-
/*! @azure/msal-common v16.
|
|
4455
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4424
4456
|
|
|
4425
4457
|
/*
|
|
4426
4458
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4488,7 +4520,7 @@
|
|
|
4488
4520
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4489
4521
|
}
|
|
4490
4522
|
|
|
4491
|
-
/*! @azure/msal-common v16.
|
|
4523
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4492
4524
|
|
|
4493
4525
|
/*
|
|
4494
4526
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4507,7 +4539,7 @@
|
|
|
4507
4539
|
}
|
|
4508
4540
|
}
|
|
4509
4541
|
|
|
4510
|
-
/*! @azure/msal-common v16.
|
|
4542
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4511
4543
|
|
|
4512
4544
|
/*
|
|
4513
4545
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4575,7 +4607,7 @@
|
|
|
4575
4607
|
}
|
|
4576
4608
|
}
|
|
4577
4609
|
|
|
4578
|
-
/*! @azure/msal-common v16.
|
|
4610
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4579
4611
|
|
|
4580
4612
|
/*
|
|
4581
4613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4923,7 +4955,7 @@
|
|
|
4923
4955
|
return baseAccount;
|
|
4924
4956
|
}
|
|
4925
4957
|
|
|
4926
|
-
/*! @azure/msal-common v16.
|
|
4958
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4927
4959
|
/*
|
|
4928
4960
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4929
4961
|
* Licensed under the MIT License.
|
|
@@ -4933,7 +4965,7 @@
|
|
|
4933
4965
|
UPN: "UPN",
|
|
4934
4966
|
};
|
|
4935
4967
|
|
|
4936
|
-
/*! @azure/msal-common v16.
|
|
4968
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4937
4969
|
/*
|
|
4938
4970
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4939
4971
|
* Licensed under the MIT License.
|
|
@@ -4951,7 +4983,7 @@
|
|
|
4951
4983
|
}
|
|
4952
4984
|
}
|
|
4953
4985
|
|
|
4954
|
-
/*! @azure/msal-common v16.
|
|
4986
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4955
4987
|
/*
|
|
4956
4988
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4957
4989
|
* Licensed under the MIT License.
|
|
@@ -4972,7 +5004,7 @@
|
|
|
4972
5004
|
};
|
|
4973
5005
|
}
|
|
4974
5006
|
|
|
4975
|
-
/*! @azure/msal-common v16.
|
|
5007
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4976
5008
|
|
|
4977
5009
|
/*
|
|
4978
5010
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5058,7 +5090,7 @@
|
|
|
5058
5090
|
}
|
|
5059
5091
|
}
|
|
5060
5092
|
|
|
5061
|
-
/*! @azure/msal-common v16.
|
|
5093
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5062
5094
|
|
|
5063
5095
|
/*
|
|
5064
5096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5089,7 +5121,7 @@
|
|
|
5089
5121
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5090
5122
|
}
|
|
5091
5123
|
|
|
5092
|
-
/*! @azure/msal-common v16.
|
|
5124
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5093
5125
|
|
|
5094
5126
|
/*
|
|
5095
5127
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5203,7 +5235,7 @@
|
|
|
5203
5235
|
return response;
|
|
5204
5236
|
}
|
|
5205
5237
|
|
|
5206
|
-
/*! @azure/msal-common v16.
|
|
5238
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5207
5239
|
/*
|
|
5208
5240
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5209
5241
|
* Licensed under the MIT License.
|
|
@@ -5215,7 +5247,7 @@
|
|
|
5215
5247
|
response.hasOwnProperty("jwks_uri"));
|
|
5216
5248
|
}
|
|
5217
5249
|
|
|
5218
|
-
/*! @azure/msal-common v16.
|
|
5250
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5219
5251
|
/*
|
|
5220
5252
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5221
5253
|
* Licensed under the MIT License.
|
|
@@ -5225,7 +5257,7 @@
|
|
|
5225
5257
|
response.hasOwnProperty("metadata"));
|
|
5226
5258
|
}
|
|
5227
5259
|
|
|
5228
|
-
/*! @azure/msal-common v16.
|
|
5260
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5229
5261
|
/*
|
|
5230
5262
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5231
5263
|
* Licensed under the MIT License.
|
|
@@ -5235,7 +5267,7 @@
|
|
|
5235
5267
|
response.hasOwnProperty("error_description"));
|
|
5236
5268
|
}
|
|
5237
5269
|
|
|
5238
|
-
/*! @azure/msal-common v16.
|
|
5270
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5239
5271
|
|
|
5240
5272
|
/*
|
|
5241
5273
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5340,7 +5372,7 @@
|
|
|
5340
5372
|
},
|
|
5341
5373
|
};
|
|
5342
5374
|
|
|
5343
|
-
/*! @azure/msal-common v16.
|
|
5375
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5344
5376
|
|
|
5345
5377
|
/*
|
|
5346
5378
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6308,7 +6340,7 @@
|
|
|
6308
6340
|
};
|
|
6309
6341
|
}
|
|
6310
6342
|
|
|
6311
|
-
/*! @azure/msal-common v16.
|
|
6343
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6312
6344
|
|
|
6313
6345
|
/*
|
|
6314
6346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6342,7 +6374,7 @@
|
|
|
6342
6374
|
}
|
|
6343
6375
|
}
|
|
6344
6376
|
|
|
6345
|
-
/*! @azure/msal-common v16.
|
|
6377
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6346
6378
|
|
|
6347
6379
|
/*
|
|
6348
6380
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6599,7 +6631,7 @@
|
|
|
6599
6631
|
}
|
|
6600
6632
|
}
|
|
6601
6633
|
|
|
6602
|
-
/*! @azure/msal-common v16.
|
|
6634
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6603
6635
|
|
|
6604
6636
|
/*
|
|
6605
6637
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6820,7 +6852,7 @@
|
|
|
6820
6852
|
}
|
|
6821
6853
|
}
|
|
6822
6854
|
|
|
6823
|
-
/*! @azure/msal-common v16.
|
|
6855
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6824
6856
|
|
|
6825
6857
|
/*
|
|
6826
6858
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6936,7 +6968,7 @@
|
|
|
6936
6968
|
}
|
|
6937
6969
|
}
|
|
6938
6970
|
|
|
6939
|
-
/*! @azure/msal-common v16.
|
|
6971
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6940
6972
|
|
|
6941
6973
|
/*
|
|
6942
6974
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6951,7 +6983,7 @@
|
|
|
6951
6983
|
},
|
|
6952
6984
|
};
|
|
6953
6985
|
|
|
6954
|
-
/*! @azure/msal-common v16.
|
|
6986
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6955
6987
|
|
|
6956
6988
|
/*
|
|
6957
6989
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7174,7 +7206,7 @@
|
|
|
7174
7206
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7175
7207
|
}
|
|
7176
7208
|
|
|
7177
|
-
/*! @azure/msal-common v16.
|
|
7209
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7178
7210
|
|
|
7179
7211
|
/*
|
|
7180
7212
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7207,7 +7239,7 @@
|
|
|
7207
7239
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7208
7240
|
}
|
|
7209
7241
|
|
|
7210
|
-
/*! @azure/msal-common v16.
|
|
7242
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7211
7243
|
|
|
7212
7244
|
/*
|
|
7213
7245
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7265,7 +7297,7 @@
|
|
|
7265
7297
|
}
|
|
7266
7298
|
}
|
|
7267
7299
|
|
|
7268
|
-
/*! @azure/msal-common v16.
|
|
7300
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7269
7301
|
/*
|
|
7270
7302
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7271
7303
|
* Licensed under the MIT License.
|
|
@@ -7282,7 +7314,7 @@
|
|
|
7282
7314
|
unexpectedError: unexpectedError
|
|
7283
7315
|
});
|
|
7284
7316
|
|
|
7285
|
-
/*! @azure/msal-common v16.
|
|
7317
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7286
7318
|
|
|
7287
7319
|
/*
|
|
7288
7320
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7393,35 +7425,40 @@
|
|
|
7393
7425
|
* @param error
|
|
7394
7426
|
*/
|
|
7395
7427
|
cacheFailedRequest(error) {
|
|
7396
|
-
|
|
7397
|
-
|
|
7398
|
-
|
|
7399
|
-
|
|
7400
|
-
|
|
7401
|
-
|
|
7402
|
-
|
|
7403
|
-
|
|
7404
|
-
|
|
7405
|
-
|
|
7406
|
-
if (error instanceof
|
|
7407
|
-
if (error
|
|
7408
|
-
|
|
7409
|
-
|
|
7410
|
-
|
|
7411
|
-
|
|
7428
|
+
try {
|
|
7429
|
+
const lastRequests = this.getLastRequests();
|
|
7430
|
+
if (lastRequests.errors.length >=
|
|
7431
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
7432
|
+
// Remove a cached error to make room, first in first out
|
|
7433
|
+
lastRequests.failedRequests.shift(); // apiId
|
|
7434
|
+
lastRequests.failedRequests.shift(); // correlationId
|
|
7435
|
+
lastRequests.errors.shift();
|
|
7436
|
+
}
|
|
7437
|
+
lastRequests.failedRequests.push(this.apiId, this.correlationId);
|
|
7438
|
+
if (error instanceof Error && !!error && error.toString()) {
|
|
7439
|
+
if (error instanceof AuthError) {
|
|
7440
|
+
if (error.subError) {
|
|
7441
|
+
lastRequests.errors.push(error.subError);
|
|
7442
|
+
}
|
|
7443
|
+
else if (error.errorCode) {
|
|
7444
|
+
lastRequests.errors.push(error.errorCode);
|
|
7445
|
+
}
|
|
7446
|
+
else {
|
|
7447
|
+
lastRequests.errors.push(error.toString());
|
|
7448
|
+
}
|
|
7412
7449
|
}
|
|
7413
7450
|
else {
|
|
7414
7451
|
lastRequests.errors.push(error.toString());
|
|
7415
7452
|
}
|
|
7416
7453
|
}
|
|
7417
7454
|
else {
|
|
7418
|
-
lastRequests.errors.push(
|
|
7455
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
7419
7456
|
}
|
|
7457
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7420
7458
|
}
|
|
7421
|
-
|
|
7422
|
-
|
|
7459
|
+
catch {
|
|
7460
|
+
// Ignore telemetry cache failures to avoid masking the original auth error path.
|
|
7423
7461
|
}
|
|
7424
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7425
7462
|
return;
|
|
7426
7463
|
}
|
|
7427
7464
|
/**
|
|
@@ -7541,9 +7578,36 @@
|
|
|
7541
7578
|
static makeExtraSkuString(params) {
|
|
7542
7579
|
return makeExtraSkuString(params);
|
|
7543
7580
|
}
|
|
7581
|
+
}
|
|
7582
|
+
/** @internal */
|
|
7583
|
+
class StubServerTelemetryManager extends ServerTelemetryManager {
|
|
7584
|
+
constructor() {
|
|
7585
|
+
super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
|
|
7586
|
+
}
|
|
7587
|
+
generateCurrentRequestHeaderValue() {
|
|
7588
|
+
return "";
|
|
7589
|
+
}
|
|
7590
|
+
generateLastRequestHeaderValue() {
|
|
7591
|
+
return "";
|
|
7592
|
+
}
|
|
7593
|
+
cacheFailedRequest() { }
|
|
7594
|
+
incrementCacheHits() {
|
|
7595
|
+
return 0;
|
|
7596
|
+
}
|
|
7597
|
+
clearTelemetryCache() { }
|
|
7598
|
+
getRegionDiscoveryFields() {
|
|
7599
|
+
return "";
|
|
7600
|
+
}
|
|
7601
|
+
updateRegionDiscoveryMetadata() { }
|
|
7602
|
+
setCacheOutcome() { }
|
|
7603
|
+
setNativeBrokerErrorCode() { }
|
|
7604
|
+
getNativeBrokerErrorCode() {
|
|
7605
|
+
return undefined;
|
|
7606
|
+
}
|
|
7607
|
+
clearNativeBrokerErrorCode() { }
|
|
7544
7608
|
}
|
|
7545
7609
|
|
|
7546
|
-
/*! @azure/msal-common v16.
|
|
7610
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7547
7611
|
|
|
7548
7612
|
/*
|
|
7549
7613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7564,7 +7628,7 @@
|
|
|
7564
7628
|
return new JoseHeaderError(code);
|
|
7565
7629
|
}
|
|
7566
7630
|
|
|
7567
|
-
/*! @azure/msal-common v16.
|
|
7631
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7568
7632
|
/*
|
|
7569
7633
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7570
7634
|
* Licensed under the MIT License.
|
|
@@ -7572,7 +7636,7 @@
|
|
|
7572
7636
|
const missingKidError = "missing_kid_error";
|
|
7573
7637
|
const missingAlgError = "missing_alg_error";
|
|
7574
7638
|
|
|
7575
|
-
/*! @azure/msal-common v16.
|
|
7639
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7576
7640
|
|
|
7577
7641
|
/*
|
|
7578
7642
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7612,7 +7676,7 @@
|
|
|
7612
7676
|
}
|
|
7613
7677
|
}
|
|
7614
7678
|
|
|
7615
|
-
/*! @azure/msal-common v16.
|
|
7679
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7616
7680
|
|
|
7617
7681
|
/*
|
|
7618
7682
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8225,7 +8289,6 @@
|
|
|
8225
8289
|
*/
|
|
8226
8290
|
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8227
8291
|
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8228
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8229
8292
|
/**
|
|
8230
8293
|
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8231
8294
|
*/
|
|
@@ -10560,7 +10623,7 @@
|
|
|
10560
10623
|
|
|
10561
10624
|
/* eslint-disable header/header */
|
|
10562
10625
|
const name = "@azure/msal-browser";
|
|
10563
|
-
const version = "5.
|
|
10626
|
+
const version = "5.13.0";
|
|
10564
10627
|
|
|
10565
10628
|
/*
|
|
10566
10629
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10582,6 +10645,15 @@
|
|
|
10582
10645
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
10583
10646
|
* Licensed under the MIT License.
|
|
10584
10647
|
*/
|
|
10648
|
+
/**
|
|
10649
|
+
* Reason an old-schema cache entry was removed during migration.
|
|
10650
|
+
*/
|
|
10651
|
+
const MigrationRemovalReason = {
|
|
10652
|
+
Invalid: "invalid",
|
|
10653
|
+
TtlExpired: "ttlExpired",
|
|
10654
|
+
DecryptFailed: "decryptFailed",
|
|
10655
|
+
Expired: "expired",
|
|
10656
|
+
};
|
|
10585
10657
|
/**
|
|
10586
10658
|
* This class implements the cache storage interface for MSAL through browser local or session storage.
|
|
10587
10659
|
*/
|
|
@@ -10651,7 +10723,10 @@
|
|
|
10651
10723
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10652
10724
|
if (!parsedValue) {
|
|
10653
10725
|
this.browserStorage.removeItem(key);
|
|
10654
|
-
return
|
|
10726
|
+
return {
|
|
10727
|
+
entry: null,
|
|
10728
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
10729
|
+
};
|
|
10655
10730
|
}
|
|
10656
10731
|
if (!parsedValue.lastUpdatedAt) {
|
|
10657
10732
|
// Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
|
|
@@ -10660,26 +10735,42 @@
|
|
|
10660
10735
|
}
|
|
10661
10736
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
10662
10737
|
this.browserStorage.removeItem(key);
|
|
10663
|
-
|
|
10664
|
-
|
|
10738
|
+
return {
|
|
10739
|
+
entry: null,
|
|
10740
|
+
removalReason: MigrationRemovalReason.TtlExpired,
|
|
10741
|
+
};
|
|
10665
10742
|
}
|
|
10666
|
-
const
|
|
10743
|
+
const wasEncrypted = isEncrypted(parsedValue);
|
|
10744
|
+
const decryptedData = wasEncrypted
|
|
10667
10745
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
10668
10746
|
: parsedValue;
|
|
10669
|
-
if (!decryptedData
|
|
10747
|
+
if (!decryptedData) {
|
|
10670
10748
|
this.browserStorage.removeItem(key);
|
|
10671
|
-
|
|
10672
|
-
|
|
10749
|
+
return {
|
|
10750
|
+
entry: null,
|
|
10751
|
+
removalReason: wasEncrypted
|
|
10752
|
+
? MigrationRemovalReason.DecryptFailed
|
|
10753
|
+
: MigrationRemovalReason.Invalid,
|
|
10754
|
+
};
|
|
10755
|
+
}
|
|
10756
|
+
if (!isCredentialEntity(decryptedData)) {
|
|
10757
|
+
this.browserStorage.removeItem(key);
|
|
10758
|
+
return {
|
|
10759
|
+
entry: null,
|
|
10760
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
10761
|
+
};
|
|
10673
10762
|
}
|
|
10674
10763
|
if ((isAccessTokenEntity(decryptedData) ||
|
|
10675
10764
|
isRefreshTokenEntity(decryptedData)) &&
|
|
10676
10765
|
decryptedData.expiresOn &&
|
|
10677
10766
|
isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
|
|
10678
10767
|
this.browserStorage.removeItem(key);
|
|
10679
|
-
|
|
10680
|
-
|
|
10768
|
+
return {
|
|
10769
|
+
entry: null,
|
|
10770
|
+
removalReason: MigrationRemovalReason.Expired,
|
|
10771
|
+
};
|
|
10681
10772
|
}
|
|
10682
|
-
return decryptedData;
|
|
10773
|
+
return { entry: decryptedData };
|
|
10683
10774
|
}
|
|
10684
10775
|
/**
|
|
10685
10776
|
* Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
|
|
@@ -10699,6 +10790,7 @@
|
|
|
10699
10790
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
10700
10791
|
if (!parsedValue) {
|
|
10701
10792
|
this.browserStorage.removeItem(accountKey);
|
|
10793
|
+
this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
|
|
10702
10794
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10703
10795
|
continue;
|
|
10704
10796
|
}
|
|
@@ -10711,6 +10803,7 @@
|
|
|
10711
10803
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
10712
10804
|
// Cache expired remove account and associated tokens
|
|
10713
10805
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
10806
|
+
this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
|
|
10714
10807
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10715
10808
|
}
|
|
10716
10809
|
else if (isEncrypted(parsedValue)) {
|
|
@@ -10718,7 +10811,9 @@
|
|
|
10718
10811
|
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
10719
10812
|
if (!decrypted) {
|
|
10720
10813
|
this.browserStorage.removeItem(accountKey);
|
|
10721
|
-
this.performanceClient.incrementFields({
|
|
10814
|
+
this.performanceClient.incrementFields({
|
|
10815
|
+
decryptFailedAcntCount: 1,
|
|
10816
|
+
}, correlationId);
|
|
10722
10817
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
10723
10818
|
}
|
|
10724
10819
|
}
|
|
@@ -10759,7 +10854,6 @@
|
|
|
10759
10854
|
});
|
|
10760
10855
|
this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
|
|
10761
10856
|
}
|
|
10762
|
-
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
10763
10857
|
this.browserStorage.removeItem(accountKey);
|
|
10764
10858
|
}
|
|
10765
10859
|
/**
|
|
@@ -10798,8 +10892,20 @@
|
|
|
10798
10892
|
const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
|
|
10799
10893
|
for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
|
|
10800
10894
|
this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
|
|
10801
|
-
const
|
|
10895
|
+
const result = await this.updateOldEntry(idTokenKey, correlationId);
|
|
10896
|
+
const oldSchemaData = result.entry;
|
|
10802
10897
|
if (!oldSchemaData) {
|
|
10898
|
+
switch (result.removalReason) {
|
|
10899
|
+
case MigrationRemovalReason.TtlExpired:
|
|
10900
|
+
this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
|
|
10901
|
+
break;
|
|
10902
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
10903
|
+
this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
|
|
10904
|
+
break;
|
|
10905
|
+
case MigrationRemovalReason.Invalid:
|
|
10906
|
+
this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
|
|
10907
|
+
break;
|
|
10908
|
+
}
|
|
10803
10909
|
removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
|
|
10804
10910
|
continue;
|
|
10805
10911
|
}
|
|
@@ -10878,8 +10984,23 @@
|
|
|
10878
10984
|
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
10879
10985
|
for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
|
|
10880
10986
|
this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
|
|
10881
|
-
const
|
|
10987
|
+
const result = await this.updateOldEntry(accessTokenKey, correlationId);
|
|
10988
|
+
const oldSchemaData = result.entry;
|
|
10882
10989
|
if (!oldSchemaData) {
|
|
10990
|
+
switch (result.removalReason) {
|
|
10991
|
+
case MigrationRemovalReason.TtlExpired:
|
|
10992
|
+
this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
|
|
10993
|
+
break;
|
|
10994
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
10995
|
+
this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
|
|
10996
|
+
break;
|
|
10997
|
+
case MigrationRemovalReason.Expired:
|
|
10998
|
+
this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
|
|
10999
|
+
break;
|
|
11000
|
+
case MigrationRemovalReason.Invalid:
|
|
11001
|
+
this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
|
|
11002
|
+
break;
|
|
11003
|
+
}
|
|
10883
11004
|
removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
|
|
10884
11005
|
continue;
|
|
10885
11006
|
}
|
|
@@ -10925,8 +11046,23 @@
|
|
|
10925
11046
|
...credentialKeysToMigrate.refreshToken,
|
|
10926
11047
|
]) {
|
|
10927
11048
|
this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
|
|
10928
|
-
const
|
|
11049
|
+
const result = await this.updateOldEntry(refreshTokenKey, correlationId);
|
|
11050
|
+
const oldSchemaData = result.entry;
|
|
10929
11051
|
if (!oldSchemaData) {
|
|
11052
|
+
switch (result.removalReason) {
|
|
11053
|
+
case MigrationRemovalReason.TtlExpired:
|
|
11054
|
+
this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
|
|
11055
|
+
break;
|
|
11056
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
11057
|
+
this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
|
|
11058
|
+
break;
|
|
11059
|
+
case MigrationRemovalReason.Expired:
|
|
11060
|
+
this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
|
|
11061
|
+
break;
|
|
11062
|
+
case MigrationRemovalReason.Invalid:
|
|
11063
|
+
this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
|
|
11064
|
+
break;
|
|
11065
|
+
}
|
|
10930
11066
|
removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
|
|
10931
11067
|
continue;
|
|
10932
11068
|
}
|
|
@@ -12126,10 +12262,15 @@
|
|
|
12126
12262
|
* @param browserStorage - Browser cache manager instance for storing telemetry data
|
|
12127
12263
|
* @param logger - Optional logger instance for verbose logging
|
|
12128
12264
|
* @param forceRefresh - Optional flag to force refresh of telemetry data
|
|
12265
|
+
* @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
|
|
12129
12266
|
* @returns Configured ServerTelemetryManager instance
|
|
12130
12267
|
*/
|
|
12131
|
-
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
|
|
12268
|
+
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
|
|
12132
12269
|
logger.verbose("1p12tq", correlationId);
|
|
12270
|
+
if (!enabled) {
|
|
12271
|
+
logger.verbose("0tajnr", correlationId);
|
|
12272
|
+
return new StubServerTelemetryManager();
|
|
12273
|
+
}
|
|
12133
12274
|
const telemetryPayload = {
|
|
12134
12275
|
clientId: clientId,
|
|
12135
12276
|
correlationId: correlationId,
|
|
@@ -12738,7 +12879,7 @@
|
|
|
12738
12879
|
*/
|
|
12739
12880
|
async acquireToken(silentRequest) {
|
|
12740
12881
|
// Telemetry manager only used to increment cacheHits here
|
|
12741
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12882
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12742
12883
|
const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
|
|
12743
12884
|
serverTelemetryManager,
|
|
12744
12885
|
requestAuthority: silentRequest.authority,
|
|
@@ -12814,7 +12955,7 @@
|
|
|
12814
12955
|
// start the perf measurement
|
|
12815
12956
|
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
12816
12957
|
const reqTimestamp = nowSeconds();
|
|
12817
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12958
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12818
12959
|
try {
|
|
12819
12960
|
// initialize native request
|
|
12820
12961
|
const nativeRequest = await this.initializePlatformRequest(request);
|
|
@@ -12938,7 +13079,7 @@
|
|
|
12938
13079
|
catch (e) {
|
|
12939
13080
|
// Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
|
|
12940
13081
|
if (e instanceof NativeAuthError) {
|
|
12941
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
13082
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12942
13083
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
12943
13084
|
if (isFatalNativeAuthError(e)) {
|
|
12944
13085
|
throw e;
|
|
@@ -12985,7 +13126,7 @@
|
|
|
12985
13126
|
this.logger.verbose("003x5a", this.correlationId);
|
|
12986
13127
|
const response = await this.platformAuthProvider.sendMessage(request);
|
|
12987
13128
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
12988
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
13129
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
12989
13130
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
12990
13131
|
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
12991
13132
|
return authResult;
|
|
@@ -13992,6 +14133,7 @@
|
|
|
13992
14133
|
nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
|
|
13993
14134
|
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
|
|
13994
14135
|
protocolMode: ProtocolMode.AAD,
|
|
14136
|
+
serverTelemetryEnabled: false,
|
|
13995
14137
|
};
|
|
13996
14138
|
const providedSystemOptions = {
|
|
13997
14139
|
...DEFAULT_BROWSER_SYSTEM_OPTIONS,
|
|
@@ -14650,7 +14792,7 @@
|
|
|
14650
14792
|
*/
|
|
14651
14793
|
async executeCodeFlow(request, popupParams, pkceCodes) {
|
|
14652
14794
|
const correlationId = request.correlationId;
|
|
14653
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
14795
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14654
14796
|
const pkce = pkceCodes ||
|
|
14655
14797
|
(await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
|
|
14656
14798
|
const popupRequest = {
|
|
@@ -14715,7 +14857,7 @@
|
|
|
14715
14857
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14716
14858
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
14717
14859
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
14718
|
-
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
14860
|
+
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
14719
14861
|
requestAuthority: request.authority,
|
|
14720
14862
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
14721
14863
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -14752,7 +14894,7 @@
|
|
|
14752
14894
|
async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
|
|
14753
14895
|
this.logger.verbose("0b7yrk", this.correlationId);
|
|
14754
14896
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Popup, validRequest);
|
|
14755
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
14897
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
14756
14898
|
try {
|
|
14757
14899
|
// Clear cache on logout
|
|
14758
14900
|
await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
|
|
@@ -15036,7 +15178,7 @@
|
|
|
15036
15178
|
*/
|
|
15037
15179
|
async executeCodeFlow(request) {
|
|
15038
15180
|
const correlationId = request.correlationId;
|
|
15039
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15181
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15040
15182
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
15041
15183
|
const redirectRequest = {
|
|
15042
15184
|
...request,
|
|
@@ -15124,7 +15266,7 @@
|
|
|
15124
15266
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
15125
15267
|
const originalTitle = document.title;
|
|
15126
15268
|
document.title = "Microsoft Authentication";
|
|
15127
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15269
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15128
15270
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
15129
15271
|
try {
|
|
15130
15272
|
const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
|
|
@@ -15143,8 +15285,8 @@
|
|
|
15143
15285
|
}
|
|
15144
15286
|
// If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
|
|
15145
15287
|
const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
|
|
15146
|
-
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
|
|
15147
|
-
const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
|
|
15288
|
+
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
|
|
15289
|
+
const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
|
|
15148
15290
|
if (loginRequestUrlNormalized === currentUrlNormalized &&
|
|
15149
15291
|
navigateToLoginRequestUrl) {
|
|
15150
15292
|
// We are on the page we need to navigate to - handle hash
|
|
@@ -15177,8 +15319,8 @@
|
|
|
15177
15319
|
* The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
|
|
15178
15320
|
*/
|
|
15179
15321
|
let processHashOnRedirect = true;
|
|
15180
|
-
if (!loginRequestUrl
|
|
15181
|
-
// Redirect to home page if login request url is
|
|
15322
|
+
if (!loginRequestUrl) {
|
|
15323
|
+
// Redirect to home page if login request url is empty
|
|
15182
15324
|
const homepage = getHomepage();
|
|
15183
15325
|
// Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
|
|
15184
15326
|
this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
|
|
@@ -15324,7 +15466,7 @@
|
|
|
15324
15466
|
async logout(logoutRequest) {
|
|
15325
15467
|
this.logger.verbose("1rkurh", this.correlationId);
|
|
15326
15468
|
const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
|
|
15327
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15469
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15328
15470
|
try {
|
|
15329
15471
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Redirect, logoutRequest);
|
|
15330
15472
|
// Clear cache on logout
|
|
@@ -15405,7 +15547,10 @@
|
|
|
15405
15547
|
*/
|
|
15406
15548
|
getRedirectStartPage(requestStartPage) {
|
|
15407
15549
|
const redirectStartPage = requestStartPage || window.location.href;
|
|
15408
|
-
|
|
15550
|
+
const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
|
|
15551
|
+
// Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
|
|
15552
|
+
validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
|
|
15553
|
+
return absoluteRedirectStartPage;
|
|
15409
15554
|
}
|
|
15410
15555
|
}
|
|
15411
15556
|
|
|
@@ -15414,20 +15559,20 @@
|
|
|
15414
15559
|
* Licensed under the MIT License.
|
|
15415
15560
|
*/
|
|
15416
15561
|
/**
|
|
15417
|
-
*
|
|
15418
|
-
* @param
|
|
15419
|
-
* @param
|
|
15562
|
+
* Navigates the given hidden iframe to the provided URL.
|
|
15563
|
+
* @param frame
|
|
15564
|
+
* @param requestUrl
|
|
15420
15565
|
*/
|
|
15421
|
-
async function initiateCodeRequest(
|
|
15566
|
+
async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
|
|
15422
15567
|
if (!requestUrl) {
|
|
15423
15568
|
// Throw error if request URL is empty.
|
|
15424
15569
|
logger.info("1l7hyp", correlationId);
|
|
15425
15570
|
throw createBrowserAuthError(emptyNavigateUri);
|
|
15426
15571
|
}
|
|
15427
|
-
|
|
15572
|
+
frame.src = requestUrl;
|
|
15573
|
+
return frame;
|
|
15428
15574
|
}
|
|
15429
|
-
async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
|
|
15430
|
-
const frame = createHiddenIframe();
|
|
15575
|
+
async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
|
|
15431
15576
|
if (!frame.contentDocument) {
|
|
15432
15577
|
throw "No document associated with iframe!";
|
|
15433
15578
|
}
|
|
@@ -15435,8 +15580,7 @@
|
|
|
15435
15580
|
form.submit();
|
|
15436
15581
|
return frame;
|
|
15437
15582
|
}
|
|
15438
|
-
async function initiateEarRequest(config, authority, request, logger, performanceClient) {
|
|
15439
|
-
const frame = createHiddenIframe();
|
|
15583
|
+
async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
|
|
15440
15584
|
if (!frame.contentDocument) {
|
|
15441
15585
|
throw "No document associated with iframe!";
|
|
15442
15586
|
}
|
|
@@ -15446,19 +15590,8 @@
|
|
|
15446
15590
|
}
|
|
15447
15591
|
/**
|
|
15448
15592
|
* @hidden
|
|
15449
|
-
*
|
|
15450
|
-
*
|
|
15451
|
-
* @param frameName
|
|
15452
|
-
* @param logger
|
|
15453
|
-
*/
|
|
15454
|
-
function loadFrameSync(urlNavigate) {
|
|
15455
|
-
const frameHandle = createHiddenIframe();
|
|
15456
|
-
frameHandle.src = urlNavigate;
|
|
15457
|
-
return frameHandle;
|
|
15458
|
-
}
|
|
15459
|
-
/**
|
|
15460
|
-
* @hidden
|
|
15461
|
-
* Creates a new hidden iframe or gets an existing one for silent token renewal.
|
|
15593
|
+
* Creates a new hidden iframe for silent token renewal. Callers navigate it
|
|
15594
|
+
* (set `src` or submit a form) after registering the response listener.
|
|
15462
15595
|
* @ignore
|
|
15463
15596
|
*/
|
|
15464
15597
|
function createHiddenIframe() {
|
|
@@ -15537,7 +15670,7 @@
|
|
|
15537
15670
|
*/
|
|
15538
15671
|
async executeCodeFlow(request) {
|
|
15539
15672
|
let authClient;
|
|
15540
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15673
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15541
15674
|
try {
|
|
15542
15675
|
// Initialize the client
|
|
15543
15676
|
authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
|
|
@@ -15579,11 +15712,22 @@
|
|
|
15579
15712
|
earJwk: earJwk,
|
|
15580
15713
|
codeChallenge: pkceCodes.challenge,
|
|
15581
15714
|
};
|
|
15582
|
-
|
|
15715
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
15716
|
+
const iframe = createHiddenIframe();
|
|
15583
15717
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15584
15718
|
let responseString;
|
|
15585
15719
|
try {
|
|
15586
|
-
|
|
15720
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15721
|
+
responsePromise.catch(() => {
|
|
15722
|
+
/*
|
|
15723
|
+
* If navigation below throws before responsePromise is awaited,
|
|
15724
|
+
* the listener still rejects on timeout. Swallow it here so it
|
|
15725
|
+
* does not surface as an unhandled rejection; the navigation
|
|
15726
|
+
* error is propagated instead.
|
|
15727
|
+
*/
|
|
15728
|
+
});
|
|
15729
|
+
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
15730
|
+
responseString = await responsePromise;
|
|
15587
15731
|
}
|
|
15588
15732
|
finally {
|
|
15589
15733
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15592,7 +15736,7 @@
|
|
|
15592
15736
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
15593
15737
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
15594
15738
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
15595
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
15739
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
15596
15740
|
requestAuthority: request.authority,
|
|
15597
15741
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
15598
15742
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -15619,7 +15763,7 @@
|
|
|
15619
15763
|
// Create silent request
|
|
15620
15764
|
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
15621
15765
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
15622
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
15766
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
15623
15767
|
requestAuthority: silentRequest.authority,
|
|
15624
15768
|
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
15625
15769
|
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
@@ -15667,21 +15811,32 @@
|
|
|
15667
15811
|
...request,
|
|
15668
15812
|
codeChallenge: pkceCodes.challenge,
|
|
15669
15813
|
};
|
|
15670
|
-
|
|
15671
|
-
|
|
15672
|
-
iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15673
|
-
}
|
|
15674
|
-
else {
|
|
15675
|
-
// Create authorize request url
|
|
15676
|
-
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15677
|
-
// Get the frame handle for the silent request
|
|
15678
|
-
iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
15679
|
-
}
|
|
15814
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
15815
|
+
const iframe = createHiddenIframe();
|
|
15680
15816
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15681
15817
|
// Wait for response from the redirect bridge.
|
|
15682
15818
|
let responseString;
|
|
15683
15819
|
try {
|
|
15684
|
-
|
|
15820
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
15821
|
+
responsePromise.catch(() => {
|
|
15822
|
+
/*
|
|
15823
|
+
* If URL creation or navigation below throws before
|
|
15824
|
+
* responsePromise is awaited, the listener still rejects on
|
|
15825
|
+
* timeout. Swallow it here so it does not surface as an
|
|
15826
|
+
* unhandled rejection; the navigation error is propagated
|
|
15827
|
+
* instead.
|
|
15828
|
+
*/
|
|
15829
|
+
});
|
|
15830
|
+
if (request.httpMethod === HttpMethod.POST) {
|
|
15831
|
+
await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15832
|
+
}
|
|
15833
|
+
else {
|
|
15834
|
+
// Create authorize request url
|
|
15835
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15836
|
+
// Navigate the iframe to the authorize request url
|
|
15837
|
+
await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
|
|
15838
|
+
}
|
|
15839
|
+
responseString = await responsePromise;
|
|
15685
15840
|
}
|
|
15686
15841
|
finally {
|
|
15687
15842
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15716,7 +15871,7 @@
|
|
|
15716
15871
|
// Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
|
|
15717
15872
|
silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
15718
15873
|
}
|
|
15719
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15874
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15720
15875
|
const refreshTokenClient = await this.createRefreshTokenClient({
|
|
15721
15876
|
serverTelemetryManager,
|
|
15722
15877
|
authorityUrl: silentRequest.authority,
|
|
@@ -15796,7 +15951,7 @@
|
|
|
15796
15951
|
* Each auth request creates a new instance of *Client so we can safely use this.correlationId.
|
|
15797
15952
|
*/
|
|
15798
15953
|
this.correlationId);
|
|
15799
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
15954
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
15800
15955
|
try {
|
|
15801
15956
|
// Create auth code request (PKCE not needed)
|
|
15802
15957
|
const authCodeRequest = {
|
|
@@ -16161,6 +16316,8 @@
|
|
|
16161
16316
|
// Preflight request
|
|
16162
16317
|
const correlationId = this.getRequestCorrelationId(request);
|
|
16163
16318
|
this.logger.verbose("0os66p", correlationId);
|
|
16319
|
+
redirectPreflightCheck(this.initialized, this.config);
|
|
16320
|
+
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
16164
16321
|
const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
|
|
16165
16322
|
atrMeasurement.add({
|
|
16166
16323
|
scenarioId: request.scenarioId,
|
|
@@ -16178,9 +16335,7 @@
|
|
|
16178
16335
|
return navigate;
|
|
16179
16336
|
};
|
|
16180
16337
|
try {
|
|
16181
|
-
redirectPreflightCheck(this.initialized, this.config);
|
|
16182
16338
|
enforceResourceParameter(this.config.auth.isMcp, request);
|
|
16183
|
-
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
16184
16339
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
|
|
16185
16340
|
let result;
|
|
16186
16341
|
if (this.platformAuthProvider &&
|