@azure/msal-browser 5.12.0 → 5.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (245) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +89 -16
  11. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  12. package/dist/cache/CacheHelpers.mjs +1 -1
  13. package/dist/cache/CacheKeys.mjs +1 -1
  14. package/dist/cache/CookieStorage.mjs +1 -1
  15. package/dist/cache/DatabaseStorage.mjs +1 -1
  16. package/dist/cache/EncryptedData.mjs +1 -1
  17. package/dist/cache/LocalStorage.mjs +1 -1
  18. package/dist/cache/MemoryStorage.mjs +1 -1
  19. package/dist/cache/SessionStorage.mjs +1 -1
  20. package/dist/cache/TokenCache.mjs +1 -1
  21. package/dist/config/Configuration.mjs +2 -1
  22. package/dist/config/Configuration.mjs.map +1 -1
  23. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  24. package/dist/controllers/StandardController.mjs +3 -3
  25. package/dist/controllers/StandardController.mjs.map +1 -1
  26. package/dist/crypto/BrowserCrypto.mjs +1 -1
  27. package/dist/crypto/CryptoOps.mjs +1 -1
  28. package/dist/crypto/PkceGenerator.mjs +1 -1
  29. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  30. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  31. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  32. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  33. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  34. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  50. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  51. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  52. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  53. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  54. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  55. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  57. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  58. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  59. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  60. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  61. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  62. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  63. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  64. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  66. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  72. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  83. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  84. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  85. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  86. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  87. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  90. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  91. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  92. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  93. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  94. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  95. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  96. package/dist/custom_auth/index.mjs +1 -1
  97. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  98. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  103. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  104. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  105. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  108. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  109. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  116. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  121. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  122. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  123. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  130. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  135. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  136. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  137. package/dist/encode/Base64Decode.mjs +1 -1
  138. package/dist/encode/Base64Encode.mjs +1 -1
  139. package/dist/error/BrowserAuthError.mjs +1 -1
  140. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  141. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  142. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  143. package/dist/error/NativeAuthError.mjs +1 -1
  144. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  145. package/dist/error/NestedAppAuthError.mjs +1 -1
  146. package/dist/event/EventHandler.mjs +1 -1
  147. package/dist/event/EventMessage.mjs +1 -1
  148. package/dist/event/EventType.mjs +1 -1
  149. package/dist/index.mjs +1 -1
  150. package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
  151. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  152. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  153. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -4
  154. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  155. package/dist/interaction_client/PopupClient.mjs +4 -4
  156. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  157. package/dist/interaction_client/RedirectClient.mjs +12 -9
  158. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  159. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  160. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  161. package/dist/interaction_client/SilentCacheClient.mjs +2 -2
  162. package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
  163. package/dist/interaction_client/SilentIframeClient.mjs +41 -19
  164. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  165. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  166. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  167. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  168. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  169. package/dist/interaction_handler/SilentHandler.mjs +12 -26
  170. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  171. package/dist/log-strings-mapping.json +1199 -1195
  172. package/dist/naa/BridgeError.mjs +1 -1
  173. package/dist/naa/BridgeProxy.mjs +1 -1
  174. package/dist/naa/BridgeStatusCode.mjs +1 -1
  175. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  176. package/dist/navigation/NavigationClient.mjs +1 -1
  177. package/dist/network/FetchClient.mjs +1 -1
  178. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  180. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  181. package/dist/packageMetadata.mjs +2 -2
  182. package/dist/protocol/Authorize.mjs +1 -1
  183. package/dist/redirect_bridge/index.mjs +1 -1
  184. package/dist/request/RequestHelpers.mjs +1 -1
  185. package/dist/response/ResponseHandler.mjs +1 -1
  186. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  187. package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
  188. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  189. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  190. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  191. package/dist/utils/BrowserConstants.mjs +1 -1
  192. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  193. package/dist/utils/BrowserUtils.mjs +1 -1
  194. package/dist/utils/Helpers.mjs +1 -1
  195. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  196. package/lib/custom-auth-path/log-strings-mapping.json +7 -3
  197. package/lib/custom-auth-path/msal-custom-auth.cjs +343 -201
  198. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  199. package/lib/custom-auth-path/msal-custom-auth.js +343 -201
  200. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  201. package/lib/log-strings-mapping.json +7 -3
  202. package/lib/msal-browser.cjs +359 -204
  203. package/lib/msal-browser.cjs.map +1 -1
  204. package/lib/msal-browser.js +359 -204
  205. package/lib/msal-browser.js.map +1 -1
  206. package/lib/msal-browser.min.js +2 -2
  207. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  208. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  209. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  210. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  211. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  212. package/package.json +2 -2
  213. package/src/cache/BrowserCacheManager.ts +141 -34
  214. package/src/config/Configuration.ts +6 -0
  215. package/src/controllers/StandardController.ts +6 -6
  216. package/src/interaction_client/BaseInteractionClient.ts +12 -1
  217. package/src/interaction_client/PlatformAuthInteractionClient.ts +9 -3
  218. package/src/interaction_client/PopupClient.ts +9 -3
  219. package/src/interaction_client/RedirectClient.ts +27 -8
  220. package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
  221. package/src/interaction_client/SilentCacheClient.ts +3 -1
  222. package/src/interaction_client/SilentIframeClient.ts +94 -58
  223. package/src/interaction_client/SilentRefreshClient.ts +3 -1
  224. package/src/interaction_handler/SilentHandler.ts +11 -32
  225. package/src/packageMetadata.ts +1 -1
  226. package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
  227. package/types/cache/BrowserCacheManager.d.ts +18 -1
  228. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  229. package/types/config/Configuration.d.ts +5 -0
  230. package/types/config/Configuration.d.ts.map +1 -1
  231. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  232. package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
  233. package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  234. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  235. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  236. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  237. package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  238. package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
  239. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  240. package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  241. package/types/interaction_handler/SilentHandler.d.ts +13 -6
  242. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  243. package/types/packageMetadata.d.ts +1 -1
  244. package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
  245. package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.12.0 2026-06-05 */
1
+ /*! @azure/msal-browser v5.13.0 2026-06-10 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.7.0 2026-06-05 */
9
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -238,7 +238,7 @@
238
238
  // Token renewal offset default in seconds
239
239
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
240
240
 
241
- /*! @azure/msal-common v16.7.0 2026-06-05 */
241
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
242
242
  /*
243
243
  * Copyright (c) Microsoft Corporation. All rights reserved.
244
244
  * Licensed under the MIT License.
@@ -290,7 +290,7 @@
290
290
  const RESOURCE = "resource";
291
291
  const CLI_DATA = "clidata";
292
292
 
293
- /*! @azure/msal-common v16.7.0 2026-06-05 */
293
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
294
294
  /*
295
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
296
296
  * Licensed under the MIT License.
@@ -321,7 +321,7 @@
321
321
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
322
322
  }
323
323
 
324
- /*! @azure/msal-common v16.7.0 2026-06-05 */
324
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
325
325
 
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -341,7 +341,7 @@
341
341
  return new ClientConfigurationError(errorCode);
342
342
  }
343
343
 
344
- /*! @azure/msal-common v16.7.0 2026-06-05 */
344
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
345
345
  /*
346
346
  * Copyright (c) Microsoft Corporation. All rights reserved.
347
347
  * Licensed under the MIT License.
@@ -421,7 +421,7 @@
421
421
  }
422
422
  }
423
423
 
424
- /*! @azure/msal-common v16.7.0 2026-06-05 */
424
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
425
425
 
426
426
  /*
427
427
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -444,7 +444,7 @@
444
444
  return new ClientAuthError(errorCode, additionalMessage);
445
445
  }
446
446
 
447
- /*! @azure/msal-common v16.7.0 2026-06-05 */
447
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
448
448
  /*
449
449
  * Copyright (c) Microsoft Corporation. All rights reserved.
450
450
  * Licensed under the MIT License.
@@ -502,7 +502,7 @@
502
502
  urlParseError: urlParseError
503
503
  });
504
504
 
505
- /*! @azure/msal-common v16.7.0 2026-06-05 */
505
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
506
506
  /*
507
507
  * Copyright (c) Microsoft Corporation. All rights reserved.
508
508
  * Licensed under the MIT License.
@@ -590,7 +590,7 @@
590
590
  userCanceled: userCanceled
591
591
  });
592
592
 
593
- /*! @azure/msal-common v16.7.0 2026-06-05 */
593
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
594
594
 
595
595
  /*
596
596
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -785,7 +785,7 @@
785
785
  }
786
786
  }
787
787
 
788
- /*! @azure/msal-common v16.7.0 2026-06-05 */
788
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
789
789
 
790
790
  /*
791
791
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1134,8 +1134,14 @@
1134
1134
  * @param serverTelemetryManager
1135
1135
  */
1136
1136
  function addServerTelemetry(parameters, serverTelemetryManager) {
1137
- parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
1138
- parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
1137
+ const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
1138
+ const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
1139
+ if (currentTelemetryHeader) {
1140
+ parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
1141
+ }
1142
+ if (lastTelemetryHeader) {
1143
+ parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
1144
+ }
1139
1145
  }
1140
1146
  /**
1141
1147
  * Adds parameter that indicates to the server that throttling is supported
@@ -1174,34 +1180,12 @@
1174
1180
  }
1175
1181
  }
1176
1182
 
1177
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1183
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1178
1184
 
1179
1185
  /*
1180
1186
  * Copyright (c) Microsoft Corporation. All rights reserved.
1181
1187
  * Licensed under the MIT License.
1182
1188
  */
1183
- /**
1184
- * Canonicalizes a URL by making it lowercase and ensuring it ends with /
1185
- * Inlined version of UrlString.canonicalizeUri to avoid circular dependency
1186
- * @param url - URL to canonicalize
1187
- * @returns Canonicalized URL
1188
- */
1189
- function canonicalizeUrl(url) {
1190
- if (!url) {
1191
- return url;
1192
- }
1193
- let lowerCaseUrl = url.toLowerCase();
1194
- if (StringUtils.endsWith(lowerCaseUrl, "?")) {
1195
- lowerCaseUrl = lowerCaseUrl.slice(0, -1);
1196
- }
1197
- else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
1198
- lowerCaseUrl = lowerCaseUrl.slice(0, -2);
1199
- }
1200
- if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
1201
- lowerCaseUrl += "/";
1202
- }
1203
- return lowerCaseUrl;
1204
- }
1205
1189
  /**
1206
1190
  * Parses hash string from given string. Returns empty string if no hash symbol is found.
1207
1191
  * @param hashString
@@ -1254,36 +1238,71 @@
1254
1238
  return queryParameterArray.join("&");
1255
1239
  }
1256
1240
  /**
1257
- * Normalizes URLs for comparison by removing hash, canonicalizing,
1258
- * and ensuring consistent URL encoding in query parameters.
1259
- * This fixes redirect loops when URLs contain encoded characters like apostrophes (%27).
1241
+ * Normalizes URLs for comparison per MDN & RFC 3986 standards:
1242
+ * - Hash/fragment is removed
1243
+ * - Scheme and host are lowercased (case-insensitive per spec)
1244
+ * - Path and query parameters preserve original casing (case-sensitive per spec)
1245
+ * - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
1246
+ * - Ensures pathname ends with /
1247
+ * Throws a urlParseError if the provided URL is malformed and cannot be parsed.
1260
1248
  * @param url - URL to normalize
1249
+ * @param logger - Optional logger used to log parse failures
1250
+ * @param correlationId - Optional correlationId associated with the log entry
1261
1251
  * @returns Normalized URL string for comparison
1262
1252
  */
1263
- function normalizeUrlForComparison(url) {
1253
+ function normalizeUrlForComparison(url, logger, correlationId) {
1264
1254
  if (!url) {
1265
1255
  return url;
1266
1256
  }
1267
- // Remove hash first
1268
1257
  const urlWithoutHash = url.split("#")[0];
1258
+ if (!urlWithoutHash) {
1259
+ return urlWithoutHash;
1260
+ }
1269
1261
  try {
1270
- // Parse the URL to handle encoding consistently
1271
1262
  const urlObj = new URL(urlWithoutHash);
1272
- /*
1273
- * Reconstruct the URL with properly decoded query parameters
1274
- * This ensures that %27 and ' are treated as equivalent
1275
- */
1276
- const normalizedUrl = urlObj.origin + urlObj.pathname + urlObj.search;
1277
- // Apply canonicalization logic inline to avoid circular dependency
1278
- return canonicalizeUrl(normalizedUrl);
1263
+ // Treat an empty query string (a bare trailing "?") as equivalent to no query
1264
+ if (!urlObj.search) {
1265
+ urlObj.search = "";
1266
+ }
1267
+ // Decode the pathname to normalize percent-encoding and ensure trailing slash
1268
+ let pathname;
1269
+ try {
1270
+ pathname = decodeURIComponent(urlObj.pathname);
1271
+ }
1272
+ catch (e) {
1273
+ pathname = urlObj.pathname;
1274
+ }
1275
+ if (!pathname.endsWith("/")) {
1276
+ pathname += "/";
1277
+ }
1278
+ urlObj.pathname = pathname;
1279
+ return urlObj.href;
1280
+ }
1281
+ catch (e) {
1282
+ logger?.error("15apdm", correlationId || "");
1283
+ throw createClientConfigurationError(urlParseError);
1284
+ }
1285
+ }
1286
+ /**
1287
+ * Validates that the provided value is a well-formed, parseable absolute URL.
1288
+ * Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
1289
+ * literal string "null", an empty string, or any malformed/relative URL). Use this
1290
+ * to guard against persisting an invalid value (such as a redirect URL) to the cache.
1291
+ * @param url - URL to validate
1292
+ * @param logger - Optional logger used to log validation failures
1293
+ * @param correlationId - Optional correlationId associated with the log entry
1294
+ */
1295
+ function validateUrl(url, logger, correlationId) {
1296
+ try {
1297
+ new URL(url);
1279
1298
  }
1280
1299
  catch (e) {
1281
- // Fallback to original logic if URL parsing fails
1282
- return canonicalizeUrl(urlWithoutHash);
1300
+ logger?.error("1lrjz7", correlationId || "");
1301
+ throw createClientConfigurationError(urlParseError);
1283
1302
  }
1284
1303
  }
1285
1304
 
1286
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1305
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1287
1306
 
1288
1307
  /*
1289
1308
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1322,7 +1341,7 @@
1322
1341
  },
1323
1342
  };
1324
1343
 
1325
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1344
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1326
1345
  /*
1327
1346
  * Copyright (c) Microsoft Corporation. All rights reserved.
1328
1347
  * Licensed under the MIT License.
@@ -1370,7 +1389,7 @@
1370
1389
  // Remove LRU (first entry) if capacity exceeded
1371
1390
  if (correlationCache.size > CACHE_CAPACITY) {
1372
1391
  const firstKey = correlationCache.keys().next().value;
1373
- if (firstKey) {
1392
+ if (firstKey !== undefined) {
1374
1393
  correlationCache.delete(firstKey);
1375
1394
  }
1376
1395
  }
@@ -1597,12 +1616,12 @@
1597
1616
  }
1598
1617
  }
1599
1618
 
1600
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1619
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1601
1620
  /* eslint-disable header/header */
1602
1621
  const name$1 = "@azure/msal-common";
1603
- const version$1 = "16.7.0";
1622
+ const version$1 = "16.8.0";
1604
1623
 
1605
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1624
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1606
1625
  /*
1607
1626
  * Copyright (c) Microsoft Corporation. All rights reserved.
1608
1627
  * Licensed under the MIT License.
@@ -1622,7 +1641,7 @@
1622
1641
  AzureUsGovernment: "https://login.microsoftonline.us",
1623
1642
  };
1624
1643
 
1625
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1644
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1626
1645
  /*
1627
1646
  * Copyright (c) Microsoft Corporation. All rights reserved.
1628
1647
  * Licensed under the MIT License.
@@ -1705,7 +1724,7 @@
1705
1724
  return updatedAccountInfo;
1706
1725
  }
1707
1726
 
1708
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1727
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1709
1728
 
1710
1729
  /*
1711
1730
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1785,7 +1804,7 @@
1785
1804
  }
1786
1805
  }
1787
1806
 
1788
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1807
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1789
1808
 
1790
1809
  /*
1791
1810
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1942,7 +1961,7 @@
1942
1961
  }
1943
1962
  }
1944
1963
 
1945
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1964
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1946
1965
 
1947
1966
  /*
1948
1967
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2108,7 +2127,7 @@
2108
2127
  return null;
2109
2128
  }
2110
2129
 
2111
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2130
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2112
2131
  /*
2113
2132
  * Copyright (c) Microsoft Corporation. All rights reserved.
2114
2133
  * Licensed under the MIT License.
@@ -2116,7 +2135,7 @@
2116
2135
  const cacheQuotaExceeded = "cache_quota_exceeded";
2117
2136
  const cacheErrorUnknown = "cache_error_unknown";
2118
2137
 
2119
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2138
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2120
2139
 
2121
2140
  /*
2122
2141
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2154,7 +2173,7 @@
2154
2173
  }
2155
2174
  }
2156
2175
 
2157
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2176
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2158
2177
 
2159
2178
  /*
2160
2179
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2192,7 +2211,7 @@
2192
2211
  };
2193
2212
  }
2194
2213
 
2195
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2214
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2196
2215
  /*
2197
2216
  * Copyright (c) Microsoft Corporation. All rights reserved.
2198
2217
  * Licensed under the MIT License.
@@ -2207,7 +2226,7 @@
2207
2226
  Ciam: 3,
2208
2227
  };
2209
2228
 
2210
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2229
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2211
2230
  /*
2212
2231
  * Copyright (c) Microsoft Corporation. All rights reserved.
2213
2232
  * Licensed under the MIT License.
@@ -2229,7 +2248,7 @@
2229
2248
  return null;
2230
2249
  }
2231
2250
 
2232
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2251
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2233
2252
  /*
2234
2253
  * Copyright (c) Microsoft Corporation. All rights reserved.
2235
2254
  * Licensed under the MIT License.
@@ -2253,7 +2272,7 @@
2253
2272
  EAR: "EAR",
2254
2273
  };
2255
2274
 
2256
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2275
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2257
2276
  /**
2258
2277
  * Returns the AccountInfo interface for this account.
2259
2278
  */
@@ -2428,7 +2447,7 @@
2428
2447
  entity.hasOwnProperty("authorityType"));
2429
2448
  }
2430
2449
 
2431
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2450
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2432
2451
 
2433
2452
  /*
2434
2453
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3560,7 +3579,7 @@
3560
3579
  }
3561
3580
  }
3562
3581
 
3563
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3582
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3564
3583
  /*
3565
3584
  * Copyright (c) Microsoft Corporation. All rights reserved.
3566
3585
  * Licensed under the MIT License.
@@ -3603,7 +3622,20 @@
3603
3622
  "currAccessCount",
3604
3623
  "currIdCount",
3605
3624
  "currRefreshCount",
3606
- "expiredCacheRemovedCount",
3625
+ "ttlExpiredAcntCount",
3626
+ "ttlExpiredITCount",
3627
+ "ttlExpiredATCount",
3628
+ "ttlExpiredRTCount",
3629
+ "decryptFailedAcntCount",
3630
+ "decryptFailedITCount",
3631
+ "decryptFailedATCount",
3632
+ "decryptFailedRTCount",
3633
+ "invalidAcntCount",
3634
+ "invalidITCount",
3635
+ "invalidATCount",
3636
+ "invalidRTCount",
3637
+ "expiredATCount",
3638
+ "expiredRTCount",
3607
3639
  "upgradedCacheCount",
3608
3640
  "cacheMatchedAccounts",
3609
3641
  "networkRtt",
@@ -3611,7 +3643,7 @@
3611
3643
  "redirectBridgeMessageVersion",
3612
3644
  ]);
3613
3645
 
3614
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3646
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3615
3647
 
3616
3648
  /*
3617
3649
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3666,7 +3698,7 @@
3666
3698
  }
3667
3699
  }
3668
3700
 
3669
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3701
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3670
3702
 
3671
3703
  /*
3672
3704
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3761,7 +3793,7 @@
3761
3793
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3762
3794
  }
3763
3795
 
3764
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3796
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3765
3797
  /*
3766
3798
  * Copyright (c) Microsoft Corporation. All rights reserved.
3767
3799
  * Licensed under the MIT License.
@@ -3788,7 +3820,7 @@
3788
3820
  }
3789
3821
  }
3790
3822
 
3791
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3823
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3792
3824
  /*
3793
3825
  * Copyright (c) Microsoft Corporation. All rights reserved.
3794
3826
  * Licensed under the MIT License.
@@ -3853,7 +3885,7 @@
3853
3885
  return cachedAtSec > nowSeconds();
3854
3886
  }
3855
3887
 
3856
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3888
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3857
3889
 
3858
3890
  /*
3859
3891
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4112,7 +4144,7 @@
4112
4144
  return metadata.expiresAt <= nowSeconds();
4113
4145
  }
4114
4146
 
4115
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4147
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4116
4148
  /*
4117
4149
  * Copyright (c) Microsoft Corporation. All rights reserved.
4118
4150
  * Licensed under the MIT License.
@@ -4183,7 +4215,7 @@
4183
4215
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4184
4216
  const SetUserData = "setUserData";
4185
4217
 
4186
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4218
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4187
4219
  /*
4188
4220
  * Copyright (c) Microsoft Corporation. All rights reserved.
4189
4221
  * Licensed under the MIT License.
@@ -4276,7 +4308,7 @@
4276
4308
  };
4277
4309
  };
4278
4310
 
4279
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4311
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4280
4312
 
4281
4313
  /*
4282
4314
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4356,7 +4388,7 @@
4356
4388
  }
4357
4389
  }
4358
4390
 
4359
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4391
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4360
4392
  /*
4361
4393
  * Copyright (c) Microsoft Corporation. All rights reserved.
4362
4394
  * Licensed under the MIT License.
@@ -4420,7 +4452,7 @@
4420
4452
  uiNotAllowed: uiNotAllowed
4421
4453
  });
4422
4454
 
4423
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4455
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4424
4456
 
4425
4457
  /*
4426
4458
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4488,7 +4520,7 @@
4488
4520
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4489
4521
  }
4490
4522
 
4491
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4523
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4492
4524
 
4493
4525
  /*
4494
4526
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4507,7 +4539,7 @@
4507
4539
  }
4508
4540
  }
4509
4541
 
4510
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4542
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4511
4543
 
4512
4544
  /*
4513
4545
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4575,7 +4607,7 @@
4575
4607
  }
4576
4608
  }
4577
4609
 
4578
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4610
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4579
4611
 
4580
4612
  /*
4581
4613
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4923,7 +4955,7 @@
4923
4955
  return baseAccount;
4924
4956
  }
4925
4957
 
4926
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4958
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4927
4959
  /*
4928
4960
  * Copyright (c) Microsoft Corporation. All rights reserved.
4929
4961
  * Licensed under the MIT License.
@@ -4933,7 +4965,7 @@
4933
4965
  UPN: "UPN",
4934
4966
  };
4935
4967
 
4936
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4968
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4937
4969
  /*
4938
4970
  * Copyright (c) Microsoft Corporation. All rights reserved.
4939
4971
  * Licensed under the MIT License.
@@ -4951,7 +4983,7 @@
4951
4983
  }
4952
4984
  }
4953
4985
 
4954
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4986
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4955
4987
  /*
4956
4988
  * Copyright (c) Microsoft Corporation. All rights reserved.
4957
4989
  * Licensed under the MIT License.
@@ -4972,7 +5004,7 @@
4972
5004
  };
4973
5005
  }
4974
5006
 
4975
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5007
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4976
5008
 
4977
5009
  /*
4978
5010
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5058,7 +5090,7 @@
5058
5090
  }
5059
5091
  }
5060
5092
 
5061
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5093
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5062
5094
 
5063
5095
  /*
5064
5096
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5089,7 +5121,7 @@
5089
5121
  return new NetworkError(error, httpStatus, responseHeaders);
5090
5122
  }
5091
5123
 
5092
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5124
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5093
5125
 
5094
5126
  /*
5095
5127
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5203,7 +5235,7 @@
5203
5235
  return response;
5204
5236
  }
5205
5237
 
5206
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5238
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5207
5239
  /*
5208
5240
  * Copyright (c) Microsoft Corporation. All rights reserved.
5209
5241
  * Licensed under the MIT License.
@@ -5215,7 +5247,7 @@
5215
5247
  response.hasOwnProperty("jwks_uri"));
5216
5248
  }
5217
5249
 
5218
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5250
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5219
5251
  /*
5220
5252
  * Copyright (c) Microsoft Corporation. All rights reserved.
5221
5253
  * Licensed under the MIT License.
@@ -5225,7 +5257,7 @@
5225
5257
  response.hasOwnProperty("metadata"));
5226
5258
  }
5227
5259
 
5228
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5260
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5229
5261
  /*
5230
5262
  * Copyright (c) Microsoft Corporation. All rights reserved.
5231
5263
  * Licensed under the MIT License.
@@ -5235,7 +5267,7 @@
5235
5267
  response.hasOwnProperty("error_description"));
5236
5268
  }
5237
5269
 
5238
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5270
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5239
5271
 
5240
5272
  /*
5241
5273
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5340,7 +5372,7 @@
5340
5372
  },
5341
5373
  };
5342
5374
 
5343
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5375
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5344
5376
 
5345
5377
  /*
5346
5378
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6308,7 +6340,7 @@
6308
6340
  };
6309
6341
  }
6310
6342
 
6311
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6343
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6312
6344
 
6313
6345
  /*
6314
6346
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6342,7 +6374,7 @@
6342
6374
  }
6343
6375
  }
6344
6376
 
6345
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6377
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6346
6378
 
6347
6379
  /*
6348
6380
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6599,7 +6631,7 @@
6599
6631
  }
6600
6632
  }
6601
6633
 
6602
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6634
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6603
6635
 
6604
6636
  /*
6605
6637
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6820,7 +6852,7 @@
6820
6852
  }
6821
6853
  }
6822
6854
 
6823
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6855
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6824
6856
 
6825
6857
  /*
6826
6858
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6936,7 +6968,7 @@
6936
6968
  }
6937
6969
  }
6938
6970
 
6939
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6971
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6940
6972
 
6941
6973
  /*
6942
6974
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6951,7 +6983,7 @@
6951
6983
  },
6952
6984
  };
6953
6985
 
6954
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6986
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6955
6987
 
6956
6988
  /*
6957
6989
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7174,7 +7206,7 @@
7174
7206
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7175
7207
  }
7176
7208
 
7177
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7209
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7178
7210
 
7179
7211
  /*
7180
7212
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7207,7 +7239,7 @@
7207
7239
  return Object.prototype.hasOwnProperty.call(params, "resource");
7208
7240
  }
7209
7241
 
7210
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7242
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7211
7243
 
7212
7244
  /*
7213
7245
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7265,7 +7297,7 @@
7265
7297
  }
7266
7298
  }
7267
7299
 
7268
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7300
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7269
7301
  /*
7270
7302
  * Copyright (c) Microsoft Corporation. All rights reserved.
7271
7303
  * Licensed under the MIT License.
@@ -7282,7 +7314,7 @@
7282
7314
  unexpectedError: unexpectedError
7283
7315
  });
7284
7316
 
7285
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7317
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7286
7318
 
7287
7319
  /*
7288
7320
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7393,35 +7425,40 @@
7393
7425
  * @param error
7394
7426
  */
7395
7427
  cacheFailedRequest(error) {
7396
- const lastRequests = this.getLastRequests();
7397
- if (lastRequests.errors.length >=
7398
- SERVER_TELEM_MAX_CACHED_ERRORS) {
7399
- // Remove a cached error to make room, first in first out
7400
- lastRequests.failedRequests.shift(); // apiId
7401
- lastRequests.failedRequests.shift(); // correlationId
7402
- lastRequests.errors.shift();
7403
- }
7404
- lastRequests.failedRequests.push(this.apiId, this.correlationId);
7405
- if (error instanceof Error && !!error && error.toString()) {
7406
- if (error instanceof AuthError) {
7407
- if (error.subError) {
7408
- lastRequests.errors.push(error.subError);
7409
- }
7410
- else if (error.errorCode) {
7411
- lastRequests.errors.push(error.errorCode);
7428
+ try {
7429
+ const lastRequests = this.getLastRequests();
7430
+ if (lastRequests.errors.length >=
7431
+ SERVER_TELEM_MAX_CACHED_ERRORS) {
7432
+ // Remove a cached error to make room, first in first out
7433
+ lastRequests.failedRequests.shift(); // apiId
7434
+ lastRequests.failedRequests.shift(); // correlationId
7435
+ lastRequests.errors.shift();
7436
+ }
7437
+ lastRequests.failedRequests.push(this.apiId, this.correlationId);
7438
+ if (error instanceof Error && !!error && error.toString()) {
7439
+ if (error instanceof AuthError) {
7440
+ if (error.subError) {
7441
+ lastRequests.errors.push(error.subError);
7442
+ }
7443
+ else if (error.errorCode) {
7444
+ lastRequests.errors.push(error.errorCode);
7445
+ }
7446
+ else {
7447
+ lastRequests.errors.push(error.toString());
7448
+ }
7412
7449
  }
7413
7450
  else {
7414
7451
  lastRequests.errors.push(error.toString());
7415
7452
  }
7416
7453
  }
7417
7454
  else {
7418
- lastRequests.errors.push(error.toString());
7455
+ lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7419
7456
  }
7457
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7420
7458
  }
7421
- else {
7422
- lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7459
+ catch {
7460
+ // Ignore telemetry cache failures to avoid masking the original auth error path.
7423
7461
  }
7424
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7425
7462
  return;
7426
7463
  }
7427
7464
  /**
@@ -7541,9 +7578,36 @@
7541
7578
  static makeExtraSkuString(params) {
7542
7579
  return makeExtraSkuString(params);
7543
7580
  }
7581
+ }
7582
+ /** @internal */
7583
+ class StubServerTelemetryManager extends ServerTelemetryManager {
7584
+ constructor() {
7585
+ super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
7586
+ }
7587
+ generateCurrentRequestHeaderValue() {
7588
+ return "";
7589
+ }
7590
+ generateLastRequestHeaderValue() {
7591
+ return "";
7592
+ }
7593
+ cacheFailedRequest() { }
7594
+ incrementCacheHits() {
7595
+ return 0;
7596
+ }
7597
+ clearTelemetryCache() { }
7598
+ getRegionDiscoveryFields() {
7599
+ return "";
7600
+ }
7601
+ updateRegionDiscoveryMetadata() { }
7602
+ setCacheOutcome() { }
7603
+ setNativeBrokerErrorCode() { }
7604
+ getNativeBrokerErrorCode() {
7605
+ return undefined;
7606
+ }
7607
+ clearNativeBrokerErrorCode() { }
7544
7608
  }
7545
7609
 
7546
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7610
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7547
7611
 
7548
7612
  /*
7549
7613
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7564,7 +7628,7 @@
7564
7628
  return new JoseHeaderError(code);
7565
7629
  }
7566
7630
 
7567
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7631
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7568
7632
  /*
7569
7633
  * Copyright (c) Microsoft Corporation. All rights reserved.
7570
7634
  * Licensed under the MIT License.
@@ -7572,7 +7636,7 @@
7572
7636
  const missingKidError = "missing_kid_error";
7573
7637
  const missingAlgError = "missing_alg_error";
7574
7638
 
7575
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7639
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7576
7640
 
7577
7641
  /*
7578
7642
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7612,7 +7676,7 @@
7612
7676
  }
7613
7677
  }
7614
7678
 
7615
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7679
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7616
7680
 
7617
7681
  /*
7618
7682
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8225,7 +8289,6 @@
8225
8289
  */
8226
8290
  const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
8227
8291
  const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
8228
- const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
8229
8292
  /**
8230
8293
  * Helper functions in StandardInteractionClient class (msal-browser)
8231
8294
  */
@@ -10560,7 +10623,7 @@
10560
10623
 
10561
10624
  /* eslint-disable header/header */
10562
10625
  const name = "@azure/msal-browser";
10563
- const version = "5.12.0";
10626
+ const version = "5.13.0";
10564
10627
 
10565
10628
  /*
10566
10629
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10582,6 +10645,15 @@
10582
10645
  * Copyright (c) Microsoft Corporation. All rights reserved.
10583
10646
  * Licensed under the MIT License.
10584
10647
  */
10648
+ /**
10649
+ * Reason an old-schema cache entry was removed during migration.
10650
+ */
10651
+ const MigrationRemovalReason = {
10652
+ Invalid: "invalid",
10653
+ TtlExpired: "ttlExpired",
10654
+ DecryptFailed: "decryptFailed",
10655
+ Expired: "expired",
10656
+ };
10585
10657
  /**
10586
10658
  * This class implements the cache storage interface for MSAL through browser local or session storage.
10587
10659
  */
@@ -10651,7 +10723,10 @@
10651
10723
  const parsedValue = this.validateAndParseJson(rawValue || "");
10652
10724
  if (!parsedValue) {
10653
10725
  this.browserStorage.removeItem(key);
10654
- return null;
10726
+ return {
10727
+ entry: null,
10728
+ removalReason: MigrationRemovalReason.Invalid,
10729
+ };
10655
10730
  }
10656
10731
  if (!parsedValue.lastUpdatedAt) {
10657
10732
  // Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
@@ -10660,26 +10735,42 @@
10660
10735
  }
10661
10736
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
10662
10737
  this.browserStorage.removeItem(key);
10663
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
10664
- return null;
10738
+ return {
10739
+ entry: null,
10740
+ removalReason: MigrationRemovalReason.TtlExpired,
10741
+ };
10665
10742
  }
10666
- const decryptedData = isEncrypted(parsedValue)
10743
+ const wasEncrypted = isEncrypted(parsedValue);
10744
+ const decryptedData = wasEncrypted
10667
10745
  ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
10668
10746
  : parsedValue;
10669
- if (!decryptedData || !isCredentialEntity(decryptedData)) {
10747
+ if (!decryptedData) {
10670
10748
  this.browserStorage.removeItem(key);
10671
- this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
10672
- return null;
10749
+ return {
10750
+ entry: null,
10751
+ removalReason: wasEncrypted
10752
+ ? MigrationRemovalReason.DecryptFailed
10753
+ : MigrationRemovalReason.Invalid,
10754
+ };
10755
+ }
10756
+ if (!isCredentialEntity(decryptedData)) {
10757
+ this.browserStorage.removeItem(key);
10758
+ return {
10759
+ entry: null,
10760
+ removalReason: MigrationRemovalReason.Invalid,
10761
+ };
10673
10762
  }
10674
10763
  if ((isAccessTokenEntity(decryptedData) ||
10675
10764
  isRefreshTokenEntity(decryptedData)) &&
10676
10765
  decryptedData.expiresOn &&
10677
10766
  isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
10678
10767
  this.browserStorage.removeItem(key);
10679
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
10680
- return null;
10768
+ return {
10769
+ entry: null,
10770
+ removalReason: MigrationRemovalReason.Expired,
10771
+ };
10681
10772
  }
10682
- return decryptedData;
10773
+ return { entry: decryptedData };
10683
10774
  }
10684
10775
  /**
10685
10776
  * Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
@@ -10699,6 +10790,7 @@
10699
10790
  const parsedValue = this.validateAndParseJson(rawValue || "");
10700
10791
  if (!parsedValue) {
10701
10792
  this.browserStorage.removeItem(accountKey);
10793
+ this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
10702
10794
  removeElementFromArray(accountKeysToCheck, accountKey);
10703
10795
  continue;
10704
10796
  }
@@ -10711,6 +10803,7 @@
10711
10803
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
10712
10804
  // Cache expired remove account and associated tokens
10713
10805
  await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
10806
+ this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
10714
10807
  removeElementFromArray(accountKeysToCheck, accountKey);
10715
10808
  }
10716
10809
  else if (isEncrypted(parsedValue)) {
@@ -10718,7 +10811,9 @@
10718
10811
  const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
10719
10812
  if (!decrypted) {
10720
10813
  this.browserStorage.removeItem(accountKey);
10721
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
10814
+ this.performanceClient.incrementFields({
10815
+ decryptFailedAcntCount: 1,
10816
+ }, correlationId);
10722
10817
  removeElementFromArray(accountKeysToCheck, accountKey);
10723
10818
  }
10724
10819
  }
@@ -10759,7 +10854,6 @@
10759
10854
  });
10760
10855
  this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
10761
10856
  }
10762
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
10763
10857
  this.browserStorage.removeItem(accountKey);
10764
10858
  }
10765
10859
  /**
@@ -10798,8 +10892,20 @@
10798
10892
  const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
10799
10893
  for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
10800
10894
  this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
10801
- const oldSchemaData = (await this.updateOldEntry(idTokenKey, correlationId));
10895
+ const result = await this.updateOldEntry(idTokenKey, correlationId);
10896
+ const oldSchemaData = result.entry;
10802
10897
  if (!oldSchemaData) {
10898
+ switch (result.removalReason) {
10899
+ case MigrationRemovalReason.TtlExpired:
10900
+ this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
10901
+ break;
10902
+ case MigrationRemovalReason.DecryptFailed:
10903
+ this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
10904
+ break;
10905
+ case MigrationRemovalReason.Invalid:
10906
+ this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
10907
+ break;
10908
+ }
10803
10909
  removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
10804
10910
  continue;
10805
10911
  }
@@ -10878,8 +10984,23 @@
10878
10984
  const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
10879
10985
  for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
10880
10986
  this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
10881
- const oldSchemaData = (await this.updateOldEntry(accessTokenKey, correlationId));
10987
+ const result = await this.updateOldEntry(accessTokenKey, correlationId);
10988
+ const oldSchemaData = result.entry;
10882
10989
  if (!oldSchemaData) {
10990
+ switch (result.removalReason) {
10991
+ case MigrationRemovalReason.TtlExpired:
10992
+ this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
10993
+ break;
10994
+ case MigrationRemovalReason.DecryptFailed:
10995
+ this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
10996
+ break;
10997
+ case MigrationRemovalReason.Expired:
10998
+ this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
10999
+ break;
11000
+ case MigrationRemovalReason.Invalid:
11001
+ this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
11002
+ break;
11003
+ }
10883
11004
  removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
10884
11005
  continue;
10885
11006
  }
@@ -10925,8 +11046,23 @@
10925
11046
  ...credentialKeysToMigrate.refreshToken,
10926
11047
  ]) {
10927
11048
  this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
10928
- const oldSchemaData = (await this.updateOldEntry(refreshTokenKey, correlationId));
11049
+ const result = await this.updateOldEntry(refreshTokenKey, correlationId);
11050
+ const oldSchemaData = result.entry;
10929
11051
  if (!oldSchemaData) {
11052
+ switch (result.removalReason) {
11053
+ case MigrationRemovalReason.TtlExpired:
11054
+ this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
11055
+ break;
11056
+ case MigrationRemovalReason.DecryptFailed:
11057
+ this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
11058
+ break;
11059
+ case MigrationRemovalReason.Expired:
11060
+ this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
11061
+ break;
11062
+ case MigrationRemovalReason.Invalid:
11063
+ this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
11064
+ break;
11065
+ }
10930
11066
  removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
10931
11067
  continue;
10932
11068
  }
@@ -12126,10 +12262,15 @@
12126
12262
  * @param browserStorage - Browser cache manager instance for storing telemetry data
12127
12263
  * @param logger - Optional logger instance for verbose logging
12128
12264
  * @param forceRefresh - Optional flag to force refresh of telemetry data
12265
+ * @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
12129
12266
  * @returns Configured ServerTelemetryManager instance
12130
12267
  */
12131
- function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
12268
+ function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
12132
12269
  logger.verbose("1p12tq", correlationId);
12270
+ if (!enabled) {
12271
+ logger.verbose("0tajnr", correlationId);
12272
+ return new StubServerTelemetryManager();
12273
+ }
12133
12274
  const telemetryPayload = {
12134
12275
  clientId: clientId,
12135
12276
  correlationId: correlationId,
@@ -12738,7 +12879,7 @@
12738
12879
  */
12739
12880
  async acquireToken(silentRequest) {
12740
12881
  // Telemetry manager only used to increment cacheHits here
12741
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12882
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
12742
12883
  const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
12743
12884
  serverTelemetryManager,
12744
12885
  requestAuthority: silentRequest.authority,
@@ -12814,7 +12955,7 @@
12814
12955
  // start the perf measurement
12815
12956
  const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
12816
12957
  const reqTimestamp = nowSeconds();
12817
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12958
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
12818
12959
  try {
12819
12960
  // initialize native request
12820
12961
  const nativeRequest = await this.initializePlatformRequest(request);
@@ -12938,7 +13079,7 @@
12938
13079
  catch (e) {
12939
13080
  // Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
12940
13081
  if (e instanceof NativeAuthError) {
12941
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
13082
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
12942
13083
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
12943
13084
  if (isFatalNativeAuthError(e)) {
12944
13085
  throw e;
@@ -12985,7 +13126,7 @@
12985
13126
  this.logger.verbose("003x5a", this.correlationId);
12986
13127
  const response = await this.platformAuthProvider.sendMessage(request);
12987
13128
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
12988
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
13129
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
12989
13130
  serverTelemetryManager.clearNativeBrokerErrorCode();
12990
13131
  this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
12991
13132
  return authResult;
@@ -13992,6 +14133,7 @@
13992
14133
  nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
13993
14134
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
13994
14135
  protocolMode: ProtocolMode.AAD,
14136
+ serverTelemetryEnabled: false,
13995
14137
  };
13996
14138
  const providedSystemOptions = {
13997
14139
  ...DEFAULT_BROWSER_SYSTEM_OPTIONS,
@@ -14650,7 +14792,7 @@
14650
14792
  */
14651
14793
  async executeCodeFlow(request, popupParams, pkceCodes) {
14652
14794
  const correlationId = request.correlationId;
14653
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
14795
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
14654
14796
  const pkce = pkceCodes ||
14655
14797
  (await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
14656
14798
  const popupRequest = {
@@ -14715,7 +14857,7 @@
14715
14857
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14716
14858
  if (!serverParams.ear_jwe && serverParams.code) {
14717
14859
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
14718
- serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
14860
+ serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
14719
14861
  requestAuthority: request.authority,
14720
14862
  requestAzureCloudOptions: request.azureCloudOptions,
14721
14863
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -14752,7 +14894,7 @@
14752
14894
  async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
14753
14895
  this.logger.verbose("0b7yrk", this.correlationId);
14754
14896
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Popup, validRequest);
14755
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
14897
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
14756
14898
  try {
14757
14899
  // Clear cache on logout
14758
14900
  await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
@@ -15036,7 +15178,7 @@
15036
15178
  */
15037
15179
  async executeCodeFlow(request) {
15038
15180
  const correlationId = request.correlationId;
15039
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15181
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15040
15182
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
15041
15183
  const redirectRequest = {
15042
15184
  ...request,
@@ -15124,7 +15266,7 @@
15124
15266
  async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
15125
15267
  const originalTitle = document.title;
15126
15268
  document.title = "Microsoft Authentication";
15127
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15269
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15128
15270
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
15129
15271
  try {
15130
15272
  const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
@@ -15143,8 +15285,8 @@
15143
15285
  }
15144
15286
  // If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
15145
15287
  const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
15146
- const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
15147
- const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
15288
+ const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
15289
+ const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
15148
15290
  if (loginRequestUrlNormalized === currentUrlNormalized &&
15149
15291
  navigateToLoginRequestUrl) {
15150
15292
  // We are on the page we need to navigate to - handle hash
@@ -15177,8 +15319,8 @@
15177
15319
  * The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
15178
15320
  */
15179
15321
  let processHashOnRedirect = true;
15180
- if (!loginRequestUrl || loginRequestUrl === "null") {
15181
- // Redirect to home page if login request url is null (real null or the string null)
15322
+ if (!loginRequestUrl) {
15323
+ // Redirect to home page if login request url is empty
15182
15324
  const homepage = getHomepage();
15183
15325
  // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
15184
15326
  this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
@@ -15324,7 +15466,7 @@
15324
15466
  async logout(logoutRequest) {
15325
15467
  this.logger.verbose("1rkurh", this.correlationId);
15326
15468
  const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
15327
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15469
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15328
15470
  try {
15329
15471
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, exports.InteractionType.Redirect, logoutRequest);
15330
15472
  // Clear cache on logout
@@ -15405,7 +15547,10 @@
15405
15547
  */
15406
15548
  getRedirectStartPage(requestStartPage) {
15407
15549
  const redirectStartPage = requestStartPage || window.location.href;
15408
- return UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
15550
+ const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
15551
+ // Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
15552
+ validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
15553
+ return absoluteRedirectStartPage;
15409
15554
  }
15410
15555
  }
15411
15556
 
@@ -15414,20 +15559,20 @@
15414
15559
  * Licensed under the MIT License.
15415
15560
  */
15416
15561
  /**
15417
- * Creates a hidden iframe to given URL using user-requested scopes as an id.
15418
- * @param urlNavigate
15419
- * @param userRequestScopes
15562
+ * Navigates the given hidden iframe to the provided URL.
15563
+ * @param frame
15564
+ * @param requestUrl
15420
15565
  */
15421
- async function initiateCodeRequest(requestUrl, performanceClient, logger, correlationId) {
15566
+ async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
15422
15567
  if (!requestUrl) {
15423
15568
  // Throw error if request URL is empty.
15424
15569
  logger.info("1l7hyp", correlationId);
15425
15570
  throw createBrowserAuthError(emptyNavigateUri);
15426
15571
  }
15427
- return invoke(loadFrameSync, SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl);
15572
+ frame.src = requestUrl;
15573
+ return frame;
15428
15574
  }
15429
- async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
15430
- const frame = createHiddenIframe();
15575
+ async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
15431
15576
  if (!frame.contentDocument) {
15432
15577
  throw "No document associated with iframe!";
15433
15578
  }
@@ -15435,8 +15580,7 @@
15435
15580
  form.submit();
15436
15581
  return frame;
15437
15582
  }
15438
- async function initiateEarRequest(config, authority, request, logger, performanceClient) {
15439
- const frame = createHiddenIframe();
15583
+ async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
15440
15584
  if (!frame.contentDocument) {
15441
15585
  throw "No document associated with iframe!";
15442
15586
  }
@@ -15446,19 +15590,8 @@
15446
15590
  }
15447
15591
  /**
15448
15592
  * @hidden
15449
- * Loads the iframe synchronously when the navigateTimeFrame is set to `0`
15450
- * @param urlNavigate
15451
- * @param frameName
15452
- * @param logger
15453
- */
15454
- function loadFrameSync(urlNavigate) {
15455
- const frameHandle = createHiddenIframe();
15456
- frameHandle.src = urlNavigate;
15457
- return frameHandle;
15458
- }
15459
- /**
15460
- * @hidden
15461
- * Creates a new hidden iframe or gets an existing one for silent token renewal.
15593
+ * Creates a new hidden iframe for silent token renewal. Callers navigate it
15594
+ * (set `src` or submit a form) after registering the response listener.
15462
15595
  * @ignore
15463
15596
  */
15464
15597
  function createHiddenIframe() {
@@ -15537,7 +15670,7 @@
15537
15670
  */
15538
15671
  async executeCodeFlow(request) {
15539
15672
  let authClient;
15540
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15673
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15541
15674
  try {
15542
15675
  // Initialize the client
15543
15676
  authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
@@ -15579,11 +15712,22 @@
15579
15712
  earJwk: earJwk,
15580
15713
  codeChallenge: pkceCodes.challenge,
15581
15714
  };
15582
- const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15715
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
15716
+ const iframe = createHiddenIframe();
15583
15717
  const responseType = this.config.auth.OIDCOptions.responseMode;
15584
15718
  let responseString;
15585
15719
  try {
15586
- responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15720
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15721
+ responsePromise.catch(() => {
15722
+ /*
15723
+ * If navigation below throws before responsePromise is awaited,
15724
+ * the listener still rejects on timeout. Swallow it here so it
15725
+ * does not surface as an unhandled rejection; the navigation
15726
+ * error is propagated instead.
15727
+ */
15728
+ });
15729
+ await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15730
+ responseString = await responsePromise;
15587
15731
  }
15588
15732
  finally {
15589
15733
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15592,7 +15736,7 @@
15592
15736
  if (!serverParams.ear_jwe && serverParams.code) {
15593
15737
  // If server doesn't support EAR, they may fallback to auth code flow instead
15594
15738
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
15595
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
15739
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
15596
15740
  requestAuthority: request.authority,
15597
15741
  requestAzureCloudOptions: request.azureCloudOptions,
15598
15742
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -15619,7 +15763,7 @@
15619
15763
  // Create silent request
15620
15764
  const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
15621
15765
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15622
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
15766
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
15623
15767
  requestAuthority: silentRequest.authority,
15624
15768
  requestAzureCloudOptions: silentRequest.azureCloudOptions,
15625
15769
  requestExtraQueryParameters: silentRequest.extraQueryParameters,
@@ -15667,21 +15811,32 @@
15667
15811
  ...request,
15668
15812
  codeChallenge: pkceCodes.challenge,
15669
15813
  };
15670
- let iframe;
15671
- if (request.httpMethod === HttpMethod.POST) {
15672
- iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15673
- }
15674
- else {
15675
- // Create authorize request url
15676
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15677
- // Get the frame handle for the silent request
15678
- iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
15679
- }
15814
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
15815
+ const iframe = createHiddenIframe();
15680
15816
  const responseType = this.config.auth.OIDCOptions.responseMode;
15681
15817
  // Wait for response from the redirect bridge.
15682
15818
  let responseString;
15683
15819
  try {
15684
- responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15820
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
15821
+ responsePromise.catch(() => {
15822
+ /*
15823
+ * If URL creation or navigation below throws before
15824
+ * responsePromise is awaited, the listener still rejects on
15825
+ * timeout. Swallow it here so it does not surface as an
15826
+ * unhandled rejection; the navigation error is propagated
15827
+ * instead.
15828
+ */
15829
+ });
15830
+ if (request.httpMethod === HttpMethod.POST) {
15831
+ await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15832
+ }
15833
+ else {
15834
+ // Create authorize request url
15835
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15836
+ // Navigate the iframe to the authorize request url
15837
+ await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
15838
+ }
15839
+ responseString = await responsePromise;
15685
15840
  }
15686
15841
  finally {
15687
15842
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15716,7 +15871,7 @@
15716
15871
  // Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
15717
15872
  silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
15718
15873
  }
15719
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15874
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15720
15875
  const refreshTokenClient = await this.createRefreshTokenClient({
15721
15876
  serverTelemetryManager,
15722
15877
  authorityUrl: silentRequest.authority,
@@ -15796,7 +15951,7 @@
15796
15951
  * Each auth request creates a new instance of *Client so we can safely use this.correlationId.
15797
15952
  */
15798
15953
  this.correlationId);
15799
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
15954
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
15800
15955
  try {
15801
15956
  // Create auth code request (PKCE not needed)
15802
15957
  const authCodeRequest = {
@@ -16161,6 +16316,8 @@
16161
16316
  // Preflight request
16162
16317
  const correlationId = this.getRequestCorrelationId(request);
16163
16318
  this.logger.verbose("0os66p", correlationId);
16319
+ redirectPreflightCheck(this.initialized, this.config);
16320
+ this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
16164
16321
  const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
16165
16322
  atrMeasurement.add({
16166
16323
  scenarioId: request.scenarioId,
@@ -16178,9 +16335,7 @@
16178
16335
  return navigate;
16179
16336
  };
16180
16337
  try {
16181
- redirectPreflightCheck(this.initialized, this.config);
16182
16338
  enforceResourceParameter(this.config.auth.isMcp, request);
16183
- this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
16184
16339
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
16185
16340
  let result;
16186
16341
  if (this.platformAuthProvider &&