@azure/msal-browser 5.12.0 → 5.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (245) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +89 -16
  11. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  12. package/dist/cache/CacheHelpers.mjs +1 -1
  13. package/dist/cache/CacheKeys.mjs +1 -1
  14. package/dist/cache/CookieStorage.mjs +1 -1
  15. package/dist/cache/DatabaseStorage.mjs +1 -1
  16. package/dist/cache/EncryptedData.mjs +1 -1
  17. package/dist/cache/LocalStorage.mjs +1 -1
  18. package/dist/cache/MemoryStorage.mjs +1 -1
  19. package/dist/cache/SessionStorage.mjs +1 -1
  20. package/dist/cache/TokenCache.mjs +1 -1
  21. package/dist/config/Configuration.mjs +2 -1
  22. package/dist/config/Configuration.mjs.map +1 -1
  23. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  24. package/dist/controllers/StandardController.mjs +3 -3
  25. package/dist/controllers/StandardController.mjs.map +1 -1
  26. package/dist/crypto/BrowserCrypto.mjs +1 -1
  27. package/dist/crypto/CryptoOps.mjs +1 -1
  28. package/dist/crypto/PkceGenerator.mjs +1 -1
  29. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  30. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  31. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  32. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  33. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  34. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  50. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  51. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  52. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  53. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  54. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  55. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  57. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  58. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  59. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  60. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  61. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  62. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  63. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  64. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  66. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  72. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  81. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  82. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  83. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  84. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  85. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  86. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  87. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  90. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  91. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  92. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  93. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  94. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  95. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  96. package/dist/custom_auth/index.mjs +1 -1
  97. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  98. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  103. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  104. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  105. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  108. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  109. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  116. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  121. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  122. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  123. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  130. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  135. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  136. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  137. package/dist/encode/Base64Decode.mjs +1 -1
  138. package/dist/encode/Base64Encode.mjs +1 -1
  139. package/dist/error/BrowserAuthError.mjs +1 -1
  140. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  141. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  142. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  143. package/dist/error/NativeAuthError.mjs +1 -1
  144. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  145. package/dist/error/NestedAppAuthError.mjs +1 -1
  146. package/dist/event/EventHandler.mjs +1 -1
  147. package/dist/event/EventMessage.mjs +1 -1
  148. package/dist/event/EventType.mjs +1 -1
  149. package/dist/index.mjs +1 -1
  150. package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
  151. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  152. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  153. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -4
  154. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  155. package/dist/interaction_client/PopupClient.mjs +4 -4
  156. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  157. package/dist/interaction_client/RedirectClient.mjs +12 -9
  158. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  159. package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
  160. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  161. package/dist/interaction_client/SilentCacheClient.mjs +2 -2
  162. package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
  163. package/dist/interaction_client/SilentIframeClient.mjs +41 -19
  164. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  165. package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
  166. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  167. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  168. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  169. package/dist/interaction_handler/SilentHandler.mjs +12 -26
  170. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  171. package/dist/log-strings-mapping.json +1199 -1195
  172. package/dist/naa/BridgeError.mjs +1 -1
  173. package/dist/naa/BridgeProxy.mjs +1 -1
  174. package/dist/naa/BridgeStatusCode.mjs +1 -1
  175. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  176. package/dist/navigation/NavigationClient.mjs +1 -1
  177. package/dist/network/FetchClient.mjs +1 -1
  178. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  180. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  181. package/dist/packageMetadata.mjs +2 -2
  182. package/dist/protocol/Authorize.mjs +1 -1
  183. package/dist/redirect_bridge/index.mjs +1 -1
  184. package/dist/request/RequestHelpers.mjs +1 -1
  185. package/dist/response/ResponseHandler.mjs +1 -1
  186. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  187. package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
  188. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  189. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  190. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  191. package/dist/utils/BrowserConstants.mjs +1 -1
  192. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  193. package/dist/utils/BrowserUtils.mjs +1 -1
  194. package/dist/utils/Helpers.mjs +1 -1
  195. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  196. package/lib/custom-auth-path/log-strings-mapping.json +7 -3
  197. package/lib/custom-auth-path/msal-custom-auth.cjs +343 -201
  198. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  199. package/lib/custom-auth-path/msal-custom-auth.js +343 -201
  200. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  201. package/lib/log-strings-mapping.json +7 -3
  202. package/lib/msal-browser.cjs +359 -204
  203. package/lib/msal-browser.cjs.map +1 -1
  204. package/lib/msal-browser.js +359 -204
  205. package/lib/msal-browser.js.map +1 -1
  206. package/lib/msal-browser.min.js +2 -2
  207. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  208. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  209. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  210. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  211. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  212. package/package.json +2 -2
  213. package/src/cache/BrowserCacheManager.ts +141 -34
  214. package/src/config/Configuration.ts +6 -0
  215. package/src/controllers/StandardController.ts +6 -6
  216. package/src/interaction_client/BaseInteractionClient.ts +12 -1
  217. package/src/interaction_client/PlatformAuthInteractionClient.ts +9 -3
  218. package/src/interaction_client/PopupClient.ts +9 -3
  219. package/src/interaction_client/RedirectClient.ts +27 -8
  220. package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
  221. package/src/interaction_client/SilentCacheClient.ts +3 -1
  222. package/src/interaction_client/SilentIframeClient.ts +94 -58
  223. package/src/interaction_client/SilentRefreshClient.ts +3 -1
  224. package/src/interaction_handler/SilentHandler.ts +11 -32
  225. package/src/packageMetadata.ts +1 -1
  226. package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
  227. package/types/cache/BrowserCacheManager.d.ts +18 -1
  228. package/types/cache/BrowserCacheManager.d.ts.map +1 -1
  229. package/types/config/Configuration.d.ts +5 -0
  230. package/types/config/Configuration.d.ts.map +1 -1
  231. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  232. package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
  233. package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
  234. package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  235. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  236. package/types/interaction_client/RedirectClient.d.ts.map +1 -1
  237. package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  238. package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
  239. package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  240. package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
  241. package/types/interaction_handler/SilentHandler.d.ts +13 -6
  242. package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  243. package/types/packageMetadata.d.ts +1 -1
  244. package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
  245. package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.12.0 2026-06-05 */
1
+ /*! @azure/msal-browser v5.13.0 2026-06-10 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
229
229
  // Token renewal offset default in seconds
230
230
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
231
231
 
232
- /*! @azure/msal-common v16.7.0 2026-06-05 */
232
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
233
233
  /*
234
234
  * Copyright (c) Microsoft Corporation. All rights reserved.
235
235
  * Licensed under the MIT License.
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
281
281
  const RESOURCE = "resource";
282
282
  const CLI_DATA = "clidata";
283
283
 
284
- /*! @azure/msal-common v16.7.0 2026-06-05 */
284
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
285
285
  /*
286
286
  * Copyright (c) Microsoft Corporation. All rights reserved.
287
287
  * Licensed under the MIT License.
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
312
312
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
313
313
  }
314
314
 
315
- /*! @azure/msal-common v16.7.0 2026-06-05 */
315
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
316
316
 
317
317
  /*
318
318
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
332
332
  return new ClientConfigurationError(errorCode);
333
333
  }
334
334
 
335
- /*! @azure/msal-common v16.7.0 2026-06-05 */
335
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
336
336
  /*
337
337
  * Copyright (c) Microsoft Corporation. All rights reserved.
338
338
  * Licensed under the MIT License.
@@ -412,7 +412,7 @@ class StringUtils {
412
412
  }
413
413
  }
414
414
 
415
- /*! @azure/msal-common v16.7.0 2026-06-05 */
415
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
416
416
 
417
417
  /*
418
418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
435
435
  return new ClientAuthError(errorCode, additionalMessage);
436
436
  }
437
437
 
438
- /*! @azure/msal-common v16.7.0 2026-06-05 */
438
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
439
439
  /*
440
440
  * Copyright (c) Microsoft Corporation. All rights reserved.
441
441
  * Licensed under the MIT License.
@@ -461,7 +461,7 @@ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
461
461
  const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
462
462
  const issuerValidationFailed = "issuer_validation_failed";
463
463
 
464
- /*! @azure/msal-common v16.7.0 2026-06-05 */
464
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
465
465
  /*
466
466
  * Copyright (c) Microsoft Corporation. All rights reserved.
467
467
  * Licensed under the MIT License.
@@ -500,7 +500,7 @@ const methodNotImplemented = "method_not_implemented";
500
500
  const resourceParameterRequired = "resource_parameter_required";
501
501
  const misplacedResourceParam = "misplaced_resource_parameter";
502
502
 
503
- /*! @azure/msal-common v16.7.0 2026-06-05 */
503
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
504
504
 
505
505
  /*
506
506
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -695,7 +695,7 @@ class ScopeSet {
695
695
  }
696
696
  }
697
697
 
698
- /*! @azure/msal-common v16.7.0 2026-06-05 */
698
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
699
699
 
700
700
  /*
701
701
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1044,8 +1044,14 @@ function addSshJwk(parameters, sshJwkString) {
1044
1044
  * @param serverTelemetryManager
1045
1045
  */
1046
1046
  function addServerTelemetry(parameters, serverTelemetryManager) {
1047
- parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
1048
- parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
1047
+ const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
1048
+ const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
1049
+ if (currentTelemetryHeader) {
1050
+ parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
1051
+ }
1052
+ if (lastTelemetryHeader) {
1053
+ parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
1054
+ }
1049
1055
  }
1050
1056
  /**
1051
1057
  * Adds parameter that indicates to the server that throttling is supported
@@ -1084,34 +1090,12 @@ function addResource(parameters, resource) {
1084
1090
  }
1085
1091
  }
1086
1092
 
1087
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1093
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1088
1094
 
1089
1095
  /*
1090
1096
  * Copyright (c) Microsoft Corporation. All rights reserved.
1091
1097
  * Licensed under the MIT License.
1092
1098
  */
1093
- /**
1094
- * Canonicalizes a URL by making it lowercase and ensuring it ends with /
1095
- * Inlined version of UrlString.canonicalizeUri to avoid circular dependency
1096
- * @param url - URL to canonicalize
1097
- * @returns Canonicalized URL
1098
- */
1099
- function canonicalizeUrl(url) {
1100
- if (!url) {
1101
- return url;
1102
- }
1103
- let lowerCaseUrl = url.toLowerCase();
1104
- if (StringUtils.endsWith(lowerCaseUrl, "?")) {
1105
- lowerCaseUrl = lowerCaseUrl.slice(0, -1);
1106
- }
1107
- else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
1108
- lowerCaseUrl = lowerCaseUrl.slice(0, -2);
1109
- }
1110
- if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
1111
- lowerCaseUrl += "/";
1112
- }
1113
- return lowerCaseUrl;
1114
- }
1115
1099
  /**
1116
1100
  * Parses hash string from given string. Returns empty string if no hash symbol is found.
1117
1101
  * @param hashString
@@ -1164,36 +1148,71 @@ function mapToQueryString(parameters) {
1164
1148
  return queryParameterArray.join("&");
1165
1149
  }
1166
1150
  /**
1167
- * Normalizes URLs for comparison by removing hash, canonicalizing,
1168
- * and ensuring consistent URL encoding in query parameters.
1169
- * This fixes redirect loops when URLs contain encoded characters like apostrophes (%27).
1151
+ * Normalizes URLs for comparison per MDN & RFC 3986 standards:
1152
+ * - Hash/fragment is removed
1153
+ * - Scheme and host are lowercased (case-insensitive per spec)
1154
+ * - Path and query parameters preserve original casing (case-sensitive per spec)
1155
+ * - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
1156
+ * - Ensures pathname ends with /
1157
+ * Throws a urlParseError if the provided URL is malformed and cannot be parsed.
1170
1158
  * @param url - URL to normalize
1159
+ * @param logger - Optional logger used to log parse failures
1160
+ * @param correlationId - Optional correlationId associated with the log entry
1171
1161
  * @returns Normalized URL string for comparison
1172
1162
  */
1173
- function normalizeUrlForComparison(url) {
1163
+ function normalizeUrlForComparison(url, logger, correlationId) {
1174
1164
  if (!url) {
1175
1165
  return url;
1176
1166
  }
1177
- // Remove hash first
1178
1167
  const urlWithoutHash = url.split("#")[0];
1168
+ if (!urlWithoutHash) {
1169
+ return urlWithoutHash;
1170
+ }
1179
1171
  try {
1180
- // Parse the URL to handle encoding consistently
1181
1172
  const urlObj = new URL(urlWithoutHash);
1182
- /*
1183
- * Reconstruct the URL with properly decoded query parameters
1184
- * This ensures that %27 and ' are treated as equivalent
1185
- */
1186
- const normalizedUrl = urlObj.origin + urlObj.pathname + urlObj.search;
1187
- // Apply canonicalization logic inline to avoid circular dependency
1188
- return canonicalizeUrl(normalizedUrl);
1173
+ // Treat an empty query string (a bare trailing "?") as equivalent to no query
1174
+ if (!urlObj.search) {
1175
+ urlObj.search = "";
1176
+ }
1177
+ // Decode the pathname to normalize percent-encoding and ensure trailing slash
1178
+ let pathname;
1179
+ try {
1180
+ pathname = decodeURIComponent(urlObj.pathname);
1181
+ }
1182
+ catch (e) {
1183
+ pathname = urlObj.pathname;
1184
+ }
1185
+ if (!pathname.endsWith("/")) {
1186
+ pathname += "/";
1187
+ }
1188
+ urlObj.pathname = pathname;
1189
+ return urlObj.href;
1189
1190
  }
1190
1191
  catch (e) {
1191
- // Fallback to original logic if URL parsing fails
1192
- return canonicalizeUrl(urlWithoutHash);
1192
+ logger?.error("15apdm", correlationId || "");
1193
+ throw createClientConfigurationError(urlParseError);
1194
+ }
1195
+ }
1196
+ /**
1197
+ * Validates that the provided value is a well-formed, parseable absolute URL.
1198
+ * Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
1199
+ * literal string "null", an empty string, or any malformed/relative URL). Use this
1200
+ * to guard against persisting an invalid value (such as a redirect URL) to the cache.
1201
+ * @param url - URL to validate
1202
+ * @param logger - Optional logger used to log validation failures
1203
+ * @param correlationId - Optional correlationId associated with the log entry
1204
+ */
1205
+ function validateUrl(url, logger, correlationId) {
1206
+ try {
1207
+ new URL(url);
1208
+ }
1209
+ catch (e) {
1210
+ logger?.error("1lrjz7", correlationId || "");
1211
+ throw createClientConfigurationError(urlParseError);
1193
1212
  }
1194
1213
  }
1195
1214
 
1196
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1215
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1197
1216
 
1198
1217
  /*
1199
1218
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1232,7 +1251,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1232
1251
  },
1233
1252
  };
1234
1253
 
1235
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1254
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1236
1255
  /*
1237
1256
  * Copyright (c) Microsoft Corporation. All rights reserved.
1238
1257
  * Licensed under the MIT License.
@@ -1280,7 +1299,7 @@ function addLogToCache(correlationId, loggedMessage) {
1280
1299
  // Remove LRU (first entry) if capacity exceeded
1281
1300
  if (correlationCache.size > CACHE_CAPACITY) {
1282
1301
  const firstKey = correlationCache.keys().next().value;
1283
- if (firstKey) {
1302
+ if (firstKey !== undefined) {
1284
1303
  correlationCache.delete(firstKey);
1285
1304
  }
1286
1305
  }
@@ -1493,12 +1512,12 @@ class Logger {
1493
1512
  }
1494
1513
  }
1495
1514
 
1496
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1515
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1497
1516
  /* eslint-disable header/header */
1498
1517
  const name$1 = "@azure/msal-common";
1499
- const version$1 = "16.7.0";
1518
+ const version$1 = "16.8.0";
1500
1519
 
1501
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1520
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1502
1521
  /*
1503
1522
  * Copyright (c) Microsoft Corporation. All rights reserved.
1504
1523
  * Licensed under the MIT License.
@@ -1507,7 +1526,7 @@ const AzureCloudInstance = {
1507
1526
  // AzureCloudInstance is not specified.
1508
1527
  None: "none"};
1509
1528
 
1510
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1529
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1511
1530
  /*
1512
1531
  * Copyright (c) Microsoft Corporation. All rights reserved.
1513
1532
  * Licensed under the MIT License.
@@ -1590,7 +1609,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1590
1609
  return updatedAccountInfo;
1591
1610
  }
1592
1611
 
1593
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1612
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1594
1613
 
1595
1614
  /*
1596
1615
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1670,7 +1689,7 @@ function checkMaxAge(authTime, maxAge) {
1670
1689
  }
1671
1690
  }
1672
1691
 
1673
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1692
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1674
1693
 
1675
1694
  /*
1676
1695
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1827,7 +1846,7 @@ class UrlString {
1827
1846
  }
1828
1847
  }
1829
1848
 
1830
- /*! @azure/msal-common v16.7.0 2026-06-05 */
1849
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1831
1850
 
1832
1851
  /*
1833
1852
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1993,7 +2012,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1993
2012
  return null;
1994
2013
  }
1995
2014
 
1996
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2015
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
1997
2016
  /*
1998
2017
  * Copyright (c) Microsoft Corporation. All rights reserved.
1999
2018
  * Licensed under the MIT License.
@@ -2001,7 +2020,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2001
2020
  const cacheQuotaExceeded = "cache_quota_exceeded";
2002
2021
  const cacheErrorUnknown = "cache_error_unknown";
2003
2022
 
2004
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2023
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2005
2024
 
2006
2025
  /*
2007
2026
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2039,7 +2058,7 @@ function createCacheError(e) {
2039
2058
  }
2040
2059
  }
2041
2060
 
2042
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2061
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2043
2062
 
2044
2063
  /*
2045
2064
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2077,7 +2096,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2077
2096
  };
2078
2097
  }
2079
2098
 
2080
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2099
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2081
2100
  /*
2082
2101
  * Copyright (c) Microsoft Corporation. All rights reserved.
2083
2102
  * Licensed under the MIT License.
@@ -2092,7 +2111,7 @@ const AuthorityType = {
2092
2111
  Ciam: 3,
2093
2112
  };
2094
2113
 
2095
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2114
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2096
2115
  /*
2097
2116
  * Copyright (c) Microsoft Corporation. All rights reserved.
2098
2117
  * Licensed under the MIT License.
@@ -2114,7 +2133,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2114
2133
  return null;
2115
2134
  }
2116
2135
 
2117
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2136
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2118
2137
  /*
2119
2138
  * Copyright (c) Microsoft Corporation. All rights reserved.
2120
2139
  * Licensed under the MIT License.
@@ -2138,7 +2157,7 @@ const ProtocolMode = {
2138
2157
  EAR: "EAR",
2139
2158
  };
2140
2159
 
2141
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2160
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2142
2161
  /**
2143
2162
  * Returns the AccountInfo interface for this account.
2144
2163
  */
@@ -2313,7 +2332,7 @@ function isAccountEntity(entity) {
2313
2332
  entity.hasOwnProperty("authorityType"));
2314
2333
  }
2315
2334
 
2316
- /*! @azure/msal-common v16.7.0 2026-06-05 */
2335
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
2317
2336
 
2318
2337
  /*
2319
2338
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3444,7 +3463,7 @@ class DefaultStorageClass extends CacheManager {
3444
3463
  }
3445
3464
  }
3446
3465
 
3447
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3466
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3448
3467
  /*
3449
3468
  * Copyright (c) Microsoft Corporation. All rights reserved.
3450
3469
  * Licensed under the MIT License.
@@ -3458,7 +3477,7 @@ class DefaultStorageClass extends CacheManager {
3458
3477
  const PerformanceEventStatus = {
3459
3478
  InProgress: 1};
3460
3479
 
3461
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3480
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3462
3481
 
3463
3482
  /*
3464
3483
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3513,7 +3532,7 @@ class StubPerformanceClient {
3513
3532
  }
3514
3533
  }
3515
3534
 
3516
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3535
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3517
3536
 
3518
3537
  /*
3519
3538
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3608,7 +3627,7 @@ function isOidcProtocolMode(config) {
3608
3627
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3609
3628
  }
3610
3629
 
3611
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3630
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3612
3631
  /*
3613
3632
  * Copyright (c) Microsoft Corporation. All rights reserved.
3614
3633
  * Licensed under the MIT License.
@@ -3635,7 +3654,7 @@ function isOidcProtocolMode(config) {
3635
3654
  }
3636
3655
  }
3637
3656
 
3638
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3657
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3639
3658
  /*
3640
3659
  * Copyright (c) Microsoft Corporation. All rights reserved.
3641
3660
  * Licensed under the MIT License.
@@ -3700,7 +3719,7 @@ function wasClockTurnedBack(cachedAt) {
3700
3719
  return cachedAtSec > nowSeconds();
3701
3720
  }
3702
3721
 
3703
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3722
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3704
3723
 
3705
3724
  /*
3706
3725
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3959,7 +3978,7 @@ function isAuthorityMetadataExpired(metadata) {
3959
3978
  return metadata.expiresAt <= nowSeconds();
3960
3979
  }
3961
3980
 
3962
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3981
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
3963
3982
  /*
3964
3983
  * Copyright (c) Microsoft Corporation. All rights reserved.
3965
3984
  * Licensed under the MIT License.
@@ -4030,7 +4049,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4030
4049
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4031
4050
  const SetUserData = "setUserData";
4032
4051
 
4033
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4052
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4034
4053
  /*
4035
4054
  * Copyright (c) Microsoft Corporation. All rights reserved.
4036
4055
  * Licensed under the MIT License.
@@ -4123,7 +4142,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4123
4142
  };
4124
4143
  };
4125
4144
 
4126
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4145
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4127
4146
 
4128
4147
  /*
4129
4148
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4203,7 +4222,7 @@ class PopTokenGenerator {
4203
4222
  }
4204
4223
  }
4205
4224
 
4206
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4225
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4207
4226
  /*
4208
4227
  * Copyright (c) Microsoft Corporation. All rights reserved.
4209
4228
  * Licensed under the MIT License.
@@ -4254,7 +4273,7 @@ const badToken = "bad_token";
4254
4273
  */
4255
4274
  const interruptedUser = "interrupted_user";
4256
4275
 
4257
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4276
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4258
4277
 
4259
4278
  /*
4260
4279
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4322,7 +4341,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4322
4341
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4323
4342
  }
4324
4343
 
4325
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4344
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4326
4345
 
4327
4346
  /*
4328
4347
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4341,7 +4360,7 @@ class ServerError extends AuthError {
4341
4360
  }
4342
4361
  }
4343
4362
 
4344
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4363
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4345
4364
 
4346
4365
  /*
4347
4366
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4409,7 +4428,7 @@ function parseRequestState(base64Decode, state) {
4409
4428
  }
4410
4429
  }
4411
4430
 
4412
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4431
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4413
4432
 
4414
4433
  /*
4415
4434
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4757,7 +4776,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4757
4776
  return baseAccount;
4758
4777
  }
4759
4778
 
4760
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4779
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4761
4780
  /*
4762
4781
  * Copyright (c) Microsoft Corporation. All rights reserved.
4763
4782
  * Licensed under the MIT License.
@@ -4767,7 +4786,7 @@ const CcsCredentialType = {
4767
4786
  UPN: "UPN",
4768
4787
  };
4769
4788
 
4770
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4789
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4771
4790
  /*
4772
4791
  * Copyright (c) Microsoft Corporation. All rights reserved.
4773
4792
  * Licensed under the MIT License.
@@ -4785,7 +4804,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4785
4804
  }
4786
4805
  }
4787
4806
 
4788
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4807
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4789
4808
  /*
4790
4809
  * Copyright (c) Microsoft Corporation. All rights reserved.
4791
4810
  * Licensed under the MIT License.
@@ -4806,7 +4825,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4806
4825
  };
4807
4826
  }
4808
4827
 
4809
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4828
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4810
4829
 
4811
4830
  /*
4812
4831
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4892,7 +4911,7 @@ class ThrottlingUtils {
4892
4911
  }
4893
4912
  }
4894
4913
 
4895
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4914
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4896
4915
 
4897
4916
  /*
4898
4917
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4923,7 +4942,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4923
4942
  return new NetworkError(error, httpStatus, responseHeaders);
4924
4943
  }
4925
4944
 
4926
- /*! @azure/msal-common v16.7.0 2026-06-05 */
4945
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4927
4946
 
4928
4947
  /*
4929
4948
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5037,7 +5056,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5037
5056
  return response;
5038
5057
  }
5039
5058
 
5040
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5059
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5041
5060
  /*
5042
5061
  * Copyright (c) Microsoft Corporation. All rights reserved.
5043
5062
  * Licensed under the MIT License.
@@ -5049,7 +5068,7 @@ function isOpenIdConfigResponse(response) {
5049
5068
  response.hasOwnProperty("jwks_uri"));
5050
5069
  }
5051
5070
 
5052
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5071
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5053
5072
  /*
5054
5073
  * Copyright (c) Microsoft Corporation. All rights reserved.
5055
5074
  * Licensed under the MIT License.
@@ -5059,7 +5078,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5059
5078
  response.hasOwnProperty("metadata"));
5060
5079
  }
5061
5080
 
5062
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5081
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5063
5082
  /*
5064
5083
  * Copyright (c) Microsoft Corporation. All rights reserved.
5065
5084
  * Licensed under the MIT License.
@@ -5069,7 +5088,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5069
5088
  response.hasOwnProperty("error_description"));
5070
5089
  }
5071
5090
 
5072
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5091
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5073
5092
 
5074
5093
  /*
5075
5094
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5174,7 +5193,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5174
5193
  },
5175
5194
  };
5176
5195
 
5177
- /*! @azure/msal-common v16.7.0 2026-06-05 */
5196
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
5178
5197
 
5179
5198
  /*
5180
5199
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6142,7 +6161,7 @@ function buildStaticAuthorityOptions(authOptions) {
6142
6161
  };
6143
6162
  }
6144
6163
 
6145
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6164
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6146
6165
 
6147
6166
  /*
6148
6167
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6176,7 +6195,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6176
6195
  }
6177
6196
  }
6178
6197
 
6179
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6198
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6180
6199
 
6181
6200
  /*
6182
6201
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6433,7 +6452,7 @@ class AuthorizationCodeClient {
6433
6452
  }
6434
6453
  }
6435
6454
 
6436
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6455
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6437
6456
 
6438
6457
  /*
6439
6458
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6654,7 +6673,7 @@ class RefreshTokenClient {
6654
6673
  }
6655
6674
  }
6656
6675
 
6657
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6676
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6658
6677
 
6659
6678
  /*
6660
6679
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6770,7 +6789,7 @@ class SilentFlowClient {
6770
6789
  }
6771
6790
  }
6772
6791
 
6773
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6792
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6774
6793
 
6775
6794
  /*
6776
6795
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6785,7 +6804,7 @@ const StubbedNetworkModule = {
6785
6804
  },
6786
6805
  };
6787
6806
 
6788
- /*! @azure/msal-common v16.7.0 2026-06-05 */
6807
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
6789
6808
 
6790
6809
  /*
6791
6810
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7008,7 +7027,7 @@ function extractLoginHint(account) {
7008
7027
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7009
7028
  }
7010
7029
 
7011
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7030
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7012
7031
 
7013
7032
  /*
7014
7033
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7041,7 +7060,7 @@ function containsResourceParam(params) {
7041
7060
  return Object.prototype.hasOwnProperty.call(params, "resource");
7042
7061
  }
7043
7062
 
7044
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7063
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7045
7064
  /*
7046
7065
  * Copyright (c) Microsoft Corporation. All rights reserved.
7047
7066
  * Licensed under the MIT License.
@@ -7051,7 +7070,7 @@ function containsResourceParam(params) {
7051
7070
  */
7052
7071
  const unexpectedError = "unexpected_error";
7053
7072
 
7054
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7073
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7055
7074
 
7056
7075
  /*
7057
7076
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7162,35 +7181,40 @@ class ServerTelemetryManager {
7162
7181
  * @param error
7163
7182
  */
7164
7183
  cacheFailedRequest(error) {
7165
- const lastRequests = this.getLastRequests();
7166
- if (lastRequests.errors.length >=
7167
- SERVER_TELEM_MAX_CACHED_ERRORS) {
7168
- // Remove a cached error to make room, first in first out
7169
- lastRequests.failedRequests.shift(); // apiId
7170
- lastRequests.failedRequests.shift(); // correlationId
7171
- lastRequests.errors.shift();
7172
- }
7173
- lastRequests.failedRequests.push(this.apiId, this.correlationId);
7174
- if (error instanceof Error && !!error && error.toString()) {
7175
- if (error instanceof AuthError) {
7176
- if (error.subError) {
7177
- lastRequests.errors.push(error.subError);
7178
- }
7179
- else if (error.errorCode) {
7180
- lastRequests.errors.push(error.errorCode);
7184
+ try {
7185
+ const lastRequests = this.getLastRequests();
7186
+ if (lastRequests.errors.length >=
7187
+ SERVER_TELEM_MAX_CACHED_ERRORS) {
7188
+ // Remove a cached error to make room, first in first out
7189
+ lastRequests.failedRequests.shift(); // apiId
7190
+ lastRequests.failedRequests.shift(); // correlationId
7191
+ lastRequests.errors.shift();
7192
+ }
7193
+ lastRequests.failedRequests.push(this.apiId, this.correlationId);
7194
+ if (error instanceof Error && !!error && error.toString()) {
7195
+ if (error instanceof AuthError) {
7196
+ if (error.subError) {
7197
+ lastRequests.errors.push(error.subError);
7198
+ }
7199
+ else if (error.errorCode) {
7200
+ lastRequests.errors.push(error.errorCode);
7201
+ }
7202
+ else {
7203
+ lastRequests.errors.push(error.toString());
7204
+ }
7181
7205
  }
7182
7206
  else {
7183
7207
  lastRequests.errors.push(error.toString());
7184
7208
  }
7185
7209
  }
7186
7210
  else {
7187
- lastRequests.errors.push(error.toString());
7211
+ lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7188
7212
  }
7213
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7189
7214
  }
7190
- else {
7191
- lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
7215
+ catch {
7216
+ // Ignore telemetry cache failures to avoid masking the original auth error path.
7192
7217
  }
7193
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
7194
7218
  return;
7195
7219
  }
7196
7220
  /**
@@ -7310,9 +7334,36 @@ class ServerTelemetryManager {
7310
7334
  static makeExtraSkuString(params) {
7311
7335
  return makeExtraSkuString(params);
7312
7336
  }
7337
+ }
7338
+ /** @internal */
7339
+ class StubServerTelemetryManager extends ServerTelemetryManager {
7340
+ constructor() {
7341
+ super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
7342
+ }
7343
+ generateCurrentRequestHeaderValue() {
7344
+ return "";
7345
+ }
7346
+ generateLastRequestHeaderValue() {
7347
+ return "";
7348
+ }
7349
+ cacheFailedRequest() { }
7350
+ incrementCacheHits() {
7351
+ return 0;
7352
+ }
7353
+ clearTelemetryCache() { }
7354
+ getRegionDiscoveryFields() {
7355
+ return "";
7356
+ }
7357
+ updateRegionDiscoveryMetadata() { }
7358
+ setCacheOutcome() { }
7359
+ setNativeBrokerErrorCode() { }
7360
+ getNativeBrokerErrorCode() {
7361
+ return undefined;
7362
+ }
7363
+ clearNativeBrokerErrorCode() { }
7313
7364
  }
7314
7365
 
7315
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7366
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7316
7367
 
7317
7368
  /*
7318
7369
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7333,7 +7384,7 @@ function createJoseHeaderError(code) {
7333
7384
  return new JoseHeaderError(code);
7334
7385
  }
7335
7386
 
7336
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7387
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7337
7388
  /*
7338
7389
  * Copyright (c) Microsoft Corporation. All rights reserved.
7339
7390
  * Licensed under the MIT License.
@@ -7341,7 +7392,7 @@ function createJoseHeaderError(code) {
7341
7392
  const missingKidError = "missing_kid_error";
7342
7393
  const missingAlgError = "missing_alg_error";
7343
7394
 
7344
- /*! @azure/msal-common v16.7.0 2026-06-05 */
7395
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
7345
7396
 
7346
7397
  /*
7347
7398
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7776,7 +7827,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7776
7827
 
7777
7828
  /* eslint-disable header/header */
7778
7829
  const name = "@azure/msal-browser";
7779
- const version = "5.12.0";
7830
+ const version = "5.13.0";
7780
7831
 
7781
7832
  /*
7782
7833
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8369,7 +8420,6 @@ const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
8369
8420
  */
8370
8421
  const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
8371
8422
  const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
8372
- const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
8373
8423
  /**
8374
8424
  * Helper functions in StandardInteractionClient class (msal-browser)
8375
8425
  */
@@ -9444,10 +9494,15 @@ function getRedirectUri(requestRedirectUri, clientConfigRedirectUri, logger, cor
9444
9494
  * @param browserStorage - Browser cache manager instance for storing telemetry data
9445
9495
  * @param logger - Optional logger instance for verbose logging
9446
9496
  * @param forceRefresh - Optional flag to force refresh of telemetry data
9497
+ * @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
9447
9498
  * @returns Configured ServerTelemetryManager instance
9448
9499
  */
9449
- function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
9500
+ function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
9450
9501
  logger.verbose("1p12tq", correlationId);
9502
+ if (!enabled) {
9503
+ logger.verbose("0tajnr", correlationId);
9504
+ return new StubServerTelemetryManager();
9505
+ }
9451
9506
  const telemetryPayload = {
9452
9507
  clientId: clientId,
9453
9508
  correlationId: correlationId,
@@ -15007,6 +15062,15 @@ function removeElementFromArray(array, element) {
15007
15062
  * Copyright (c) Microsoft Corporation. All rights reserved.
15008
15063
  * Licensed under the MIT License.
15009
15064
  */
15065
+ /**
15066
+ * Reason an old-schema cache entry was removed during migration.
15067
+ */
15068
+ const MigrationRemovalReason = {
15069
+ Invalid: "invalid",
15070
+ TtlExpired: "ttlExpired",
15071
+ DecryptFailed: "decryptFailed",
15072
+ Expired: "expired",
15073
+ };
15010
15074
  /**
15011
15075
  * This class implements the cache storage interface for MSAL through browser local or session storage.
15012
15076
  */
@@ -15076,7 +15140,10 @@ class BrowserCacheManager extends CacheManager {
15076
15140
  const parsedValue = this.validateAndParseJson(rawValue || "");
15077
15141
  if (!parsedValue) {
15078
15142
  this.browserStorage.removeItem(key);
15079
- return null;
15143
+ return {
15144
+ entry: null,
15145
+ removalReason: MigrationRemovalReason.Invalid,
15146
+ };
15080
15147
  }
15081
15148
  if (!parsedValue.lastUpdatedAt) {
15082
15149
  // Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
@@ -15085,26 +15152,42 @@ class BrowserCacheManager extends CacheManager {
15085
15152
  }
15086
15153
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
15087
15154
  this.browserStorage.removeItem(key);
15088
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
15089
- return null;
15155
+ return {
15156
+ entry: null,
15157
+ removalReason: MigrationRemovalReason.TtlExpired,
15158
+ };
15090
15159
  }
15091
- const decryptedData = isEncrypted(parsedValue)
15160
+ const wasEncrypted = isEncrypted(parsedValue);
15161
+ const decryptedData = wasEncrypted
15092
15162
  ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
15093
15163
  : parsedValue;
15094
- if (!decryptedData || !isCredentialEntity(decryptedData)) {
15164
+ if (!decryptedData) {
15095
15165
  this.browserStorage.removeItem(key);
15096
- this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
15097
- return null;
15166
+ return {
15167
+ entry: null,
15168
+ removalReason: wasEncrypted
15169
+ ? MigrationRemovalReason.DecryptFailed
15170
+ : MigrationRemovalReason.Invalid,
15171
+ };
15172
+ }
15173
+ if (!isCredentialEntity(decryptedData)) {
15174
+ this.browserStorage.removeItem(key);
15175
+ return {
15176
+ entry: null,
15177
+ removalReason: MigrationRemovalReason.Invalid,
15178
+ };
15098
15179
  }
15099
15180
  if ((isAccessTokenEntity(decryptedData) ||
15100
15181
  isRefreshTokenEntity(decryptedData)) &&
15101
15182
  decryptedData.expiresOn &&
15102
15183
  isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
15103
15184
  this.browserStorage.removeItem(key);
15104
- this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
15105
- return null;
15185
+ return {
15186
+ entry: null,
15187
+ removalReason: MigrationRemovalReason.Expired,
15188
+ };
15106
15189
  }
15107
- return decryptedData;
15190
+ return { entry: decryptedData };
15108
15191
  }
15109
15192
  /**
15110
15193
  * Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
@@ -15124,6 +15207,7 @@ class BrowserCacheManager extends CacheManager {
15124
15207
  const parsedValue = this.validateAndParseJson(rawValue || "");
15125
15208
  if (!parsedValue) {
15126
15209
  this.browserStorage.removeItem(accountKey);
15210
+ this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
15127
15211
  removeElementFromArray(accountKeysToCheck, accountKey);
15128
15212
  continue;
15129
15213
  }
@@ -15136,6 +15220,7 @@ class BrowserCacheManager extends CacheManager {
15136
15220
  else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
15137
15221
  // Cache expired remove account and associated tokens
15138
15222
  await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
15223
+ this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
15139
15224
  removeElementFromArray(accountKeysToCheck, accountKey);
15140
15225
  }
15141
15226
  else if (isEncrypted(parsedValue)) {
@@ -15143,7 +15228,9 @@ class BrowserCacheManager extends CacheManager {
15143
15228
  const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
15144
15229
  if (!decrypted) {
15145
15230
  this.browserStorage.removeItem(accountKey);
15146
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
15231
+ this.performanceClient.incrementFields({
15232
+ decryptFailedAcntCount: 1,
15233
+ }, correlationId);
15147
15234
  removeElementFromArray(accountKeysToCheck, accountKey);
15148
15235
  }
15149
15236
  }
@@ -15184,7 +15271,6 @@ class BrowserCacheManager extends CacheManager {
15184
15271
  });
15185
15272
  this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
15186
15273
  }
15187
- this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
15188
15274
  this.browserStorage.removeItem(accountKey);
15189
15275
  }
15190
15276
  /**
@@ -15223,8 +15309,20 @@ class BrowserCacheManager extends CacheManager {
15223
15309
  const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
15224
15310
  for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
15225
15311
  this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
15226
- const oldSchemaData = (await this.updateOldEntry(idTokenKey, correlationId));
15312
+ const result = await this.updateOldEntry(idTokenKey, correlationId);
15313
+ const oldSchemaData = result.entry;
15227
15314
  if (!oldSchemaData) {
15315
+ switch (result.removalReason) {
15316
+ case MigrationRemovalReason.TtlExpired:
15317
+ this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
15318
+ break;
15319
+ case MigrationRemovalReason.DecryptFailed:
15320
+ this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
15321
+ break;
15322
+ case MigrationRemovalReason.Invalid:
15323
+ this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
15324
+ break;
15325
+ }
15228
15326
  removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
15229
15327
  continue;
15230
15328
  }
@@ -15303,8 +15401,23 @@ class BrowserCacheManager extends CacheManager {
15303
15401
  const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
15304
15402
  for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
15305
15403
  this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
15306
- const oldSchemaData = (await this.updateOldEntry(accessTokenKey, correlationId));
15404
+ const result = await this.updateOldEntry(accessTokenKey, correlationId);
15405
+ const oldSchemaData = result.entry;
15307
15406
  if (!oldSchemaData) {
15407
+ switch (result.removalReason) {
15408
+ case MigrationRemovalReason.TtlExpired:
15409
+ this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
15410
+ break;
15411
+ case MigrationRemovalReason.DecryptFailed:
15412
+ this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
15413
+ break;
15414
+ case MigrationRemovalReason.Expired:
15415
+ this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
15416
+ break;
15417
+ case MigrationRemovalReason.Invalid:
15418
+ this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
15419
+ break;
15420
+ }
15308
15421
  removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
15309
15422
  continue;
15310
15423
  }
@@ -15350,8 +15463,23 @@ class BrowserCacheManager extends CacheManager {
15350
15463
  ...credentialKeysToMigrate.refreshToken,
15351
15464
  ]) {
15352
15465
  this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
15353
- const oldSchemaData = (await this.updateOldEntry(refreshTokenKey, correlationId));
15466
+ const result = await this.updateOldEntry(refreshTokenKey, correlationId);
15467
+ const oldSchemaData = result.entry;
15354
15468
  if (!oldSchemaData) {
15469
+ switch (result.removalReason) {
15470
+ case MigrationRemovalReason.TtlExpired:
15471
+ this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
15472
+ break;
15473
+ case MigrationRemovalReason.DecryptFailed:
15474
+ this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
15475
+ break;
15476
+ case MigrationRemovalReason.Expired:
15477
+ this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
15478
+ break;
15479
+ case MigrationRemovalReason.Invalid:
15480
+ this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
15481
+ break;
15482
+ }
15355
15483
  removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
15356
15484
  continue;
15357
15485
  }
@@ -16749,7 +16877,7 @@ class SilentCacheClient extends StandardInteractionClient {
16749
16877
  */
16750
16878
  async acquireToken(silentRequest) {
16751
16879
  // Telemetry manager only used to increment cacheHits here
16752
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
16880
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16753
16881
  const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
16754
16882
  serverTelemetryManager,
16755
16883
  requestAuthority: silentRequest.authority,
@@ -16825,7 +16953,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16825
16953
  // start the perf measurement
16826
16954
  const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
16827
16955
  const reqTimestamp = nowSeconds();
16828
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
16956
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16829
16957
  try {
16830
16958
  // initialize native request
16831
16959
  const nativeRequest = await this.initializePlatformRequest(request);
@@ -16949,7 +17077,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16949
17077
  catch (e) {
16950
17078
  // Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
16951
17079
  if (e instanceof NativeAuthError) {
16952
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
17080
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
16953
17081
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
16954
17082
  if (isFatalNativeAuthError(e)) {
16955
17083
  throw e;
@@ -16996,7 +17124,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16996
17124
  this.logger.verbose("003x5a", this.correlationId);
16997
17125
  const response = await this.platformAuthProvider.sendMessage(request);
16998
17126
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
16999
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
17127
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
17000
17128
  serverTelemetryManager.clearNativeBrokerErrorCode();
17001
17129
  this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
17002
17130
  return authResult;
@@ -18003,6 +18131,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
18003
18131
  nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
18004
18132
  DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
18005
18133
  protocolMode: ProtocolMode.AAD,
18134
+ serverTelemetryEnabled: false,
18006
18135
  };
18007
18136
  const providedSystemOptions = {
18008
18137
  ...DEFAULT_BROWSER_SYSTEM_OPTIONS,
@@ -18644,7 +18773,7 @@ class PopupClient extends StandardInteractionClient {
18644
18773
  */
18645
18774
  async executeCodeFlow(request, popupParams, pkceCodes) {
18646
18775
  const correlationId = request.correlationId;
18647
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
18776
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
18648
18777
  const pkce = pkceCodes ||
18649
18778
  (await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
18650
18779
  const popupRequest = {
@@ -18709,7 +18838,7 @@ class PopupClient extends StandardInteractionClient {
18709
18838
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18710
18839
  if (!serverParams.ear_jwe && serverParams.code) {
18711
18840
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
18712
- serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
18841
+ serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
18713
18842
  requestAuthority: request.authority,
18714
18843
  requestAzureCloudOptions: request.azureCloudOptions,
18715
18844
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -18746,7 +18875,7 @@ class PopupClient extends StandardInteractionClient {
18746
18875
  async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
18747
18876
  this.logger.verbose("0b7yrk", this.correlationId);
18748
18877
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Popup, validRequest);
18749
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
18878
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
18750
18879
  try {
18751
18880
  // Clear cache on logout
18752
18881
  await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
@@ -19030,7 +19159,7 @@ class RedirectClient extends StandardInteractionClient {
19030
19159
  */
19031
19160
  async executeCodeFlow(request) {
19032
19161
  const correlationId = request.correlationId;
19033
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19162
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19034
19163
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
19035
19164
  const redirectRequest = {
19036
19165
  ...request,
@@ -19118,7 +19247,7 @@ class RedirectClient extends StandardInteractionClient {
19118
19247
  async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
19119
19248
  const originalTitle = document.title;
19120
19249
  document.title = "Microsoft Authentication";
19121
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19250
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19122
19251
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
19123
19252
  try {
19124
19253
  const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
@@ -19137,8 +19266,8 @@ class RedirectClient extends StandardInteractionClient {
19137
19266
  }
19138
19267
  // If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
19139
19268
  const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
19140
- const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
19141
- const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
19269
+ const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
19270
+ const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
19142
19271
  if (loginRequestUrlNormalized === currentUrlNormalized &&
19143
19272
  navigateToLoginRequestUrl) {
19144
19273
  // We are on the page we need to navigate to - handle hash
@@ -19171,8 +19300,8 @@ class RedirectClient extends StandardInteractionClient {
19171
19300
  * The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
19172
19301
  */
19173
19302
  let processHashOnRedirect = true;
19174
- if (!loginRequestUrl || loginRequestUrl === "null") {
19175
- // Redirect to home page if login request url is null (real null or the string null)
19303
+ if (!loginRequestUrl) {
19304
+ // Redirect to home page if login request url is empty
19176
19305
  const homepage = getHomepage();
19177
19306
  // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
19178
19307
  this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
@@ -19318,7 +19447,7 @@ class RedirectClient extends StandardInteractionClient {
19318
19447
  async logout(logoutRequest) {
19319
19448
  this.logger.verbose("1rkurh", this.correlationId);
19320
19449
  const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
19321
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19450
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19322
19451
  try {
19323
19452
  this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Redirect, logoutRequest);
19324
19453
  // Clear cache on logout
@@ -19399,7 +19528,10 @@ class RedirectClient extends StandardInteractionClient {
19399
19528
  */
19400
19529
  getRedirectStartPage(requestStartPage) {
19401
19530
  const redirectStartPage = requestStartPage || window.location.href;
19402
- return UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
19531
+ const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
19532
+ // Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
19533
+ validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
19534
+ return absoluteRedirectStartPage;
19403
19535
  }
19404
19536
  }
19405
19537
 
@@ -19408,20 +19540,20 @@ class RedirectClient extends StandardInteractionClient {
19408
19540
  * Licensed under the MIT License.
19409
19541
  */
19410
19542
  /**
19411
- * Creates a hidden iframe to given URL using user-requested scopes as an id.
19412
- * @param urlNavigate
19413
- * @param userRequestScopes
19543
+ * Navigates the given hidden iframe to the provided URL.
19544
+ * @param frame
19545
+ * @param requestUrl
19414
19546
  */
19415
- async function initiateCodeRequest(requestUrl, performanceClient, logger, correlationId) {
19547
+ async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
19416
19548
  if (!requestUrl) {
19417
19549
  // Throw error if request URL is empty.
19418
19550
  logger.info("1l7hyp", correlationId);
19419
19551
  throw createBrowserAuthError(emptyNavigateUri);
19420
19552
  }
19421
- return invoke(loadFrameSync, SilentHandlerLoadFrameSync, logger, performanceClient, correlationId)(requestUrl);
19553
+ frame.src = requestUrl;
19554
+ return frame;
19422
19555
  }
19423
- async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
19424
- const frame = createHiddenIframe();
19556
+ async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
19425
19557
  if (!frame.contentDocument) {
19426
19558
  throw "No document associated with iframe!";
19427
19559
  }
@@ -19429,8 +19561,7 @@ async function initiateCodeFlowWithPost(config, authority, request, logger, perf
19429
19561
  form.submit();
19430
19562
  return frame;
19431
19563
  }
19432
- async function initiateEarRequest(config, authority, request, logger, performanceClient) {
19433
- const frame = createHiddenIframe();
19564
+ async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
19434
19565
  if (!frame.contentDocument) {
19435
19566
  throw "No document associated with iframe!";
19436
19567
  }
@@ -19440,19 +19571,8 @@ async function initiateEarRequest(config, authority, request, logger, performanc
19440
19571
  }
19441
19572
  /**
19442
19573
  * @hidden
19443
- * Loads the iframe synchronously when the navigateTimeFrame is set to `0`
19444
- * @param urlNavigate
19445
- * @param frameName
19446
- * @param logger
19447
- */
19448
- function loadFrameSync(urlNavigate) {
19449
- const frameHandle = createHiddenIframe();
19450
- frameHandle.src = urlNavigate;
19451
- return frameHandle;
19452
- }
19453
- /**
19454
- * @hidden
19455
- * Creates a new hidden iframe or gets an existing one for silent token renewal.
19574
+ * Creates a new hidden iframe for silent token renewal. Callers navigate it
19575
+ * (set `src` or submit a form) after registering the response listener.
19456
19576
  * @ignore
19457
19577
  */
19458
19578
  function createHiddenIframe() {
@@ -19531,7 +19651,7 @@ class SilentIframeClient extends StandardInteractionClient {
19531
19651
  */
19532
19652
  async executeCodeFlow(request) {
19533
19653
  let authClient;
19534
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19654
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19535
19655
  try {
19536
19656
  // Initialize the client
19537
19657
  authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
@@ -19573,11 +19693,22 @@ class SilentIframeClient extends StandardInteractionClient {
19573
19693
  earJwk: earJwk,
19574
19694
  codeChallenge: pkceCodes.challenge,
19575
19695
  };
19576
- const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19696
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
19697
+ const iframe = createHiddenIframe();
19577
19698
  const responseType = this.config.auth.OIDCOptions.responseMode;
19578
19699
  let responseString;
19579
19700
  try {
19580
- responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19701
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19702
+ responsePromise.catch(() => {
19703
+ /*
19704
+ * If navigation below throws before responsePromise is awaited,
19705
+ * the listener still rejects on timeout. Swallow it here so it
19706
+ * does not surface as an unhandled rejection; the navigation
19707
+ * error is propagated instead.
19708
+ */
19709
+ });
19710
+ await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19711
+ responseString = await responsePromise;
19581
19712
  }
19582
19713
  finally {
19583
19714
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19586,7 +19717,7 @@ class SilentIframeClient extends StandardInteractionClient {
19586
19717
  if (!serverParams.ear_jwe && serverParams.code) {
19587
19718
  // If server doesn't support EAR, they may fallback to auth code flow instead
19588
19719
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
19589
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
19720
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
19590
19721
  requestAuthority: request.authority,
19591
19722
  requestAzureCloudOptions: request.azureCloudOptions,
19592
19723
  requestExtraQueryParameters: request.extraQueryParameters,
@@ -19613,7 +19744,7 @@ class SilentIframeClient extends StandardInteractionClient {
19613
19744
  // Create silent request
19614
19745
  const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
19615
19746
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
19616
- serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
19747
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
19617
19748
  requestAuthority: silentRequest.authority,
19618
19749
  requestAzureCloudOptions: silentRequest.azureCloudOptions,
19619
19750
  requestExtraQueryParameters: silentRequest.extraQueryParameters,
@@ -19661,21 +19792,32 @@ class SilentIframeClient extends StandardInteractionClient {
19661
19792
  ...request,
19662
19793
  codeChallenge: pkceCodes.challenge,
19663
19794
  };
19664
- let iframe;
19665
- if (request.httpMethod === HttpMethod$1.POST) {
19666
- iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19667
- }
19668
- else {
19669
- // Create authorize request url
19670
- const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19671
- // Get the frame handle for the silent request
19672
- iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
19673
- }
19795
+ // Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
19796
+ const iframe = createHiddenIframe();
19674
19797
  const responseType = this.config.auth.OIDCOptions.responseMode;
19675
19798
  // Wait for response from the redirect bridge.
19676
19799
  let responseString;
19677
19800
  try {
19678
- responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19801
+ const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
19802
+ responsePromise.catch(() => {
19803
+ /*
19804
+ * If URL creation or navigation below throws before
19805
+ * responsePromise is awaited, the listener still rejects on
19806
+ * timeout. Swallow it here so it does not surface as an
19807
+ * unhandled rejection; the navigation error is propagated
19808
+ * instead.
19809
+ */
19810
+ });
19811
+ if (request.httpMethod === HttpMethod$1.POST) {
19812
+ await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19813
+ }
19814
+ else {
19815
+ // Create authorize request url
19816
+ const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19817
+ // Navigate the iframe to the authorize request url
19818
+ await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
19819
+ }
19820
+ responseString = await responsePromise;
19679
19821
  }
19680
19822
  finally {
19681
19823
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19710,7 +19852,7 @@ class SilentRefreshClient extends StandardInteractionClient {
19710
19852
  // Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
19711
19853
  silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
19712
19854
  }
19713
- const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19855
+ const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19714
19856
  const refreshTokenClient = await this.createRefreshTokenClient({
19715
19857
  serverTelemetryManager,
19716
19858
  authorityUrl: silentRequest.authority,
@@ -19790,7 +19932,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
19790
19932
  * Each auth request creates a new instance of *Client so we can safely use this.correlationId.
19791
19933
  */
19792
19934
  this.correlationId);
19793
- const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
19935
+ const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
19794
19936
  try {
19795
19937
  // Create auth code request (PKCE not needed)
19796
19938
  const authCodeRequest = {
@@ -20143,6 +20285,8 @@ class StandardController {
20143
20285
  // Preflight request
20144
20286
  const correlationId = this.getRequestCorrelationId(request);
20145
20287
  this.logger.verbose("0os66p", correlationId);
20288
+ redirectPreflightCheck(this.initialized, this.config);
20289
+ this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
20146
20290
  const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
20147
20291
  atrMeasurement.add({
20148
20292
  scenarioId: request.scenarioId,
@@ -20160,9 +20304,7 @@ class StandardController {
20160
20304
  return navigate;
20161
20305
  };
20162
20306
  try {
20163
- redirectPreflightCheck(this.initialized, this.config);
20164
20307
  enforceResourceParameter(this.config.auth.isMcp, request);
20165
- this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
20166
20308
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Redirect, request);
20167
20309
  let result;
20168
20310
  if (this.platformAuthProvider &&