@azure/msal-browser 5.12.0 → 5.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +89 -16
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +3 -3
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +8 -3
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -4
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +4 -4
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +12 -9
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +2 -2
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +2 -2
- package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +41 -19
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +2 -2
- package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +12 -26
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1199 -1195
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +2 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +7 -3
- package/lib/custom-auth-path/msal-custom-auth.cjs +343 -201
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +343 -201
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +7 -3
- package/lib/msal-browser.cjs +359 -204
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +359 -204
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +141 -34
- package/src/config/Configuration.ts +6 -0
- package/src/controllers/StandardController.ts +6 -6
- package/src/interaction_client/BaseInteractionClient.ts +12 -1
- package/src/interaction_client/PlatformAuthInteractionClient.ts +9 -3
- package/src/interaction_client/PopupClient.ts +9 -3
- package/src/interaction_client/RedirectClient.ts +27 -8
- package/src/interaction_client/SilentAuthCodeClient.ts +3 -1
- package/src/interaction_client/SilentCacheClient.ts +3 -1
- package/src/interaction_client/SilentIframeClient.ts +94 -58
- package/src/interaction_client/SilentRefreshClient.ts +3 -1
- package/src/interaction_handler/SilentHandler.ts +11 -32
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/BrowserPerformanceEvents.ts +0 -1
- package/types/cache/BrowserCacheManager.d.ts +18 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +5 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/interaction_client/BaseInteractionClient.d.ts +2 -1
- package/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentCacheClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/SilentRefreshClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts +13 -6
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts +0 -1
- package/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.13.0 2026-06-10 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.
|
|
5
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
|
|
|
229
229
|
// Token renewal offset default in seconds
|
|
230
230
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
231
231
|
|
|
232
|
-
/*! @azure/msal-common v16.
|
|
232
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
233
233
|
/*
|
|
234
234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
235
235
|
* Licensed under the MIT License.
|
|
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
281
281
|
const RESOURCE = "resource";
|
|
282
282
|
const CLI_DATA = "clidata";
|
|
283
283
|
|
|
284
|
-
/*! @azure/msal-common v16.
|
|
284
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
285
285
|
/*
|
|
286
286
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
287
287
|
* Licensed under the MIT License.
|
|
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
312
312
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
313
313
|
}
|
|
314
314
|
|
|
315
|
-
/*! @azure/msal-common v16.
|
|
315
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
316
316
|
|
|
317
317
|
/*
|
|
318
318
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
332
332
|
return new ClientConfigurationError(errorCode);
|
|
333
333
|
}
|
|
334
334
|
|
|
335
|
-
/*! @azure/msal-common v16.
|
|
335
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
336
336
|
/*
|
|
337
337
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
338
338
|
* Licensed under the MIT License.
|
|
@@ -412,7 +412,7 @@ class StringUtils {
|
|
|
412
412
|
}
|
|
413
413
|
}
|
|
414
414
|
|
|
415
|
-
/*! @azure/msal-common v16.
|
|
415
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
416
416
|
|
|
417
417
|
/*
|
|
418
418
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
435
435
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
436
436
|
}
|
|
437
437
|
|
|
438
|
-
/*! @azure/msal-common v16.
|
|
438
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
439
439
|
/*
|
|
440
440
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
441
441
|
* Licensed under the MIT License.
|
|
@@ -461,7 +461,7 @@ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
|
461
461
|
const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
|
|
462
462
|
const issuerValidationFailed = "issuer_validation_failed";
|
|
463
463
|
|
|
464
|
-
/*! @azure/msal-common v16.
|
|
464
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
465
465
|
/*
|
|
466
466
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
467
467
|
* Licensed under the MIT License.
|
|
@@ -500,7 +500,7 @@ const methodNotImplemented = "method_not_implemented";
|
|
|
500
500
|
const resourceParameterRequired = "resource_parameter_required";
|
|
501
501
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
502
502
|
|
|
503
|
-
/*! @azure/msal-common v16.
|
|
503
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
504
504
|
|
|
505
505
|
/*
|
|
506
506
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -695,7 +695,7 @@ class ScopeSet {
|
|
|
695
695
|
}
|
|
696
696
|
}
|
|
697
697
|
|
|
698
|
-
/*! @azure/msal-common v16.
|
|
698
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
699
699
|
|
|
700
700
|
/*
|
|
701
701
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1044,8 +1044,14 @@ function addSshJwk(parameters, sshJwkString) {
|
|
|
1044
1044
|
* @param serverTelemetryManager
|
|
1045
1045
|
*/
|
|
1046
1046
|
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
1047
|
-
|
|
1048
|
-
|
|
1047
|
+
const currentTelemetryHeader = serverTelemetryManager.generateCurrentRequestHeaderValue();
|
|
1048
|
+
const lastTelemetryHeader = serverTelemetryManager.generateLastRequestHeaderValue();
|
|
1049
|
+
if (currentTelemetryHeader) {
|
|
1050
|
+
parameters.set(X_CLIENT_CURR_TELEM, currentTelemetryHeader);
|
|
1051
|
+
}
|
|
1052
|
+
if (lastTelemetryHeader) {
|
|
1053
|
+
parameters.set(X_CLIENT_LAST_TELEM, lastTelemetryHeader);
|
|
1054
|
+
}
|
|
1049
1055
|
}
|
|
1050
1056
|
/**
|
|
1051
1057
|
* Adds parameter that indicates to the server that throttling is supported
|
|
@@ -1084,34 +1090,12 @@ function addResource(parameters, resource) {
|
|
|
1084
1090
|
}
|
|
1085
1091
|
}
|
|
1086
1092
|
|
|
1087
|
-
/*! @azure/msal-common v16.
|
|
1093
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1088
1094
|
|
|
1089
1095
|
/*
|
|
1090
1096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1091
1097
|
* Licensed under the MIT License.
|
|
1092
1098
|
*/
|
|
1093
|
-
/**
|
|
1094
|
-
* Canonicalizes a URL by making it lowercase and ensuring it ends with /
|
|
1095
|
-
* Inlined version of UrlString.canonicalizeUri to avoid circular dependency
|
|
1096
|
-
* @param url - URL to canonicalize
|
|
1097
|
-
* @returns Canonicalized URL
|
|
1098
|
-
*/
|
|
1099
|
-
function canonicalizeUrl(url) {
|
|
1100
|
-
if (!url) {
|
|
1101
|
-
return url;
|
|
1102
|
-
}
|
|
1103
|
-
let lowerCaseUrl = url.toLowerCase();
|
|
1104
|
-
if (StringUtils.endsWith(lowerCaseUrl, "?")) {
|
|
1105
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -1);
|
|
1106
|
-
}
|
|
1107
|
-
else if (StringUtils.endsWith(lowerCaseUrl, "?/")) {
|
|
1108
|
-
lowerCaseUrl = lowerCaseUrl.slice(0, -2);
|
|
1109
|
-
}
|
|
1110
|
-
if (!StringUtils.endsWith(lowerCaseUrl, "/")) {
|
|
1111
|
-
lowerCaseUrl += "/";
|
|
1112
|
-
}
|
|
1113
|
-
return lowerCaseUrl;
|
|
1114
|
-
}
|
|
1115
1099
|
/**
|
|
1116
1100
|
* Parses hash string from given string. Returns empty string if no hash symbol is found.
|
|
1117
1101
|
* @param hashString
|
|
@@ -1164,36 +1148,71 @@ function mapToQueryString(parameters) {
|
|
|
1164
1148
|
return queryParameterArray.join("&");
|
|
1165
1149
|
}
|
|
1166
1150
|
/**
|
|
1167
|
-
* Normalizes URLs for comparison
|
|
1168
|
-
*
|
|
1169
|
-
*
|
|
1151
|
+
* Normalizes URLs for comparison per MDN & RFC 3986 standards:
|
|
1152
|
+
* - Hash/fragment is removed
|
|
1153
|
+
* - Scheme and host are lowercased (case-insensitive per spec)
|
|
1154
|
+
* - Path and query parameters preserve original casing (case-sensitive per spec)
|
|
1155
|
+
* - Percent-encoding in pathname is normalized (e.g., %27 and ' are treated equivalently)
|
|
1156
|
+
* - Ensures pathname ends with /
|
|
1157
|
+
* Throws a urlParseError if the provided URL is malformed and cannot be parsed.
|
|
1170
1158
|
* @param url - URL to normalize
|
|
1159
|
+
* @param logger - Optional logger used to log parse failures
|
|
1160
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1171
1161
|
* @returns Normalized URL string for comparison
|
|
1172
1162
|
*/
|
|
1173
|
-
function normalizeUrlForComparison(url) {
|
|
1163
|
+
function normalizeUrlForComparison(url, logger, correlationId) {
|
|
1174
1164
|
if (!url) {
|
|
1175
1165
|
return url;
|
|
1176
1166
|
}
|
|
1177
|
-
// Remove hash first
|
|
1178
1167
|
const urlWithoutHash = url.split("#")[0];
|
|
1168
|
+
if (!urlWithoutHash) {
|
|
1169
|
+
return urlWithoutHash;
|
|
1170
|
+
}
|
|
1179
1171
|
try {
|
|
1180
|
-
// Parse the URL to handle encoding consistently
|
|
1181
1172
|
const urlObj = new URL(urlWithoutHash);
|
|
1182
|
-
|
|
1183
|
-
|
|
1184
|
-
|
|
1185
|
-
|
|
1186
|
-
|
|
1187
|
-
|
|
1188
|
-
|
|
1173
|
+
// Treat an empty query string (a bare trailing "?") as equivalent to no query
|
|
1174
|
+
if (!urlObj.search) {
|
|
1175
|
+
urlObj.search = "";
|
|
1176
|
+
}
|
|
1177
|
+
// Decode the pathname to normalize percent-encoding and ensure trailing slash
|
|
1178
|
+
let pathname;
|
|
1179
|
+
try {
|
|
1180
|
+
pathname = decodeURIComponent(urlObj.pathname);
|
|
1181
|
+
}
|
|
1182
|
+
catch (e) {
|
|
1183
|
+
pathname = urlObj.pathname;
|
|
1184
|
+
}
|
|
1185
|
+
if (!pathname.endsWith("/")) {
|
|
1186
|
+
pathname += "/";
|
|
1187
|
+
}
|
|
1188
|
+
urlObj.pathname = pathname;
|
|
1189
|
+
return urlObj.href;
|
|
1189
1190
|
}
|
|
1190
1191
|
catch (e) {
|
|
1191
|
-
|
|
1192
|
-
|
|
1192
|
+
logger?.error("15apdm", correlationId || "");
|
|
1193
|
+
throw createClientConfigurationError(urlParseError);
|
|
1194
|
+
}
|
|
1195
|
+
}
|
|
1196
|
+
/**
|
|
1197
|
+
* Validates that the provided value is a well-formed, parseable absolute URL.
|
|
1198
|
+
* Throws a urlParseError if the value cannot be parsed by the URL API (e.g. the
|
|
1199
|
+
* literal string "null", an empty string, or any malformed/relative URL). Use this
|
|
1200
|
+
* to guard against persisting an invalid value (such as a redirect URL) to the cache.
|
|
1201
|
+
* @param url - URL to validate
|
|
1202
|
+
* @param logger - Optional logger used to log validation failures
|
|
1203
|
+
* @param correlationId - Optional correlationId associated with the log entry
|
|
1204
|
+
*/
|
|
1205
|
+
function validateUrl(url, logger, correlationId) {
|
|
1206
|
+
try {
|
|
1207
|
+
new URL(url);
|
|
1208
|
+
}
|
|
1209
|
+
catch (e) {
|
|
1210
|
+
logger?.error("1lrjz7", correlationId || "");
|
|
1211
|
+
throw createClientConfigurationError(urlParseError);
|
|
1193
1212
|
}
|
|
1194
1213
|
}
|
|
1195
1214
|
|
|
1196
|
-
/*! @azure/msal-common v16.
|
|
1215
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1197
1216
|
|
|
1198
1217
|
/*
|
|
1199
1218
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1232,7 +1251,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1232
1251
|
},
|
|
1233
1252
|
};
|
|
1234
1253
|
|
|
1235
|
-
/*! @azure/msal-common v16.
|
|
1254
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1236
1255
|
/*
|
|
1237
1256
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1238
1257
|
* Licensed under the MIT License.
|
|
@@ -1280,7 +1299,7 @@ function addLogToCache(correlationId, loggedMessage) {
|
|
|
1280
1299
|
// Remove LRU (first entry) if capacity exceeded
|
|
1281
1300
|
if (correlationCache.size > CACHE_CAPACITY) {
|
|
1282
1301
|
const firstKey = correlationCache.keys().next().value;
|
|
1283
|
-
if (firstKey) {
|
|
1302
|
+
if (firstKey !== undefined) {
|
|
1284
1303
|
correlationCache.delete(firstKey);
|
|
1285
1304
|
}
|
|
1286
1305
|
}
|
|
@@ -1493,12 +1512,12 @@ class Logger {
|
|
|
1493
1512
|
}
|
|
1494
1513
|
}
|
|
1495
1514
|
|
|
1496
|
-
/*! @azure/msal-common v16.
|
|
1515
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1497
1516
|
/* eslint-disable header/header */
|
|
1498
1517
|
const name$1 = "@azure/msal-common";
|
|
1499
|
-
const version$1 = "16.
|
|
1518
|
+
const version$1 = "16.8.0";
|
|
1500
1519
|
|
|
1501
|
-
/*! @azure/msal-common v16.
|
|
1520
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1502
1521
|
/*
|
|
1503
1522
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1504
1523
|
* Licensed under the MIT License.
|
|
@@ -1507,7 +1526,7 @@ const AzureCloudInstance = {
|
|
|
1507
1526
|
// AzureCloudInstance is not specified.
|
|
1508
1527
|
None: "none"};
|
|
1509
1528
|
|
|
1510
|
-
/*! @azure/msal-common v16.
|
|
1529
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1511
1530
|
/*
|
|
1512
1531
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1513
1532
|
* Licensed under the MIT License.
|
|
@@ -1590,7 +1609,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1590
1609
|
return updatedAccountInfo;
|
|
1591
1610
|
}
|
|
1592
1611
|
|
|
1593
|
-
/*! @azure/msal-common v16.
|
|
1612
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1594
1613
|
|
|
1595
1614
|
/*
|
|
1596
1615
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1670,7 +1689,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1670
1689
|
}
|
|
1671
1690
|
}
|
|
1672
1691
|
|
|
1673
|
-
/*! @azure/msal-common v16.
|
|
1692
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1674
1693
|
|
|
1675
1694
|
/*
|
|
1676
1695
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1827,7 +1846,7 @@ class UrlString {
|
|
|
1827
1846
|
}
|
|
1828
1847
|
}
|
|
1829
1848
|
|
|
1830
|
-
/*! @azure/msal-common v16.
|
|
1849
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1831
1850
|
|
|
1832
1851
|
/*
|
|
1833
1852
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1993,7 +2012,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1993
2012
|
return null;
|
|
1994
2013
|
}
|
|
1995
2014
|
|
|
1996
|
-
/*! @azure/msal-common v16.
|
|
2015
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
1997
2016
|
/*
|
|
1998
2017
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1999
2018
|
* Licensed under the MIT License.
|
|
@@ -2001,7 +2020,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2001
2020
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2002
2021
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2003
2022
|
|
|
2004
|
-
/*! @azure/msal-common v16.
|
|
2023
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2005
2024
|
|
|
2006
2025
|
/*
|
|
2007
2026
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2039,7 +2058,7 @@ function createCacheError(e) {
|
|
|
2039
2058
|
}
|
|
2040
2059
|
}
|
|
2041
2060
|
|
|
2042
|
-
/*! @azure/msal-common v16.
|
|
2061
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2043
2062
|
|
|
2044
2063
|
/*
|
|
2045
2064
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2077,7 +2096,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2077
2096
|
};
|
|
2078
2097
|
}
|
|
2079
2098
|
|
|
2080
|
-
/*! @azure/msal-common v16.
|
|
2099
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2081
2100
|
/*
|
|
2082
2101
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2083
2102
|
* Licensed under the MIT License.
|
|
@@ -2092,7 +2111,7 @@ const AuthorityType = {
|
|
|
2092
2111
|
Ciam: 3,
|
|
2093
2112
|
};
|
|
2094
2113
|
|
|
2095
|
-
/*! @azure/msal-common v16.
|
|
2114
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2096
2115
|
/*
|
|
2097
2116
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2098
2117
|
* Licensed under the MIT License.
|
|
@@ -2114,7 +2133,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2114
2133
|
return null;
|
|
2115
2134
|
}
|
|
2116
2135
|
|
|
2117
|
-
/*! @azure/msal-common v16.
|
|
2136
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2118
2137
|
/*
|
|
2119
2138
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2120
2139
|
* Licensed under the MIT License.
|
|
@@ -2138,7 +2157,7 @@ const ProtocolMode = {
|
|
|
2138
2157
|
EAR: "EAR",
|
|
2139
2158
|
};
|
|
2140
2159
|
|
|
2141
|
-
/*! @azure/msal-common v16.
|
|
2160
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2142
2161
|
/**
|
|
2143
2162
|
* Returns the AccountInfo interface for this account.
|
|
2144
2163
|
*/
|
|
@@ -2313,7 +2332,7 @@ function isAccountEntity(entity) {
|
|
|
2313
2332
|
entity.hasOwnProperty("authorityType"));
|
|
2314
2333
|
}
|
|
2315
2334
|
|
|
2316
|
-
/*! @azure/msal-common v16.
|
|
2335
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
2317
2336
|
|
|
2318
2337
|
/*
|
|
2319
2338
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3444,7 +3463,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3444
3463
|
}
|
|
3445
3464
|
}
|
|
3446
3465
|
|
|
3447
|
-
/*! @azure/msal-common v16.
|
|
3466
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3448
3467
|
/*
|
|
3449
3468
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3450
3469
|
* Licensed under the MIT License.
|
|
@@ -3458,7 +3477,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3458
3477
|
const PerformanceEventStatus = {
|
|
3459
3478
|
InProgress: 1};
|
|
3460
3479
|
|
|
3461
|
-
/*! @azure/msal-common v16.
|
|
3480
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3462
3481
|
|
|
3463
3482
|
/*
|
|
3464
3483
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3513,7 +3532,7 @@ class StubPerformanceClient {
|
|
|
3513
3532
|
}
|
|
3514
3533
|
}
|
|
3515
3534
|
|
|
3516
|
-
/*! @azure/msal-common v16.
|
|
3535
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3517
3536
|
|
|
3518
3537
|
/*
|
|
3519
3538
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3608,7 +3627,7 @@ function isOidcProtocolMode(config) {
|
|
|
3608
3627
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3609
3628
|
}
|
|
3610
3629
|
|
|
3611
|
-
/*! @azure/msal-common v16.
|
|
3630
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3612
3631
|
/*
|
|
3613
3632
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3614
3633
|
* Licensed under the MIT License.
|
|
@@ -3635,7 +3654,7 @@ function isOidcProtocolMode(config) {
|
|
|
3635
3654
|
}
|
|
3636
3655
|
}
|
|
3637
3656
|
|
|
3638
|
-
/*! @azure/msal-common v16.
|
|
3657
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3639
3658
|
/*
|
|
3640
3659
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3641
3660
|
* Licensed under the MIT License.
|
|
@@ -3700,7 +3719,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3700
3719
|
return cachedAtSec > nowSeconds();
|
|
3701
3720
|
}
|
|
3702
3721
|
|
|
3703
|
-
/*! @azure/msal-common v16.
|
|
3722
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3704
3723
|
|
|
3705
3724
|
/*
|
|
3706
3725
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3959,7 +3978,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
3959
3978
|
return metadata.expiresAt <= nowSeconds();
|
|
3960
3979
|
}
|
|
3961
3980
|
|
|
3962
|
-
/*! @azure/msal-common v16.
|
|
3981
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
3963
3982
|
/*
|
|
3964
3983
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3965
3984
|
* Licensed under the MIT License.
|
|
@@ -4030,7 +4049,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4030
4049
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4031
4050
|
const SetUserData = "setUserData";
|
|
4032
4051
|
|
|
4033
|
-
/*! @azure/msal-common v16.
|
|
4052
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4034
4053
|
/*
|
|
4035
4054
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4036
4055
|
* Licensed under the MIT License.
|
|
@@ -4123,7 +4142,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4123
4142
|
};
|
|
4124
4143
|
};
|
|
4125
4144
|
|
|
4126
|
-
/*! @azure/msal-common v16.
|
|
4145
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4127
4146
|
|
|
4128
4147
|
/*
|
|
4129
4148
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4203,7 +4222,7 @@ class PopTokenGenerator {
|
|
|
4203
4222
|
}
|
|
4204
4223
|
}
|
|
4205
4224
|
|
|
4206
|
-
/*! @azure/msal-common v16.
|
|
4225
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4207
4226
|
/*
|
|
4208
4227
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4209
4228
|
* Licensed under the MIT License.
|
|
@@ -4254,7 +4273,7 @@ const badToken = "bad_token";
|
|
|
4254
4273
|
*/
|
|
4255
4274
|
const interruptedUser = "interrupted_user";
|
|
4256
4275
|
|
|
4257
|
-
/*! @azure/msal-common v16.
|
|
4276
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4258
4277
|
|
|
4259
4278
|
/*
|
|
4260
4279
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4322,7 +4341,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
4322
4341
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4323
4342
|
}
|
|
4324
4343
|
|
|
4325
|
-
/*! @azure/msal-common v16.
|
|
4344
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4326
4345
|
|
|
4327
4346
|
/*
|
|
4328
4347
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4341,7 +4360,7 @@ class ServerError extends AuthError {
|
|
|
4341
4360
|
}
|
|
4342
4361
|
}
|
|
4343
4362
|
|
|
4344
|
-
/*! @azure/msal-common v16.
|
|
4363
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4345
4364
|
|
|
4346
4365
|
/*
|
|
4347
4366
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4409,7 +4428,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
4409
4428
|
}
|
|
4410
4429
|
}
|
|
4411
4430
|
|
|
4412
|
-
/*! @azure/msal-common v16.
|
|
4431
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4413
4432
|
|
|
4414
4433
|
/*
|
|
4415
4434
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4757,7 +4776,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4757
4776
|
return baseAccount;
|
|
4758
4777
|
}
|
|
4759
4778
|
|
|
4760
|
-
/*! @azure/msal-common v16.
|
|
4779
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4761
4780
|
/*
|
|
4762
4781
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4763
4782
|
* Licensed under the MIT License.
|
|
@@ -4767,7 +4786,7 @@ const CcsCredentialType = {
|
|
|
4767
4786
|
UPN: "UPN",
|
|
4768
4787
|
};
|
|
4769
4788
|
|
|
4770
|
-
/*! @azure/msal-common v16.
|
|
4789
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4771
4790
|
/*
|
|
4772
4791
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4773
4792
|
* Licensed under the MIT License.
|
|
@@ -4785,7 +4804,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4785
4804
|
}
|
|
4786
4805
|
}
|
|
4787
4806
|
|
|
4788
|
-
/*! @azure/msal-common v16.
|
|
4807
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4789
4808
|
/*
|
|
4790
4809
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4791
4810
|
* Licensed under the MIT License.
|
|
@@ -4806,7 +4825,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4806
4825
|
};
|
|
4807
4826
|
}
|
|
4808
4827
|
|
|
4809
|
-
/*! @azure/msal-common v16.
|
|
4828
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4810
4829
|
|
|
4811
4830
|
/*
|
|
4812
4831
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4892,7 +4911,7 @@ class ThrottlingUtils {
|
|
|
4892
4911
|
}
|
|
4893
4912
|
}
|
|
4894
4913
|
|
|
4895
|
-
/*! @azure/msal-common v16.
|
|
4914
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4896
4915
|
|
|
4897
4916
|
/*
|
|
4898
4917
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4923,7 +4942,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
4923
4942
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4924
4943
|
}
|
|
4925
4944
|
|
|
4926
|
-
/*! @azure/msal-common v16.
|
|
4945
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
4927
4946
|
|
|
4928
4947
|
/*
|
|
4929
4948
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5037,7 +5056,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5037
5056
|
return response;
|
|
5038
5057
|
}
|
|
5039
5058
|
|
|
5040
|
-
/*! @azure/msal-common v16.
|
|
5059
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5041
5060
|
/*
|
|
5042
5061
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5043
5062
|
* Licensed under the MIT License.
|
|
@@ -5049,7 +5068,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5049
5068
|
response.hasOwnProperty("jwks_uri"));
|
|
5050
5069
|
}
|
|
5051
5070
|
|
|
5052
|
-
/*! @azure/msal-common v16.
|
|
5071
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5053
5072
|
/*
|
|
5054
5073
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5055
5074
|
* Licensed under the MIT License.
|
|
@@ -5059,7 +5078,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5059
5078
|
response.hasOwnProperty("metadata"));
|
|
5060
5079
|
}
|
|
5061
5080
|
|
|
5062
|
-
/*! @azure/msal-common v16.
|
|
5081
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5063
5082
|
/*
|
|
5064
5083
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5065
5084
|
* Licensed under the MIT License.
|
|
@@ -5069,7 +5088,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5069
5088
|
response.hasOwnProperty("error_description"));
|
|
5070
5089
|
}
|
|
5071
5090
|
|
|
5072
|
-
/*! @azure/msal-common v16.
|
|
5091
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5073
5092
|
|
|
5074
5093
|
/*
|
|
5075
5094
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5174,7 +5193,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5174
5193
|
},
|
|
5175
5194
|
};
|
|
5176
5195
|
|
|
5177
|
-
/*! @azure/msal-common v16.
|
|
5196
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
5178
5197
|
|
|
5179
5198
|
/*
|
|
5180
5199
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6142,7 +6161,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6142
6161
|
};
|
|
6143
6162
|
}
|
|
6144
6163
|
|
|
6145
|
-
/*! @azure/msal-common v16.
|
|
6164
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6146
6165
|
|
|
6147
6166
|
/*
|
|
6148
6167
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6176,7 +6195,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6176
6195
|
}
|
|
6177
6196
|
}
|
|
6178
6197
|
|
|
6179
|
-
/*! @azure/msal-common v16.
|
|
6198
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6180
6199
|
|
|
6181
6200
|
/*
|
|
6182
6201
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6433,7 +6452,7 @@ class AuthorizationCodeClient {
|
|
|
6433
6452
|
}
|
|
6434
6453
|
}
|
|
6435
6454
|
|
|
6436
|
-
/*! @azure/msal-common v16.
|
|
6455
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6437
6456
|
|
|
6438
6457
|
/*
|
|
6439
6458
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6654,7 +6673,7 @@ class RefreshTokenClient {
|
|
|
6654
6673
|
}
|
|
6655
6674
|
}
|
|
6656
6675
|
|
|
6657
|
-
/*! @azure/msal-common v16.
|
|
6676
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6658
6677
|
|
|
6659
6678
|
/*
|
|
6660
6679
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6770,7 +6789,7 @@ class SilentFlowClient {
|
|
|
6770
6789
|
}
|
|
6771
6790
|
}
|
|
6772
6791
|
|
|
6773
|
-
/*! @azure/msal-common v16.
|
|
6792
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6774
6793
|
|
|
6775
6794
|
/*
|
|
6776
6795
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6785,7 +6804,7 @@ const StubbedNetworkModule = {
|
|
|
6785
6804
|
},
|
|
6786
6805
|
};
|
|
6787
6806
|
|
|
6788
|
-
/*! @azure/msal-common v16.
|
|
6807
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
6789
6808
|
|
|
6790
6809
|
/*
|
|
6791
6810
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7008,7 +7027,7 @@ function extractLoginHint(account) {
|
|
|
7008
7027
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7009
7028
|
}
|
|
7010
7029
|
|
|
7011
|
-
/*! @azure/msal-common v16.
|
|
7030
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7012
7031
|
|
|
7013
7032
|
/*
|
|
7014
7033
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7041,7 +7060,7 @@ function containsResourceParam(params) {
|
|
|
7041
7060
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7042
7061
|
}
|
|
7043
7062
|
|
|
7044
|
-
/*! @azure/msal-common v16.
|
|
7063
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7045
7064
|
/*
|
|
7046
7065
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7047
7066
|
* Licensed under the MIT License.
|
|
@@ -7051,7 +7070,7 @@ function containsResourceParam(params) {
|
|
|
7051
7070
|
*/
|
|
7052
7071
|
const unexpectedError = "unexpected_error";
|
|
7053
7072
|
|
|
7054
|
-
/*! @azure/msal-common v16.
|
|
7073
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7055
7074
|
|
|
7056
7075
|
/*
|
|
7057
7076
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7162,35 +7181,40 @@ class ServerTelemetryManager {
|
|
|
7162
7181
|
* @param error
|
|
7163
7182
|
*/
|
|
7164
7183
|
cacheFailedRequest(error) {
|
|
7165
|
-
|
|
7166
|
-
|
|
7167
|
-
|
|
7168
|
-
|
|
7169
|
-
|
|
7170
|
-
|
|
7171
|
-
|
|
7172
|
-
|
|
7173
|
-
|
|
7174
|
-
|
|
7175
|
-
if (error instanceof
|
|
7176
|
-
if (error
|
|
7177
|
-
|
|
7178
|
-
|
|
7179
|
-
|
|
7180
|
-
|
|
7184
|
+
try {
|
|
7185
|
+
const lastRequests = this.getLastRequests();
|
|
7186
|
+
if (lastRequests.errors.length >=
|
|
7187
|
+
SERVER_TELEM_MAX_CACHED_ERRORS) {
|
|
7188
|
+
// Remove a cached error to make room, first in first out
|
|
7189
|
+
lastRequests.failedRequests.shift(); // apiId
|
|
7190
|
+
lastRequests.failedRequests.shift(); // correlationId
|
|
7191
|
+
lastRequests.errors.shift();
|
|
7192
|
+
}
|
|
7193
|
+
lastRequests.failedRequests.push(this.apiId, this.correlationId);
|
|
7194
|
+
if (error instanceof Error && !!error && error.toString()) {
|
|
7195
|
+
if (error instanceof AuthError) {
|
|
7196
|
+
if (error.subError) {
|
|
7197
|
+
lastRequests.errors.push(error.subError);
|
|
7198
|
+
}
|
|
7199
|
+
else if (error.errorCode) {
|
|
7200
|
+
lastRequests.errors.push(error.errorCode);
|
|
7201
|
+
}
|
|
7202
|
+
else {
|
|
7203
|
+
lastRequests.errors.push(error.toString());
|
|
7204
|
+
}
|
|
7181
7205
|
}
|
|
7182
7206
|
else {
|
|
7183
7207
|
lastRequests.errors.push(error.toString());
|
|
7184
7208
|
}
|
|
7185
7209
|
}
|
|
7186
7210
|
else {
|
|
7187
|
-
lastRequests.errors.push(
|
|
7211
|
+
lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
|
|
7188
7212
|
}
|
|
7213
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7189
7214
|
}
|
|
7190
|
-
|
|
7191
|
-
|
|
7215
|
+
catch {
|
|
7216
|
+
// Ignore telemetry cache failures to avoid masking the original auth error path.
|
|
7192
7217
|
}
|
|
7193
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
7194
7218
|
return;
|
|
7195
7219
|
}
|
|
7196
7220
|
/**
|
|
@@ -7310,9 +7334,36 @@ class ServerTelemetryManager {
|
|
|
7310
7334
|
static makeExtraSkuString(params) {
|
|
7311
7335
|
return makeExtraSkuString(params);
|
|
7312
7336
|
}
|
|
7337
|
+
}
|
|
7338
|
+
/** @internal */
|
|
7339
|
+
class StubServerTelemetryManager extends ServerTelemetryManager {
|
|
7340
|
+
constructor() {
|
|
7341
|
+
super({ clientId: "", apiId: 0, correlationId: "", forceRefresh: false }, {});
|
|
7342
|
+
}
|
|
7343
|
+
generateCurrentRequestHeaderValue() {
|
|
7344
|
+
return "";
|
|
7345
|
+
}
|
|
7346
|
+
generateLastRequestHeaderValue() {
|
|
7347
|
+
return "";
|
|
7348
|
+
}
|
|
7349
|
+
cacheFailedRequest() { }
|
|
7350
|
+
incrementCacheHits() {
|
|
7351
|
+
return 0;
|
|
7352
|
+
}
|
|
7353
|
+
clearTelemetryCache() { }
|
|
7354
|
+
getRegionDiscoveryFields() {
|
|
7355
|
+
return "";
|
|
7356
|
+
}
|
|
7357
|
+
updateRegionDiscoveryMetadata() { }
|
|
7358
|
+
setCacheOutcome() { }
|
|
7359
|
+
setNativeBrokerErrorCode() { }
|
|
7360
|
+
getNativeBrokerErrorCode() {
|
|
7361
|
+
return undefined;
|
|
7362
|
+
}
|
|
7363
|
+
clearNativeBrokerErrorCode() { }
|
|
7313
7364
|
}
|
|
7314
7365
|
|
|
7315
|
-
/*! @azure/msal-common v16.
|
|
7366
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7316
7367
|
|
|
7317
7368
|
/*
|
|
7318
7369
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7333,7 +7384,7 @@ function createJoseHeaderError(code) {
|
|
|
7333
7384
|
return new JoseHeaderError(code);
|
|
7334
7385
|
}
|
|
7335
7386
|
|
|
7336
|
-
/*! @azure/msal-common v16.
|
|
7387
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7337
7388
|
/*
|
|
7338
7389
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7339
7390
|
* Licensed under the MIT License.
|
|
@@ -7341,7 +7392,7 @@ function createJoseHeaderError(code) {
|
|
|
7341
7392
|
const missingKidError = "missing_kid_error";
|
|
7342
7393
|
const missingAlgError = "missing_alg_error";
|
|
7343
7394
|
|
|
7344
|
-
/*! @azure/msal-common v16.
|
|
7395
|
+
/*! @azure/msal-common v16.8.0 2026-06-10 */
|
|
7345
7396
|
|
|
7346
7397
|
/*
|
|
7347
7398
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7776,7 +7827,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
|
|
|
7776
7827
|
|
|
7777
7828
|
/* eslint-disable header/header */
|
|
7778
7829
|
const name = "@azure/msal-browser";
|
|
7779
|
-
const version = "5.
|
|
7830
|
+
const version = "5.13.0";
|
|
7780
7831
|
|
|
7781
7832
|
/*
|
|
7782
7833
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8369,7 +8420,6 @@ const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
|
8369
8420
|
*/
|
|
8370
8421
|
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8371
8422
|
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8372
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8373
8423
|
/**
|
|
8374
8424
|
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8375
8425
|
*/
|
|
@@ -9444,10 +9494,15 @@ function getRedirectUri(requestRedirectUri, clientConfigRedirectUri, logger, cor
|
|
|
9444
9494
|
* @param browserStorage - Browser cache manager instance for storing telemetry data
|
|
9445
9495
|
* @param logger - Optional logger instance for verbose logging
|
|
9446
9496
|
* @param forceRefresh - Optional flag to force refresh of telemetry data
|
|
9497
|
+
* @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
|
|
9447
9498
|
* @returns Configured ServerTelemetryManager instance
|
|
9448
9499
|
*/
|
|
9449
|
-
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh) {
|
|
9500
|
+
function initializeServerTelemetryManager(apiId, clientId, correlationId, browserStorage, logger, forceRefresh, enabled = true) {
|
|
9450
9501
|
logger.verbose("1p12tq", correlationId);
|
|
9502
|
+
if (!enabled) {
|
|
9503
|
+
logger.verbose("0tajnr", correlationId);
|
|
9504
|
+
return new StubServerTelemetryManager();
|
|
9505
|
+
}
|
|
9451
9506
|
const telemetryPayload = {
|
|
9452
9507
|
clientId: clientId,
|
|
9453
9508
|
correlationId: correlationId,
|
|
@@ -15007,6 +15062,15 @@ function removeElementFromArray(array, element) {
|
|
|
15007
15062
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
15008
15063
|
* Licensed under the MIT License.
|
|
15009
15064
|
*/
|
|
15065
|
+
/**
|
|
15066
|
+
* Reason an old-schema cache entry was removed during migration.
|
|
15067
|
+
*/
|
|
15068
|
+
const MigrationRemovalReason = {
|
|
15069
|
+
Invalid: "invalid",
|
|
15070
|
+
TtlExpired: "ttlExpired",
|
|
15071
|
+
DecryptFailed: "decryptFailed",
|
|
15072
|
+
Expired: "expired",
|
|
15073
|
+
};
|
|
15010
15074
|
/**
|
|
15011
15075
|
* This class implements the cache storage interface for MSAL through browser local or session storage.
|
|
15012
15076
|
*/
|
|
@@ -15076,7 +15140,10 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15076
15140
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
15077
15141
|
if (!parsedValue) {
|
|
15078
15142
|
this.browserStorage.removeItem(key);
|
|
15079
|
-
return
|
|
15143
|
+
return {
|
|
15144
|
+
entry: null,
|
|
15145
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
15146
|
+
};
|
|
15080
15147
|
}
|
|
15081
15148
|
if (!parsedValue.lastUpdatedAt) {
|
|
15082
15149
|
// Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
|
|
@@ -15085,26 +15152,42 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15085
15152
|
}
|
|
15086
15153
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
15087
15154
|
this.browserStorage.removeItem(key);
|
|
15088
|
-
|
|
15089
|
-
|
|
15155
|
+
return {
|
|
15156
|
+
entry: null,
|
|
15157
|
+
removalReason: MigrationRemovalReason.TtlExpired,
|
|
15158
|
+
};
|
|
15090
15159
|
}
|
|
15091
|
-
const
|
|
15160
|
+
const wasEncrypted = isEncrypted(parsedValue);
|
|
15161
|
+
const decryptedData = wasEncrypted
|
|
15092
15162
|
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
15093
15163
|
: parsedValue;
|
|
15094
|
-
if (!decryptedData
|
|
15164
|
+
if (!decryptedData) {
|
|
15095
15165
|
this.browserStorage.removeItem(key);
|
|
15096
|
-
|
|
15097
|
-
|
|
15166
|
+
return {
|
|
15167
|
+
entry: null,
|
|
15168
|
+
removalReason: wasEncrypted
|
|
15169
|
+
? MigrationRemovalReason.DecryptFailed
|
|
15170
|
+
: MigrationRemovalReason.Invalid,
|
|
15171
|
+
};
|
|
15172
|
+
}
|
|
15173
|
+
if (!isCredentialEntity(decryptedData)) {
|
|
15174
|
+
this.browserStorage.removeItem(key);
|
|
15175
|
+
return {
|
|
15176
|
+
entry: null,
|
|
15177
|
+
removalReason: MigrationRemovalReason.Invalid,
|
|
15178
|
+
};
|
|
15098
15179
|
}
|
|
15099
15180
|
if ((isAccessTokenEntity(decryptedData) ||
|
|
15100
15181
|
isRefreshTokenEntity(decryptedData)) &&
|
|
15101
15182
|
decryptedData.expiresOn &&
|
|
15102
15183
|
isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
|
|
15103
15184
|
this.browserStorage.removeItem(key);
|
|
15104
|
-
|
|
15105
|
-
|
|
15185
|
+
return {
|
|
15186
|
+
entry: null,
|
|
15187
|
+
removalReason: MigrationRemovalReason.Expired,
|
|
15188
|
+
};
|
|
15106
15189
|
}
|
|
15107
|
-
return decryptedData;
|
|
15190
|
+
return { entry: decryptedData };
|
|
15108
15191
|
}
|
|
15109
15192
|
/**
|
|
15110
15193
|
* Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
|
|
@@ -15124,6 +15207,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15124
15207
|
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
15125
15208
|
if (!parsedValue) {
|
|
15126
15209
|
this.browserStorage.removeItem(accountKey);
|
|
15210
|
+
this.performanceClient.incrementFields({ invalidAcntCount: 1 }, correlationId);
|
|
15127
15211
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15128
15212
|
continue;
|
|
15129
15213
|
}
|
|
@@ -15136,6 +15220,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15136
15220
|
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
15137
15221
|
// Cache expired remove account and associated tokens
|
|
15138
15222
|
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
15223
|
+
this.performanceClient.incrementFields({ ttlExpiredAcntCount: 1 }, correlationId);
|
|
15139
15224
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15140
15225
|
}
|
|
15141
15226
|
else if (isEncrypted(parsedValue)) {
|
|
@@ -15143,7 +15228,9 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15143
15228
|
const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
|
|
15144
15229
|
if (!decrypted) {
|
|
15145
15230
|
this.browserStorage.removeItem(accountKey);
|
|
15146
|
-
this.performanceClient.incrementFields({
|
|
15231
|
+
this.performanceClient.incrementFields({
|
|
15232
|
+
decryptFailedAcntCount: 1,
|
|
15233
|
+
}, correlationId);
|
|
15147
15234
|
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
15148
15235
|
}
|
|
15149
15236
|
}
|
|
@@ -15184,7 +15271,6 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15184
15271
|
});
|
|
15185
15272
|
this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
|
|
15186
15273
|
}
|
|
15187
|
-
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
15188
15274
|
this.browserStorage.removeItem(accountKey);
|
|
15189
15275
|
}
|
|
15190
15276
|
/**
|
|
@@ -15223,8 +15309,20 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15223
15309
|
const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
|
|
15224
15310
|
for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
|
|
15225
15311
|
this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
|
|
15226
|
-
const
|
|
15312
|
+
const result = await this.updateOldEntry(idTokenKey, correlationId);
|
|
15313
|
+
const oldSchemaData = result.entry;
|
|
15227
15314
|
if (!oldSchemaData) {
|
|
15315
|
+
switch (result.removalReason) {
|
|
15316
|
+
case MigrationRemovalReason.TtlExpired:
|
|
15317
|
+
this.performanceClient.incrementFields({ ttlExpiredITCount: 1 }, correlationId);
|
|
15318
|
+
break;
|
|
15319
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
15320
|
+
this.performanceClient.incrementFields({ decryptFailedITCount: 1 }, correlationId);
|
|
15321
|
+
break;
|
|
15322
|
+
case MigrationRemovalReason.Invalid:
|
|
15323
|
+
this.performanceClient.incrementFields({ invalidITCount: 1 }, correlationId);
|
|
15324
|
+
break;
|
|
15325
|
+
}
|
|
15228
15326
|
removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
|
|
15229
15327
|
continue;
|
|
15230
15328
|
}
|
|
@@ -15303,8 +15401,23 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15303
15401
|
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
15304
15402
|
for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
|
|
15305
15403
|
this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
|
|
15306
|
-
const
|
|
15404
|
+
const result = await this.updateOldEntry(accessTokenKey, correlationId);
|
|
15405
|
+
const oldSchemaData = result.entry;
|
|
15307
15406
|
if (!oldSchemaData) {
|
|
15407
|
+
switch (result.removalReason) {
|
|
15408
|
+
case MigrationRemovalReason.TtlExpired:
|
|
15409
|
+
this.performanceClient.incrementFields({ ttlExpiredATCount: 1 }, correlationId);
|
|
15410
|
+
break;
|
|
15411
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
15412
|
+
this.performanceClient.incrementFields({ decryptFailedATCount: 1 }, correlationId);
|
|
15413
|
+
break;
|
|
15414
|
+
case MigrationRemovalReason.Expired:
|
|
15415
|
+
this.performanceClient.incrementFields({ expiredATCount: 1 }, correlationId);
|
|
15416
|
+
break;
|
|
15417
|
+
case MigrationRemovalReason.Invalid:
|
|
15418
|
+
this.performanceClient.incrementFields({ invalidATCount: 1 }, correlationId);
|
|
15419
|
+
break;
|
|
15420
|
+
}
|
|
15308
15421
|
removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
|
|
15309
15422
|
continue;
|
|
15310
15423
|
}
|
|
@@ -15350,8 +15463,23 @@ class BrowserCacheManager extends CacheManager {
|
|
|
15350
15463
|
...credentialKeysToMigrate.refreshToken,
|
|
15351
15464
|
]) {
|
|
15352
15465
|
this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
|
|
15353
|
-
const
|
|
15466
|
+
const result = await this.updateOldEntry(refreshTokenKey, correlationId);
|
|
15467
|
+
const oldSchemaData = result.entry;
|
|
15354
15468
|
if (!oldSchemaData) {
|
|
15469
|
+
switch (result.removalReason) {
|
|
15470
|
+
case MigrationRemovalReason.TtlExpired:
|
|
15471
|
+
this.performanceClient.incrementFields({ ttlExpiredRTCount: 1 }, correlationId);
|
|
15472
|
+
break;
|
|
15473
|
+
case MigrationRemovalReason.DecryptFailed:
|
|
15474
|
+
this.performanceClient.incrementFields({ decryptFailedRTCount: 1 }, correlationId);
|
|
15475
|
+
break;
|
|
15476
|
+
case MigrationRemovalReason.Expired:
|
|
15477
|
+
this.performanceClient.incrementFields({ expiredRTCount: 1 }, correlationId);
|
|
15478
|
+
break;
|
|
15479
|
+
case MigrationRemovalReason.Invalid:
|
|
15480
|
+
this.performanceClient.incrementFields({ invalidRTCount: 1 }, correlationId);
|
|
15481
|
+
break;
|
|
15482
|
+
}
|
|
15355
15483
|
removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
|
|
15356
15484
|
continue;
|
|
15357
15485
|
}
|
|
@@ -16749,7 +16877,7 @@ class SilentCacheClient extends StandardInteractionClient {
|
|
|
16749
16877
|
*/
|
|
16750
16878
|
async acquireToken(silentRequest) {
|
|
16751
16879
|
// Telemetry manager only used to increment cacheHits here
|
|
16752
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
16880
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
16753
16881
|
const clientConfig = await invokeAsync(this.getClientConfiguration.bind(this), StandardInteractionClientGetClientConfiguration, this.logger, this.performanceClient, this.correlationId)({
|
|
16754
16882
|
serverTelemetryManager,
|
|
16755
16883
|
requestAuthority: silentRequest.authority,
|
|
@@ -16825,7 +16953,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16825
16953
|
// start the perf measurement
|
|
16826
16954
|
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
16827
16955
|
const reqTimestamp = nowSeconds();
|
|
16828
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
16956
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
16829
16957
|
try {
|
|
16830
16958
|
// initialize native request
|
|
16831
16959
|
const nativeRequest = await this.initializePlatformRequest(request);
|
|
@@ -16949,7 +17077,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16949
17077
|
catch (e) {
|
|
16950
17078
|
// Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise
|
|
16951
17079
|
if (e instanceof NativeAuthError) {
|
|
16952
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
17080
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
16953
17081
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
16954
17082
|
if (isFatalNativeAuthError(e)) {
|
|
16955
17083
|
throw e;
|
|
@@ -16996,7 +17124,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16996
17124
|
this.logger.verbose("003x5a", this.correlationId);
|
|
16997
17125
|
const response = await this.platformAuthProvider.sendMessage(request);
|
|
16998
17126
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
16999
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
17127
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
17000
17128
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
17001
17129
|
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
17002
17130
|
return authResult;
|
|
@@ -18003,6 +18131,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
18003
18131
|
nativeBrokerHandshakeTimeout: userInputSystem?.nativeBrokerHandshakeTimeout ||
|
|
18004
18132
|
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
|
|
18005
18133
|
protocolMode: ProtocolMode.AAD,
|
|
18134
|
+
serverTelemetryEnabled: false,
|
|
18006
18135
|
};
|
|
18007
18136
|
const providedSystemOptions = {
|
|
18008
18137
|
...DEFAULT_BROWSER_SYSTEM_OPTIONS,
|
|
@@ -18644,7 +18773,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18644
18773
|
*/
|
|
18645
18774
|
async executeCodeFlow(request, popupParams, pkceCodes) {
|
|
18646
18775
|
const correlationId = request.correlationId;
|
|
18647
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
18776
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
18648
18777
|
const pkce = pkceCodes ||
|
|
18649
18778
|
(await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId));
|
|
18650
18779
|
const popupRequest = {
|
|
@@ -18709,7 +18838,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18709
18838
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
18710
18839
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
18711
18840
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
18712
|
-
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
18841
|
+
serverTelemetryManager: initializeServerTelemetryManager(ApiId.acquireTokenPopup, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
18713
18842
|
requestAuthority: request.authority,
|
|
18714
18843
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
18715
18844
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -18746,7 +18875,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18746
18875
|
async logoutPopupAsync(validRequest, popupParams, requestAuthority, mainWindowRedirectUri) {
|
|
18747
18876
|
this.logger.verbose("0b7yrk", this.correlationId);
|
|
18748
18877
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Popup, validRequest);
|
|
18749
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
18878
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logoutPopup, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
18750
18879
|
try {
|
|
18751
18880
|
// Clear cache on logout
|
|
18752
18881
|
await clearCacheOnLogout(this.browserStorage, this.browserCrypto, this.logger, this.correlationId, validRequest.account);
|
|
@@ -19030,7 +19159,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19030
19159
|
*/
|
|
19031
19160
|
async executeCodeFlow(request) {
|
|
19032
19161
|
const correlationId = request.correlationId;
|
|
19033
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19162
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenRedirect, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19034
19163
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
19035
19164
|
const redirectRequest = {
|
|
19036
19165
|
...request,
|
|
@@ -19118,7 +19247,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19118
19247
|
async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
|
|
19119
19248
|
const originalTitle = document.title;
|
|
19120
19249
|
document.title = "Microsoft Authentication";
|
|
19121
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19250
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19122
19251
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
19123
19252
|
try {
|
|
19124
19253
|
const [serverParams, responseString] = this.getRedirectResponse(options?.hash || "");
|
|
@@ -19137,8 +19266,8 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19137
19266
|
}
|
|
19138
19267
|
// If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated
|
|
19139
19268
|
const loginRequestUrl = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, this.correlationId, true) || "";
|
|
19140
|
-
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl);
|
|
19141
|
-
const currentUrlNormalized = normalizeUrlForComparison(window.location.href);
|
|
19269
|
+
const loginRequestUrlNormalized = normalizeUrlForComparison(loginRequestUrl, this.logger, this.correlationId);
|
|
19270
|
+
const currentUrlNormalized = normalizeUrlForComparison(window.location.href, this.logger, this.correlationId);
|
|
19142
19271
|
if (loginRequestUrlNormalized === currentUrlNormalized &&
|
|
19143
19272
|
navigateToLoginRequestUrl) {
|
|
19144
19273
|
// We are on the page we need to navigate to - handle hash
|
|
@@ -19171,8 +19300,8 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19171
19300
|
* The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.
|
|
19172
19301
|
*/
|
|
19173
19302
|
let processHashOnRedirect = true;
|
|
19174
|
-
if (!loginRequestUrl
|
|
19175
|
-
// Redirect to home page if login request url is
|
|
19303
|
+
if (!loginRequestUrl) {
|
|
19304
|
+
// Redirect to home page if login request url is empty
|
|
19176
19305
|
const homepage = getHomepage();
|
|
19177
19306
|
// Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage
|
|
19178
19307
|
this.browserStorage.setTemporaryCache(TemporaryCacheKeys.ORIGIN_URI, homepage, true);
|
|
@@ -19318,7 +19447,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19318
19447
|
async logout(logoutRequest) {
|
|
19319
19448
|
this.logger.verbose("1rkurh", this.correlationId);
|
|
19320
19449
|
const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);
|
|
19321
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19450
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.logout, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19322
19451
|
try {
|
|
19323
19452
|
this.eventHandler.emitEvent(EventType.LOGOUT_START, this.correlationId, InteractionType.Redirect, logoutRequest);
|
|
19324
19453
|
// Clear cache on logout
|
|
@@ -19399,7 +19528,10 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19399
19528
|
*/
|
|
19400
19529
|
getRedirectStartPage(requestStartPage) {
|
|
19401
19530
|
const redirectStartPage = requestStartPage || window.location.href;
|
|
19402
|
-
|
|
19531
|
+
const absoluteRedirectStartPage = UrlString.getAbsoluteUrl(redirectStartPage, getCurrentUri());
|
|
19532
|
+
// Sanity check the URL before it is cached so we never persist a malformed value (e.g. the literal string "null")
|
|
19533
|
+
validateUrl(absoluteRedirectStartPage, this.logger, this.correlationId);
|
|
19534
|
+
return absoluteRedirectStartPage;
|
|
19403
19535
|
}
|
|
19404
19536
|
}
|
|
19405
19537
|
|
|
@@ -19408,20 +19540,20 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
19408
19540
|
* Licensed under the MIT License.
|
|
19409
19541
|
*/
|
|
19410
19542
|
/**
|
|
19411
|
-
*
|
|
19412
|
-
* @param
|
|
19413
|
-
* @param
|
|
19543
|
+
* Navigates the given hidden iframe to the provided URL.
|
|
19544
|
+
* @param frame
|
|
19545
|
+
* @param requestUrl
|
|
19414
19546
|
*/
|
|
19415
|
-
async function initiateCodeRequest(
|
|
19547
|
+
async function initiateCodeRequest(frame, requestUrl, logger, correlationId) {
|
|
19416
19548
|
if (!requestUrl) {
|
|
19417
19549
|
// Throw error if request URL is empty.
|
|
19418
19550
|
logger.info("1l7hyp", correlationId);
|
|
19419
19551
|
throw createBrowserAuthError(emptyNavigateUri);
|
|
19420
19552
|
}
|
|
19421
|
-
|
|
19553
|
+
frame.src = requestUrl;
|
|
19554
|
+
return frame;
|
|
19422
19555
|
}
|
|
19423
|
-
async function initiateCodeFlowWithPost(config, authority, request, logger, performanceClient) {
|
|
19424
|
-
const frame = createHiddenIframe();
|
|
19556
|
+
async function initiateCodeFlowWithPost(frame, config, authority, request, logger, performanceClient) {
|
|
19425
19557
|
if (!frame.contentDocument) {
|
|
19426
19558
|
throw "No document associated with iframe!";
|
|
19427
19559
|
}
|
|
@@ -19429,8 +19561,7 @@ async function initiateCodeFlowWithPost(config, authority, request, logger, perf
|
|
|
19429
19561
|
form.submit();
|
|
19430
19562
|
return frame;
|
|
19431
19563
|
}
|
|
19432
|
-
async function initiateEarRequest(config, authority, request, logger, performanceClient) {
|
|
19433
|
-
const frame = createHiddenIframe();
|
|
19564
|
+
async function initiateEarRequest(frame, config, authority, request, logger, performanceClient) {
|
|
19434
19565
|
if (!frame.contentDocument) {
|
|
19435
19566
|
throw "No document associated with iframe!";
|
|
19436
19567
|
}
|
|
@@ -19440,19 +19571,8 @@ async function initiateEarRequest(config, authority, request, logger, performanc
|
|
|
19440
19571
|
}
|
|
19441
19572
|
/**
|
|
19442
19573
|
* @hidden
|
|
19443
|
-
*
|
|
19444
|
-
*
|
|
19445
|
-
* @param frameName
|
|
19446
|
-
* @param logger
|
|
19447
|
-
*/
|
|
19448
|
-
function loadFrameSync(urlNavigate) {
|
|
19449
|
-
const frameHandle = createHiddenIframe();
|
|
19450
|
-
frameHandle.src = urlNavigate;
|
|
19451
|
-
return frameHandle;
|
|
19452
|
-
}
|
|
19453
|
-
/**
|
|
19454
|
-
* @hidden
|
|
19455
|
-
* Creates a new hidden iframe or gets an existing one for silent token renewal.
|
|
19574
|
+
* Creates a new hidden iframe for silent token renewal. Callers navigate it
|
|
19575
|
+
* (set `src` or submit a form) after registering the response listener.
|
|
19456
19576
|
* @ignore
|
|
19457
19577
|
*/
|
|
19458
19578
|
function createHiddenIframe() {
|
|
@@ -19531,7 +19651,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19531
19651
|
*/
|
|
19532
19652
|
async executeCodeFlow(request) {
|
|
19533
19653
|
let authClient;
|
|
19534
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19654
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19535
19655
|
try {
|
|
19536
19656
|
// Initialize the client
|
|
19537
19657
|
authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, request.correlationId)({
|
|
@@ -19573,11 +19693,22 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19573
19693
|
earJwk: earJwk,
|
|
19574
19694
|
codeChallenge: pkceCodes.challenge,
|
|
19575
19695
|
};
|
|
19576
|
-
|
|
19696
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
19697
|
+
const iframe = createHiddenIframe();
|
|
19577
19698
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19578
19699
|
let responseString;
|
|
19579
19700
|
try {
|
|
19580
|
-
|
|
19701
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
19702
|
+
responsePromise.catch(() => {
|
|
19703
|
+
/*
|
|
19704
|
+
* If navigation below throws before responsePromise is awaited,
|
|
19705
|
+
* the listener still rejects on timeout. Swallow it here so it
|
|
19706
|
+
* does not surface as an unhandled rejection; the navigation
|
|
19707
|
+
* error is propagated instead.
|
|
19708
|
+
*/
|
|
19709
|
+
});
|
|
19710
|
+
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
19711
|
+
responseString = await responsePromise;
|
|
19581
19712
|
}
|
|
19582
19713
|
finally {
|
|
19583
19714
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19586,7 +19717,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19586
19717
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
19587
19718
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
19588
19719
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
19589
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger),
|
|
19720
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
19590
19721
|
requestAuthority: request.authority,
|
|
19591
19722
|
requestAzureCloudOptions: request.azureCloudOptions,
|
|
19592
19723
|
requestExtraQueryParameters: request.extraQueryParameters,
|
|
@@ -19613,7 +19744,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19613
19744
|
// Create silent request
|
|
19614
19745
|
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
19615
19746
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
19616
|
-
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
19747
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled),
|
|
19617
19748
|
requestAuthority: silentRequest.authority,
|
|
19618
19749
|
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
19619
19750
|
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
@@ -19661,21 +19792,32 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19661
19792
|
...request,
|
|
19662
19793
|
codeChallenge: pkceCodes.challenge,
|
|
19663
19794
|
};
|
|
19664
|
-
|
|
19665
|
-
|
|
19666
|
-
iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19667
|
-
}
|
|
19668
|
-
else {
|
|
19669
|
-
// Create authorize request url
|
|
19670
|
-
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19671
|
-
// Get the frame handle for the silent request
|
|
19672
|
-
iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
19673
|
-
}
|
|
19795
|
+
// Create the iframe, register the response listener, then navigate, so the listener is active before the iframe can respond.
|
|
19796
|
+
const iframe = createHiddenIframe();
|
|
19674
19797
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19675
19798
|
// Wait for response from the redirect bridge.
|
|
19676
19799
|
let responseString;
|
|
19677
19800
|
try {
|
|
19678
|
-
|
|
19801
|
+
const responsePromise = invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
|
|
19802
|
+
responsePromise.catch(() => {
|
|
19803
|
+
/*
|
|
19804
|
+
* If URL creation or navigation below throws before
|
|
19805
|
+
* responsePromise is awaited, the listener still rejects on
|
|
19806
|
+
* timeout. Swallow it here so it does not surface as an
|
|
19807
|
+
* unhandled rejection; the navigation error is propagated
|
|
19808
|
+
* instead.
|
|
19809
|
+
*/
|
|
19810
|
+
});
|
|
19811
|
+
if (request.httpMethod === HttpMethod$1.POST) {
|
|
19812
|
+
await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19813
|
+
}
|
|
19814
|
+
else {
|
|
19815
|
+
// Create authorize request url
|
|
19816
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19817
|
+
// Navigate the iframe to the authorize request url
|
|
19818
|
+
await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(iframe, navigateUrl, this.logger, correlationId);
|
|
19819
|
+
}
|
|
19820
|
+
responseString = await responsePromise;
|
|
19679
19821
|
}
|
|
19680
19822
|
finally {
|
|
19681
19823
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19710,7 +19852,7 @@ class SilentRefreshClient extends StandardInteractionClient {
|
|
|
19710
19852
|
// Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided
|
|
19711
19853
|
silentRequest.redirectUri = getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
|
|
19712
19854
|
}
|
|
19713
|
-
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19855
|
+
const serverTelemetryManager = initializeServerTelemetryManager(ApiId.acquireTokenSilent_silentFlow, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19714
19856
|
const refreshTokenClient = await this.createRefreshTokenClient({
|
|
19715
19857
|
serverTelemetryManager,
|
|
19716
19858
|
authorityUrl: silentRequest.authority,
|
|
@@ -19790,7 +19932,7 @@ class SilentAuthCodeClient extends StandardInteractionClient {
|
|
|
19790
19932
|
* Each auth request creates a new instance of *Client so we can safely use this.correlationId.
|
|
19791
19933
|
*/
|
|
19792
19934
|
this.correlationId);
|
|
19793
|
-
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
19935
|
+
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger, undefined, this.config.system.serverTelemetryEnabled);
|
|
19794
19936
|
try {
|
|
19795
19937
|
// Create auth code request (PKCE not needed)
|
|
19796
19938
|
const authCodeRequest = {
|
|
@@ -20143,6 +20285,8 @@ class StandardController {
|
|
|
20143
20285
|
// Preflight request
|
|
20144
20286
|
const correlationId = this.getRequestCorrelationId(request);
|
|
20145
20287
|
this.logger.verbose("0os66p", correlationId);
|
|
20288
|
+
redirectPreflightCheck(this.initialized, this.config);
|
|
20289
|
+
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
20146
20290
|
const atrMeasurement = this.performanceClient.startMeasurement(AcquireTokenPreRedirect, correlationId);
|
|
20147
20291
|
atrMeasurement.add({
|
|
20148
20292
|
scenarioId: request.scenarioId,
|
|
@@ -20160,9 +20304,7 @@ class StandardController {
|
|
|
20160
20304
|
return navigate;
|
|
20161
20305
|
};
|
|
20162
20306
|
try {
|
|
20163
|
-
redirectPreflightCheck(this.initialized, this.config);
|
|
20164
20307
|
enforceResourceParameter(this.config.auth.isMcp, request);
|
|
20165
|
-
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
20166
20308
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Redirect, request);
|
|
20167
20309
|
let result;
|
|
20168
20310
|
if (this.platformAuthProvider &&
|