@azure/msal-browser 5.16.0 → 5.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (399) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/IPublicClientApplication.mjs.map +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/app/PublicClientApplication.mjs.map +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs.map +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  11. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  12. package/dist/cache/AccountManager.mjs +1 -1
  13. package/dist/cache/AccountManager.mjs.map +1 -1
  14. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  15. package/dist/cache/AsyncMemoryStorage.mjs.map +1 -1
  16. package/dist/cache/BrowserCacheManager.mjs +1 -1
  17. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  18. package/dist/cache/CacheHelpers.mjs +1 -1
  19. package/dist/cache/CacheHelpers.mjs.map +1 -1
  20. package/dist/cache/CacheKeys.mjs +1 -1
  21. package/dist/cache/CacheKeys.mjs.map +1 -1
  22. package/dist/cache/CookieStorage.mjs +1 -1
  23. package/dist/cache/CookieStorage.mjs.map +1 -1
  24. package/dist/cache/DatabaseStorage.mjs +1 -1
  25. package/dist/cache/DatabaseStorage.mjs.map +1 -1
  26. package/dist/cache/EncryptedData.mjs +1 -1
  27. package/dist/cache/LocalStorage.mjs +1 -1
  28. package/dist/cache/LocalStorage.mjs.map +1 -1
  29. package/dist/cache/MemoryStorage.mjs +1 -1
  30. package/dist/cache/MemoryStorage.mjs.map +1 -1
  31. package/dist/cache/SessionStorage.mjs +1 -1
  32. package/dist/cache/SessionStorage.mjs.map +1 -1
  33. package/dist/cache/TokenCache.mjs +1 -1
  34. package/dist/cache/TokenCache.mjs.map +1 -1
  35. package/dist/config/Configuration.mjs +2 -1
  36. package/dist/config/Configuration.mjs.map +1 -1
  37. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  38. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  39. package/dist/controllers/StandardController.mjs +2 -2
  40. package/dist/controllers/StandardController.mjs.map +1 -1
  41. package/dist/crypto/BrowserCrypto.mjs +61 -12
  42. package/dist/crypto/BrowserCrypto.mjs.map +1 -1
  43. package/dist/crypto/CryptoOps.mjs +6 -12
  44. package/dist/crypto/CryptoOps.mjs.map +1 -1
  45. package/dist/crypto/PkceGenerator.mjs +1 -1
  46. package/dist/crypto/PkceGenerator.mjs.map +1 -1
  47. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  48. package/dist/crypto/SignedHttpRequest.mjs.map +1 -1
  49. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  50. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  51. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  52. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs.map +1 -1
  53. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  54. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  55. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  56. package/dist/custom_auth/core/CustomAuthAuthority.mjs.map +1 -1
  57. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  58. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs.map +1 -1
  59. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  60. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs.map +1 -1
  61. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  62. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs.map +1 -1
  63. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  64. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  65. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs.map +1 -1
  66. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  67. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs.map +1 -1
  68. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  69. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs.map +1 -1
  70. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  71. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs.map +1 -1
  72. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  73. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs.map +1 -1
  74. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  75. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs.map +1 -1
  76. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  77. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs.map +1 -1
  78. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  79. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs.map +1 -1
  80. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  81. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs.map +1 -1
  82. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  83. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs.map +1 -1
  84. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  85. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs.map +1 -1
  86. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  87. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs.map +1 -1
  88. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  89. package/dist/custom_auth/core/error/CustomAuthApiError.mjs.map +1 -1
  90. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  91. package/dist/custom_auth/core/error/CustomAuthError.mjs.map +1 -1
  92. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  93. package/dist/custom_auth/core/error/HttpError.mjs.map +1 -1
  94. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  95. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  96. package/dist/custom_auth/core/error/InvalidArgumentError.mjs.map +1 -1
  97. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  98. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs.map +1 -1
  99. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  100. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  101. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs.map +1 -1
  102. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  103. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs.map +1 -1
  104. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  105. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs.map +1 -1
  106. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  107. package/dist/custom_auth/core/error/ParsedUrlError.mjs.map +1 -1
  108. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  109. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  110. package/dist/custom_auth/core/error/UnexpectedError.mjs.map +1 -1
  111. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  112. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs.map +1 -1
  113. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  114. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs.map +1 -1
  115. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  116. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs.map +1 -1
  117. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  118. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs.map +1 -1
  119. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  120. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs.map +1 -1
  121. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  122. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs.map +1 -1
  123. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  124. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  125. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -1
  126. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  127. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  128. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  129. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  130. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  131. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  132. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  133. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs.map +1 -1
  134. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  135. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  136. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  137. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  138. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  139. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  140. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  141. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  142. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  143. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs.map +1 -1
  144. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  145. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs.map +1 -1
  146. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  147. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  148. package/dist/custom_auth/core/utils/ArgumentValidator.mjs.map +1 -1
  149. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  150. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -1
  151. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  152. package/dist/custom_auth/core/utils/UrlUtils.mjs.map +1 -1
  153. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  154. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs.map +1 -1
  155. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  156. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs.map +1 -1
  157. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  158. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs.map +1 -1
  159. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  160. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs.map +1 -1
  161. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  162. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs.map +1 -1
  163. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  164. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs.map +1 -1
  165. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  166. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs.map +1 -1
  167. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  168. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs.map +1 -1
  169. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  170. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
  171. package/dist/custom_auth/index.mjs +1 -1
  172. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  173. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs.map +1 -1
  174. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  175. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs.map +1 -1
  176. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  177. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs.map +1 -1
  178. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  179. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs.map +1 -1
  180. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  181. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs.map +1 -1
  182. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  183. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs.map +1 -1
  184. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  185. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs.map +1 -1
  186. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  187. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs.map +1 -1
  188. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  189. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs.map +1 -1
  190. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  191. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs.map +1 -1
  192. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  193. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs.map +1 -1
  194. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  195. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs.map +1 -1
  196. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  197. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs.map +1 -1
  198. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  199. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs.map +1 -1
  200. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  201. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs.map +1 -1
  202. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  203. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs.map +1 -1
  204. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  205. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs.map +1 -1
  206. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  207. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs.map +1 -1
  208. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  209. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs.map +1 -1
  210. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  211. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs.map +1 -1
  212. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  213. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs.map +1 -1
  214. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  215. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs.map +1 -1
  216. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  217. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs.map +1 -1
  218. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  219. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs.map +1 -1
  220. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  221. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
  222. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  223. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  224. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs.map +1 -1
  225. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  226. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs.map +1 -1
  227. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  228. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs.map +1 -1
  229. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  230. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs.map +1 -1
  231. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  232. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs.map +1 -1
  233. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  234. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs.map +1 -1
  235. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  236. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs.map +1 -1
  237. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  238. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs.map +1 -1
  239. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  240. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs.map +1 -1
  241. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  242. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs.map +1 -1
  243. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  244. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs.map +1 -1
  245. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  246. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs.map +1 -1
  247. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  248. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs.map +1 -1
  249. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  250. package/dist/encode/Base64Decode.mjs +1 -1
  251. package/dist/encode/Base64Encode.mjs +1 -1
  252. package/dist/error/BrowserAuthError.mjs +1 -1
  253. package/dist/error/BrowserAuthError.mjs.map +1 -1
  254. package/dist/error/BrowserAuthErrorCodes.mjs +4 -2
  255. package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
  256. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  257. package/dist/error/BrowserConfigurationAuthError.mjs.map +1 -1
  258. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  259. package/dist/error/NativeAuthError.mjs +1 -1
  260. package/dist/error/NativeAuthError.mjs.map +1 -1
  261. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  262. package/dist/error/NestedAppAuthError.mjs +1 -1
  263. package/dist/error/NestedAppAuthError.mjs.map +1 -1
  264. package/dist/event/EventHandler.mjs +1 -1
  265. package/dist/event/EventHandler.mjs.map +1 -1
  266. package/dist/event/EventMessage.mjs +1 -1
  267. package/dist/event/EventMessage.mjs.map +1 -1
  268. package/dist/event/EventType.mjs +1 -1
  269. package/dist/event/EventType.mjs.map +1 -1
  270. package/dist/index.mjs +1 -1
  271. package/dist/index.mjs.map +1 -1
  272. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  273. package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
  274. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  275. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs.map +1 -1
  276. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  277. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  278. package/dist/interaction_client/PopupClient.mjs +77 -10
  279. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  280. package/dist/interaction_client/RedirectClient.mjs +1 -1
  281. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  282. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  283. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  284. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  285. package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
  286. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  287. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  288. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  289. package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
  290. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  291. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  292. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  293. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  294. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  295. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  296. package/dist/log-strings-mapping.json +7 -3
  297. package/dist/naa/BridgeError.mjs +1 -1
  298. package/dist/naa/BridgeProxy.mjs +2 -2
  299. package/dist/naa/BridgeProxy.mjs.map +1 -1
  300. package/dist/naa/BridgeStatusCode.mjs +1 -1
  301. package/dist/naa/BridgeStatusCode.mjs.map +1 -1
  302. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  303. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  304. package/dist/navigation/NavigationClient.mjs +1 -1
  305. package/dist/navigation/NavigationClient.mjs.map +1 -1
  306. package/dist/network/FetchClient.mjs +1 -1
  307. package/dist/network/FetchClient.mjs.map +1 -1
  308. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  309. package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
  310. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  311. package/dist/operatingcontext/NestedAppOperatingContext.mjs.map +1 -1
  312. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  313. package/dist/operatingcontext/StandardOperatingContext.mjs.map +1 -1
  314. package/dist/packageMetadata.mjs +2 -2
  315. package/dist/popup_relay/constants.mjs +21 -0
  316. package/dist/popup_relay/constants.mjs.map +1 -0
  317. package/dist/popup_relay/index.mjs +163 -0
  318. package/dist/popup_relay/index.mjs.map +1 -0
  319. package/dist/popup_relay/relayClient.mjs +114 -0
  320. package/dist/popup_relay/relayClient.mjs.map +1 -0
  321. package/dist/protocol/Authorize.mjs +42 -24
  322. package/dist/protocol/Authorize.mjs.map +1 -1
  323. package/dist/redirect_bridge/index.mjs +1 -1
  324. package/dist/redirect_bridge/index.mjs.map +1 -1
  325. package/dist/request/RequestHelpers.mjs +1 -1
  326. package/dist/request/RequestHelpers.mjs.map +1 -1
  327. package/dist/response/ResponseHandler.mjs +1 -1
  328. package/dist/response/ResponseHandler.mjs.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  330. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  332. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  333. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  334. package/dist/telemetry/BrowserPerformanceMeasurement.mjs.map +1 -1
  335. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  336. package/dist/utils/BrowserConstants.mjs +1 -1
  337. package/dist/utils/BrowserConstants.mjs.map +1 -1
  338. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  339. package/dist/utils/BrowserProtocolUtils.mjs.map +1 -1
  340. package/dist/utils/BrowserUtils.mjs +2 -2
  341. package/dist/utils/BrowserUtils.mjs.map +1 -1
  342. package/dist/utils/Helpers.mjs +1 -1
  343. package/dist/utils/Helpers.mjs.map +1 -1
  344. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  345. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  346. package/lib/custom-auth-path/log-strings-mapping.json +7 -3
  347. package/lib/custom-auth-path/msal-custom-auth.cjs +6047 -5793
  348. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  349. package/lib/custom-auth-path/msal-custom-auth.js +6047 -5793
  350. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  351. package/lib/log-strings-mapping.json +7 -3
  352. package/lib/msal-browser.cjs +6875 -6613
  353. package/lib/msal-browser.cjs.map +1 -1
  354. package/lib/msal-browser.js +6875 -6613
  355. package/lib/msal-browser.js.map +1 -1
  356. package/lib/msal-browser.min.js +2 -2
  357. package/lib/popup-relay/msal-popup-relay.cjs +278 -0
  358. package/lib/popup-relay/msal-popup-relay.cjs.map +1 -0
  359. package/lib/popup-relay/msal-popup-relay.js +284 -0
  360. package/lib/popup-relay/msal-popup-relay.js.map +1 -0
  361. package/lib/popup-relay/msal-popup-relay.min.js +2 -0
  362. package/lib/redirect-bridge/msal-redirect-bridge.cjs +39 -39
  363. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  364. package/lib/redirect-bridge/msal-redirect-bridge.js +39 -39
  365. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  366. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  367. package/package.json +14 -3
  368. package/scripts/README.md +112 -0
  369. package/scripts/decode-logs.cjs +822 -0
  370. package/src/config/Configuration.ts +18 -0
  371. package/src/crypto/BrowserCrypto.ts +104 -9
  372. package/src/crypto/CryptoOps.ts +13 -12
  373. package/src/error/BrowserAuthErrorCodes.ts +2 -0
  374. package/src/interaction_client/PopupClient.ts +137 -23
  375. package/src/packageMetadata.ts +1 -1
  376. package/src/popup_relay/constants.ts +17 -0
  377. package/src/popup_relay/index.ts +221 -0
  378. package/src/popup_relay/relayClient.ts +178 -0
  379. package/src/protocol/Authorize.ts +76 -27
  380. package/types/config/Configuration.d.ts +16 -0
  381. package/types/config/Configuration.d.ts.map +1 -1
  382. package/types/crypto/BrowserCrypto.d.ts +19 -5
  383. package/types/crypto/BrowserCrypto.d.ts.map +1 -1
  384. package/types/crypto/CryptoOps.d.ts.map +1 -1
  385. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  386. package/types/error/BrowserAuthErrorCodes.d.ts +2 -0
  387. package/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  388. package/types/interaction_client/PopupClient.d.ts +13 -0
  389. package/types/interaction_client/PopupClient.d.ts.map +1 -1
  390. package/types/packageMetadata.d.ts +1 -1
  391. package/types/popup_relay/constants.d.ts +13 -0
  392. package/types/popup_relay/constants.d.ts.map +1 -0
  393. package/types/popup_relay/index.d.cts +1 -0
  394. package/types/popup_relay/index.d.ts +42 -0
  395. package/types/popup_relay/index.d.ts.map +1 -0
  396. package/types/popup_relay/relayClient.d.ts +43 -0
  397. package/types/popup_relay/relayClient.d.ts.map +1 -0
  398. package/types/protocol/Authorize.d.ts +25 -0
  399. package/types/protocol/Authorize.d.ts.map +1 -1
@@ -67,6 +67,23 @@ export type BrowserAuthOptions = {
67
67
  */
68
68
  postLogoutRedirectUri?: string | null;
69
69
 
70
+ /**
71
+ * URI of a first-party, top-level "popup-relay" page used to acquire tokens
72
+ * interactively from inside a cross-origin iframe that an untrusted host has
73
+ * embedded (where third-party storage partitioning and COOP break the normal
74
+ * popup flow). When set, `acquireTokenPopup` opens this page top-level
75
+ * instead of navigating the popup straight to the IdP, and the page must call
76
+ * `runPopupRelay()`. Resolved relative to the app origin, so it must be
77
+ * same-origin as the embedded frame.
78
+ *
79
+ * This is a browser SPA-only mechanism (`PublicClientApplication` in
80
+ * `@azure/msal-browser`): it brokers the standard interactive popup
81
+ * auth-code flow through a same-origin page. It does not apply to native
82
+ * app, platform broker (WAM), Nested App Auth, or confidential-client /
83
+ * server-side scenarios.
84
+ */
85
+ popupRelayUri?: string;
86
+
70
87
  /**
71
88
  * Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
72
89
  */
@@ -271,6 +288,7 @@ export function buildConfiguration(
271
288
  ? window.location.href.split("?")[0].split("#")[0]
272
289
  : "",
273
290
  postLogoutRedirectUri: "",
291
+ popupRelayUri: "",
274
292
  clientCapabilities: [],
275
293
  OIDCOptions: {
276
294
  responseMode: Constants.ResponseMode.FRAGMENT,
@@ -25,6 +25,14 @@ const AES_GCM = "AES-GCM";
25
25
  const HKDF = "HKDF";
26
26
  // SHA-256 hashing algorithm
27
27
  const S256_HASH_ALG = "SHA-256";
28
+ // JWK values used by browser-internal WebCrypto helpers.
29
+ const JSON_WEB_KEY_CURVE_P256 = "P-256";
30
+ const JSON_WEB_KEY_TYPE_EC = "EC";
31
+ const JSON_WEB_KEY_TYPE_RSA = "RSA";
32
+ const MISSING_JWK_KTY_SUBERROR = "missing_jwk_kty";
33
+ const UNSUPPORTED_JWK_KTY_SUBERROR = "unsupported_jwk_kty";
34
+ const MISSING_JWK_MEMBER_SUBERROR = "missing_jwk_member";
35
+ const EMPTY_JWK_MEMBER_SUBERROR = "empty_jwk_member";
28
36
  // MOD length for PoP tokens
29
37
  const MODULUS_LENGTH = 2048;
30
38
  // Public Exponent
@@ -44,13 +52,27 @@ const DERIVE_KEY = "deriveKey";
44
52
  // Suberror
45
53
  const SUBTLE_SUBERROR = "crypto_subtle_undefined";
46
54
 
47
- const keygenAlgorithmOptions: RsaHashedKeyGenParams = {
55
+ export const RSA_KEYGEN_ALGORITHM_OPTIONS: RsaHashedKeyGenParams = {
48
56
  name: PKCS1_V15_KEYGEN_ALG,
49
57
  hash: S256_HASH_ALG,
50
58
  modulusLength: MODULUS_LENGTH,
51
59
  publicExponent: PUBLIC_EXPONENT,
52
60
  };
53
61
 
62
+ export const RSA_SIGN_ALGORITHM_OPTIONS: Algorithm = {
63
+ name: PKCS1_V15_KEYGEN_ALG,
64
+ };
65
+
66
+ export const ECDSA_P256_KEYGEN_ALGORITHM_OPTIONS: EcKeyGenParams = {
67
+ name: "ECDSA",
68
+ namedCurve: JSON_WEB_KEY_CURVE_P256,
69
+ };
70
+
71
+ export const ECDSA_SHA256_SIGN_ALGORITHM_OPTIONS: EcdsaParams = {
72
+ name: "ECDSA",
73
+ hash: { name: S256_HASH_ALG },
74
+ };
75
+
54
76
  /**
55
77
  * Check whether browser crypto is available.
56
78
  */
@@ -157,16 +179,18 @@ export function createNewGuid(): string {
157
179
  }
158
180
 
159
181
  /**
160
- * Generates a keypair based on current keygen algorithm config.
182
+ * Generates a keypair based on the provided algorithm config.
161
183
  * @param extractable
162
184
  * @param usages
185
+ * @param algorithm
163
186
  */
164
187
  export async function generateKeyPair(
165
188
  extractable: boolean,
166
- usages: Array<KeyUsage>
189
+ usages: Array<KeyUsage>,
190
+ algorithm: AlgorithmIdentifier
167
191
  ): Promise<CryptoKeyPair> {
168
192
  return window.crypto.subtle.generateKey(
169
- keygenAlgorithmOptions,
193
+ algorithm,
170
194
  extractable,
171
195
  usages
172
196
  ) as Promise<CryptoKeyPair>;
@@ -188,32 +212,36 @@ export async function exportJwk(key: CryptoKey): Promise<JsonWebKey> {
188
212
  * @param key
189
213
  * @param extractable
190
214
  * @param usages
215
+ * @param algorithm
191
216
  */
192
217
  export async function importJwk(
193
218
  key: JsonWebKey,
194
219
  extractable: boolean,
195
- usages: Array<KeyUsage>
220
+ usages: Array<KeyUsage>,
221
+ algorithm: AlgorithmIdentifier
196
222
  ): Promise<CryptoKey> {
197
223
  return window.crypto.subtle.importKey(
198
224
  KEY_FORMAT_JWK,
199
225
  key,
200
- keygenAlgorithmOptions,
226
+ algorithm,
201
227
  extractable,
202
228
  usages
203
229
  ) as Promise<CryptoKey>;
204
230
  }
205
231
 
206
232
  /**
207
- * Signs given data with given key
233
+ * Signs given data with given key.
208
234
  * @param key
209
235
  * @param data
236
+ * @param algorithm
210
237
  */
211
238
  export async function sign(
212
239
  key: CryptoKey,
213
- data: ArrayBuffer
240
+ data: ArrayBuffer,
241
+ algorithm: AlgorithmIdentifier
214
242
  ): Promise<ArrayBuffer> {
215
243
  return window.crypto.subtle.sign(
216
- keygenAlgorithmOptions,
244
+ algorithm,
217
245
  key,
218
246
  data
219
247
  ) as Promise<ArrayBuffer>;
@@ -428,3 +456,70 @@ export async function hashString(plainText: string): Promise<string> {
428
456
  const hashBytes = new Uint8Array(hashBuffer);
429
457
  return urlEncodeArr(hashBytes);
430
458
  }
459
+
460
+ const JWK_THUMBPRINT_REQUIRED_MEMBERS: Record<string, Array<string>> = {
461
+ [JSON_WEB_KEY_TYPE_EC]: ["crv", "kty", "x", "y"],
462
+ [JSON_WEB_KEY_TYPE_RSA]: ["e", "kty", "n"],
463
+ };
464
+
465
+ function getJwkThumbprintMembers(
466
+ publicJwk: JsonWebKey
467
+ ): Record<string, string> {
468
+ const kty = publicJwk.kty;
469
+ if (typeof kty !== "string" || kty.length === 0) {
470
+ throw createBrowserAuthError(
471
+ BrowserAuthErrorCodes.invalidPublicJwk,
472
+ "",
473
+ MISSING_JWK_KTY_SUBERROR
474
+ );
475
+ }
476
+
477
+ const requiredMembers = JWK_THUMBPRINT_REQUIRED_MEMBERS[kty];
478
+ if (!requiredMembers) {
479
+ throw createBrowserAuthError(
480
+ BrowserAuthErrorCodes.invalidPublicJwk,
481
+ "",
482
+ UNSUPPORTED_JWK_KTY_SUBERROR
483
+ );
484
+ }
485
+
486
+ return requiredMembers.reduce((thumbprintMembers, memberName) => {
487
+ const memberValue = publicJwk[memberName as keyof JsonWebKey];
488
+ if (typeof memberValue !== "string") {
489
+ throw createBrowserAuthError(
490
+ BrowserAuthErrorCodes.invalidPublicJwk,
491
+ "",
492
+ MISSING_JWK_MEMBER_SUBERROR
493
+ );
494
+ }
495
+
496
+ if (memberValue.length === 0) {
497
+ throw createBrowserAuthError(
498
+ BrowserAuthErrorCodes.invalidPublicJwk,
499
+ "",
500
+ EMPTY_JWK_MEMBER_SUBERROR
501
+ );
502
+ }
503
+
504
+ thumbprintMembers[memberName] = memberValue;
505
+ return thumbprintMembers;
506
+ }, {} as Record<string, string>);
507
+ }
508
+
509
+ /**
510
+ * Computes an RFC 7638 JWK thumbprint for a public key.
511
+ * The required members for the JWK key type are serialised in lexicographic order
512
+ * and the SHA-256 digest is returned as a base64url string.
513
+ * @internal
514
+ */
515
+ export async function computeJwkThumbprint(
516
+ publicJwk: JsonWebKey
517
+ ): Promise<string> {
518
+ const thumbprintMembers = getJwkThumbprintMembers(publicJwk);
519
+ // RFC 7638 §3.3: use only required members, sorted lexicographically
520
+ const thumbprintJson = JSON.stringify(
521
+ thumbprintMembers,
522
+ Object.keys(thumbprintMembers).sort()
523
+ );
524
+ return hashString(thumbprintJson);
525
+ }
@@ -123,7 +123,8 @@ export class CryptoOps implements ICrypto {
123
123
  // Generate Keypair
124
124
  const keyPair: CryptoKeyPair = await BrowserCrypto.generateKeyPair(
125
125
  CryptoOps.EXTRACTABLE,
126
- CryptoOps.POP_KEY_USAGES
126
+ CryptoOps.POP_KEY_USAGES,
127
+ BrowserCrypto.RSA_KEYGEN_ALGORITHM_OPTIONS
127
128
  );
128
129
 
129
130
  // Generate Thumbprint for Public Key
@@ -131,15 +132,9 @@ export class CryptoOps implements ICrypto {
131
132
  keyPair.publicKey
132
133
  );
133
134
 
134
- const pubKeyThumprintObj: JsonWebKey = {
135
- e: publicKeyJwk.e,
136
- kty: publicKeyJwk.kty,
137
- n: publicKeyJwk.n,
138
- };
139
-
140
- const publicJwkString: string =
141
- getSortedObjectString(pubKeyThumprintObj);
142
- const publicJwkHash = await this.hashString(publicJwkString);
135
+ const publicJwkHash = await BrowserCrypto.computeJwkThumbprint(
136
+ publicKeyJwk
137
+ );
143
138
 
144
139
  // Generate Thumbprint for Private Key
145
140
  const privateKeyJwk: JsonWebKey = await BrowserCrypto.exportJwk(
@@ -147,7 +142,12 @@ export class CryptoOps implements ICrypto {
147
142
  );
148
143
  // Re-import private key to make it unextractable
149
144
  const unextractablePrivateKey: CryptoKey =
150
- await BrowserCrypto.importJwk(privateKeyJwk, false, ["sign"]);
145
+ await BrowserCrypto.importJwk(
146
+ privateKeyJwk,
147
+ false,
148
+ ["sign"],
149
+ BrowserCrypto.RSA_KEYGEN_ALGORITHM_OPTIONS
150
+ );
151
151
 
152
152
  // Store Keypair data in keystore
153
153
  await this.cache.setItem(
@@ -278,7 +278,8 @@ export class CryptoOps implements ICrypto {
278
278
  const tokenBuffer = encoder.encode(tokenString);
279
279
  const signatureBuffer = await BrowserCrypto.sign(
280
280
  cachedKeyPair.privateKey,
281
- tokenBuffer
281
+ tokenBuffer,
282
+ BrowserCrypto.RSA_SIGN_ALGORITHM_OPTIONS
282
283
  );
283
284
  const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer));
284
285
 
@@ -24,6 +24,7 @@ export const redirectBridgeEmptyResponse = "redirect_bridge_empty_response";
24
24
  export const redirectInIframe = "redirect_in_iframe";
25
25
  export const blockIframeReload = "block_iframe_reload";
26
26
  export const blockNestedPopups = "block_nested_popups";
27
+ export const popupRelayUnsupportedFlow = "popup_relay_unsupported_flow";
27
28
  export const iframeClosedPrematurely = "iframe_closed_prematurely";
28
29
  export const silentLogoutUnsupported = "silent_logout_unsupported";
29
30
  export const noAccountError = "no_account_error";
@@ -41,6 +42,7 @@ export const getRequestFailed = "get_request_failed";
41
42
  export const failedToParseResponse = "failed_to_parse_response";
42
43
  export const unableToLoadToken = "unable_to_load_token";
43
44
  export const cryptoKeyNotFound = "crypto_key_not_found";
45
+ export const invalidPublicJwk = "invalid_public_jwk";
44
46
  export const authCodeRequired = "auth_code_required";
45
47
  export const authCodeOrNativeAccountIdRequired =
46
48
  "auth_code_or_nativeAccountId_required";
@@ -19,6 +19,7 @@ import {
19
19
  PkceCodes,
20
20
  CommonAuthorizationUrlRequest,
21
21
  ProtocolUtils,
22
+ Authority,
22
23
  } from "@azure/msal-common/browser";
23
24
  import {
24
25
  initializeAuthorizationRequest,
@@ -34,6 +35,8 @@ import {
34
35
  import { EndSessionPopupRequest } from "../request/EndSessionPopupRequest.js";
35
36
  import { NavigationOptions } from "../navigation/NavigationOptions.js";
36
37
  import * as BrowserUtils from "../utils/BrowserUtils.js";
38
+ import * as PopupRelay from "../popup_relay/relayClient.js";
39
+ import { base64Decode } from "../encode/Base64Decode.js";
37
40
  import { PopupRequest } from "../request/PopupRequest.js";
38
41
  import {
39
42
  createBrowserAuthError,
@@ -375,9 +378,26 @@ export class PopupClient extends StandardInteractionClient {
375
378
  this.performanceClient
376
379
  );
377
380
 
381
+ /*
382
+ * When a popup-relay page is configured, open it top-level
383
+ * (same first-party origin) instead of navigating the popup
384
+ * straight to the IdP, and carry the /authorize URL in its hash.
385
+ * The relay page opens the IdP child popup and relays the
386
+ * response back via postMessage (see waitForPopupResponse).
387
+ */
388
+ const popupRelayUri = this.config.auth.popupRelayUri;
389
+ const popupNavigateUrl = popupRelayUri
390
+ ? PopupRelay.buildPopupRelayUrl(
391
+ popupRelayUri,
392
+ this.getRelayStateId(request.state, correlationId),
393
+ { method: "GET", url: navigateUrl },
394
+ correlationId
395
+ )
396
+ : navigateUrl;
397
+
378
398
  // Show the UI once the url has been created. Get the window handle for the popup.
379
399
  const popupWindow: Window = this.initiateAuthRequest(
380
- navigateUrl,
400
+ popupNavigateUrl,
381
401
  popupParams
382
402
  );
383
403
  this.eventHandler.emitEvent(
@@ -497,18 +517,13 @@ export class PopupClient extends StandardInteractionClient {
497
517
  earJwk: earJwk,
498
518
  codeChallenge: pkce.challenge,
499
519
  };
500
- const popupWindow =
501
- popupParams.popup || this.openPopup("about:blank", popupParams);
502
-
503
- const form = await Authorize.getEARForm(
504
- popupWindow.document,
505
- this.config,
506
- discoveredAuthority,
520
+ const popupWindow = await this.openPostFormPopup(
507
521
  popupRequest,
508
- this.logger,
509
- this.performanceClient
522
+ discoveredAuthority,
523
+ popupParams,
524
+ correlationId,
525
+ true
510
526
  );
511
- form.submit();
512
527
 
513
528
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
514
529
  const responseString = await invokeAsync(
@@ -621,20 +636,14 @@ export class PopupClient extends StandardInteractionClient {
621
636
  this.logger
622
637
  );
623
638
 
624
- const popupWindow =
625
- popupParams.popup || this.openPopup("about:blank", popupParams);
626
-
627
- const form = await Authorize.getCodeForm(
628
- popupWindow.document,
629
- this.config,
630
- discoveredAuthority,
639
+ const popupWindow = await this.openPostFormPopup(
631
640
  request,
632
- this.logger,
633
- this.performanceClient
641
+ discoveredAuthority,
642
+ popupParams,
643
+ correlationId,
644
+ false
634
645
  );
635
646
 
636
- form.submit();
637
-
638
647
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
639
648
  const responseString = await invokeAsync(
640
649
  this.waitForPopupResponse.bind(this),
@@ -794,8 +803,30 @@ export class PopupClient extends StandardInteractionClient {
794
803
  validRequest
795
804
  );
796
805
 
806
+ /*
807
+ * When a popup-relay page is configured, open it top-level (same
808
+ * first-party origin) and carry the end-session URL in its hash,
809
+ * exactly like the login flow. The relay page opens the IdP child
810
+ * popup and the post-logout redirect page (running the redirect
811
+ * bridge) relays completion back via postMessage — so logout works
812
+ * from an embedded, cross-origin iframe where a direct popup to the
813
+ * IdP cannot. See runPopupRelay / waitForPopupResponse.
814
+ */
815
+ const popupRelayUri = this.config.auth.popupRelayUri;
816
+ const popupNavigateUrl = popupRelayUri
817
+ ? PopupRelay.buildPopupRelayUrl(
818
+ popupRelayUri,
819
+ this.getRelayStateId(
820
+ validRequest.state || "",
821
+ this.correlationId
822
+ ),
823
+ { method: "GET", url: logoutUri },
824
+ this.correlationId
825
+ )
826
+ : logoutUri;
827
+
797
828
  // Open the popup window to requestUrl.
798
- const popupWindow = this.openPopup(logoutUri, popupParams);
829
+ const popupWindow = this.openPopup(popupNavigateUrl, popupParams);
799
830
  this.eventHandler.emitEvent(
800
831
  EventType.POPUP_OPENED,
801
832
  validRequest.correlationId,
@@ -1074,11 +1105,94 @@ export class PopupClient extends StandardInteractionClient {
1074
1105
  return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
1075
1106
  }
1076
1107
 
1108
+ /**
1109
+ * Decodes the per-request library-state id from the encoded request state.
1110
+ */
1111
+ private getRelayStateId(state: string, correlationId: string): string {
1112
+ return ProtocolUtils.parseRequestState(
1113
+ base64Decode,
1114
+ state,
1115
+ correlationId
1116
+ ).libraryState.id;
1117
+ }
1118
+
1119
+ /**
1120
+ * Opens the interactive popup for a POST-form /authorize request. Shared by
1121
+ * the auth-code POST and EAR flows, which are identical apart from the form
1122
+ * builder (`isEAR` selects the EAR vs auth-code builders). When a
1123
+ * popup-relay page is configured the form is carried to the relay page
1124
+ * (which opens the IdP child popup); otherwise the form is submitted
1125
+ * directly into the popup.
1126
+ */
1127
+ private async openPostFormPopup(
1128
+ request: CommonAuthorizationUrlRequest,
1129
+ discoveredAuthority: Authority,
1130
+ popupParams: PopupParams,
1131
+ correlationId: string,
1132
+ isEAR: boolean
1133
+ ): Promise<Window> {
1134
+ const popupRelayUri = this.config.auth.popupRelayUri;
1135
+ if (popupRelayUri) {
1136
+ const getFormData = isEAR
1137
+ ? Authorize.getEARFormData
1138
+ : Authorize.getCodeFormData;
1139
+ const formData = await getFormData(
1140
+ this.config,
1141
+ discoveredAuthority,
1142
+ request,
1143
+ this.logger,
1144
+ this.performanceClient
1145
+ );
1146
+ const relayUrl = PopupRelay.buildPopupRelayUrl(
1147
+ popupRelayUri,
1148
+ this.getRelayStateId(request.state, correlationId),
1149
+ {
1150
+ method: "POST",
1151
+ action: formData.action,
1152
+ fields: formData.fields,
1153
+ },
1154
+ correlationId
1155
+ );
1156
+ return this.initiateAuthRequest(relayUrl, popupParams);
1157
+ }
1158
+
1159
+ const popupWindow =
1160
+ popupParams.popup || this.openPopup("about:blank", popupParams);
1161
+ const getForm = isEAR ? Authorize.getEARForm : Authorize.getCodeForm;
1162
+ const form = await getForm(
1163
+ popupWindow.document,
1164
+ this.config,
1165
+ discoveredAuthority,
1166
+ request,
1167
+ this.logger,
1168
+ this.performanceClient
1169
+ );
1170
+ form.submit();
1171
+ return popupWindow;
1172
+ }
1173
+
1077
1174
  protected async waitForPopupResponse(
1078
1175
  request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
1079
1176
  popupWindow: Window,
1080
1177
  popupWindowParent: Window
1081
1178
  ): Promise<string> {
1179
+ /*
1180
+ * When a popup-relay page is configured the response is relayed back to
1181
+ * this frame by the relay page via postMessage, and the relay popup's
1182
+ * lifecycle (including the user dismissing it before signing in) must be
1183
+ * tracked here. This takes precedence over the default bridge response
1184
+ * hook, whose BroadcastChannel cannot reach a partitioned cross-site
1185
+ * frame and which does not track the relay popup.
1186
+ */
1187
+ if (this.config.auth.popupRelayUri) {
1188
+ return PopupRelay.waitForPopupRelayResponse(
1189
+ this.config.system.popupBridgeTimeout,
1190
+ this.logger,
1191
+ request,
1192
+ popupWindow,
1193
+ this.performanceClient
1194
+ );
1195
+ }
1082
1196
  if (this.waitForPopupResponseHook) {
1083
1197
  return this.waitForPopupResponseHook(
1084
1198
  request,
@@ -1,3 +1,3 @@
1
1
  /* eslint-disable header/header */
2
2
  export const name = "@azure/msal-browser";
3
- export const version = "5.16.0";
3
+ export const version = "5.17.1";
@@ -0,0 +1,17 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ /**
7
+ * postMessage envelope type used to relay an auth response from a popup-relay
8
+ * page (see `runPopupRelay`) back to the embedded frame that opened it. See
9
+ * {@link BrowserAuthOptions.popupRelayUri}.
10
+ *
11
+ * Kept dependency-free so both the relay-page entry (`./index.js`) and the
12
+ * client-side helpers (`./relayClient.js`) can import it without either bundle
13
+ * pulling in the other's dependencies.
14
+ *
15
+ * @internal
16
+ */
17
+ export const POPUP_RELAY_RESPONSE_TYPE = "msal:popup-relay-response:v1";