@azure/msal-browser 5.17.0 → 5.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.mjs +1 -1
  19. package/dist/config/Configuration.mjs +1 -1
  20. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  21. package/dist/controllers/StandardController.mjs +1 -1
  22. package/dist/crypto/BrowserCrypto.mjs +61 -12
  23. package/dist/crypto/BrowserCrypto.mjs.map +1 -1
  24. package/dist/crypto/CryptoOps.mjs +6 -12
  25. package/dist/crypto/CryptoOps.mjs.map +1 -1
  26. package/dist/crypto/PkceGenerator.mjs +1 -1
  27. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  28. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  29. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  30. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  31. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  32. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  33. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  34. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  48. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  49. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  50. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  51. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  52. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  53. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  54. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  55. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  56. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  57. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  58. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  59. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  60. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  61. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  62. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  63. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  64. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  65. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  66. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  70. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  71. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  72. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  81. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  82. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  83. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  84. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  85. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  86. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  87. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  90. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  91. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  92. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  93. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  94. package/dist/custom_auth/index.mjs +1 -1
  95. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  96. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  97. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  98. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  103. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  104. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  105. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  106. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  107. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  108. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  109. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  116. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  119. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  120. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  121. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  122. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  123. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  130. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  133. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  134. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  135. package/dist/encode/Base64Decode.mjs +1 -1
  136. package/dist/encode/Base64Encode.mjs +1 -1
  137. package/dist/error/BrowserAuthError.mjs +1 -1
  138. package/dist/error/BrowserAuthErrorCodes.mjs +3 -2
  139. package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
  140. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  141. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  142. package/dist/error/NativeAuthError.mjs +1 -1
  143. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  144. package/dist/error/NestedAppAuthError.mjs +1 -1
  145. package/dist/event/EventHandler.mjs +1 -1
  146. package/dist/event/EventMessage.mjs +1 -1
  147. package/dist/event/EventType.mjs +1 -1
  148. package/dist/index.mjs +1 -1
  149. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  150. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  151. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  152. package/dist/interaction_client/PopupClient.mjs +1 -1
  153. package/dist/interaction_client/RedirectClient.mjs +1 -1
  154. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  155. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  156. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  157. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  158. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  159. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  160. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  161. package/dist/log-strings-mapping.json +2 -2
  162. package/dist/naa/BridgeError.mjs +1 -1
  163. package/dist/naa/BridgeProxy.mjs +1 -1
  164. package/dist/naa/BridgeStatusCode.mjs +1 -1
  165. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  166. package/dist/navigation/NavigationClient.mjs +1 -1
  167. package/dist/network/FetchClient.mjs +1 -1
  168. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  169. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  170. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  171. package/dist/packageMetadata.mjs +2 -2
  172. package/dist/popup_relay/constants.mjs +1 -1
  173. package/dist/popup_relay/index.mjs +1 -1
  174. package/dist/popup_relay/relayClient.mjs +1 -1
  175. package/dist/protocol/Authorize.mjs +1 -1
  176. package/dist/redirect_bridge/index.mjs +1 -1
  177. package/dist/request/RequestHelpers.mjs +1 -1
  178. package/dist/response/ResponseHandler.mjs +1 -1
  179. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  180. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  181. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  182. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  183. package/dist/utils/BrowserConstants.mjs +1 -1
  184. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  185. package/dist/utils/BrowserUtils.mjs +1 -1
  186. package/dist/utils/Helpers.mjs +1 -1
  187. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  188. package/lib/custom-auth-path/log-strings-mapping.json +2 -2
  189. package/lib/custom-auth-path/msal-custom-auth.cjs +134 -86
  190. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  191. package/lib/custom-auth-path/msal-custom-auth.js +134 -86
  192. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  193. package/lib/log-strings-mapping.json +2 -2
  194. package/lib/msal-browser.cjs +142 -89
  195. package/lib/msal-browser.cjs.map +1 -1
  196. package/lib/msal-browser.js +142 -89
  197. package/lib/msal-browser.js.map +1 -1
  198. package/lib/msal-browser.min.js +2 -2
  199. package/lib/popup-relay/msal-popup-relay.cjs +2 -2
  200. package/lib/popup-relay/msal-popup-relay.cjs.map +1 -1
  201. package/lib/popup-relay/msal-popup-relay.js +2 -2
  202. package/lib/popup-relay/msal-popup-relay.js.map +1 -1
  203. package/lib/popup-relay/msal-popup-relay.min.js +1 -1
  204. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  205. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  206. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  207. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  208. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  209. package/package.json +2 -2
  210. package/src/crypto/BrowserCrypto.ts +104 -9
  211. package/src/crypto/CryptoOps.ts +13 -12
  212. package/src/error/BrowserAuthErrorCodes.ts +1 -0
  213. package/src/packageMetadata.ts +1 -1
  214. package/types/crypto/BrowserCrypto.d.ts +19 -5
  215. package/types/crypto/BrowserCrypto.d.ts.map +1 -1
  216. package/types/crypto/CryptoOps.d.ts.map +1 -1
  217. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  218. package/types/error/BrowserAuthErrorCodes.d.ts +1 -0
  219. package/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  220. package/types/packageMetadata.d.ts +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.17.0 2026-07-07 */
1
+ /*! @azure/msal-browser v5.17.1 2026-07-15 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -54,7 +54,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
54
54
  const RESOURCE = "resource";
55
55
  const CLI_DATA = "clidata";
56
56
 
57
- /*! @azure/msal-common v16.11.1 2026-07-07 */
57
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
58
58
  /*
59
59
  * Copyright (c) Microsoft Corporation. All rights reserved.
60
60
  * Licensed under the MIT License.
@@ -285,7 +285,7 @@ const JsonWebTokenTypes = {
285
285
  // Token renewal offset default in seconds
286
286
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
287
287
 
288
- /*! @azure/msal-common v16.11.1 2026-07-07 */
288
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
289
289
  /*
290
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
291
291
  * Licensed under the MIT License.
@@ -314,7 +314,7 @@ function createAuthError(code, correlationId, additionalMessage) {
314
314
  return new AuthError(code, correlationId, additionalMessage || getDefaultErrorMessage$1(code));
315
315
  }
316
316
 
317
- /*! @azure/msal-common v16.11.1 2026-07-07 */
317
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
318
318
 
319
319
  /*
320
320
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -337,7 +337,7 @@ function createClientAuthError(errorCode, correlationId, additionalMessage) {
337
337
  return new ClientAuthError(errorCode, correlationId, additionalMessage);
338
338
  }
339
339
 
340
- /*! @azure/msal-common v16.11.1 2026-07-07 */
340
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
341
341
  /*
342
342
  * Copyright (c) Microsoft Corporation. All rights reserved.
343
343
  * Licensed under the MIT License.
@@ -374,7 +374,7 @@ const methodNotImplemented = "method_not_implemented";
374
374
  const resourceParameterRequired = "resource_parameter_required";
375
375
  const misplacedResourceParam = "misplaced_resource_parameter";
376
376
 
377
- /*! @azure/msal-common v16.11.1 2026-07-07 */
377
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
378
378
 
379
379
  /*
380
380
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -412,7 +412,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
412
412
  };
413
413
  }
414
414
 
415
- /*! @azure/msal-common v16.11.1 2026-07-07 */
415
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
416
416
 
417
417
  /*
418
418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -478,7 +478,7 @@ function getJWSPayload(authToken, correlationId) {
478
478
  return matches[2];
479
479
  }
480
480
 
481
- /*! @azure/msal-common v16.11.1 2026-07-07 */
481
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
482
482
 
483
483
  /*
484
484
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -566,7 +566,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
566
566
  return updatedAccountInfo;
567
567
  }
568
568
 
569
- /*! @azure/msal-common v16.11.1 2026-07-07 */
569
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
570
570
  /*
571
571
  * Copyright (c) Microsoft Corporation. All rights reserved.
572
572
  * Licensed under the MIT License.
@@ -581,7 +581,7 @@ const AuthorityType = {
581
581
  Ciam: 3,
582
582
  };
583
583
 
584
- /*! @azure/msal-common v16.11.1 2026-07-07 */
584
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
585
585
  /*
586
586
  * Copyright (c) Microsoft Corporation. All rights reserved.
587
587
  * Licensed under the MIT License.
@@ -603,7 +603,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
603
603
  return null;
604
604
  }
605
605
 
606
- /*! @azure/msal-common v16.11.1 2026-07-07 */
606
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
607
607
  /*
608
608
  * Copyright (c) Microsoft Corporation. All rights reserved.
609
609
  * Licensed under the MIT License.
@@ -627,7 +627,7 @@ const ProtocolMode = {
627
627
  EAR: "EAR",
628
628
  };
629
629
 
630
- /*! @azure/msal-common v16.11.1 2026-07-07 */
630
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
631
631
  /**
632
632
  * Returns the AccountInfo interface for this account.
633
633
  * @internal
@@ -816,7 +816,7 @@ function isAccountEntity(entity) {
816
816
  entity.hasOwnProperty("authorityType"));
817
817
  }
818
818
 
819
- /*! @azure/msal-common v16.11.1 2026-07-07 */
819
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
820
820
  /*
821
821
  * Copyright (c) Microsoft Corporation. All rights reserved.
822
822
  * Licensed under the MIT License.
@@ -826,7 +826,7 @@ function isAccountEntity(entity) {
826
826
  */
827
827
  const unexpectedError = "unexpected_error";
828
828
 
829
- /*! @azure/msal-common v16.11.1 2026-07-07 */
829
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
830
830
 
831
831
  /*
832
832
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -846,7 +846,7 @@ function createClientConfigurationError(errorCode, correlationId) {
846
846
  return new ClientConfigurationError(errorCode, correlationId);
847
847
  }
848
848
 
849
- /*! @azure/msal-common v16.11.1 2026-07-07 */
849
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
850
850
  /*
851
851
  * Copyright (c) Microsoft Corporation. All rights reserved.
852
852
  * Licensed under the MIT License.
@@ -872,7 +872,7 @@ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
872
872
  const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
873
873
  const issuerValidationFailed = "issuer_validation_failed";
874
874
 
875
- /*! @azure/msal-common v16.11.1 2026-07-07 */
875
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
876
876
  /*
877
877
  * Copyright (c) Microsoft Corporation. All rights reserved.
878
878
  * Licensed under the MIT License.
@@ -884,7 +884,7 @@ function isOpenIdConfigResponse(response) {
884
884
  response.hasOwnProperty("jwks_uri"));
885
885
  }
886
886
 
887
- /*! @azure/msal-common v16.11.1 2026-07-07 */
887
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
888
888
  /*
889
889
  * Copyright (c) Microsoft Corporation. All rights reserved.
890
890
  * Licensed under the MIT License.
@@ -964,7 +964,7 @@ class StringUtils {
964
964
  }
965
965
  }
966
966
 
967
- /*! @azure/msal-common v16.11.1 2026-07-07 */
967
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
968
968
 
969
969
  /*
970
970
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1122,7 +1122,7 @@ class UrlString {
1122
1122
  }
1123
1123
  }
1124
1124
 
1125
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1125
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1126
1126
 
1127
1127
  /*
1128
1128
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1288,7 +1288,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1288
1288
  return null;
1289
1289
  }
1290
1290
 
1291
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1291
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1292
1292
  /*
1293
1293
  * Copyright (c) Microsoft Corporation. All rights reserved.
1294
1294
  * Licensed under the MIT License.
@@ -1297,7 +1297,7 @@ const AzureCloudInstance = {
1297
1297
  // AzureCloudInstance is not specified.
1298
1298
  None: "none"};
1299
1299
 
1300
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1300
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1301
1301
  /*
1302
1302
  * Copyright (c) Microsoft Corporation. All rights reserved.
1303
1303
  * Licensed under the MIT License.
@@ -1307,7 +1307,7 @@ function isCloudInstanceDiscoveryResponse(response) {
1307
1307
  response.hasOwnProperty("metadata"));
1308
1308
  }
1309
1309
 
1310
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1310
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1311
1311
  /*
1312
1312
  * Copyright (c) Microsoft Corporation. All rights reserved.
1313
1313
  * Licensed under the MIT License.
@@ -1317,7 +1317,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
1317
1317
  response.hasOwnProperty("error_description"));
1318
1318
  }
1319
1319
 
1320
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1320
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1321
1321
  /*
1322
1322
  * Copyright (c) Microsoft Corporation. All rights reserved.
1323
1323
  * Licensed under the MIT License.
@@ -1388,7 +1388,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
1388
1388
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
1389
1389
  const SetUserData = "setUserData";
1390
1390
 
1391
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1391
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1392
1392
  /*
1393
1393
  * Copyright (c) Microsoft Corporation. All rights reserved.
1394
1394
  * Licensed under the MIT License.
@@ -1481,7 +1481,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
1481
1481
  };
1482
1482
  };
1483
1483
 
1484
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1484
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1485
1485
 
1486
1486
  /*
1487
1487
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1592,7 +1592,7 @@ RegionDiscovery.IMDS_OPTIONS = {
1592
1592
  },
1593
1593
  };
1594
1594
 
1595
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1595
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1596
1596
  /*
1597
1597
  * Copyright (c) Microsoft Corporation. All rights reserved.
1598
1598
  * Licensed under the MIT License.
@@ -1657,7 +1657,7 @@ function wasClockTurnedBack(cachedAt) {
1657
1657
  return cachedAtSec > nowSeconds();
1658
1658
  }
1659
1659
 
1660
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1660
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1661
1661
 
1662
1662
  /*
1663
1663
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1924,7 +1924,7 @@ function isAuthorityMetadataExpired(metadata) {
1924
1924
  return metadata.expiresAt <= nowSeconds();
1925
1925
  }
1926
1926
 
1927
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1927
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1928
1928
 
1929
1929
  /*
1930
1930
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2894,7 +2894,7 @@ function buildStaticAuthorityOptions(authOptions) {
2894
2894
  };
2895
2895
  }
2896
2896
 
2897
- /*! @azure/msal-common v16.11.1 2026-07-07 */
2897
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
2898
2898
 
2899
2899
  /*
2900
2900
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2928,7 +2928,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
2928
2928
  }
2929
2929
  }
2930
2930
 
2931
- /*! @azure/msal-common v16.11.1 2026-07-07 */
2931
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
2932
2932
 
2933
2933
  /*
2934
2934
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3124,7 +3124,7 @@ class ScopeSet {
3124
3124
  }
3125
3125
  }
3126
3126
 
3127
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3127
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3128
3128
 
3129
3129
  /*
3130
3130
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3539,7 +3539,7 @@ function addResource(parameters, resource) {
3539
3539
  }
3540
3540
  }
3541
3541
 
3542
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3542
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3543
3543
 
3544
3544
  /*
3545
3545
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3661,12 +3661,16 @@ function validateUrl(url, logger, correlationId) {
3661
3661
  }
3662
3662
  }
3663
3663
 
3664
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3664
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3665
3665
 
3666
3666
  /*
3667
3667
  * Copyright (c) Microsoft Corporation. All rights reserved.
3668
3668
  * Licensed under the MIT License.
3669
3669
  */
3670
+ /**
3671
+ * Default crypto implementation used when a platform-specific implementation has
3672
+ * not been provided.
3673
+ */
3670
3674
  const DEFAULT_CRYPTO_IMPLEMENTATION = {
3671
3675
  createNewGuid: () => {
3672
3676
  throw createClientAuthError(methodNotImplemented, "");
@@ -3700,7 +3704,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
3700
3704
  },
3701
3705
  };
3702
3706
 
3703
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3707
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3704
3708
  /*
3705
3709
  * Copyright (c) Microsoft Corporation. All rights reserved.
3706
3710
  * Licensed under the MIT License.
@@ -3975,12 +3979,12 @@ class Logger {
3975
3979
  }
3976
3980
  }
3977
3981
 
3978
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3982
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3979
3983
  /* eslint-disable header/header */
3980
3984
  const name$1 = "@azure/msal-common";
3981
- const version$1 = "16.11.1";
3985
+ const version$1 = "16.11.2";
3982
3986
 
3983
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3987
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3984
3988
  /*
3985
3989
  * Copyright (c) Microsoft Corporation. All rights reserved.
3986
3990
  * Licensed under the MIT License.
@@ -3988,7 +3992,7 @@ const version$1 = "16.11.1";
3988
3992
  const cacheQuotaExceeded = "cache_quota_exceeded";
3989
3993
  const cacheErrorUnknown = "cache_error_unknown";
3990
3994
 
3991
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3995
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3992
3996
 
3993
3997
  /*
3994
3998
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4026,7 +4030,7 @@ function createCacheError(e) {
4026
4030
  }
4027
4031
  }
4028
4032
 
4029
- /*! @azure/msal-common v16.11.1 2026-07-07 */
4033
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
4030
4034
 
4031
4035
  /*
4032
4036
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5173,7 +5177,7 @@ class DefaultStorageClass extends CacheManager {
5173
5177
  }
5174
5178
  }
5175
5179
 
5176
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5180
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5177
5181
  /*
5178
5182
  * Copyright (c) Microsoft Corporation. All rights reserved.
5179
5183
  * Licensed under the MIT License.
@@ -5187,7 +5191,7 @@ class DefaultStorageClass extends CacheManager {
5187
5191
  const PerformanceEventStatus = {
5188
5192
  InProgress: 1};
5189
5193
 
5190
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5194
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5191
5195
 
5192
5196
  /*
5193
5197
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5245,7 +5249,7 @@ class StubPerformanceClient {
5245
5249
  }
5246
5250
  }
5247
5251
 
5248
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5252
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5249
5253
 
5250
5254
  /*
5251
5255
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5341,7 +5345,7 @@ function isOidcProtocolMode(config) {
5341
5345
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
5342
5346
  }
5343
5347
 
5344
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5348
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5345
5349
  /*
5346
5350
  * Copyright (c) Microsoft Corporation. All rights reserved.
5347
5351
  * Licensed under the MIT License.
@@ -5368,7 +5372,7 @@ function isOidcProtocolMode(config) {
5368
5372
  }
5369
5373
  }
5370
5374
 
5371
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5375
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5372
5376
 
5373
5377
  /*
5374
5378
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5448,7 +5452,7 @@ class PopTokenGenerator {
5448
5452
  }
5449
5453
  }
5450
5454
 
5451
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5455
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5452
5456
  /*
5453
5457
  * Copyright (c) Microsoft Corporation. All rights reserved.
5454
5458
  * Licensed under the MIT License.
@@ -5499,7 +5503,7 @@ const badToken = "bad_token";
5499
5503
  */
5500
5504
  const interruptedUser = "interrupted_user";
5501
5505
 
5502
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5506
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5503
5507
 
5504
5508
  /*
5505
5509
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5566,7 +5570,7 @@ function createInteractionRequiredAuthError(errorCode, correlationId, errorMessa
5566
5570
  return new InteractionRequiredAuthError(errorCode, correlationId, errorMessage);
5567
5571
  }
5568
5572
 
5569
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5573
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5570
5574
 
5571
5575
  /*
5572
5576
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5585,7 +5589,7 @@ class ServerError extends AuthError {
5585
5589
  }
5586
5590
  }
5587
5591
 
5588
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5592
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5589
5593
 
5590
5594
  /*
5591
5595
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5656,7 +5660,7 @@ function parseRequestState(base64Decode, state, correlationId) {
5656
5660
  }
5657
5661
  }
5658
5662
 
5659
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5663
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5660
5664
 
5661
5665
  /*
5662
5666
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6007,7 +6011,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6007
6011
  return baseAccount;
6008
6012
  }
6009
6013
 
6010
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6014
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6011
6015
  /*
6012
6016
  * Copyright (c) Microsoft Corporation. All rights reserved.
6013
6017
  * Licensed under the MIT License.
@@ -6017,7 +6021,7 @@ const CcsCredentialType = {
6017
6021
  UPN: "UPN",
6018
6022
  };
6019
6023
 
6020
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6024
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6021
6025
  /*
6022
6026
  * Copyright (c) Microsoft Corporation. All rights reserved.
6023
6027
  * Licensed under the MIT License.
@@ -6036,7 +6040,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint, fmiP
6036
6040
  }
6037
6041
  }
6038
6042
 
6039
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6043
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6040
6044
  /*
6041
6045
  * Copyright (c) Microsoft Corporation. All rights reserved.
6042
6046
  * Licensed under the MIT License.
@@ -6058,7 +6062,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
6058
6062
  };
6059
6063
  }
6060
6064
 
6061
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6065
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6062
6066
 
6063
6067
  /*
6064
6068
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6144,7 +6148,7 @@ class ThrottlingUtils {
6144
6148
  }
6145
6149
  }
6146
6150
 
6147
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6151
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6148
6152
 
6149
6153
  /*
6150
6154
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6175,7 +6179,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
6175
6179
  return new NetworkError(error, httpStatus, responseHeaders);
6176
6180
  }
6177
6181
 
6178
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6182
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6179
6183
 
6180
6184
  /*
6181
6185
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6291,7 +6295,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
6291
6295
  return response;
6292
6296
  }
6293
6297
 
6294
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6298
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6295
6299
 
6296
6300
  /*
6297
6301
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6548,7 +6552,7 @@ class AuthorizationCodeClient {
6548
6552
  }
6549
6553
  }
6550
6554
 
6551
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6555
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6552
6556
 
6553
6557
  /*
6554
6558
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6775,7 +6779,7 @@ function extractLoginHint(account) {
6775
6779
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6776
6780
  }
6777
6781
 
6778
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6782
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6779
6783
 
6780
6784
  /*
6781
6785
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6796,7 +6800,7 @@ function createJoseHeaderError(code, correlationId) {
6796
6800
  return new JoseHeaderError(code, correlationId);
6797
6801
  }
6798
6802
 
6799
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6803
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6800
6804
  /*
6801
6805
  * Copyright (c) Microsoft Corporation. All rights reserved.
6802
6806
  * Licensed under the MIT License.
@@ -6804,7 +6808,7 @@ function createJoseHeaderError(code, correlationId) {
6804
6808
  const missingKidError = "missing_kid_error";
6805
6809
  const missingAlgError = "missing_alg_error";
6806
6810
 
6807
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6811
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6808
6812
 
6809
6813
  /*
6810
6814
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6844,7 +6848,7 @@ class JoseHeader {
6844
6848
  }
6845
6849
  }
6846
6850
 
6847
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6851
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6848
6852
 
6849
6853
  /*
6850
6854
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7065,7 +7069,7 @@ class RefreshTokenClient {
7065
7069
  }
7066
7070
  }
7067
7071
 
7068
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7072
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7069
7073
 
7070
7074
  /*
7071
7075
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7358,7 +7362,7 @@ class StubServerTelemetryManager extends ServerTelemetryManager {
7358
7362
  clearNativeBrokerErrorCode() { }
7359
7363
  }
7360
7364
 
7361
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7365
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7362
7366
 
7363
7367
  /*
7364
7368
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7466,7 +7470,7 @@ class SilentFlowClient {
7466
7470
  }
7467
7471
  }
7468
7472
 
7469
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7473
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7470
7474
 
7471
7475
  /*
7472
7476
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7482,7 +7486,7 @@ const StubbedNetworkModule = {
7482
7486
  },
7483
7487
  };
7484
7488
 
7485
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7489
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7486
7490
 
7487
7491
  /*
7488
7492
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7910,7 +7914,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7910
7914
 
7911
7915
  /* eslint-disable header/header */
7912
7916
  const name = "@azure/msal-browser";
7913
- const version = "5.17.0";
7917
+ const version = "5.17.1";
7914
7918
 
7915
7919
  /*
7916
7920
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8581,6 +8585,7 @@ const postRequestFailed = "post_request_failed";
8581
8585
  const getRequestFailed = "get_request_failed";
8582
8586
  const failedToParseResponse = "failed_to_parse_response";
8583
8587
  const cryptoKeyNotFound = "crypto_key_not_found";
8588
+ const invalidPublicJwk = "invalid_public_jwk";
8584
8589
  const authCodeRequired = "auth_code_required";
8585
8590
  const authCodeOrNativeAccountIdRequired = "auth_code_or_nativeAccountId_required";
8586
8591
  const spaCodeAndNativeAccountIdPresent = "spa_code_and_nativeAccountId_present";
@@ -8902,6 +8907,12 @@ const AES_GCM = "AES-GCM";
8902
8907
  const HKDF = "HKDF";
8903
8908
  // SHA-256 hashing algorithm
8904
8909
  const S256_HASH_ALG = "SHA-256";
8910
+ const JSON_WEB_KEY_TYPE_EC = "EC";
8911
+ const JSON_WEB_KEY_TYPE_RSA = "RSA";
8912
+ const MISSING_JWK_KTY_SUBERROR = "missing_jwk_kty";
8913
+ const UNSUPPORTED_JWK_KTY_SUBERROR = "unsupported_jwk_kty";
8914
+ const MISSING_JWK_MEMBER_SUBERROR = "missing_jwk_member";
8915
+ const EMPTY_JWK_MEMBER_SUBERROR = "empty_jwk_member";
8905
8916
  // MOD length for PoP tokens
8906
8917
  const MODULUS_LENGTH = 2048;
8907
8918
  // Public Exponent
@@ -8918,12 +8929,15 @@ const DECRYPT = "decrypt";
8918
8929
  const DERIVE_KEY = "deriveKey";
8919
8930
  // Suberror
8920
8931
  const SUBTLE_SUBERROR = "crypto_subtle_undefined";
8921
- const keygenAlgorithmOptions = {
8932
+ const RSA_KEYGEN_ALGORITHM_OPTIONS = {
8922
8933
  name: PKCS1_V15_KEYGEN_ALG,
8923
8934
  hash: S256_HASH_ALG,
8924
8935
  modulusLength: MODULUS_LENGTH,
8925
8936
  publicExponent: PUBLIC_EXPONENT,
8926
8937
  };
8938
+ const RSA_SIGN_ALGORITHM_OPTIONS = {
8939
+ name: PKCS1_V15_KEYGEN_ALG,
8940
+ };
8927
8941
  /**
8928
8942
  * Check whether browser crypto is available.
8929
8943
  */
@@ -9007,12 +9021,13 @@ function createNewGuid() {
9007
9021
  return text;
9008
9022
  }
9009
9023
  /**
9010
- * Generates a keypair based on current keygen algorithm config.
9024
+ * Generates a keypair based on the provided algorithm config.
9011
9025
  * @param extractable
9012
9026
  * @param usages
9027
+ * @param algorithm
9013
9028
  */
9014
- async function generateKeyPair(extractable, usages) {
9015
- return window.crypto.subtle.generateKey(keygenAlgorithmOptions, extractable, usages);
9029
+ async function generateKeyPair(extractable, usages, algorithm) {
9030
+ return window.crypto.subtle.generateKey(algorithm, extractable, usages);
9016
9031
  }
9017
9032
  /**
9018
9033
  * Export key as Json Web Key (JWK)
@@ -9026,17 +9041,19 @@ async function exportJwk(key) {
9026
9041
  * @param key
9027
9042
  * @param extractable
9028
9043
  * @param usages
9044
+ * @param algorithm
9029
9045
  */
9030
- async function importJwk(key, extractable, usages) {
9031
- return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, keygenAlgorithmOptions, extractable, usages);
9046
+ async function importJwk(key, extractable, usages, algorithm) {
9047
+ return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, algorithm, extractable, usages);
9032
9048
  }
9033
9049
  /**
9034
- * Signs given data with given key
9050
+ * Signs given data with given key.
9035
9051
  * @param key
9036
9052
  * @param data
9053
+ * @param algorithm
9037
9054
  */
9038
- async function sign(key, data) {
9039
- return window.crypto.subtle.sign(keygenAlgorithmOptions, key, data);
9055
+ async function sign(key, data, algorithm) {
9056
+ return window.crypto.subtle.sign(algorithm, key, data);
9040
9057
  }
9041
9058
  /**
9042
9059
  * Generates Base64 encoded jwk used in the Encrypted Authorize Response (EAR) flow
@@ -9179,6 +9196,43 @@ async function hashString(plainText) {
9179
9196
  const hashBuffer = await sha256Digest(plainText);
9180
9197
  const hashBytes = new Uint8Array(hashBuffer);
9181
9198
  return urlEncodeArr(hashBytes);
9199
+ }
9200
+ const JWK_THUMBPRINT_REQUIRED_MEMBERS = {
9201
+ [JSON_WEB_KEY_TYPE_EC]: ["crv", "kty", "x", "y"],
9202
+ [JSON_WEB_KEY_TYPE_RSA]: ["e", "kty", "n"],
9203
+ };
9204
+ function getJwkThumbprintMembers(publicJwk) {
9205
+ const kty = publicJwk.kty;
9206
+ if (typeof kty !== "string" || kty.length === 0) {
9207
+ throw createBrowserAuthError(invalidPublicJwk, "", MISSING_JWK_KTY_SUBERROR);
9208
+ }
9209
+ const requiredMembers = JWK_THUMBPRINT_REQUIRED_MEMBERS[kty];
9210
+ if (!requiredMembers) {
9211
+ throw createBrowserAuthError(invalidPublicJwk, "", UNSUPPORTED_JWK_KTY_SUBERROR);
9212
+ }
9213
+ return requiredMembers.reduce((thumbprintMembers, memberName) => {
9214
+ const memberValue = publicJwk[memberName];
9215
+ if (typeof memberValue !== "string") {
9216
+ throw createBrowserAuthError(invalidPublicJwk, "", MISSING_JWK_MEMBER_SUBERROR);
9217
+ }
9218
+ if (memberValue.length === 0) {
9219
+ throw createBrowserAuthError(invalidPublicJwk, "", EMPTY_JWK_MEMBER_SUBERROR);
9220
+ }
9221
+ thumbprintMembers[memberName] = memberValue;
9222
+ return thumbprintMembers;
9223
+ }, {});
9224
+ }
9225
+ /**
9226
+ * Computes an RFC 7638 JWK thumbprint for a public key.
9227
+ * The required members for the JWK key type are serialised in lexicographic order
9228
+ * and the SHA-256 digest is returned as a base64url string.
9229
+ * @internal
9230
+ */
9231
+ async function computeJwkThumbprint(publicJwk) {
9232
+ const thumbprintMembers = getJwkThumbprintMembers(publicJwk);
9233
+ // RFC 7638 §3.3: use only required members, sorted lexicographically
9234
+ const thumbprintJson = JSON.stringify(thumbprintMembers, Object.keys(thumbprintMembers).sort());
9235
+ return hashString(thumbprintJson);
9182
9236
  }
9183
9237
 
9184
9238
  /*
@@ -14440,20 +14494,14 @@ class CryptoOps {
14440
14494
  async getPublicKeyThumbprint(request) {
14441
14495
  const publicKeyThumbMeasurement = this.performanceClient?.startMeasurement(CryptoOptsGetPublicKeyThumbprint, request.correlationId);
14442
14496
  // Generate Keypair
14443
- const keyPair = await generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES);
14497
+ const keyPair = await generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES, RSA_KEYGEN_ALGORITHM_OPTIONS);
14444
14498
  // Generate Thumbprint for Public Key
14445
14499
  const publicKeyJwk = await exportJwk(keyPair.publicKey);
14446
- const pubKeyThumprintObj = {
14447
- e: publicKeyJwk.e,
14448
- kty: publicKeyJwk.kty,
14449
- n: publicKeyJwk.n,
14450
- };
14451
- const publicJwkString = getSortedObjectString(pubKeyThumprintObj);
14452
- const publicJwkHash = await this.hashString(publicJwkString);
14500
+ const publicJwkHash = await computeJwkThumbprint(publicKeyJwk);
14453
14501
  // Generate Thumbprint for Private Key
14454
14502
  const privateKeyJwk = await exportJwk(keyPair.privateKey);
14455
14503
  // Re-import private key to make it unextractable
14456
- const unextractablePrivateKey = await importJwk(privateKeyJwk, false, ["sign"]);
14504
+ const unextractablePrivateKey = await importJwk(privateKeyJwk, false, ["sign"], RSA_KEYGEN_ALGORITHM_OPTIONS);
14457
14505
  // Store Keypair data in keystore
14458
14506
  await this.cache.setItem(publicJwkHash, {
14459
14507
  privateKey: unextractablePrivateKey,
@@ -14538,7 +14586,7 @@ class CryptoOps {
14538
14586
  // Sign token
14539
14587
  const encoder = new TextEncoder();
14540
14588
  const tokenBuffer = encoder.encode(tokenString);
14541
- const signatureBuffer = await sign(cachedKeyPair.privateKey, tokenBuffer);
14589
+ const signatureBuffer = await sign(cachedKeyPair.privateKey, tokenBuffer, RSA_SIGN_ALGORITHM_OPTIONS);
14542
14590
  const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer));
14543
14591
  const signedJwt = `${tokenString}.${encodedSignature}`;
14544
14592
  if (signJwtMeasurement) {