@azure/msal-browser 5.17.0 → 5.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.mjs +1 -1
  19. package/dist/config/Configuration.mjs +1 -1
  20. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  21. package/dist/controllers/StandardController.mjs +1 -1
  22. package/dist/crypto/BrowserCrypto.mjs +61 -12
  23. package/dist/crypto/BrowserCrypto.mjs.map +1 -1
  24. package/dist/crypto/CryptoOps.mjs +6 -12
  25. package/dist/crypto/CryptoOps.mjs.map +1 -1
  26. package/dist/crypto/PkceGenerator.mjs +1 -1
  27. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  28. package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
  29. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  30. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  31. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  32. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  33. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  34. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  35. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  48. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  49. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  50. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  51. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  52. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  53. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  54. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  55. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  56. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  57. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  58. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  59. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  60. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  61. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  62. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  63. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  64. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  65. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  66. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  67. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  70. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  71. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  72. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  73. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  75. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  77. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  81. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  82. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  83. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
  84. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  85. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  86. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  87. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  88. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  89. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  90. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  91. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  92. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  93. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  94. package/dist/custom_auth/index.mjs +1 -1
  95. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  96. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  97. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  98. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  99. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  100. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  101. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  102. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  103. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  104. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  105. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  106. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  107. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  108. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  109. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  110. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  111. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  112. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  113. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  114. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  115. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  116. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  119. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  120. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  121. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  122. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  123. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  124. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  125. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  126. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  127. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  128. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  129. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  130. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  133. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  134. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  135. package/dist/encode/Base64Decode.mjs +1 -1
  136. package/dist/encode/Base64Encode.mjs +1 -1
  137. package/dist/error/BrowserAuthError.mjs +1 -1
  138. package/dist/error/BrowserAuthErrorCodes.mjs +3 -2
  139. package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
  140. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  141. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  142. package/dist/error/NativeAuthError.mjs +1 -1
  143. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  144. package/dist/error/NestedAppAuthError.mjs +1 -1
  145. package/dist/event/EventHandler.mjs +1 -1
  146. package/dist/event/EventMessage.mjs +1 -1
  147. package/dist/event/EventType.mjs +1 -1
  148. package/dist/index.mjs +1 -1
  149. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  150. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  151. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  152. package/dist/interaction_client/PopupClient.mjs +1 -1
  153. package/dist/interaction_client/RedirectClient.mjs +1 -1
  154. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  155. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  156. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  157. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  158. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  159. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  160. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  161. package/dist/log-strings-mapping.json +2 -2
  162. package/dist/naa/BridgeError.mjs +1 -1
  163. package/dist/naa/BridgeProxy.mjs +1 -1
  164. package/dist/naa/BridgeStatusCode.mjs +1 -1
  165. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  166. package/dist/navigation/NavigationClient.mjs +1 -1
  167. package/dist/network/FetchClient.mjs +1 -1
  168. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  169. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  170. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  171. package/dist/packageMetadata.mjs +2 -2
  172. package/dist/popup_relay/constants.mjs +1 -1
  173. package/dist/popup_relay/index.mjs +1 -1
  174. package/dist/popup_relay/relayClient.mjs +1 -1
  175. package/dist/protocol/Authorize.mjs +1 -1
  176. package/dist/redirect_bridge/index.mjs +1 -1
  177. package/dist/request/RequestHelpers.mjs +1 -1
  178. package/dist/response/ResponseHandler.mjs +1 -1
  179. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  180. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  181. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  182. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  183. package/dist/utils/BrowserConstants.mjs +1 -1
  184. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  185. package/dist/utils/BrowserUtils.mjs +1 -1
  186. package/dist/utils/Helpers.mjs +1 -1
  187. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  188. package/lib/custom-auth-path/log-strings-mapping.json +2 -2
  189. package/lib/custom-auth-path/msal-custom-auth.cjs +134 -86
  190. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  191. package/lib/custom-auth-path/msal-custom-auth.js +134 -86
  192. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  193. package/lib/log-strings-mapping.json +2 -2
  194. package/lib/msal-browser.cjs +142 -89
  195. package/lib/msal-browser.cjs.map +1 -1
  196. package/lib/msal-browser.js +142 -89
  197. package/lib/msal-browser.js.map +1 -1
  198. package/lib/msal-browser.min.js +2 -2
  199. package/lib/popup-relay/msal-popup-relay.cjs +2 -2
  200. package/lib/popup-relay/msal-popup-relay.cjs.map +1 -1
  201. package/lib/popup-relay/msal-popup-relay.js +2 -2
  202. package/lib/popup-relay/msal-popup-relay.js.map +1 -1
  203. package/lib/popup-relay/msal-popup-relay.min.js +1 -1
  204. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  205. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  206. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  207. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  208. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  209. package/package.json +2 -2
  210. package/src/crypto/BrowserCrypto.ts +104 -9
  211. package/src/crypto/CryptoOps.ts +13 -12
  212. package/src/error/BrowserAuthErrorCodes.ts +1 -0
  213. package/src/packageMetadata.ts +1 -1
  214. package/types/crypto/BrowserCrypto.d.ts +19 -5
  215. package/types/crypto/BrowserCrypto.d.ts.map +1 -1
  216. package/types/crypto/CryptoOps.d.ts.map +1 -1
  217. package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  218. package/types/error/BrowserAuthErrorCodes.d.ts +1 -0
  219. package/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  220. package/types/packageMetadata.d.ts +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.17.0 2026-07-07 */
1
+ /*! @azure/msal-browser v5.17.1 2026-07-15 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -54,7 +54,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
54
54
  const RESOURCE = "resource";
55
55
  const CLI_DATA = "clidata";
56
56
 
57
- /*! @azure/msal-common v16.11.1 2026-07-07 */
57
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
58
58
  /*
59
59
  * Copyright (c) Microsoft Corporation. All rights reserved.
60
60
  * Licensed under the MIT License.
@@ -290,7 +290,7 @@ const JsonWebTokenTypes$1 = {
290
290
  // Token renewal offset default in seconds
291
291
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
292
292
 
293
- /*! @azure/msal-common v16.11.1 2026-07-07 */
293
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
294
294
  /*
295
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
296
296
  * Licensed under the MIT License.
@@ -319,7 +319,7 @@ function createAuthError(code, correlationId, additionalMessage) {
319
319
  return new AuthError(code, correlationId, additionalMessage || getDefaultErrorMessage$1(code));
320
320
  }
321
321
 
322
- /*! @azure/msal-common v16.11.1 2026-07-07 */
322
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
323
323
 
324
324
  /*
325
325
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -342,7 +342,7 @@ function createClientAuthError(errorCode, correlationId, additionalMessage) {
342
342
  return new ClientAuthError(errorCode, correlationId, additionalMessage);
343
343
  }
344
344
 
345
- /*! @azure/msal-common v16.11.1 2026-07-07 */
345
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
346
346
  /*
347
347
  * Copyright (c) Microsoft Corporation. All rights reserved.
348
348
  * Licensed under the MIT License.
@@ -426,7 +426,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
426
426
  userCanceled: userCanceled
427
427
  });
428
428
 
429
- /*! @azure/msal-common v16.11.1 2026-07-07 */
429
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
430
430
 
431
431
  /*
432
432
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -464,7 +464,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
464
464
  };
465
465
  }
466
466
 
467
- /*! @azure/msal-common v16.11.1 2026-07-07 */
467
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
468
468
 
469
469
  /*
470
470
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -530,7 +530,7 @@ function getJWSPayload(authToken, correlationId) {
530
530
  return matches[2];
531
531
  }
532
532
 
533
- /*! @azure/msal-common v16.11.1 2026-07-07 */
533
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
534
534
 
535
535
  /*
536
536
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -618,7 +618,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
618
618
  return updatedAccountInfo;
619
619
  }
620
620
 
621
- /*! @azure/msal-common v16.11.1 2026-07-07 */
621
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
622
622
  /*
623
623
  * Copyright (c) Microsoft Corporation. All rights reserved.
624
624
  * Licensed under the MIT License.
@@ -633,7 +633,7 @@ const AuthorityType = {
633
633
  Ciam: 3,
634
634
  };
635
635
 
636
- /*! @azure/msal-common v16.11.1 2026-07-07 */
636
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
637
637
  /*
638
638
  * Copyright (c) Microsoft Corporation. All rights reserved.
639
639
  * Licensed under the MIT License.
@@ -655,7 +655,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
655
655
  return null;
656
656
  }
657
657
 
658
- /*! @azure/msal-common v16.11.1 2026-07-07 */
658
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
659
659
  /*
660
660
  * Copyright (c) Microsoft Corporation. All rights reserved.
661
661
  * Licensed under the MIT License.
@@ -679,7 +679,7 @@ const ProtocolMode = {
679
679
  EAR: "EAR",
680
680
  };
681
681
 
682
- /*! @azure/msal-common v16.11.1 2026-07-07 */
682
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
683
683
  /**
684
684
  * Returns the AccountInfo interface for this account.
685
685
  * @internal
@@ -868,7 +868,7 @@ function isAccountEntity(entity) {
868
868
  entity.hasOwnProperty("authorityType"));
869
869
  }
870
870
 
871
- /*! @azure/msal-common v16.11.1 2026-07-07 */
871
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
872
872
  /*
873
873
  * Copyright (c) Microsoft Corporation. All rights reserved.
874
874
  * Licensed under the MIT License.
@@ -885,7 +885,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
885
885
  unexpectedError: unexpectedError
886
886
  });
887
887
 
888
- /*! @azure/msal-common v16.11.1 2026-07-07 */
888
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
889
889
 
890
890
  /*
891
891
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -905,7 +905,7 @@ function createClientConfigurationError(errorCode, correlationId) {
905
905
  return new ClientConfigurationError(errorCode, correlationId);
906
906
  }
907
907
 
908
- /*! @azure/msal-common v16.11.1 2026-07-07 */
908
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
909
909
  /*
910
910
  * Copyright (c) Microsoft Corporation. All rights reserved.
911
911
  * Licensed under the MIT License.
@@ -934,7 +934,9 @@ const authorityMismatch = "authority_mismatch";
934
934
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
935
935
  const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
936
936
  const issuerValidationFailed = "issuer_validation_failed";
937
- const invalidResponseMode = "invalid_response_mode";
937
+ const invalidResponseMode = "invalid_response_mode";
938
+ const invalidDpopHtm = "invalid_dpop_htm";
939
+ const invalidDpopHtu = "invalid_dpop_htu";
938
940
 
939
941
  var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
940
942
  __proto__: null,
@@ -949,6 +951,8 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
949
951
  invalidClaims: invalidClaims,
950
952
  invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
951
953
  invalidCodeChallengeMethod: invalidCodeChallengeMethod,
954
+ invalidDpopHtm: invalidDpopHtm,
955
+ invalidDpopHtu: invalidDpopHtu,
952
956
  invalidPlatformBrokerConfiguration: invalidPlatformBrokerConfiguration,
953
957
  invalidRequestMethodForEAR: invalidRequestMethodForEAR,
954
958
  invalidResponseMode: invalidResponseMode,
@@ -965,7 +969,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
965
969
  urlParseError: urlParseError
966
970
  });
967
971
 
968
- /*! @azure/msal-common v16.11.1 2026-07-07 */
972
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
969
973
 
970
974
  /*
971
975
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1023,7 +1027,7 @@ class AuthenticationHeaderParser {
1023
1027
  }
1024
1028
  }
1025
1029
 
1026
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1030
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1027
1031
  /*
1028
1032
  * Copyright (c) Microsoft Corporation. All rights reserved.
1029
1033
  * Licensed under the MIT License.
@@ -1035,7 +1039,7 @@ function isOpenIdConfigResponse(response) {
1035
1039
  response.hasOwnProperty("jwks_uri"));
1036
1040
  }
1037
1041
 
1038
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1042
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1039
1043
  /*
1040
1044
  * Copyright (c) Microsoft Corporation. All rights reserved.
1041
1045
  * Licensed under the MIT License.
@@ -1115,7 +1119,7 @@ class StringUtils {
1115
1119
  }
1116
1120
  }
1117
1121
 
1118
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1122
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1119
1123
 
1120
1124
  /*
1121
1125
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1273,7 +1277,7 @@ class UrlString {
1273
1277
  }
1274
1278
  }
1275
1279
 
1276
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1280
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1277
1281
 
1278
1282
  /*
1279
1283
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1439,7 +1443,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1439
1443
  return null;
1440
1444
  }
1441
1445
 
1442
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1446
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1443
1447
  /*
1444
1448
  * Copyright (c) Microsoft Corporation. All rights reserved.
1445
1449
  * Licensed under the MIT License.
@@ -1459,7 +1463,7 @@ const AzureCloudInstance = {
1459
1463
  AzureUsGovernment: "https://login.microsoftonline.us",
1460
1464
  };
1461
1465
 
1462
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1466
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1463
1467
  /*
1464
1468
  * Copyright (c) Microsoft Corporation. All rights reserved.
1465
1469
  * Licensed under the MIT License.
@@ -1469,7 +1473,7 @@ function isCloudInstanceDiscoveryResponse(response) {
1469
1473
  response.hasOwnProperty("metadata"));
1470
1474
  }
1471
1475
 
1472
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1476
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1473
1477
  /*
1474
1478
  * Copyright (c) Microsoft Corporation. All rights reserved.
1475
1479
  * Licensed under the MIT License.
@@ -1479,7 +1483,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
1479
1483
  response.hasOwnProperty("error_description"));
1480
1484
  }
1481
1485
 
1482
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1486
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1483
1487
  /*
1484
1488
  * Copyright (c) Microsoft Corporation. All rights reserved.
1485
1489
  * Licensed under the MIT License.
@@ -1550,7 +1554,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
1550
1554
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
1551
1555
  const SetUserData = "setUserData";
1552
1556
 
1553
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1557
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1554
1558
  /*
1555
1559
  * Copyright (c) Microsoft Corporation. All rights reserved.
1556
1560
  * Licensed under the MIT License.
@@ -1643,7 +1647,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
1643
1647
  };
1644
1648
  };
1645
1649
 
1646
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1650
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1647
1651
 
1648
1652
  /*
1649
1653
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1754,7 +1758,7 @@ RegionDiscovery.IMDS_OPTIONS = {
1754
1758
  },
1755
1759
  };
1756
1760
 
1757
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1761
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1758
1762
  /*
1759
1763
  * Copyright (c) Microsoft Corporation. All rights reserved.
1760
1764
  * Licensed under the MIT License.
@@ -1819,7 +1823,7 @@ function wasClockTurnedBack(cachedAt) {
1819
1823
  return cachedAtSec > nowSeconds();
1820
1824
  }
1821
1825
 
1822
- /*! @azure/msal-common v16.11.1 2026-07-07 */
1826
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
1823
1827
 
1824
1828
  /*
1825
1829
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2086,7 +2090,7 @@ function isAuthorityMetadataExpired(metadata) {
2086
2090
  return metadata.expiresAt <= nowSeconds();
2087
2091
  }
2088
2092
 
2089
- /*! @azure/msal-common v16.11.1 2026-07-07 */
2093
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
2090
2094
 
2091
2095
  /*
2092
2096
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3056,7 +3060,7 @@ function buildStaticAuthorityOptions(authOptions) {
3056
3060
  };
3057
3061
  }
3058
3062
 
3059
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3063
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3060
3064
 
3061
3065
  /*
3062
3066
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3090,7 +3094,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
3090
3094
  }
3091
3095
  }
3092
3096
 
3093
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3097
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3094
3098
 
3095
3099
  /*
3096
3100
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3286,7 +3290,7 @@ class ScopeSet {
3286
3290
  }
3287
3291
  }
3288
3292
 
3289
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3293
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3290
3294
 
3291
3295
  /*
3292
3296
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3701,7 +3705,7 @@ function addResource(parameters, resource) {
3701
3705
  }
3702
3706
  }
3703
3707
 
3704
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3708
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3705
3709
 
3706
3710
  /*
3707
3711
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3823,12 +3827,16 @@ function validateUrl(url, logger, correlationId) {
3823
3827
  }
3824
3828
  }
3825
3829
 
3826
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3830
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3827
3831
 
3828
3832
  /*
3829
3833
  * Copyright (c) Microsoft Corporation. All rights reserved.
3830
3834
  * Licensed under the MIT License.
3831
3835
  */
3836
+ /**
3837
+ * Default crypto implementation used when a platform-specific implementation has
3838
+ * not been provided.
3839
+ */
3832
3840
  const DEFAULT_CRYPTO_IMPLEMENTATION = {
3833
3841
  createNewGuid: () => {
3834
3842
  throw createClientAuthError(methodNotImplemented, "");
@@ -3862,7 +3870,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
3862
3870
  },
3863
3871
  };
3864
3872
 
3865
- /*! @azure/msal-common v16.11.1 2026-07-07 */
3873
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
3866
3874
  /*
3867
3875
  * Copyright (c) Microsoft Corporation. All rights reserved.
3868
3876
  * Licensed under the MIT License.
@@ -4151,12 +4159,12 @@ class Logger {
4151
4159
  }
4152
4160
  }
4153
4161
 
4154
- /*! @azure/msal-common v16.11.1 2026-07-07 */
4162
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
4155
4163
  /* eslint-disable header/header */
4156
4164
  const name$1 = "@azure/msal-common";
4157
- const version$1 = "16.11.1";
4165
+ const version$1 = "16.11.2";
4158
4166
 
4159
- /*! @azure/msal-common v16.11.1 2026-07-07 */
4167
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
4160
4168
  /*
4161
4169
  * Copyright (c) Microsoft Corporation. All rights reserved.
4162
4170
  * Licensed under the MIT License.
@@ -4164,7 +4172,7 @@ const version$1 = "16.11.1";
4164
4172
  const cacheQuotaExceeded = "cache_quota_exceeded";
4165
4173
  const cacheErrorUnknown = "cache_error_unknown";
4166
4174
 
4167
- /*! @azure/msal-common v16.11.1 2026-07-07 */
4175
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
4168
4176
 
4169
4177
  /*
4170
4178
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4202,7 +4210,7 @@ function createCacheError(e) {
4202
4210
  }
4203
4211
  }
4204
4212
 
4205
- /*! @azure/msal-common v16.11.1 2026-07-07 */
4213
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
4206
4214
 
4207
4215
  /*
4208
4216
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5350,7 +5358,7 @@ class DefaultStorageClass extends CacheManager {
5350
5358
  }
5351
5359
  }
5352
5360
 
5353
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5361
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5354
5362
  /*
5355
5363
  * Copyright (c) Microsoft Corporation. All rights reserved.
5356
5364
  * Licensed under the MIT License.
@@ -5414,7 +5422,7 @@ const IntFields = new Set([
5414
5422
  "redirectBridgeMessageVersion",
5415
5423
  ]);
5416
5424
 
5417
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5425
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5418
5426
 
5419
5427
  /*
5420
5428
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5472,7 +5480,7 @@ class StubPerformanceClient {
5472
5480
  }
5473
5481
  }
5474
5482
 
5475
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5483
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5476
5484
 
5477
5485
  /*
5478
5486
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5568,7 +5576,7 @@ function isOidcProtocolMode(config) {
5568
5576
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
5569
5577
  }
5570
5578
 
5571
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5579
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5572
5580
  /*
5573
5581
  * Copyright (c) Microsoft Corporation. All rights reserved.
5574
5582
  * Licensed under the MIT License.
@@ -5595,7 +5603,7 @@ function isOidcProtocolMode(config) {
5595
5603
  }
5596
5604
  }
5597
5605
 
5598
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5606
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5599
5607
 
5600
5608
  /*
5601
5609
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5675,7 +5683,7 @@ class PopTokenGenerator {
5675
5683
  }
5676
5684
  }
5677
5685
 
5678
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5686
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5679
5687
  /*
5680
5688
  * Copyright (c) Microsoft Corporation. All rights reserved.
5681
5689
  * Licensed under the MIT License.
@@ -5739,7 +5747,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
5739
5747
  uiNotAllowed: uiNotAllowed
5740
5748
  });
5741
5749
 
5742
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5750
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5743
5751
 
5744
5752
  /*
5745
5753
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5806,7 +5814,7 @@ function createInteractionRequiredAuthError(errorCode, correlationId, errorMessa
5806
5814
  return new InteractionRequiredAuthError(errorCode, correlationId, errorMessage);
5807
5815
  }
5808
5816
 
5809
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5817
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5810
5818
 
5811
5819
  /*
5812
5820
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5825,7 +5833,7 @@ class ServerError extends AuthError {
5825
5833
  }
5826
5834
  }
5827
5835
 
5828
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5836
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5829
5837
 
5830
5838
  /*
5831
5839
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5896,7 +5904,7 @@ function parseRequestState(base64Decode, state, correlationId) {
5896
5904
  }
5897
5905
  }
5898
5906
 
5899
- /*! @azure/msal-common v16.11.1 2026-07-07 */
5907
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
5900
5908
 
5901
5909
  /*
5902
5910
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6247,7 +6255,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
6247
6255
  return baseAccount;
6248
6256
  }
6249
6257
 
6250
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6258
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6251
6259
  /*
6252
6260
  * Copyright (c) Microsoft Corporation. All rights reserved.
6253
6261
  * Licensed under the MIT License.
@@ -6257,7 +6265,7 @@ const CcsCredentialType = {
6257
6265
  UPN: "UPN",
6258
6266
  };
6259
6267
 
6260
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6268
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6261
6269
  /*
6262
6270
  * Copyright (c) Microsoft Corporation. All rights reserved.
6263
6271
  * Licensed under the MIT License.
@@ -6276,7 +6284,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint, fmiP
6276
6284
  }
6277
6285
  }
6278
6286
 
6279
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6287
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6280
6288
  /*
6281
6289
  * Copyright (c) Microsoft Corporation. All rights reserved.
6282
6290
  * Licensed under the MIT License.
@@ -6298,7 +6306,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
6298
6306
  };
6299
6307
  }
6300
6308
 
6301
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6309
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6302
6310
 
6303
6311
  /*
6304
6312
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6384,7 +6392,7 @@ class ThrottlingUtils {
6384
6392
  }
6385
6393
  }
6386
6394
 
6387
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6395
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6388
6396
 
6389
6397
  /*
6390
6398
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6415,7 +6423,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
6415
6423
  return new NetworkError(error, httpStatus, responseHeaders);
6416
6424
  }
6417
6425
 
6418
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6426
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6419
6427
 
6420
6428
  /*
6421
6429
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6531,7 +6539,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
6531
6539
  return response;
6532
6540
  }
6533
6541
 
6534
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6542
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6535
6543
 
6536
6544
  /*
6537
6545
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6788,7 +6796,7 @@ class AuthorizationCodeClient {
6788
6796
  }
6789
6797
  }
6790
6798
 
6791
- /*! @azure/msal-common v16.11.1 2026-07-07 */
6799
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
6792
6800
 
6793
6801
  /*
6794
6802
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7015,7 +7023,7 @@ function extractLoginHint(account) {
7015
7023
  return account.loginHint || account.idTokenClaims?.login_hint || null;
7016
7024
  }
7017
7025
 
7018
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7026
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7019
7027
 
7020
7028
  /*
7021
7029
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7036,7 +7044,7 @@ function createJoseHeaderError(code, correlationId) {
7036
7044
  return new JoseHeaderError(code, correlationId);
7037
7045
  }
7038
7046
 
7039
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7047
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7040
7048
  /*
7041
7049
  * Copyright (c) Microsoft Corporation. All rights reserved.
7042
7050
  * Licensed under the MIT License.
@@ -7044,7 +7052,7 @@ function createJoseHeaderError(code, correlationId) {
7044
7052
  const missingKidError = "missing_kid_error";
7045
7053
  const missingAlgError = "missing_alg_error";
7046
7054
 
7047
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7055
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7048
7056
 
7049
7057
  /*
7050
7058
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7084,7 +7092,7 @@ class JoseHeader {
7084
7092
  }
7085
7093
  }
7086
7094
 
7087
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7095
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7088
7096
 
7089
7097
  /*
7090
7098
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7633,7 +7641,7 @@ class PerformanceClient {
7633
7641
  }
7634
7642
  }
7635
7643
 
7636
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7644
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7637
7645
 
7638
7646
  /*
7639
7647
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7854,7 +7862,7 @@ class RefreshTokenClient {
7854
7862
  }
7855
7863
  }
7856
7864
 
7857
- /*! @azure/msal-common v16.11.1 2026-07-07 */
7865
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
7858
7866
 
7859
7867
  /*
7860
7868
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8147,7 +8155,7 @@ class StubServerTelemetryManager extends ServerTelemetryManager {
8147
8155
  clearNativeBrokerErrorCode() { }
8148
8156
  }
8149
8157
 
8150
- /*! @azure/msal-common v16.11.1 2026-07-07 */
8158
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
8151
8159
 
8152
8160
  /*
8153
8161
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8255,7 +8263,7 @@ class SilentFlowClient {
8255
8263
  }
8256
8264
  }
8257
8265
 
8258
- /*! @azure/msal-common v16.11.1 2026-07-07 */
8266
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
8259
8267
 
8260
8268
  /*
8261
8269
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8271,7 +8279,7 @@ const StubbedNetworkModule = {
8271
8279
  },
8272
8280
  };
8273
8281
 
8274
- /*! @azure/msal-common v16.11.1 2026-07-07 */
8282
+ /*! @azure/msal-common v16.11.2 2026-07-15 */
8275
8283
 
8276
8284
  /*
8277
8285
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8474,6 +8482,7 @@ const getRequestFailed = "get_request_failed";
8474
8482
  const failedToParseResponse = "failed_to_parse_response";
8475
8483
  const unableToLoadToken = "unable_to_load_token";
8476
8484
  const cryptoKeyNotFound = "crypto_key_not_found";
8485
+ const invalidPublicJwk = "invalid_public_jwk";
8477
8486
  const authCodeRequired = "auth_code_required";
8478
8487
  const authCodeOrNativeAccountIdRequired = "auth_code_or_nativeAccountId_required";
8479
8488
  const spaCodeAndNativeAccountIdPresent = "spa_code_and_nativeAccountId_present";
@@ -8521,6 +8530,7 @@ var BrowserAuthErrorCodes = /*#__PURE__*/Object.freeze({
8521
8530
  invalidBase64String: invalidBase64String,
8522
8531
  invalidCacheType: invalidCacheType,
8523
8532
  invalidPopTokenRequest: invalidPopTokenRequest,
8533
+ invalidPublicJwk: invalidPublicJwk,
8524
8534
  nativeConnectionNotEstablished: nativeConnectionNotEstablished,
8525
8535
  nativeExtensionNotInstalled: nativeExtensionNotInstalled,
8526
8536
  nativeHandshakeTimeout: nativeHandshakeTimeout,
@@ -8883,6 +8893,12 @@ const AES_GCM = "AES-GCM";
8883
8893
  const HKDF = "HKDF";
8884
8894
  // SHA-256 hashing algorithm
8885
8895
  const S256_HASH_ALG = "SHA-256";
8896
+ const JSON_WEB_KEY_TYPE_EC = "EC";
8897
+ const JSON_WEB_KEY_TYPE_RSA = "RSA";
8898
+ const MISSING_JWK_KTY_SUBERROR = "missing_jwk_kty";
8899
+ const UNSUPPORTED_JWK_KTY_SUBERROR = "unsupported_jwk_kty";
8900
+ const MISSING_JWK_MEMBER_SUBERROR = "missing_jwk_member";
8901
+ const EMPTY_JWK_MEMBER_SUBERROR = "empty_jwk_member";
8886
8902
  // MOD length for PoP tokens
8887
8903
  const MODULUS_LENGTH = 2048;
8888
8904
  // Public Exponent
@@ -8899,12 +8915,15 @@ const DECRYPT = "decrypt";
8899
8915
  const DERIVE_KEY = "deriveKey";
8900
8916
  // Suberror
8901
8917
  const SUBTLE_SUBERROR = "crypto_subtle_undefined";
8902
- const keygenAlgorithmOptions = {
8918
+ const RSA_KEYGEN_ALGORITHM_OPTIONS = {
8903
8919
  name: PKCS1_V15_KEYGEN_ALG,
8904
8920
  hash: S256_HASH_ALG,
8905
8921
  modulusLength: MODULUS_LENGTH,
8906
8922
  publicExponent: PUBLIC_EXPONENT,
8907
8923
  };
8924
+ const RSA_SIGN_ALGORITHM_OPTIONS = {
8925
+ name: PKCS1_V15_KEYGEN_ALG,
8926
+ };
8908
8927
  /**
8909
8928
  * Check whether browser crypto is available.
8910
8929
  */
@@ -8988,12 +9007,13 @@ function createNewGuid() {
8988
9007
  return text;
8989
9008
  }
8990
9009
  /**
8991
- * Generates a keypair based on current keygen algorithm config.
9010
+ * Generates a keypair based on the provided algorithm config.
8992
9011
  * @param extractable
8993
9012
  * @param usages
9013
+ * @param algorithm
8994
9014
  */
8995
- async function generateKeyPair(extractable, usages) {
8996
- return window.crypto.subtle.generateKey(keygenAlgorithmOptions, extractable, usages);
9015
+ async function generateKeyPair(extractable, usages, algorithm) {
9016
+ return window.crypto.subtle.generateKey(algorithm, extractable, usages);
8997
9017
  }
8998
9018
  /**
8999
9019
  * Export key as Json Web Key (JWK)
@@ -9007,17 +9027,19 @@ async function exportJwk(key) {
9007
9027
  * @param key
9008
9028
  * @param extractable
9009
9029
  * @param usages
9030
+ * @param algorithm
9010
9031
  */
9011
- async function importJwk(key, extractable, usages) {
9012
- return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, keygenAlgorithmOptions, extractable, usages);
9032
+ async function importJwk(key, extractable, usages, algorithm) {
9033
+ return window.crypto.subtle.importKey(KEY_FORMAT_JWK, key, algorithm, extractable, usages);
9013
9034
  }
9014
9035
  /**
9015
- * Signs given data with given key
9036
+ * Signs given data with given key.
9016
9037
  * @param key
9017
9038
  * @param data
9039
+ * @param algorithm
9018
9040
  */
9019
- async function sign(key, data) {
9020
- return window.crypto.subtle.sign(keygenAlgorithmOptions, key, data);
9041
+ async function sign(key, data, algorithm) {
9042
+ return window.crypto.subtle.sign(algorithm, key, data);
9021
9043
  }
9022
9044
  /**
9023
9045
  * Generates Base64 encoded jwk used in the Encrypted Authorize Response (EAR) flow
@@ -9160,6 +9182,43 @@ async function hashString(plainText) {
9160
9182
  const hashBuffer = await sha256Digest(plainText);
9161
9183
  const hashBytes = new Uint8Array(hashBuffer);
9162
9184
  return urlEncodeArr(hashBytes);
9185
+ }
9186
+ const JWK_THUMBPRINT_REQUIRED_MEMBERS = {
9187
+ [JSON_WEB_KEY_TYPE_EC]: ["crv", "kty", "x", "y"],
9188
+ [JSON_WEB_KEY_TYPE_RSA]: ["e", "kty", "n"],
9189
+ };
9190
+ function getJwkThumbprintMembers(publicJwk) {
9191
+ const kty = publicJwk.kty;
9192
+ if (typeof kty !== "string" || kty.length === 0) {
9193
+ throw createBrowserAuthError(invalidPublicJwk, "", MISSING_JWK_KTY_SUBERROR);
9194
+ }
9195
+ const requiredMembers = JWK_THUMBPRINT_REQUIRED_MEMBERS[kty];
9196
+ if (!requiredMembers) {
9197
+ throw createBrowserAuthError(invalidPublicJwk, "", UNSUPPORTED_JWK_KTY_SUBERROR);
9198
+ }
9199
+ return requiredMembers.reduce((thumbprintMembers, memberName) => {
9200
+ const memberValue = publicJwk[memberName];
9201
+ if (typeof memberValue !== "string") {
9202
+ throw createBrowserAuthError(invalidPublicJwk, "", MISSING_JWK_MEMBER_SUBERROR);
9203
+ }
9204
+ if (memberValue.length === 0) {
9205
+ throw createBrowserAuthError(invalidPublicJwk, "", EMPTY_JWK_MEMBER_SUBERROR);
9206
+ }
9207
+ thumbprintMembers[memberName] = memberValue;
9208
+ return thumbprintMembers;
9209
+ }, {});
9210
+ }
9211
+ /**
9212
+ * Computes an RFC 7638 JWK thumbprint for a public key.
9213
+ * The required members for the JWK key type are serialised in lexicographic order
9214
+ * and the SHA-256 digest is returned as a base64url string.
9215
+ * @internal
9216
+ */
9217
+ async function computeJwkThumbprint(publicJwk) {
9218
+ const thumbprintMembers = getJwkThumbprintMembers(publicJwk);
9219
+ // RFC 7638 §3.3: use only required members, sorted lexicographically
9220
+ const thumbprintJson = JSON.stringify(thumbprintMembers, Object.keys(thumbprintMembers).sort());
9221
+ return hashString(thumbprintJson);
9163
9222
  }
9164
9223
 
9165
9224
  /*
@@ -10015,20 +10074,14 @@ class CryptoOps {
10015
10074
  async getPublicKeyThumbprint(request) {
10016
10075
  const publicKeyThumbMeasurement = this.performanceClient?.startMeasurement(CryptoOptsGetPublicKeyThumbprint, request.correlationId);
10017
10076
  // Generate Keypair
10018
- const keyPair = await generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES);
10077
+ const keyPair = await generateKeyPair(CryptoOps.EXTRACTABLE, CryptoOps.POP_KEY_USAGES, RSA_KEYGEN_ALGORITHM_OPTIONS);
10019
10078
  // Generate Thumbprint for Public Key
10020
10079
  const publicKeyJwk = await exportJwk(keyPair.publicKey);
10021
- const pubKeyThumprintObj = {
10022
- e: publicKeyJwk.e,
10023
- kty: publicKeyJwk.kty,
10024
- n: publicKeyJwk.n,
10025
- };
10026
- const publicJwkString = getSortedObjectString(pubKeyThumprintObj);
10027
- const publicJwkHash = await this.hashString(publicJwkString);
10080
+ const publicJwkHash = await computeJwkThumbprint(publicKeyJwk);
10028
10081
  // Generate Thumbprint for Private Key
10029
10082
  const privateKeyJwk = await exportJwk(keyPair.privateKey);
10030
10083
  // Re-import private key to make it unextractable
10031
- const unextractablePrivateKey = await importJwk(privateKeyJwk, false, ["sign"]);
10084
+ const unextractablePrivateKey = await importJwk(privateKeyJwk, false, ["sign"], RSA_KEYGEN_ALGORITHM_OPTIONS);
10032
10085
  // Store Keypair data in keystore
10033
10086
  await this.cache.setItem(publicJwkHash, {
10034
10087
  privateKey: unextractablePrivateKey,
@@ -10113,7 +10166,7 @@ class CryptoOps {
10113
10166
  // Sign token
10114
10167
  const encoder = new TextEncoder();
10115
10168
  const tokenBuffer = encoder.encode(tokenString);
10116
- const signatureBuffer = await sign(cachedKeyPair.privateKey, tokenBuffer);
10169
+ const signatureBuffer = await sign(cachedKeyPair.privateKey, tokenBuffer, RSA_SIGN_ALGORITHM_OPTIONS);
10117
10170
  const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer));
10118
10171
  const signedJwt = `${tokenString}.${encodedSignature}`;
10119
10172
  if (signJwtMeasurement) {
@@ -10729,7 +10782,7 @@ const EventType = {
10729
10782
 
10730
10783
  /* eslint-disable header/header */
10731
10784
  const name = "@azure/msal-browser";
10732
- const version = "5.17.0";
10785
+ const version = "5.17.1";
10733
10786
 
10734
10787
  /*
10735
10788
  * Copyright (c) Microsoft Corporation. All rights reserved.