@azure/msal-browser 5.3.0 → 5.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (291) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.d.ts.map +1 -1
  19. package/dist/cache/TokenCache.mjs +9 -9
  20. package/dist/cache/TokenCache.mjs.map +1 -1
  21. package/dist/config/Configuration.mjs +1 -1
  22. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  23. package/dist/controllers/StandardController.mjs +1 -1
  24. package/dist/crypto/BrowserCrypto.mjs +1 -1
  25. package/dist/crypto/CryptoOps.mjs +1 -1
  26. package/dist/crypto/PkceGenerator.mjs +1 -1
  27. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  28. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  29. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  30. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  31. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  32. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  33. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  34. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  35. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  36. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  37. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  38. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  39. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  40. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  41. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  42. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  43. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  44. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  45. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  46. package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
  47. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  48. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  49. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  50. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  51. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  52. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  53. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  54. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  55. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  56. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  57. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  58. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  59. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  60. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  61. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  62. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  63. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  157. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  158. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  159. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  160. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  161. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  162. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  163. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  164. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  165. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  166. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  167. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  168. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  169. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  170. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  171. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  172. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  173. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  174. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  175. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  176. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  177. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  178. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  179. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  180. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  181. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  182. package/dist/custom-auth-path/log-strings-mapping.json +2 -2
  183. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  184. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  185. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  186. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  187. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  188. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  189. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  190. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  191. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  192. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  193. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  194. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  195. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  196. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  197. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  198. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  199. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  200. package/dist/encode/Base64Decode.mjs +1 -1
  201. package/dist/encode/Base64Encode.mjs +1 -1
  202. package/dist/error/BrowserAuthError.mjs +1 -1
  203. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  204. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  205. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  206. package/dist/error/NativeAuthError.mjs +1 -1
  207. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  208. package/dist/error/NestedAppAuthError.mjs +1 -1
  209. package/dist/event/EventHandler.mjs +1 -1
  210. package/dist/event/EventMessage.mjs +1 -1
  211. package/dist/event/EventType.mjs +1 -1
  212. package/dist/index.mjs +1 -1
  213. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  214. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  215. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  216. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  217. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  218. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  219. package/dist/interaction_client/PopupClient.mjs +1 -1
  220. package/dist/interaction_client/RedirectClient.mjs +1 -1
  221. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  222. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  223. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  224. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  225. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  226. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  227. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  228. package/dist/log-strings-mapping.json +10 -10
  229. package/dist/naa/BridgeError.mjs +1 -1
  230. package/dist/naa/BridgeProxy.mjs +1 -1
  231. package/dist/naa/BridgeStatusCode.mjs +1 -1
  232. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  233. package/dist/navigation/NavigationClient.mjs +1 -1
  234. package/dist/network/FetchClient.mjs +1 -1
  235. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  236. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  237. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  238. package/dist/packageMetadata.d.ts +1 -1
  239. package/dist/packageMetadata.mjs +2 -2
  240. package/dist/protocol/Authorize.mjs +1 -1
  241. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  242. package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
  243. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  244. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  245. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  246. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  247. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  248. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  249. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  250. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  251. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  252. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  253. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  254. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  255. package/dist/request/RequestHelpers.mjs +1 -1
  256. package/dist/response/ResponseHandler.mjs +1 -1
  257. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  258. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  259. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  260. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  261. package/dist/utils/BrowserConstants.mjs +1 -1
  262. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  263. package/dist/utils/BrowserUtils.mjs +1 -1
  264. package/dist/utils/Helpers.mjs +1 -1
  265. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  266. package/lib/custom-auth-path/log-strings-mapping.json +2 -2
  267. package/lib/custom-auth-path/msal-custom-auth.cjs +525 -520
  268. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  269. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  270. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  271. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  272. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  273. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  274. package/lib/log-strings-mapping.json +10 -10
  275. package/lib/msal-browser.cjs +607 -548
  276. package/lib/msal-browser.cjs.map +1 -1
  277. package/lib/msal-browser.js +607 -548
  278. package/lib/msal-browser.js.map +1 -1
  279. package/lib/msal-browser.min.js +2 -2
  280. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  281. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  282. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  283. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  284. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  285. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  286. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  287. package/lib/types/packageMetadata.d.ts +1 -1
  288. package/package.json +2 -2
  289. package/src/cache/TokenCache.ts +27 -24
  290. package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
  291. package/src/packageMetadata.ts +1 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.3.0 2026-02-24 */
1
+ /*! @azure/msal-browser v5.4.1 2026-04-01 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.1.0 2026-02-24 */
9
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -238,7 +238,7 @@
238
238
  // Token renewal offset default in seconds
239
239
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
240
240
 
241
- /*! @azure/msal-common v16.1.0 2026-02-24 */
241
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
242
242
  /*
243
243
  * Copyright (c) Microsoft Corporation. All rights reserved.
244
244
  * Licensed under the MIT License.
@@ -288,7 +288,7 @@
288
288
  const EAR_JWK = "ear_jwk";
289
289
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
290
290
 
291
- /*! @azure/msal-common v16.1.0 2026-02-24 */
291
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
292
292
  /*
293
293
  * Copyright (c) Microsoft Corporation. All rights reserved.
294
294
  * Licensed under the MIT License.
@@ -319,7 +319,7 @@
319
319
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
320
320
  }
321
321
 
322
- /*! @azure/msal-common v16.1.0 2026-02-24 */
322
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
323
323
 
324
324
  /*
325
325
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -339,7 +339,7 @@
339
339
  return new ClientConfigurationError(errorCode);
340
340
  }
341
341
 
342
- /*! @azure/msal-common v16.1.0 2026-02-24 */
342
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
343
343
  /*
344
344
  * Copyright (c) Microsoft Corporation. All rights reserved.
345
345
  * Licensed under the MIT License.
@@ -419,7 +419,7 @@
419
419
  }
420
420
  }
421
421
 
422
- /*! @azure/msal-common v16.1.0 2026-02-24 */
422
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
423
423
 
424
424
  /*
425
425
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -442,7 +442,7 @@
442
442
  return new ClientAuthError(errorCode, additionalMessage);
443
443
  }
444
444
 
445
- /*! @azure/msal-common v16.1.0 2026-02-24 */
445
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
446
446
  /*
447
447
  * Copyright (c) Microsoft Corporation. All rights reserved.
448
448
  * Licensed under the MIT License.
@@ -496,7 +496,7 @@
496
496
  urlParseError: urlParseError
497
497
  });
498
498
 
499
- /*! @azure/msal-common v16.1.0 2026-02-24 */
499
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
500
500
  /*
501
501
  * Copyright (c) Microsoft Corporation. All rights reserved.
502
502
  * Licensed under the MIT License.
@@ -580,7 +580,7 @@
580
580
  userCanceled: userCanceled
581
581
  });
582
582
 
583
- /*! @azure/msal-common v16.1.0 2026-02-24 */
583
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
584
584
 
585
585
  /*
586
586
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -775,7 +775,7 @@
775
775
  }
776
776
  }
777
777
 
778
- /*! @azure/msal-common v16.1.0 2026-02-24 */
778
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
779
779
 
780
780
  /*
781
781
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1142,7 +1142,7 @@
1142
1142
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1143
1143
  }
1144
1144
 
1145
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1145
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1146
1146
 
1147
1147
  /*
1148
1148
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1251,7 +1251,7 @@
1251
1251
  }
1252
1252
  }
1253
1253
 
1254
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1254
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1255
1255
 
1256
1256
  /*
1257
1257
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1290,7 +1290,7 @@
1290
1290
  },
1291
1291
  };
1292
1292
 
1293
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1293
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1294
1294
  /*
1295
1295
  * Copyright (c) Microsoft Corporation. All rights reserved.
1296
1296
  * Licensed under the MIT License.
@@ -1565,12 +1565,12 @@
1565
1565
  }
1566
1566
  }
1567
1567
 
1568
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1568
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1569
1569
  /* eslint-disable header/header */
1570
1570
  const name$1 = "@azure/msal-common";
1571
- const version$1 = "16.1.0";
1571
+ const version$1 = "16.2.1";
1572
1572
 
1573
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1573
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1574
1574
  /*
1575
1575
  * Copyright (c) Microsoft Corporation. All rights reserved.
1576
1576
  * Licensed under the MIT License.
@@ -1590,7 +1590,7 @@
1590
1590
  AzureUsGovernment: "https://login.microsoftonline.us",
1591
1591
  };
1592
1592
 
1593
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1593
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1594
1594
  /*
1595
1595
  * Copyright (c) Microsoft Corporation. All rights reserved.
1596
1596
  * Licensed under the MIT License.
@@ -1672,7 +1672,7 @@
1672
1672
  return updatedAccountInfo;
1673
1673
  }
1674
1674
 
1675
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1675
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1676
1676
 
1677
1677
  /*
1678
1678
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1752,7 +1752,7 @@
1752
1752
  }
1753
1753
  }
1754
1754
 
1755
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1755
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1756
1756
 
1757
1757
  /*
1758
1758
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1909,7 +1909,7 @@
1909
1909
  }
1910
1910
  }
1911
1911
 
1912
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1912
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1913
1913
 
1914
1914
  /*
1915
1915
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2066,7 +2066,7 @@
2066
2066
  return null;
2067
2067
  }
2068
2068
 
2069
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2069
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2070
2070
  /*
2071
2071
  * Copyright (c) Microsoft Corporation. All rights reserved.
2072
2072
  * Licensed under the MIT License.
@@ -2074,7 +2074,7 @@
2074
2074
  const cacheQuotaExceeded = "cache_quota_exceeded";
2075
2075
  const cacheErrorUnknown = "cache_error_unknown";
2076
2076
 
2077
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2077
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2078
2078
 
2079
2079
  /*
2080
2080
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2112,7 +2112,7 @@
2112
2112
  }
2113
2113
  }
2114
2114
 
2115
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2115
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2116
2116
 
2117
2117
  /*
2118
2118
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2150,7 +2150,7 @@
2150
2150
  };
2151
2151
  }
2152
2152
 
2153
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2153
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2154
2154
  /*
2155
2155
  * Copyright (c) Microsoft Corporation. All rights reserved.
2156
2156
  * Licensed under the MIT License.
@@ -2165,7 +2165,7 @@
2165
2165
  Ciam: 3,
2166
2166
  };
2167
2167
 
2168
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2168
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2169
2169
  /*
2170
2170
  * Copyright (c) Microsoft Corporation. All rights reserved.
2171
2171
  * Licensed under the MIT License.
@@ -2187,7 +2187,7 @@
2187
2187
  return null;
2188
2188
  }
2189
2189
 
2190
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2190
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2191
2191
  /*
2192
2192
  * Copyright (c) Microsoft Corporation. All rights reserved.
2193
2193
  * Licensed under the MIT License.
@@ -2211,7 +2211,7 @@
2211
2211
  EAR: "EAR",
2212
2212
  };
2213
2213
 
2214
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2214
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2215
2215
  /**
2216
2216
  * Returns the AccountInfo interface for this account.
2217
2217
  */
@@ -2386,7 +2386,7 @@
2386
2386
  entity.hasOwnProperty("authorityType"));
2387
2387
  }
2388
2388
 
2389
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2389
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2390
2390
 
2391
2391
  /*
2392
2392
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3483,7 +3483,7 @@
3483
3483
  }
3484
3484
  }
3485
3485
 
3486
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3486
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3487
3487
  /*
3488
3488
  * Copyright (c) Microsoft Corporation. All rights reserved.
3489
3489
  * Licensed under the MIT License.
@@ -3498,6 +3498,12 @@
3498
3498
  InProgress: 1,
3499
3499
  Completed: 2,
3500
3500
  };
3501
+ /**
3502
+ * Prefix used to mark telemetry field names as dynamic.
3503
+ * Fields with this prefix in addFields/incrementFields calls will be routed
3504
+ * to the PerformanceEvent.ext sub-object.
3505
+ */
3506
+ const EXT_FIELD_PREFIX = "ext.";
3501
3507
  const IntFields = new Set([
3502
3508
  "accessTokenSize",
3503
3509
  "durationMs",
@@ -3522,9 +3528,10 @@
3522
3528
  "currRefreshCount",
3523
3529
  "expiredCacheRemovedCount",
3524
3530
  "upgradedCacheCount",
3531
+ "cacheMatchedAccounts",
3525
3532
  ]);
3526
3533
 
3527
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3534
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3528
3535
 
3529
3536
  /*
3530
3537
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3579,7 +3586,7 @@
3579
3586
  }
3580
3587
  }
3581
3588
 
3582
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3589
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3583
3590
 
3584
3591
  /*
3585
3592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3673,291 +3680,358 @@
3673
3680
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3674
3681
  }
3675
3682
 
3676
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3677
-
3683
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3678
3684
  /*
3679
3685
  * Copyright (c) Microsoft Corporation. All rights reserved.
3680
3686
  * Licensed under the MIT License.
3681
3687
  */
3682
3688
  /**
3683
- * Error thrown when there is an error with the server code, for example, unavailability.
3684
- */
3685
- class ServerError extends AuthError {
3686
- constructor(errorCode, errorMessage, subError, errorNo, status) {
3687
- super(errorCode, errorMessage, subError);
3688
- this.name = "ServerError";
3689
- this.errorNo = errorNo;
3690
- this.status = status;
3691
- Object.setPrototypeOf(this, ServerError.prototype);
3689
+ * This class instance helps track the memory changes facilitating
3690
+ * decisions to read from and write to the persistent cache
3691
+ */ class TokenCacheContext {
3692
+ constructor(tokenCache, hasChanged) {
3693
+ this.cache = tokenCache;
3694
+ this.hasChanged = hasChanged;
3695
+ }
3696
+ /**
3697
+ * boolean which indicates the changes in cache
3698
+ */
3699
+ get cacheHasChanged() {
3700
+ return this.hasChanged;
3701
+ }
3702
+ /**
3703
+ * function to retrieve the token cache
3704
+ */
3705
+ get tokenCache() {
3706
+ return this.cache;
3692
3707
  }
3693
3708
  }
3694
3709
 
3695
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3710
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3696
3711
  /*
3697
3712
  * Copyright (c) Microsoft Corporation. All rights reserved.
3698
3713
  * Licensed under the MIT License.
3699
3714
  */
3700
3715
  /**
3701
- * MSAL-defined interaction required error code indicating no tokens are found in cache.
3702
- * @public
3703
- */
3704
- const noTokensFound = "no_tokens_found";
3705
- /**
3706
- * MSAL-defined error code indicating a native account is unavailable on the platform.
3707
- * @public
3708
- */
3709
- const nativeAccountUnavailable = "native_account_unavailable";
3710
- /**
3711
- * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
3712
- * @public
3716
+ * Utility functions for managing date and time operations.
3713
3717
  */
3714
- const refreshTokenExpired = "refresh_token_expired";
3715
3718
  /**
3716
- * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
3717
- * @public
3719
+ * return the current time in Unix time (seconds).
3718
3720
  */
3719
- const uxNotAllowed = "ux_not_allowed";
3721
+ function nowSeconds() {
3722
+ // Date.getTime() returns in milliseconds.
3723
+ return Math.round(new Date().getTime() / 1000.0);
3724
+ }
3720
3725
  /**
3721
- * Server-originated error code indicating interaction is required to complete the request.
3722
- * @public
3726
+ * Converts JS Date object to seconds
3727
+ * @param date Date
3723
3728
  */
3724
- const interactionRequired = "interaction_required";
3729
+ function toSecondsFromDate(date) {
3730
+ // Convert date to seconds
3731
+ return date.getTime() / 1000;
3732
+ }
3725
3733
  /**
3726
- * Server-originated error code indicating user consent is required.
3727
- * @public
3734
+ * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3735
+ * @param seconds
3728
3736
  */
3729
- const consentRequired = "consent_required";
3737
+ function toDateFromSeconds(seconds) {
3738
+ if (seconds) {
3739
+ return new Date(Number(seconds) * 1000);
3740
+ }
3741
+ return new Date();
3742
+ }
3730
3743
  /**
3731
- * Server-originated error code indicating user login is required.
3732
- * @public
3744
+ * check if a token is expired based on given UTC time in seconds.
3745
+ * @param expiresOn
3733
3746
  */
3734
- const loginRequired = "login_required";
3747
+ function isTokenExpired(expiresOn, offset) {
3748
+ // check for access token expiry
3749
+ const expirationSec = Number(expiresOn) || 0;
3750
+ const offsetCurrentTimeSec = nowSeconds() + offset;
3751
+ // If current time + offset is greater than token expiration time, then token is expired.
3752
+ return offsetCurrentTimeSec > expirationSec;
3753
+ }
3735
3754
  /**
3736
- * Server-originated error code indicating the token is invalid or corrupted.
3737
- * @public
3755
+ * Checks if a cache entry is expired based on the last updated time and cache retention days.
3756
+ * @param lastUpdatedAt
3757
+ * @param cacheRetentionDays
3758
+ * @returns
3738
3759
  */
3739
- const badToken = "bad_token";
3760
+ function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3761
+ const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3762
+ return Date.now() > cacheExpirationTimestamp;
3763
+ }
3740
3764
  /**
3741
- * Server-originated error code indicating the user is in an interrupted state and interaction is required.
3742
- * @public
3765
+ * If the current time is earlier than the time that a token was cached at, we must discard the token
3766
+ * i.e. The system clock was turned back after acquiring the cached token
3767
+ * @param cachedAt
3768
+ * @param offset
3743
3769
  */
3744
- const interruptedUser = "interrupted_user";
3745
-
3746
- var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
3747
- __proto__: null,
3748
- badToken: badToken,
3749
- consentRequired: consentRequired,
3750
- interactionRequired: interactionRequired,
3751
- interruptedUser: interruptedUser,
3752
- loginRequired: loginRequired,
3753
- nativeAccountUnavailable: nativeAccountUnavailable,
3754
- noTokensFound: noTokensFound,
3755
- refreshTokenExpired: refreshTokenExpired,
3756
- uxNotAllowed: uxNotAllowed
3757
- });
3770
+ function wasClockTurnedBack(cachedAt) {
3771
+ const cachedAtSec = Number(cachedAt);
3772
+ return cachedAtSec > nowSeconds();
3773
+ }
3758
3774
 
3759
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3775
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3760
3776
 
3761
3777
  /*
3762
3778
  * Copyright (c) Microsoft Corporation. All rights reserved.
3763
3779
  * Licensed under the MIT License.
3764
3780
  */
3765
3781
  /**
3766
- * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
3782
+ * Create IdTokenEntity
3783
+ * @param homeAccountId
3784
+ * @param authenticationResult
3785
+ * @param clientId
3786
+ * @param authority
3767
3787
  */
3768
- const InteractionRequiredServerErrorMessage = [
3769
- interactionRequired,
3770
- consentRequired,
3771
- loginRequired,
3772
- badToken,
3773
- uxNotAllowed,
3774
- interruptedUser,
3775
- ];
3776
- const InteractionRequiredAuthSubErrorMessage = [
3777
- "message_only",
3778
- "additional_action",
3779
- "basic_action",
3780
- "user_password_expired",
3781
- "consent_required",
3782
- "bad_token",
3783
- "ux_not_allowed",
3784
- "interrupted_user",
3785
- ];
3788
+ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
3789
+ const idTokenEntity = {
3790
+ credentialType: CredentialType.ID_TOKEN,
3791
+ homeAccountId: homeAccountId,
3792
+ environment: environment,
3793
+ clientId: clientId,
3794
+ secret: idToken,
3795
+ realm: tenantId,
3796
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3797
+ };
3798
+ return idTokenEntity;
3799
+ }
3786
3800
  /**
3787
- * Error thrown when user interaction is required.
3801
+ * Create AccessTokenEntity
3802
+ * @param homeAccountId
3803
+ * @param environment
3804
+ * @param accessToken
3805
+ * @param clientId
3806
+ * @param tenantId
3807
+ * @param scopes
3808
+ * @param expiresOn
3809
+ * @param extExpiresOn
3788
3810
  */
3789
- class InteractionRequiredAuthError extends AuthError {
3790
- constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
3791
- super(errorCode, errorMessage, subError);
3792
- Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
3793
- this.timestamp = timestamp || "";
3794
- this.traceId = traceId || "";
3795
- this.correlationId = correlationId || "";
3796
- this.claims = claims || "";
3797
- this.name = "InteractionRequiredAuthError";
3798
- this.errorNo = errorNo;
3811
+ function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
3812
+ const atEntity = {
3813
+ homeAccountId: homeAccountId,
3814
+ credentialType: CredentialType.ACCESS_TOKEN,
3815
+ secret: accessToken,
3816
+ cachedAt: nowSeconds().toString(),
3817
+ expiresOn: expiresOn.toString(),
3818
+ extendedExpiresOn: extExpiresOn.toString(),
3819
+ environment: environment,
3820
+ clientId: clientId,
3821
+ realm: tenantId,
3822
+ target: scopes,
3823
+ tokenType: tokenType || AuthenticationScheme$1.BEARER,
3824
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3825
+ };
3826
+ if (userAssertionHash) {
3827
+ atEntity.userAssertionHash = userAssertionHash;
3828
+ }
3829
+ if (refreshOn) {
3830
+ atEntity.refreshOn = refreshOn.toString();
3831
+ }
3832
+ /*
3833
+ * Create Access Token With Auth Scheme instead of regular access token
3834
+ * Cast to lower to handle "bearer" from ADFS
3835
+ */
3836
+ if (atEntity.tokenType?.toLowerCase() !==
3837
+ AuthenticationScheme$1.BEARER.toLowerCase()) {
3838
+ atEntity.credentialType =
3839
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
3840
+ switch (atEntity.tokenType) {
3841
+ case AuthenticationScheme$1.POP:
3842
+ // Make sure keyId is present and add it to credential
3843
+ const tokenClaims = extractTokenClaims(accessToken, base64Decode);
3844
+ if (!tokenClaims?.cnf?.kid) {
3845
+ throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
3846
+ }
3847
+ atEntity.keyId = tokenClaims.cnf.kid;
3848
+ break;
3849
+ case AuthenticationScheme$1.SSH:
3850
+ atEntity.keyId = keyId;
3851
+ }
3799
3852
  }
3853
+ return atEntity;
3800
3854
  }
3801
3855
  /**
3802
- * Helper function used to determine if an error thrown by the server requires interaction to resolve
3803
- * @param errorCode
3804
- * @param errorString
3805
- * @param subError
3856
+ * Create RefreshTokenEntity
3857
+ * @param homeAccountId
3858
+ * @param authenticationResult
3859
+ * @param clientId
3860
+ * @param authority
3806
3861
  */
3807
- function isInteractionRequiredError(errorCode, errorString, subError) {
3808
- const isInteractionRequiredErrorCode = !!errorCode &&
3809
- InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
3810
- const isInteractionRequiredSubError = !!subError &&
3811
- InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
3812
- const isInteractionRequiredErrorDesc = !!errorString &&
3813
- InteractionRequiredServerErrorMessage.some((irErrorCode) => {
3814
- return errorString.indexOf(irErrorCode) > -1;
3815
- });
3816
- return (isInteractionRequiredErrorCode ||
3817
- isInteractionRequiredErrorDesc ||
3818
- isInteractionRequiredSubError);
3862
+ function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
3863
+ const rtEntity = {
3864
+ credentialType: CredentialType.REFRESH_TOKEN,
3865
+ homeAccountId: homeAccountId,
3866
+ environment: environment,
3867
+ clientId: clientId,
3868
+ secret: refreshToken,
3869
+ lastUpdatedAt: Date.now().toString(),
3870
+ };
3871
+ if (userAssertionHash) {
3872
+ rtEntity.userAssertionHash = userAssertionHash;
3873
+ }
3874
+ if (familyId) {
3875
+ rtEntity.familyId = familyId;
3876
+ }
3877
+ if (expiresOn) {
3878
+ rtEntity.expiresOn = expiresOn.toString();
3879
+ }
3880
+ return rtEntity;
3881
+ }
3882
+ function isCredentialEntity(entity) {
3883
+ return (entity.hasOwnProperty("homeAccountId") &&
3884
+ entity.hasOwnProperty("environment") &&
3885
+ entity.hasOwnProperty("credentialType") &&
3886
+ entity.hasOwnProperty("clientId") &&
3887
+ entity.hasOwnProperty("secret"));
3819
3888
  }
3820
3889
  /**
3821
- * Creates an InteractionRequiredAuthError
3822
- */
3823
- function createInteractionRequiredAuthError(errorCode, errorMessage) {
3824
- return new InteractionRequiredAuthError(errorCode, errorMessage);
3825
- }
3826
-
3827
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3828
-
3829
- /*
3830
- * Copyright (c) Microsoft Corporation. All rights reserved.
3831
- * Licensed under the MIT License.
3890
+ * Validates an entity: checks for all expected params
3891
+ * @param entity
3832
3892
  */
3893
+ function isAccessTokenEntity(entity) {
3894
+ if (!entity) {
3895
+ return false;
3896
+ }
3897
+ return (isCredentialEntity(entity) &&
3898
+ entity.hasOwnProperty("realm") &&
3899
+ entity.hasOwnProperty("target") &&
3900
+ (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
3901
+ entity["credentialType"] ===
3902
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
3903
+ }
3833
3904
  /**
3834
- * Appends user state with random guid, or returns random guid.
3835
- * @param cryptoObj
3836
- * @param userState
3837
- * @param meta
3905
+ * Validates an entity: checks for all expected params
3906
+ * @param entity
3838
3907
  */
3839
- function setRequestState(cryptoObj, userState, meta) {
3840
- const libraryState = generateLibraryState(cryptoObj, meta);
3841
- return userState
3842
- ? `${libraryState}${RESOURCE_DELIM}${userState}`
3843
- : libraryState;
3908
+ function isIdTokenEntity(entity) {
3909
+ if (!entity) {
3910
+ return false;
3911
+ }
3912
+ return (isCredentialEntity(entity) &&
3913
+ entity.hasOwnProperty("realm") &&
3914
+ entity["credentialType"] === CredentialType.ID_TOKEN);
3844
3915
  }
3845
3916
  /**
3846
- * Generates the state value used by the common library.
3847
- * @param cryptoObj
3848
- * @param meta
3917
+ * Validates an entity: checks for all expected params
3918
+ * @param entity
3849
3919
  */
3850
- function generateLibraryState(cryptoObj, meta) {
3851
- if (!cryptoObj) {
3852
- throw createClientAuthError(noCryptoObject);
3853
- }
3854
- // Create a state object containing a unique id and the timestamp of the request creation
3855
- const stateObj = {
3856
- id: cryptoObj.createNewGuid(),
3857
- };
3858
- if (meta) {
3859
- stateObj.meta = meta;
3920
+ function isRefreshTokenEntity(entity) {
3921
+ if (!entity) {
3922
+ return false;
3860
3923
  }
3861
- const stateString = JSON.stringify(stateObj);
3862
- return cryptoObj.base64Encode(stateString);
3924
+ return (isCredentialEntity(entity) &&
3925
+ entity["credentialType"] === CredentialType.REFRESH_TOKEN);
3863
3926
  }
3864
3927
  /**
3865
- * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
3866
- * @param base64Decode
3867
- * @param state
3928
+ * validates if a given cache entry is "Telemetry", parses <key,value>
3929
+ * @param key
3930
+ * @param entity
3868
3931
  */
3869
- function parseRequestState(base64Decode, state) {
3870
- if (!base64Decode) {
3871
- throw createClientAuthError(noCryptoObject);
3872
- }
3873
- if (!state) {
3874
- throw createClientAuthError(invalidState);
3875
- }
3876
- try {
3877
- // Split the state between library state and user passed state and decode them separately
3878
- const splitState = state.split(RESOURCE_DELIM);
3879
- const libraryState = splitState[0];
3880
- const userState = splitState.length > 1
3881
- ? splitState.slice(1).join(RESOURCE_DELIM)
3882
- : "";
3883
- const libraryStateString = base64Decode(libraryState);
3884
- const libraryStateObj = JSON.parse(libraryStateString);
3885
- return {
3886
- userRequestState: userState || "",
3887
- libraryState: libraryStateObj,
3888
- };
3889
- }
3890
- catch (e) {
3891
- throw createClientAuthError(invalidState);
3932
+ function isServerTelemetryEntity(key, entity) {
3933
+ const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
3934
+ let validateEntity = true;
3935
+ if (entity) {
3936
+ validateEntity =
3937
+ entity.hasOwnProperty("failedRequests") &&
3938
+ entity.hasOwnProperty("errors") &&
3939
+ entity.hasOwnProperty("cacheHits");
3892
3940
  }
3893
- }
3894
-
3895
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3896
- /*
3897
- * Copyright (c) Microsoft Corporation. All rights reserved.
3898
- * Licensed under the MIT License.
3899
- */
3941
+ return validateKey && validateEntity;
3942
+ }
3900
3943
  /**
3901
- * Utility functions for managing date and time operations.
3944
+ * validates if a given cache entry is "Throttling", parses <key,value>
3945
+ * @param key
3946
+ * @param entity
3902
3947
  */
3948
+ function isThrottlingEntity(key, entity) {
3949
+ let validateKey = false;
3950
+ if (key) {
3951
+ validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
3952
+ }
3953
+ let validateEntity = true;
3954
+ if (entity) {
3955
+ validateEntity = entity.hasOwnProperty("throttleTime");
3956
+ }
3957
+ return validateKey && validateEntity;
3958
+ }
3903
3959
  /**
3904
- * return the current time in Unix time (seconds).
3960
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
3905
3961
  */
3906
- function nowSeconds() {
3907
- // Date.getTime() returns in milliseconds.
3908
- return Math.round(new Date().getTime() / 1000.0);
3962
+ function generateAppMetadataKey({ environment, clientId, }) {
3963
+ const appMetaDataKeyArray = [
3964
+ APP_METADATA,
3965
+ environment,
3966
+ clientId,
3967
+ ];
3968
+ return appMetaDataKeyArray
3969
+ .join(CACHE_KEY_SEPARATOR$1)
3970
+ .toLowerCase();
3909
3971
  }
3910
- /**
3911
- * Converts JS Date object to seconds
3912
- * @param date Date
3972
+ /*
3973
+ * Validates an entity: checks for all expected params
3974
+ * @param entity
3913
3975
  */
3914
- function toSecondsFromDate(date) {
3915
- // Convert date to seconds
3916
- return date.getTime() / 1000;
3976
+ function isAppMetadataEntity(key, entity) {
3977
+ if (!entity) {
3978
+ return false;
3979
+ }
3980
+ return (key.indexOf(APP_METADATA) === 0 &&
3981
+ entity.hasOwnProperty("clientId") &&
3982
+ entity.hasOwnProperty("environment"));
3917
3983
  }
3918
3984
  /**
3919
- * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3920
- * @param seconds
3985
+ * Validates an entity: checks for all expected params
3986
+ * @param entity
3921
3987
  */
3922
- function toDateFromSeconds(seconds) {
3923
- if (seconds) {
3924
- return new Date(Number(seconds) * 1000);
3988
+ function isAuthorityMetadataEntity(key, entity) {
3989
+ if (!entity) {
3990
+ return false;
3925
3991
  }
3926
- return new Date();
3992
+ return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
3993
+ entity.hasOwnProperty("aliases") &&
3994
+ entity.hasOwnProperty("preferred_cache") &&
3995
+ entity.hasOwnProperty("preferred_network") &&
3996
+ entity.hasOwnProperty("canonical_authority") &&
3997
+ entity.hasOwnProperty("authorization_endpoint") &&
3998
+ entity.hasOwnProperty("token_endpoint") &&
3999
+ entity.hasOwnProperty("issuer") &&
4000
+ entity.hasOwnProperty("aliasesFromNetwork") &&
4001
+ entity.hasOwnProperty("endpointsFromNetwork") &&
4002
+ entity.hasOwnProperty("expiresAt") &&
4003
+ entity.hasOwnProperty("jwks_uri"));
3927
4004
  }
3928
4005
  /**
3929
- * check if a token is expired based on given UTC time in seconds.
3930
- * @param expiresOn
4006
+ * Reset the exiresAt value
3931
4007
  */
3932
- function isTokenExpired(expiresOn, offset) {
3933
- // check for access token expiry
3934
- const expirationSec = Number(expiresOn) || 0;
3935
- const offsetCurrentTimeSec = nowSeconds() + offset;
3936
- // If current time + offset is greater than token expiration time, then token is expired.
3937
- return offsetCurrentTimeSec > expirationSec;
4008
+ function generateAuthorityMetadataExpiresAt() {
4009
+ return (nowSeconds() +
4010
+ AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
3938
4011
  }
3939
- /**
3940
- * Checks if a cache entry is expired based on the last updated time and cache retention days.
3941
- * @param lastUpdatedAt
3942
- * @param cacheRetentionDays
3943
- * @returns
3944
- */
3945
- function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3946
- const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3947
- return Date.now() > cacheExpirationTimestamp;
4012
+ function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4013
+ authorityMetadata.authorization_endpoint =
4014
+ updatedValues.authorization_endpoint;
4015
+ authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4016
+ authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4017
+ authorityMetadata.issuer = updatedValues.issuer;
4018
+ authorityMetadata.endpointsFromNetwork = fromNetwork;
4019
+ authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4020
+ }
4021
+ function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4022
+ authorityMetadata.aliases = updatedValues.aliases;
4023
+ authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4024
+ authorityMetadata.preferred_network = updatedValues.preferred_network;
4025
+ authorityMetadata.aliasesFromNetwork = fromNetwork;
3948
4026
  }
3949
4027
  /**
3950
- * If the current time is earlier than the time that a token was cached at, we must discard the token
3951
- * i.e. The system clock was turned back after acquiring the cached token
3952
- * @param cachedAt
3953
- * @param offset
4028
+ * Returns whether or not the data needs to be refreshed
3954
4029
  */
3955
- function wasClockTurnedBack(cachedAt) {
3956
- const cachedAtSec = Number(cachedAt);
3957
- return cachedAtSec > nowSeconds();
4030
+ function isAuthorityMetadataExpired(metadata) {
4031
+ return metadata.expiresAt <= nowSeconds();
3958
4032
  }
3959
4033
 
3960
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4034
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3961
4035
  /*
3962
4036
  * Copyright (c) Microsoft Corporation. All rights reserved.
3963
4037
  * Licensed under the MIT License.
@@ -4028,7 +4102,7 @@
4028
4102
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4029
4103
  const SetUserData = "setUserData";
4030
4104
 
4031
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4105
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4032
4106
  /*
4033
4107
  * Copyright (c) Microsoft Corporation. All rights reserved.
4034
4108
  * Licensed under the MIT License.
@@ -4051,8 +4125,7 @@
4051
4125
  const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId);
4052
4126
  if (correlationId) {
4053
4127
  // Track number of times this API is called in a single request
4054
- const eventCount = eventName + "CallCount";
4055
- telemetryClient.incrementFields({ [eventCount]: 1 }, correlationId);
4128
+ telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId);
4056
4129
  }
4057
4130
  try {
4058
4131
  const result = callback(...args);
@@ -4096,8 +4169,7 @@
4096
4169
  const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId);
4097
4170
  if (correlationId) {
4098
4171
  // Track number of times this API is called in a single request
4099
- const eventCount = eventName + "CallCount";
4100
- telemetryClient.incrementFields({ [eventCount]: 1 }, correlationId);
4172
+ telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId);
4101
4173
  }
4102
4174
  return callback(...args)
4103
4175
  .then((response) => {
@@ -4123,7 +4195,7 @@
4123
4195
  };
4124
4196
  };
4125
4197
 
4126
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4198
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4127
4199
 
4128
4200
  /*
4129
4201
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4203,293 +4275,226 @@
4203
4275
  }
4204
4276
  }
4205
4277
 
4206
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4278
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4207
4279
  /*
4208
4280
  * Copyright (c) Microsoft Corporation. All rights reserved.
4209
4281
  * Licensed under the MIT License.
4210
4282
  */
4211
4283
  /**
4212
- * This class instance helps track the memory changes facilitating
4213
- * decisions to read from and write to the persistent cache
4214
- */ class TokenCacheContext {
4215
- constructor(tokenCache, hasChanged) {
4216
- this.cache = tokenCache;
4217
- this.hasChanged = hasChanged;
4218
- }
4219
- /**
4220
- * boolean which indicates the changes in cache
4221
- */
4222
- get cacheHasChanged() {
4223
- return this.hasChanged;
4224
- }
4225
- /**
4226
- * function to retrieve the token cache
4227
- */
4228
- get tokenCache() {
4229
- return this.cache;
4230
- }
4231
- }
4232
-
4233
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4234
-
4235
- /*
4236
- * Copyright (c) Microsoft Corporation. All rights reserved.
4237
- * Licensed under the MIT License.
4284
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
4285
+ * @public
4238
4286
  */
4287
+ const noTokensFound = "no_tokens_found";
4239
4288
  /**
4240
- * Create IdTokenEntity
4241
- * @param homeAccountId
4242
- * @param authenticationResult
4243
- * @param clientId
4244
- * @param authority
4289
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
4290
+ * @public
4245
4291
  */
4246
- function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
4247
- const idTokenEntity = {
4248
- credentialType: CredentialType.ID_TOKEN,
4249
- homeAccountId: homeAccountId,
4250
- environment: environment,
4251
- clientId: clientId,
4252
- secret: idToken,
4253
- realm: tenantId,
4254
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4255
- };
4256
- return idTokenEntity;
4257
- }
4292
+ const nativeAccountUnavailable = "native_account_unavailable";
4258
4293
  /**
4259
- * Create AccessTokenEntity
4260
- * @param homeAccountId
4261
- * @param environment
4262
- * @param accessToken
4263
- * @param clientId
4264
- * @param tenantId
4265
- * @param scopes
4266
- * @param expiresOn
4267
- * @param extExpiresOn
4294
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
4295
+ * @public
4268
4296
  */
4269
- function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
4270
- const atEntity = {
4271
- homeAccountId: homeAccountId,
4272
- credentialType: CredentialType.ACCESS_TOKEN,
4273
- secret: accessToken,
4274
- cachedAt: nowSeconds().toString(),
4275
- expiresOn: expiresOn.toString(),
4276
- extendedExpiresOn: extExpiresOn.toString(),
4277
- environment: environment,
4278
- clientId: clientId,
4279
- realm: tenantId,
4280
- target: scopes,
4281
- tokenType: tokenType || AuthenticationScheme$1.BEARER,
4282
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4283
- };
4284
- if (userAssertionHash) {
4285
- atEntity.userAssertionHash = userAssertionHash;
4286
- }
4287
- if (refreshOn) {
4288
- atEntity.refreshOn = refreshOn.toString();
4289
- }
4290
- /*
4291
- * Create Access Token With Auth Scheme instead of regular access token
4292
- * Cast to lower to handle "bearer" from ADFS
4293
- */
4294
- if (atEntity.tokenType?.toLowerCase() !==
4295
- AuthenticationScheme$1.BEARER.toLowerCase()) {
4296
- atEntity.credentialType =
4297
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
4298
- switch (atEntity.tokenType) {
4299
- case AuthenticationScheme$1.POP:
4300
- // Make sure keyId is present and add it to credential
4301
- const tokenClaims = extractTokenClaims(accessToken, base64Decode);
4302
- if (!tokenClaims?.cnf?.kid) {
4303
- throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
4304
- }
4305
- atEntity.keyId = tokenClaims.cnf.kid;
4306
- break;
4307
- case AuthenticationScheme$1.SSH:
4308
- atEntity.keyId = keyId;
4309
- }
4310
- }
4311
- return atEntity;
4312
- }
4297
+ const refreshTokenExpired = "refresh_token_expired";
4313
4298
  /**
4314
- * Create RefreshTokenEntity
4315
- * @param homeAccountId
4316
- * @param authenticationResult
4317
- * @param clientId
4318
- * @param authority
4299
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4300
+ * @public
4319
4301
  */
4320
- function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
4321
- const rtEntity = {
4322
- credentialType: CredentialType.REFRESH_TOKEN,
4323
- homeAccountId: homeAccountId,
4324
- environment: environment,
4325
- clientId: clientId,
4326
- secret: refreshToken,
4327
- lastUpdatedAt: Date.now().toString(),
4328
- };
4329
- if (userAssertionHash) {
4330
- rtEntity.userAssertionHash = userAssertionHash;
4331
- }
4332
- if (familyId) {
4333
- rtEntity.familyId = familyId;
4334
- }
4335
- if (expiresOn) {
4336
- rtEntity.expiresOn = expiresOn.toString();
4337
- }
4338
- return rtEntity;
4339
- }
4340
- function isCredentialEntity(entity) {
4341
- return (entity.hasOwnProperty("homeAccountId") &&
4342
- entity.hasOwnProperty("environment") &&
4343
- entity.hasOwnProperty("credentialType") &&
4344
- entity.hasOwnProperty("clientId") &&
4345
- entity.hasOwnProperty("secret"));
4346
- }
4302
+ const uxNotAllowed = "ux_not_allowed";
4347
4303
  /**
4348
- * Validates an entity: checks for all expected params
4349
- * @param entity
4304
+ * Server-originated error code indicating interaction is required to complete the request.
4305
+ * @public
4350
4306
  */
4351
- function isAccessTokenEntity(entity) {
4352
- if (!entity) {
4353
- return false;
4354
- }
4355
- return (isCredentialEntity(entity) &&
4356
- entity.hasOwnProperty("realm") &&
4357
- entity.hasOwnProperty("target") &&
4358
- (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
4359
- entity["credentialType"] ===
4360
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
4361
- }
4307
+ const interactionRequired = "interaction_required";
4362
4308
  /**
4363
- * Validates an entity: checks for all expected params
4364
- * @param entity
4309
+ * Server-originated error code indicating user consent is required.
4310
+ * @public
4311
+ */
4312
+ const consentRequired = "consent_required";
4313
+ /**
4314
+ * Server-originated error code indicating user login is required.
4315
+ * @public
4316
+ */
4317
+ const loginRequired = "login_required";
4318
+ /**
4319
+ * Server-originated error code indicating the token is invalid or corrupted.
4320
+ * @public
4321
+ */
4322
+ const badToken = "bad_token";
4323
+ /**
4324
+ * Server-originated error code indicating the user is in an interrupted state and interaction is required.
4325
+ * @public
4326
+ */
4327
+ const interruptedUser = "interrupted_user";
4328
+
4329
+ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
4330
+ __proto__: null,
4331
+ badToken: badToken,
4332
+ consentRequired: consentRequired,
4333
+ interactionRequired: interactionRequired,
4334
+ interruptedUser: interruptedUser,
4335
+ loginRequired: loginRequired,
4336
+ nativeAccountUnavailable: nativeAccountUnavailable,
4337
+ noTokensFound: noTokensFound,
4338
+ refreshTokenExpired: refreshTokenExpired,
4339
+ uxNotAllowed: uxNotAllowed
4340
+ });
4341
+
4342
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4343
+
4344
+ /*
4345
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4346
+ * Licensed under the MIT License.
4365
4347
  */
4366
- function isIdTokenEntity(entity) {
4367
- if (!entity) {
4368
- return false;
4369
- }
4370
- return (isCredentialEntity(entity) &&
4371
- entity.hasOwnProperty("realm") &&
4372
- entity["credentialType"] === CredentialType.ID_TOKEN);
4373
- }
4374
4348
  /**
4375
- * Validates an entity: checks for all expected params
4376
- * @param entity
4349
+ * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
4377
4350
  */
4378
- function isRefreshTokenEntity(entity) {
4379
- if (!entity) {
4380
- return false;
4381
- }
4382
- return (isCredentialEntity(entity) &&
4383
- entity["credentialType"] === CredentialType.REFRESH_TOKEN);
4384
- }
4351
+ const InteractionRequiredServerErrorMessage = [
4352
+ interactionRequired,
4353
+ consentRequired,
4354
+ loginRequired,
4355
+ badToken,
4356
+ uxNotAllowed,
4357
+ interruptedUser,
4358
+ ];
4359
+ const InteractionRequiredAuthSubErrorMessage = [
4360
+ "message_only",
4361
+ "additional_action",
4362
+ "basic_action",
4363
+ "user_password_expired",
4364
+ "consent_required",
4365
+ "bad_token",
4366
+ "ux_not_allowed",
4367
+ "interrupted_user",
4368
+ ];
4385
4369
  /**
4386
- * validates if a given cache entry is "Telemetry", parses <key,value>
4387
- * @param key
4388
- * @param entity
4370
+ * Error thrown when user interaction is required.
4389
4371
  */
4390
- function isServerTelemetryEntity(key, entity) {
4391
- const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
4392
- let validateEntity = true;
4393
- if (entity) {
4394
- validateEntity =
4395
- entity.hasOwnProperty("failedRequests") &&
4396
- entity.hasOwnProperty("errors") &&
4397
- entity.hasOwnProperty("cacheHits");
4372
+ class InteractionRequiredAuthError extends AuthError {
4373
+ constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
4374
+ super(errorCode, errorMessage, subError);
4375
+ Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
4376
+ this.timestamp = timestamp || "";
4377
+ this.traceId = traceId || "";
4378
+ this.correlationId = correlationId || "";
4379
+ this.claims = claims || "";
4380
+ this.name = "InteractionRequiredAuthError";
4381
+ this.errorNo = errorNo;
4398
4382
  }
4399
- return validateKey && validateEntity;
4400
4383
  }
4401
4384
  /**
4402
- * validates if a given cache entry is "Throttling", parses <key,value>
4403
- * @param key
4404
- * @param entity
4385
+ * Helper function used to determine if an error thrown by the server requires interaction to resolve
4386
+ * @param errorCode
4387
+ * @param errorString
4388
+ * @param subError
4405
4389
  */
4406
- function isThrottlingEntity(key, entity) {
4407
- let validateKey = false;
4408
- if (key) {
4409
- validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
4410
- }
4411
- let validateEntity = true;
4412
- if (entity) {
4413
- validateEntity = entity.hasOwnProperty("throttleTime");
4414
- }
4415
- return validateKey && validateEntity;
4390
+ function isInteractionRequiredError(errorCode, errorString, subError) {
4391
+ const isInteractionRequiredErrorCode = !!errorCode &&
4392
+ InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
4393
+ const isInteractionRequiredSubError = !!subError &&
4394
+ InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
4395
+ const isInteractionRequiredErrorDesc = !!errorString &&
4396
+ InteractionRequiredServerErrorMessage.some((irErrorCode) => {
4397
+ return errorString.indexOf(irErrorCode) > -1;
4398
+ });
4399
+ return (isInteractionRequiredErrorCode ||
4400
+ isInteractionRequiredErrorDesc ||
4401
+ isInteractionRequiredSubError);
4416
4402
  }
4417
4403
  /**
4418
- * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
4404
+ * Creates an InteractionRequiredAuthError
4419
4405
  */
4420
- function generateAppMetadataKey({ environment, clientId, }) {
4421
- const appMetaDataKeyArray = [
4422
- APP_METADATA,
4423
- environment,
4424
- clientId,
4425
- ];
4426
- return appMetaDataKeyArray
4427
- .join(CACHE_KEY_SEPARATOR$1)
4428
- .toLowerCase();
4429
- }
4406
+ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4407
+ return new InteractionRequiredAuthError(errorCode, errorMessage);
4408
+ }
4409
+
4410
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4411
+
4430
4412
  /*
4431
- * Validates an entity: checks for all expected params
4432
- * @param entity
4413
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4414
+ * Licensed under the MIT License.
4433
4415
  */
4434
- function isAppMetadataEntity(key, entity) {
4435
- if (!entity) {
4436
- return false;
4437
- }
4438
- return (key.indexOf(APP_METADATA) === 0 &&
4439
- entity.hasOwnProperty("clientId") &&
4440
- entity.hasOwnProperty("environment"));
4441
- }
4442
4416
  /**
4443
- * Validates an entity: checks for all expected params
4444
- * @param entity
4417
+ * Error thrown when there is an error with the server code, for example, unavailability.
4445
4418
  */
4446
- function isAuthorityMetadataEntity(key, entity) {
4447
- if (!entity) {
4448
- return false;
4419
+ class ServerError extends AuthError {
4420
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
4421
+ super(errorCode, errorMessage, subError);
4422
+ this.name = "ServerError";
4423
+ this.errorNo = errorNo;
4424
+ this.status = status;
4425
+ Object.setPrototypeOf(this, ServerError.prototype);
4449
4426
  }
4450
- return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4451
- entity.hasOwnProperty("aliases") &&
4452
- entity.hasOwnProperty("preferred_cache") &&
4453
- entity.hasOwnProperty("preferred_network") &&
4454
- entity.hasOwnProperty("canonical_authority") &&
4455
- entity.hasOwnProperty("authorization_endpoint") &&
4456
- entity.hasOwnProperty("token_endpoint") &&
4457
- entity.hasOwnProperty("issuer") &&
4458
- entity.hasOwnProperty("aliasesFromNetwork") &&
4459
- entity.hasOwnProperty("endpointsFromNetwork") &&
4460
- entity.hasOwnProperty("expiresAt") &&
4461
- entity.hasOwnProperty("jwks_uri"));
4462
- }
4427
+ }
4428
+
4429
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4430
+
4431
+ /*
4432
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4433
+ * Licensed under the MIT License.
4434
+ */
4463
4435
  /**
4464
- * Reset the exiresAt value
4436
+ * Appends user state with random guid, or returns random guid.
4437
+ * @param cryptoObj
4438
+ * @param userState
4439
+ * @param meta
4465
4440
  */
4466
- function generateAuthorityMetadataExpiresAt() {
4467
- return (nowSeconds() +
4468
- AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4469
- }
4470
- function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4471
- authorityMetadata.authorization_endpoint =
4472
- updatedValues.authorization_endpoint;
4473
- authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4474
- authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4475
- authorityMetadata.issuer = updatedValues.issuer;
4476
- authorityMetadata.endpointsFromNetwork = fromNetwork;
4477
- authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4441
+ function setRequestState(cryptoObj, userState, meta) {
4442
+ const libraryState = generateLibraryState(cryptoObj, meta);
4443
+ return userState
4444
+ ? `${libraryState}${RESOURCE_DELIM}${userState}`
4445
+ : libraryState;
4478
4446
  }
4479
- function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4480
- authorityMetadata.aliases = updatedValues.aliases;
4481
- authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4482
- authorityMetadata.preferred_network = updatedValues.preferred_network;
4483
- authorityMetadata.aliasesFromNetwork = fromNetwork;
4447
+ /**
4448
+ * Generates the state value used by the common library.
4449
+ * @param cryptoObj
4450
+ * @param meta
4451
+ */
4452
+ function generateLibraryState(cryptoObj, meta) {
4453
+ if (!cryptoObj) {
4454
+ throw createClientAuthError(noCryptoObject);
4455
+ }
4456
+ // Create a state object containing a unique id and the timestamp of the request creation
4457
+ const stateObj = {
4458
+ id: cryptoObj.createNewGuid(),
4459
+ };
4460
+ if (meta) {
4461
+ stateObj.meta = meta;
4462
+ }
4463
+ const stateString = JSON.stringify(stateObj);
4464
+ return cryptoObj.base64Encode(stateString);
4484
4465
  }
4485
4466
  /**
4486
- * Returns whether or not the data needs to be refreshed
4467
+ * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
4468
+ * @param base64Decode
4469
+ * @param state
4487
4470
  */
4488
- function isAuthorityMetadataExpired(metadata) {
4489
- return metadata.expiresAt <= nowSeconds();
4471
+ function parseRequestState(base64Decode, state) {
4472
+ if (!base64Decode) {
4473
+ throw createClientAuthError(noCryptoObject);
4474
+ }
4475
+ if (!state) {
4476
+ throw createClientAuthError(invalidState);
4477
+ }
4478
+ try {
4479
+ // Split the state between library state and user passed state and decode them separately
4480
+ const splitState = state.split(RESOURCE_DELIM);
4481
+ const libraryState = splitState[0];
4482
+ const userState = splitState.length > 1
4483
+ ? splitState.slice(1).join(RESOURCE_DELIM)
4484
+ : "";
4485
+ const libraryStateString = base64Decode(libraryState);
4486
+ const libraryStateObj = JSON.parse(libraryStateString);
4487
+ return {
4488
+ userRequestState: userState || "",
4489
+ libraryState: libraryStateObj,
4490
+ };
4491
+ }
4492
+ catch (e) {
4493
+ throw createClientAuthError(invalidState);
4494
+ }
4490
4495
  }
4491
4496
 
4492
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4497
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4493
4498
 
4494
4499
  /*
4495
4500
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4645,7 +4650,7 @@
4645
4650
  if (serverTokenResponse.id_token && !!idTokenClaims) {
4646
4651
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
4647
4652
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
4648
- this.logger);
4653
+ this.logger, this.performanceClient);
4649
4654
  }
4650
4655
  // AccessToken
4651
4656
  let cachedAccessToken = null;
@@ -4791,17 +4796,24 @@
4791
4796
  };
4792
4797
  }
4793
4798
  }
4794
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
4799
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
4795
4800
  logger?.verbose("09jz0t", correlationId);
4796
- // Check if base account is already cached
4797
- const accountKeys = cacheStorage.getAccountKeys();
4798
- const baseAccountKey = accountKeys.find((accountKey) => {
4799
- return accountKey.startsWith(homeAccountId);
4800
- });
4801
- let cachedAccount = null;
4802
- if (baseAccountKey) {
4803
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
4801
+ /*
4802
+ * Check if base account is already cached. Filter by homeAccountId (identifies
4803
+ * the user's home identity) and environment (identifies the cloud) the two
4804
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
4805
+ */
4806
+ const accountEnvironment = environment || authority.getPreferredCache();
4807
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
4808
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
4809
+ if (matchedAccounts.length > 1) {
4810
+ /*
4811
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
4812
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
4813
+ */
4814
+ logger?.warning("0x7ad1", correlationId);
4804
4815
  }
4816
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
4805
4817
  const baseAccount = cachedAccount ||
4806
4818
  createAccountEntity({
4807
4819
  homeAccountId,
@@ -4825,7 +4837,7 @@
4825
4837
  return baseAccount;
4826
4838
  }
4827
4839
 
4828
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4840
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4829
4841
  /*
4830
4842
  * Copyright (c) Microsoft Corporation. All rights reserved.
4831
4843
  * Licensed under the MIT License.
@@ -4835,7 +4847,7 @@
4835
4847
  UPN: "UPN",
4836
4848
  };
4837
4849
 
4838
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4850
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4839
4851
  /*
4840
4852
  * Copyright (c) Microsoft Corporation. All rights reserved.
4841
4853
  * Licensed under the MIT License.
@@ -4853,7 +4865,7 @@
4853
4865
  }
4854
4866
  }
4855
4867
 
4856
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4868
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4857
4869
  /*
4858
4870
  * Copyright (c) Microsoft Corporation. All rights reserved.
4859
4871
  * Licensed under the MIT License.
@@ -4874,7 +4886,7 @@
4874
4886
  };
4875
4887
  }
4876
4888
 
4877
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4889
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4878
4890
 
4879
4891
  /*
4880
4892
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4960,7 +4972,7 @@
4960
4972
  }
4961
4973
  }
4962
4974
 
4963
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4975
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4964
4976
 
4965
4977
  /*
4966
4978
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4991,7 +5003,7 @@
4991
5003
  return new NetworkError(error, httpStatus, responseHeaders);
4992
5004
  }
4993
5005
 
4994
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5006
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4995
5007
 
4996
5008
  /*
4997
5009
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5105,7 +5117,7 @@
5105
5117
  return response;
5106
5118
  }
5107
5119
 
5108
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5120
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5109
5121
  /*
5110
5122
  * Copyright (c) Microsoft Corporation. All rights reserved.
5111
5123
  * Licensed under the MIT License.
@@ -5117,7 +5129,7 @@
5117
5129
  response.hasOwnProperty("jwks_uri"));
5118
5130
  }
5119
5131
 
5120
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5132
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5121
5133
  /*
5122
5134
  * Copyright (c) Microsoft Corporation. All rights reserved.
5123
5135
  * Licensed under the MIT License.
@@ -5127,7 +5139,7 @@
5127
5139
  response.hasOwnProperty("metadata"));
5128
5140
  }
5129
5141
 
5130
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5142
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5131
5143
  /*
5132
5144
  * Copyright (c) Microsoft Corporation. All rights reserved.
5133
5145
  * Licensed under the MIT License.
@@ -5137,7 +5149,7 @@
5137
5149
  response.hasOwnProperty("error_description"));
5138
5150
  }
5139
5151
 
5140
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5152
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5141
5153
 
5142
5154
  /*
5143
5155
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5242,7 +5254,7 @@
5242
5254
  },
5243
5255
  };
5244
5256
 
5245
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5257
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5246
5258
 
5247
5259
  /*
5248
5260
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6062,7 +6074,7 @@
6062
6074
  };
6063
6075
  }
6064
6076
 
6065
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6077
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6066
6078
 
6067
6079
  /*
6068
6080
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6096,7 +6108,7 @@
6096
6108
  }
6097
6109
  }
6098
6110
 
6099
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6111
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6100
6112
 
6101
6113
  /*
6102
6114
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6356,7 +6368,7 @@
6356
6368
  }
6357
6369
  }
6358
6370
 
6359
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6371
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6360
6372
 
6361
6373
  /*
6362
6374
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6581,7 +6593,7 @@
6581
6593
  }
6582
6594
  }
6583
6595
 
6584
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6596
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6585
6597
 
6586
6598
  /*
6587
6599
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6690,7 +6702,7 @@
6690
6702
  }
6691
6703
  }
6692
6704
 
6693
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6705
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6694
6706
 
6695
6707
  /*
6696
6708
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6705,7 +6717,7 @@
6705
6717
  },
6706
6718
  };
6707
6719
 
6708
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6720
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6709
6721
 
6710
6722
  /*
6711
6723
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6929,7 +6941,7 @@
6929
6941
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6930
6942
  }
6931
6943
 
6932
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6944
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6933
6945
 
6934
6946
  /*
6935
6947
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6987,7 +6999,7 @@
6987
6999
  }
6988
7000
  }
6989
7001
 
6990
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7002
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6991
7003
  /*
6992
7004
  * Copyright (c) Microsoft Corporation. All rights reserved.
6993
7005
  * Licensed under the MIT License.
@@ -7004,7 +7016,7 @@
7004
7016
  unexpectedError: unexpectedError
7005
7017
  });
7006
7018
 
7007
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7019
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7008
7020
 
7009
7021
  /*
7010
7022
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7265,7 +7277,7 @@
7265
7277
  }
7266
7278
  }
7267
7279
 
7268
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7280
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7269
7281
 
7270
7282
  /*
7271
7283
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7286,7 +7298,7 @@
7286
7298
  return new JoseHeaderError(code);
7287
7299
  }
7288
7300
 
7289
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7301
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7290
7302
  /*
7291
7303
  * Copyright (c) Microsoft Corporation. All rights reserved.
7292
7304
  * Licensed under the MIT License.
@@ -7294,7 +7306,7 @@
7294
7306
  const missingKidError = "missing_kid_error";
7295
7307
  const missingAlgError = "missing_alg_error";
7296
7308
 
7297
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7309
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7298
7310
 
7299
7311
  /*
7300
7312
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7334,7 +7346,7 @@
7334
7346
  }
7335
7347
  }
7336
7348
 
7337
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7349
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7338
7350
 
7339
7351
  /*
7340
7352
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7633,9 +7645,13 @@
7633
7645
  if (error) {
7634
7646
  addError(error, this.logger, rootEvent);
7635
7647
  }
7636
- // Add sub-measurement attribute to root event.
7648
+ // Add sub-measurement attribute to root event's ext field.
7637
7649
  if (!isRoot) {
7638
- rootEvent[event.name + "DurationMs"] = Math.floor(event.durationMs);
7650
+ rootEvent.ext = {
7651
+ ...rootEvent.ext,
7652
+ ...event.ext,
7653
+ };
7654
+ rootEvent.ext[event.name + "DurationMs"] = Math.floor(event.durationMs);
7639
7655
  return { ...rootEvent };
7640
7656
  }
7641
7657
  if (isRoot &&
@@ -7681,10 +7697,32 @@
7681
7697
  addFields(fields, correlationId) {
7682
7698
  const event = this.eventsByCorrelationId.get(correlationId);
7683
7699
  if (event) {
7684
- this.eventsByCorrelationId.set(correlationId, {
7700
+ const staticFields = {};
7701
+ const dynamicFields = {};
7702
+ for (const key in fields) {
7703
+ if (key.startsWith(EXT_FIELD_PREFIX)) {
7704
+ const dynamicKey = key.slice(EXT_FIELD_PREFIX.length);
7705
+ const value = fields[key];
7706
+ if (typeof value === "string" ||
7707
+ typeof value === "number") {
7708
+ dynamicFields[dynamicKey] = value;
7709
+ }
7710
+ }
7711
+ else {
7712
+ staticFields[key] = fields[key];
7713
+ }
7714
+ }
7715
+ const updatedEvent = {
7685
7716
  ...event,
7686
- ...fields,
7687
- });
7717
+ ...staticFields,
7718
+ };
7719
+ if (Object.keys(dynamicFields).length) {
7720
+ updatedEvent.ext = {
7721
+ ...updatedEvent.ext,
7722
+ ...dynamicFields,
7723
+ };
7724
+ }
7725
+ this.eventsByCorrelationId.set(correlationId, updatedEvent);
7688
7726
  }
7689
7727
  else {
7690
7728
  this.logger.trace("0thl6s", correlationId);
@@ -7699,13 +7737,32 @@
7699
7737
  const event = this.eventsByCorrelationId.get(correlationId);
7700
7738
  if (event) {
7701
7739
  for (const counter in fields) {
7702
- if (!event.hasOwnProperty(counter)) {
7703
- event[counter] = 0;
7740
+ if (counter.startsWith(EXT_FIELD_PREFIX)) {
7741
+ event.ext = event.ext || {};
7742
+ // Route to ext sub-object
7743
+ const dynamicKey = counter.slice(EXT_FIELD_PREFIX.length);
7744
+ const currentValue = event.ext[dynamicKey];
7745
+ if (currentValue === undefined) {
7746
+ event.ext[dynamicKey] = 0;
7747
+ }
7748
+ else if (isNaN(Number(currentValue))) {
7749
+ return;
7750
+ }
7751
+ event.ext[dynamicKey] =
7752
+ (Number(event.ext[dynamicKey]) || 0) +
7753
+ (fields[counter] ?? 0);
7704
7754
  }
7705
- else if (isNaN(Number(event[counter]))) {
7706
- return;
7755
+ else {
7756
+ /* eslint-disable custom-msal/no-dynamic-telemetry-fields -- internal dispatching of static fields by name */
7757
+ if (!event.hasOwnProperty(counter)) {
7758
+ event[counter] = 0;
7759
+ }
7760
+ else if (isNaN(Number(event[counter]))) {
7761
+ return;
7762
+ }
7763
+ event[counter] += fields[counter];
7764
+ /* eslint-enable custom-msal/no-dynamic-telemetry-fields */
7707
7765
  }
7708
- event[counter] += fields[counter];
7709
7766
  }
7710
7767
  }
7711
7768
  else {
@@ -7798,9 +7855,11 @@
7798
7855
  */
7799
7856
  truncateIntegralFields(event) {
7800
7857
  this.intFields.forEach((key) => {
7858
+ /* eslint-disable custom-msal/no-dynamic-telemetry-fields -- internal truncation of known integer fields */
7801
7859
  if (key in event && typeof event[key] === "number") {
7802
7860
  event[key] = Math.floor(event[key]);
7803
7861
  }
7862
+ /* eslint-enable custom-msal/no-dynamic-telemetry-fields */
7804
7863
  });
7805
7864
  }
7806
7865
  /**
@@ -10160,7 +10219,7 @@
10160
10219
 
10161
10220
  /* eslint-disable header/header */
10162
10221
  const name = "@azure/msal-browser";
10163
- const version = "5.3.0";
10222
+ const version = "5.4.1";
10164
10223
 
10165
10224
  /*
10166
10225
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12620,9 +12679,9 @@
12620
12679
  }
12621
12680
  // Get the preferred_cache domain for the given authority
12622
12681
  const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
12623
- const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, undefined, // environment
12682
+ const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
12624
12683
  idTokenClaims.tid, undefined, // auth code payload
12625
- response.account.id);
12684
+ response.account.id, this.logger, this.performanceClient);
12626
12685
  // Ensure expires_in is in number format
12627
12686
  response.expires_in = Number(response.expires_in);
12628
12687
  // generate authenticationResult
@@ -18031,7 +18090,7 @@
18031
18090
  const storage = new BrowserCacheManager(browserConfig.auth.clientId, browserConfig.cache, cryptoOps, logger, browserConfig.telemetry.client, new EventHandler(logger), buildStaticAuthorityOptions(browserConfig.auth));
18032
18091
  const authorityString = request.authority || browserConfig.auth.authority;
18033
18092
  const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), browserConfig.system.networkClient, storage, authorityOptions, logger, correlationId, performanceClient);
18034
- const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims);
18093
+ const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims, performanceClient);
18035
18094
  const idToken = await invokeAsync(loadIdToken, LoadIdToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, correlationId, storage, logger, config.auth.clientId);
18036
18095
  const accessToken = await invokeAsync(loadAccessToken, LoadAccessToken, logger, performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, options, correlationId, storage, logger, config.auth.clientId);
18037
18096
  const refreshToken = await invokeAsync(loadRefreshToken, LoadRefreshToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, kmsi, correlationId, storage, logger, config.auth.clientId, performanceClient);
@@ -18057,7 +18116,7 @@
18057
18116
  * @param requestHomeAccountId
18058
18117
  * @returns `AccountEntity`
18059
18118
  */
18060
- async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims) {
18119
+ async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims, performanceClient) {
18061
18120
  logger.verbose("0ke46k", correlationId);
18062
18121
  if (request.account) {
18063
18122
  const accountEntity = createAccountEntityFromAccountInfo(request.account);
@@ -18072,7 +18131,7 @@
18072
18131
  const claimsTenantId = idTokenClaims?.tid;
18073
18132
  const cachedAccount = buildAccountToCache(storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
18074
18133
  undefined, // nativeAccountId
18075
- logger);
18134
+ logger, performanceClient);
18076
18135
  await storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
18077
18136
  return cachedAccount;
18078
18137
  }