@azure/msal-browser 5.3.0 → 5.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (291) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.d.ts.map +1 -1
  19. package/dist/cache/TokenCache.mjs +9 -9
  20. package/dist/cache/TokenCache.mjs.map +1 -1
  21. package/dist/config/Configuration.mjs +1 -1
  22. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  23. package/dist/controllers/StandardController.mjs +1 -1
  24. package/dist/crypto/BrowserCrypto.mjs +1 -1
  25. package/dist/crypto/CryptoOps.mjs +1 -1
  26. package/dist/crypto/PkceGenerator.mjs +1 -1
  27. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  28. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  29. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  30. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  31. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  32. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  33. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  34. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  35. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  36. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  37. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  38. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  39. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  40. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  41. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  42. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  43. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  44. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  45. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  46. package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
  47. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  48. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  49. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  50. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  51. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  52. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  53. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  54. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  55. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  56. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  57. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  58. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  59. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  60. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  61. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  62. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  63. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  157. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  158. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  159. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  160. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  161. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  162. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  163. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  164. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  165. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  166. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  167. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  168. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  169. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  170. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  171. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  172. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  173. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  174. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  175. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  176. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  177. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  178. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  179. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  180. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  181. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  182. package/dist/custom-auth-path/log-strings-mapping.json +2 -2
  183. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  184. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  185. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  186. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  187. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  188. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  189. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  190. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  191. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  192. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  193. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  194. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  195. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  196. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  197. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  198. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  199. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  200. package/dist/encode/Base64Decode.mjs +1 -1
  201. package/dist/encode/Base64Encode.mjs +1 -1
  202. package/dist/error/BrowserAuthError.mjs +1 -1
  203. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  204. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  205. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  206. package/dist/error/NativeAuthError.mjs +1 -1
  207. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  208. package/dist/error/NestedAppAuthError.mjs +1 -1
  209. package/dist/event/EventHandler.mjs +1 -1
  210. package/dist/event/EventMessage.mjs +1 -1
  211. package/dist/event/EventType.mjs +1 -1
  212. package/dist/index.mjs +1 -1
  213. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  214. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  215. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  216. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  217. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  218. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  219. package/dist/interaction_client/PopupClient.mjs +1 -1
  220. package/dist/interaction_client/RedirectClient.mjs +1 -1
  221. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  222. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  223. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  224. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  225. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  226. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  227. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  228. package/dist/log-strings-mapping.json +10 -10
  229. package/dist/naa/BridgeError.mjs +1 -1
  230. package/dist/naa/BridgeProxy.mjs +1 -1
  231. package/dist/naa/BridgeStatusCode.mjs +1 -1
  232. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  233. package/dist/navigation/NavigationClient.mjs +1 -1
  234. package/dist/network/FetchClient.mjs +1 -1
  235. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  236. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  237. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  238. package/dist/packageMetadata.d.ts +1 -1
  239. package/dist/packageMetadata.mjs +2 -2
  240. package/dist/protocol/Authorize.mjs +1 -1
  241. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  242. package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
  243. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  244. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  245. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  246. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  247. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  248. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  249. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  250. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  251. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  252. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  253. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  254. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  255. package/dist/request/RequestHelpers.mjs +1 -1
  256. package/dist/response/ResponseHandler.mjs +1 -1
  257. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  258. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  259. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  260. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  261. package/dist/utils/BrowserConstants.mjs +1 -1
  262. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  263. package/dist/utils/BrowserUtils.mjs +1 -1
  264. package/dist/utils/Helpers.mjs +1 -1
  265. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  266. package/lib/custom-auth-path/log-strings-mapping.json +2 -2
  267. package/lib/custom-auth-path/msal-custom-auth.cjs +525 -520
  268. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  269. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  270. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  271. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  272. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  273. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  274. package/lib/log-strings-mapping.json +10 -10
  275. package/lib/msal-browser.cjs +607 -548
  276. package/lib/msal-browser.cjs.map +1 -1
  277. package/lib/msal-browser.js +607 -548
  278. package/lib/msal-browser.js.map +1 -1
  279. package/lib/msal-browser.min.js +2 -2
  280. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  281. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  282. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  283. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  284. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  285. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  286. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  287. package/lib/types/packageMetadata.d.ts +1 -1
  288. package/package.json +2 -2
  289. package/src/cache/TokenCache.ts +27 -24
  290. package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
  291. package/src/packageMetadata.ts +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.3.0 2026-02-24 */
1
+ /*! @azure/msal-browser v5.4.1 2026-04-01 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.1.0 2026-02-24 */
237
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -284,7 +284,7 @@ const INSTANCE_AWARE = "instance_aware";
284
284
  const EAR_JWK = "ear_jwk";
285
285
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
286
 
287
- /*! @azure/msal-common v16.1.0 2026-02-24 */
287
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
288
288
  /*
289
289
  * Copyright (c) Microsoft Corporation. All rights reserved.
290
290
  * Licensed under the MIT License.
@@ -315,7 +315,7 @@ function createAuthError(code, additionalMessage) {
315
315
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
316
316
  }
317
317
 
318
- /*! @azure/msal-common v16.1.0 2026-02-24 */
318
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
319
319
 
320
320
  /*
321
321
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -335,7 +335,7 @@ function createClientConfigurationError(errorCode) {
335
335
  return new ClientConfigurationError(errorCode);
336
336
  }
337
337
 
338
- /*! @azure/msal-common v16.1.0 2026-02-24 */
338
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
339
339
  /*
340
340
  * Copyright (c) Microsoft Corporation. All rights reserved.
341
341
  * Licensed under the MIT License.
@@ -415,7 +415,7 @@ class StringUtils {
415
415
  }
416
416
  }
417
417
 
418
- /*! @azure/msal-common v16.1.0 2026-02-24 */
418
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
419
419
 
420
420
  /*
421
421
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -438,7 +438,7 @@ function createClientAuthError(errorCode, additionalMessage) {
438
438
  return new ClientAuthError(errorCode, additionalMessage);
439
439
  }
440
440
 
441
- /*! @azure/msal-common v16.1.0 2026-02-24 */
441
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
442
442
  /*
443
443
  * Copyright (c) Microsoft Corporation. All rights reserved.
444
444
  * Licensed under the MIT License.
@@ -492,7 +492,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
492
492
  urlParseError: urlParseError
493
493
  });
494
494
 
495
- /*! @azure/msal-common v16.1.0 2026-02-24 */
495
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
496
496
  /*
497
497
  * Copyright (c) Microsoft Corporation. All rights reserved.
498
498
  * Licensed under the MIT License.
@@ -576,7 +576,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
576
576
  userCanceled: userCanceled
577
577
  });
578
578
 
579
- /*! @azure/msal-common v16.1.0 2026-02-24 */
579
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
580
580
 
581
581
  /*
582
582
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -771,7 +771,7 @@ class ScopeSet {
771
771
  }
772
772
  }
773
773
 
774
- /*! @azure/msal-common v16.1.0 2026-02-24 */
774
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
775
775
 
776
776
  /*
777
777
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1138,7 +1138,7 @@ function addEARParameters(parameters, jwk) {
1138
1138
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1139
1139
  }
1140
1140
 
1141
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1141
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1142
1142
 
1143
1143
  /*
1144
1144
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1247,7 +1247,7 @@ function normalizeUrlForComparison(url) {
1247
1247
  }
1248
1248
  }
1249
1249
 
1250
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1250
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1251
1251
 
1252
1252
  /*
1253
1253
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1286,7 +1286,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1286
1286
  },
1287
1287
  };
1288
1288
 
1289
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1289
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1290
1290
  /*
1291
1291
  * Copyright (c) Microsoft Corporation. All rights reserved.
1292
1292
  * Licensed under the MIT License.
@@ -1561,12 +1561,12 @@ class Logger {
1561
1561
  }
1562
1562
  }
1563
1563
 
1564
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1564
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1565
1565
  /* eslint-disable header/header */
1566
1566
  const name$1 = "@azure/msal-common";
1567
- const version$1 = "16.1.0";
1567
+ const version$1 = "16.2.1";
1568
1568
 
1569
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1569
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1570
1570
  /*
1571
1571
  * Copyright (c) Microsoft Corporation. All rights reserved.
1572
1572
  * Licensed under the MIT License.
@@ -1586,7 +1586,7 @@ const AzureCloudInstance = {
1586
1586
  AzureUsGovernment: "https://login.microsoftonline.us",
1587
1587
  };
1588
1588
 
1589
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1589
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1590
1590
  /*
1591
1591
  * Copyright (c) Microsoft Corporation. All rights reserved.
1592
1592
  * Licensed under the MIT License.
@@ -1668,7 +1668,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1668
1668
  return updatedAccountInfo;
1669
1669
  }
1670
1670
 
1671
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1671
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1672
1672
 
1673
1673
  /*
1674
1674
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1748,7 +1748,7 @@ function checkMaxAge(authTime, maxAge) {
1748
1748
  }
1749
1749
  }
1750
1750
 
1751
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1751
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1752
1752
 
1753
1753
  /*
1754
1754
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1905,7 +1905,7 @@ class UrlString {
1905
1905
  }
1906
1906
  }
1907
1907
 
1908
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1908
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1909
1909
 
1910
1910
  /*
1911
1911
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2062,7 +2062,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2062
2062
  return null;
2063
2063
  }
2064
2064
 
2065
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2065
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2066
2066
  /*
2067
2067
  * Copyright (c) Microsoft Corporation. All rights reserved.
2068
2068
  * Licensed under the MIT License.
@@ -2070,7 +2070,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2070
2070
  const cacheQuotaExceeded = "cache_quota_exceeded";
2071
2071
  const cacheErrorUnknown = "cache_error_unknown";
2072
2072
 
2073
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2073
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2074
2074
 
2075
2075
  /*
2076
2076
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2108,7 +2108,7 @@ function createCacheError(e) {
2108
2108
  }
2109
2109
  }
2110
2110
 
2111
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2111
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2112
2112
 
2113
2113
  /*
2114
2114
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2146,7 +2146,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2146
2146
  };
2147
2147
  }
2148
2148
 
2149
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2149
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2150
2150
  /*
2151
2151
  * Copyright (c) Microsoft Corporation. All rights reserved.
2152
2152
  * Licensed under the MIT License.
@@ -2161,7 +2161,7 @@ const AuthorityType = {
2161
2161
  Ciam: 3,
2162
2162
  };
2163
2163
 
2164
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2164
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2165
2165
  /*
2166
2166
  * Copyright (c) Microsoft Corporation. All rights reserved.
2167
2167
  * Licensed under the MIT License.
@@ -2183,7 +2183,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2183
2183
  return null;
2184
2184
  }
2185
2185
 
2186
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2186
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2187
2187
  /*
2188
2188
  * Copyright (c) Microsoft Corporation. All rights reserved.
2189
2189
  * Licensed under the MIT License.
@@ -2207,7 +2207,7 @@ const ProtocolMode = {
2207
2207
  EAR: "EAR",
2208
2208
  };
2209
2209
 
2210
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2210
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2211
2211
  /**
2212
2212
  * Returns the AccountInfo interface for this account.
2213
2213
  */
@@ -2382,7 +2382,7 @@ function isAccountEntity(entity) {
2382
2382
  entity.hasOwnProperty("authorityType"));
2383
2383
  }
2384
2384
 
2385
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2385
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2386
2386
 
2387
2387
  /*
2388
2388
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3479,7 +3479,7 @@ class DefaultStorageClass extends CacheManager {
3479
3479
  }
3480
3480
  }
3481
3481
 
3482
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3482
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3483
3483
  /*
3484
3484
  * Copyright (c) Microsoft Corporation. All rights reserved.
3485
3485
  * Licensed under the MIT License.
@@ -3494,6 +3494,12 @@ const PerformanceEventStatus = {
3494
3494
  InProgress: 1,
3495
3495
  Completed: 2,
3496
3496
  };
3497
+ /**
3498
+ * Prefix used to mark telemetry field names as dynamic.
3499
+ * Fields with this prefix in addFields/incrementFields calls will be routed
3500
+ * to the PerformanceEvent.ext sub-object.
3501
+ */
3502
+ const EXT_FIELD_PREFIX = "ext.";
3497
3503
  const IntFields = new Set([
3498
3504
  "accessTokenSize",
3499
3505
  "durationMs",
@@ -3518,9 +3524,10 @@ const IntFields = new Set([
3518
3524
  "currRefreshCount",
3519
3525
  "expiredCacheRemovedCount",
3520
3526
  "upgradedCacheCount",
3527
+ "cacheMatchedAccounts",
3521
3528
  ]);
3522
3529
 
3523
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3530
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3524
3531
 
3525
3532
  /*
3526
3533
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3575,7 +3582,7 @@ class StubPerformanceClient {
3575
3582
  }
3576
3583
  }
3577
3584
 
3578
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3585
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3579
3586
 
3580
3587
  /*
3581
3588
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3669,291 +3676,358 @@ function isOidcProtocolMode(config) {
3669
3676
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3670
3677
  }
3671
3678
 
3672
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3673
-
3679
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3674
3680
  /*
3675
3681
  * Copyright (c) Microsoft Corporation. All rights reserved.
3676
3682
  * Licensed under the MIT License.
3677
3683
  */
3678
3684
  /**
3679
- * Error thrown when there is an error with the server code, for example, unavailability.
3680
- */
3681
- class ServerError extends AuthError {
3682
- constructor(errorCode, errorMessage, subError, errorNo, status) {
3683
- super(errorCode, errorMessage, subError);
3684
- this.name = "ServerError";
3685
- this.errorNo = errorNo;
3686
- this.status = status;
3687
- Object.setPrototypeOf(this, ServerError.prototype);
3685
+ * This class instance helps track the memory changes facilitating
3686
+ * decisions to read from and write to the persistent cache
3687
+ */ class TokenCacheContext {
3688
+ constructor(tokenCache, hasChanged) {
3689
+ this.cache = tokenCache;
3690
+ this.hasChanged = hasChanged;
3691
+ }
3692
+ /**
3693
+ * boolean which indicates the changes in cache
3694
+ */
3695
+ get cacheHasChanged() {
3696
+ return this.hasChanged;
3697
+ }
3698
+ /**
3699
+ * function to retrieve the token cache
3700
+ */
3701
+ get tokenCache() {
3702
+ return this.cache;
3688
3703
  }
3689
3704
  }
3690
3705
 
3691
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3706
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3692
3707
  /*
3693
3708
  * Copyright (c) Microsoft Corporation. All rights reserved.
3694
3709
  * Licensed under the MIT License.
3695
3710
  */
3696
3711
  /**
3697
- * MSAL-defined interaction required error code indicating no tokens are found in cache.
3698
- * @public
3699
- */
3700
- const noTokensFound = "no_tokens_found";
3701
- /**
3702
- * MSAL-defined error code indicating a native account is unavailable on the platform.
3703
- * @public
3704
- */
3705
- const nativeAccountUnavailable = "native_account_unavailable";
3706
- /**
3707
- * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
3708
- * @public
3712
+ * Utility functions for managing date and time operations.
3709
3713
  */
3710
- const refreshTokenExpired = "refresh_token_expired";
3711
3714
  /**
3712
- * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
3713
- * @public
3715
+ * return the current time in Unix time (seconds).
3714
3716
  */
3715
- const uxNotAllowed = "ux_not_allowed";
3717
+ function nowSeconds() {
3718
+ // Date.getTime() returns in milliseconds.
3719
+ return Math.round(new Date().getTime() / 1000.0);
3720
+ }
3716
3721
  /**
3717
- * Server-originated error code indicating interaction is required to complete the request.
3718
- * @public
3722
+ * Converts JS Date object to seconds
3723
+ * @param date Date
3719
3724
  */
3720
- const interactionRequired = "interaction_required";
3725
+ function toSecondsFromDate(date) {
3726
+ // Convert date to seconds
3727
+ return date.getTime() / 1000;
3728
+ }
3721
3729
  /**
3722
- * Server-originated error code indicating user consent is required.
3723
- * @public
3730
+ * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3731
+ * @param seconds
3724
3732
  */
3725
- const consentRequired = "consent_required";
3733
+ function toDateFromSeconds(seconds) {
3734
+ if (seconds) {
3735
+ return new Date(Number(seconds) * 1000);
3736
+ }
3737
+ return new Date();
3738
+ }
3726
3739
  /**
3727
- * Server-originated error code indicating user login is required.
3728
- * @public
3740
+ * check if a token is expired based on given UTC time in seconds.
3741
+ * @param expiresOn
3729
3742
  */
3730
- const loginRequired = "login_required";
3743
+ function isTokenExpired(expiresOn, offset) {
3744
+ // check for access token expiry
3745
+ const expirationSec = Number(expiresOn) || 0;
3746
+ const offsetCurrentTimeSec = nowSeconds() + offset;
3747
+ // If current time + offset is greater than token expiration time, then token is expired.
3748
+ return offsetCurrentTimeSec > expirationSec;
3749
+ }
3731
3750
  /**
3732
- * Server-originated error code indicating the token is invalid or corrupted.
3733
- * @public
3751
+ * Checks if a cache entry is expired based on the last updated time and cache retention days.
3752
+ * @param lastUpdatedAt
3753
+ * @param cacheRetentionDays
3754
+ * @returns
3734
3755
  */
3735
- const badToken = "bad_token";
3756
+ function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3757
+ const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3758
+ return Date.now() > cacheExpirationTimestamp;
3759
+ }
3736
3760
  /**
3737
- * Server-originated error code indicating the user is in an interrupted state and interaction is required.
3738
- * @public
3761
+ * If the current time is earlier than the time that a token was cached at, we must discard the token
3762
+ * i.e. The system clock was turned back after acquiring the cached token
3763
+ * @param cachedAt
3764
+ * @param offset
3739
3765
  */
3740
- const interruptedUser = "interrupted_user";
3741
-
3742
- var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
3743
- __proto__: null,
3744
- badToken: badToken,
3745
- consentRequired: consentRequired,
3746
- interactionRequired: interactionRequired,
3747
- interruptedUser: interruptedUser,
3748
- loginRequired: loginRequired,
3749
- nativeAccountUnavailable: nativeAccountUnavailable,
3750
- noTokensFound: noTokensFound,
3751
- refreshTokenExpired: refreshTokenExpired,
3752
- uxNotAllowed: uxNotAllowed
3753
- });
3766
+ function wasClockTurnedBack(cachedAt) {
3767
+ const cachedAtSec = Number(cachedAt);
3768
+ return cachedAtSec > nowSeconds();
3769
+ }
3754
3770
 
3755
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3771
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3756
3772
 
3757
3773
  /*
3758
3774
  * Copyright (c) Microsoft Corporation. All rights reserved.
3759
3775
  * Licensed under the MIT License.
3760
3776
  */
3761
3777
  /**
3762
- * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
3778
+ * Create IdTokenEntity
3779
+ * @param homeAccountId
3780
+ * @param authenticationResult
3781
+ * @param clientId
3782
+ * @param authority
3763
3783
  */
3764
- const InteractionRequiredServerErrorMessage = [
3765
- interactionRequired,
3766
- consentRequired,
3767
- loginRequired,
3768
- badToken,
3769
- uxNotAllowed,
3770
- interruptedUser,
3771
- ];
3772
- const InteractionRequiredAuthSubErrorMessage = [
3773
- "message_only",
3774
- "additional_action",
3775
- "basic_action",
3776
- "user_password_expired",
3777
- "consent_required",
3778
- "bad_token",
3779
- "ux_not_allowed",
3780
- "interrupted_user",
3781
- ];
3784
+ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
3785
+ const idTokenEntity = {
3786
+ credentialType: CredentialType.ID_TOKEN,
3787
+ homeAccountId: homeAccountId,
3788
+ environment: environment,
3789
+ clientId: clientId,
3790
+ secret: idToken,
3791
+ realm: tenantId,
3792
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3793
+ };
3794
+ return idTokenEntity;
3795
+ }
3782
3796
  /**
3783
- * Error thrown when user interaction is required.
3797
+ * Create AccessTokenEntity
3798
+ * @param homeAccountId
3799
+ * @param environment
3800
+ * @param accessToken
3801
+ * @param clientId
3802
+ * @param tenantId
3803
+ * @param scopes
3804
+ * @param expiresOn
3805
+ * @param extExpiresOn
3784
3806
  */
3785
- class InteractionRequiredAuthError extends AuthError {
3786
- constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
3787
- super(errorCode, errorMessage, subError);
3788
- Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
3789
- this.timestamp = timestamp || "";
3790
- this.traceId = traceId || "";
3791
- this.correlationId = correlationId || "";
3792
- this.claims = claims || "";
3793
- this.name = "InteractionRequiredAuthError";
3794
- this.errorNo = errorNo;
3807
+ function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
3808
+ const atEntity = {
3809
+ homeAccountId: homeAccountId,
3810
+ credentialType: CredentialType.ACCESS_TOKEN,
3811
+ secret: accessToken,
3812
+ cachedAt: nowSeconds().toString(),
3813
+ expiresOn: expiresOn.toString(),
3814
+ extendedExpiresOn: extExpiresOn.toString(),
3815
+ environment: environment,
3816
+ clientId: clientId,
3817
+ realm: tenantId,
3818
+ target: scopes,
3819
+ tokenType: tokenType || AuthenticationScheme$1.BEARER,
3820
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3821
+ };
3822
+ if (userAssertionHash) {
3823
+ atEntity.userAssertionHash = userAssertionHash;
3824
+ }
3825
+ if (refreshOn) {
3826
+ atEntity.refreshOn = refreshOn.toString();
3827
+ }
3828
+ /*
3829
+ * Create Access Token With Auth Scheme instead of regular access token
3830
+ * Cast to lower to handle "bearer" from ADFS
3831
+ */
3832
+ if (atEntity.tokenType?.toLowerCase() !==
3833
+ AuthenticationScheme$1.BEARER.toLowerCase()) {
3834
+ atEntity.credentialType =
3835
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
3836
+ switch (atEntity.tokenType) {
3837
+ case AuthenticationScheme$1.POP:
3838
+ // Make sure keyId is present and add it to credential
3839
+ const tokenClaims = extractTokenClaims(accessToken, base64Decode);
3840
+ if (!tokenClaims?.cnf?.kid) {
3841
+ throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
3842
+ }
3843
+ atEntity.keyId = tokenClaims.cnf.kid;
3844
+ break;
3845
+ case AuthenticationScheme$1.SSH:
3846
+ atEntity.keyId = keyId;
3847
+ }
3795
3848
  }
3849
+ return atEntity;
3796
3850
  }
3797
3851
  /**
3798
- * Helper function used to determine if an error thrown by the server requires interaction to resolve
3799
- * @param errorCode
3800
- * @param errorString
3801
- * @param subError
3852
+ * Create RefreshTokenEntity
3853
+ * @param homeAccountId
3854
+ * @param authenticationResult
3855
+ * @param clientId
3856
+ * @param authority
3802
3857
  */
3803
- function isInteractionRequiredError(errorCode, errorString, subError) {
3804
- const isInteractionRequiredErrorCode = !!errorCode &&
3805
- InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
3806
- const isInteractionRequiredSubError = !!subError &&
3807
- InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
3808
- const isInteractionRequiredErrorDesc = !!errorString &&
3809
- InteractionRequiredServerErrorMessage.some((irErrorCode) => {
3810
- return errorString.indexOf(irErrorCode) > -1;
3811
- });
3812
- return (isInteractionRequiredErrorCode ||
3813
- isInteractionRequiredErrorDesc ||
3814
- isInteractionRequiredSubError);
3858
+ function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
3859
+ const rtEntity = {
3860
+ credentialType: CredentialType.REFRESH_TOKEN,
3861
+ homeAccountId: homeAccountId,
3862
+ environment: environment,
3863
+ clientId: clientId,
3864
+ secret: refreshToken,
3865
+ lastUpdatedAt: Date.now().toString(),
3866
+ };
3867
+ if (userAssertionHash) {
3868
+ rtEntity.userAssertionHash = userAssertionHash;
3869
+ }
3870
+ if (familyId) {
3871
+ rtEntity.familyId = familyId;
3872
+ }
3873
+ if (expiresOn) {
3874
+ rtEntity.expiresOn = expiresOn.toString();
3875
+ }
3876
+ return rtEntity;
3877
+ }
3878
+ function isCredentialEntity(entity) {
3879
+ return (entity.hasOwnProperty("homeAccountId") &&
3880
+ entity.hasOwnProperty("environment") &&
3881
+ entity.hasOwnProperty("credentialType") &&
3882
+ entity.hasOwnProperty("clientId") &&
3883
+ entity.hasOwnProperty("secret"));
3815
3884
  }
3816
3885
  /**
3817
- * Creates an InteractionRequiredAuthError
3818
- */
3819
- function createInteractionRequiredAuthError(errorCode, errorMessage) {
3820
- return new InteractionRequiredAuthError(errorCode, errorMessage);
3821
- }
3822
-
3823
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3824
-
3825
- /*
3826
- * Copyright (c) Microsoft Corporation. All rights reserved.
3827
- * Licensed under the MIT License.
3886
+ * Validates an entity: checks for all expected params
3887
+ * @param entity
3828
3888
  */
3889
+ function isAccessTokenEntity(entity) {
3890
+ if (!entity) {
3891
+ return false;
3892
+ }
3893
+ return (isCredentialEntity(entity) &&
3894
+ entity.hasOwnProperty("realm") &&
3895
+ entity.hasOwnProperty("target") &&
3896
+ (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
3897
+ entity["credentialType"] ===
3898
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
3899
+ }
3829
3900
  /**
3830
- * Appends user state with random guid, or returns random guid.
3831
- * @param cryptoObj
3832
- * @param userState
3833
- * @param meta
3901
+ * Validates an entity: checks for all expected params
3902
+ * @param entity
3834
3903
  */
3835
- function setRequestState(cryptoObj, userState, meta) {
3836
- const libraryState = generateLibraryState(cryptoObj, meta);
3837
- return userState
3838
- ? `${libraryState}${RESOURCE_DELIM}${userState}`
3839
- : libraryState;
3904
+ function isIdTokenEntity(entity) {
3905
+ if (!entity) {
3906
+ return false;
3907
+ }
3908
+ return (isCredentialEntity(entity) &&
3909
+ entity.hasOwnProperty("realm") &&
3910
+ entity["credentialType"] === CredentialType.ID_TOKEN);
3840
3911
  }
3841
3912
  /**
3842
- * Generates the state value used by the common library.
3843
- * @param cryptoObj
3844
- * @param meta
3913
+ * Validates an entity: checks for all expected params
3914
+ * @param entity
3845
3915
  */
3846
- function generateLibraryState(cryptoObj, meta) {
3847
- if (!cryptoObj) {
3848
- throw createClientAuthError(noCryptoObject);
3849
- }
3850
- // Create a state object containing a unique id and the timestamp of the request creation
3851
- const stateObj = {
3852
- id: cryptoObj.createNewGuid(),
3853
- };
3854
- if (meta) {
3855
- stateObj.meta = meta;
3916
+ function isRefreshTokenEntity(entity) {
3917
+ if (!entity) {
3918
+ return false;
3856
3919
  }
3857
- const stateString = JSON.stringify(stateObj);
3858
- return cryptoObj.base64Encode(stateString);
3920
+ return (isCredentialEntity(entity) &&
3921
+ entity["credentialType"] === CredentialType.REFRESH_TOKEN);
3859
3922
  }
3860
3923
  /**
3861
- * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
3862
- * @param base64Decode
3863
- * @param state
3924
+ * validates if a given cache entry is "Telemetry", parses <key,value>
3925
+ * @param key
3926
+ * @param entity
3864
3927
  */
3865
- function parseRequestState(base64Decode, state) {
3866
- if (!base64Decode) {
3867
- throw createClientAuthError(noCryptoObject);
3868
- }
3869
- if (!state) {
3870
- throw createClientAuthError(invalidState);
3871
- }
3872
- try {
3873
- // Split the state between library state and user passed state and decode them separately
3874
- const splitState = state.split(RESOURCE_DELIM);
3875
- const libraryState = splitState[0];
3876
- const userState = splitState.length > 1
3877
- ? splitState.slice(1).join(RESOURCE_DELIM)
3878
- : "";
3879
- const libraryStateString = base64Decode(libraryState);
3880
- const libraryStateObj = JSON.parse(libraryStateString);
3881
- return {
3882
- userRequestState: userState || "",
3883
- libraryState: libraryStateObj,
3884
- };
3885
- }
3886
- catch (e) {
3887
- throw createClientAuthError(invalidState);
3928
+ function isServerTelemetryEntity(key, entity) {
3929
+ const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
3930
+ let validateEntity = true;
3931
+ if (entity) {
3932
+ validateEntity =
3933
+ entity.hasOwnProperty("failedRequests") &&
3934
+ entity.hasOwnProperty("errors") &&
3935
+ entity.hasOwnProperty("cacheHits");
3888
3936
  }
3889
- }
3890
-
3891
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3892
- /*
3893
- * Copyright (c) Microsoft Corporation. All rights reserved.
3894
- * Licensed under the MIT License.
3895
- */
3937
+ return validateKey && validateEntity;
3938
+ }
3896
3939
  /**
3897
- * Utility functions for managing date and time operations.
3940
+ * validates if a given cache entry is "Throttling", parses <key,value>
3941
+ * @param key
3942
+ * @param entity
3898
3943
  */
3944
+ function isThrottlingEntity(key, entity) {
3945
+ let validateKey = false;
3946
+ if (key) {
3947
+ validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
3948
+ }
3949
+ let validateEntity = true;
3950
+ if (entity) {
3951
+ validateEntity = entity.hasOwnProperty("throttleTime");
3952
+ }
3953
+ return validateKey && validateEntity;
3954
+ }
3899
3955
  /**
3900
- * return the current time in Unix time (seconds).
3956
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
3901
3957
  */
3902
- function nowSeconds() {
3903
- // Date.getTime() returns in milliseconds.
3904
- return Math.round(new Date().getTime() / 1000.0);
3958
+ function generateAppMetadataKey({ environment, clientId, }) {
3959
+ const appMetaDataKeyArray = [
3960
+ APP_METADATA,
3961
+ environment,
3962
+ clientId,
3963
+ ];
3964
+ return appMetaDataKeyArray
3965
+ .join(CACHE_KEY_SEPARATOR$1)
3966
+ .toLowerCase();
3905
3967
  }
3906
- /**
3907
- * Converts JS Date object to seconds
3908
- * @param date Date
3968
+ /*
3969
+ * Validates an entity: checks for all expected params
3970
+ * @param entity
3909
3971
  */
3910
- function toSecondsFromDate(date) {
3911
- // Convert date to seconds
3912
- return date.getTime() / 1000;
3972
+ function isAppMetadataEntity(key, entity) {
3973
+ if (!entity) {
3974
+ return false;
3975
+ }
3976
+ return (key.indexOf(APP_METADATA) === 0 &&
3977
+ entity.hasOwnProperty("clientId") &&
3978
+ entity.hasOwnProperty("environment"));
3913
3979
  }
3914
3980
  /**
3915
- * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3916
- * @param seconds
3981
+ * Validates an entity: checks for all expected params
3982
+ * @param entity
3917
3983
  */
3918
- function toDateFromSeconds(seconds) {
3919
- if (seconds) {
3920
- return new Date(Number(seconds) * 1000);
3984
+ function isAuthorityMetadataEntity(key, entity) {
3985
+ if (!entity) {
3986
+ return false;
3921
3987
  }
3922
- return new Date();
3988
+ return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
3989
+ entity.hasOwnProperty("aliases") &&
3990
+ entity.hasOwnProperty("preferred_cache") &&
3991
+ entity.hasOwnProperty("preferred_network") &&
3992
+ entity.hasOwnProperty("canonical_authority") &&
3993
+ entity.hasOwnProperty("authorization_endpoint") &&
3994
+ entity.hasOwnProperty("token_endpoint") &&
3995
+ entity.hasOwnProperty("issuer") &&
3996
+ entity.hasOwnProperty("aliasesFromNetwork") &&
3997
+ entity.hasOwnProperty("endpointsFromNetwork") &&
3998
+ entity.hasOwnProperty("expiresAt") &&
3999
+ entity.hasOwnProperty("jwks_uri"));
3923
4000
  }
3924
4001
  /**
3925
- * check if a token is expired based on given UTC time in seconds.
3926
- * @param expiresOn
4002
+ * Reset the exiresAt value
3927
4003
  */
3928
- function isTokenExpired(expiresOn, offset) {
3929
- // check for access token expiry
3930
- const expirationSec = Number(expiresOn) || 0;
3931
- const offsetCurrentTimeSec = nowSeconds() + offset;
3932
- // If current time + offset is greater than token expiration time, then token is expired.
3933
- return offsetCurrentTimeSec > expirationSec;
4004
+ function generateAuthorityMetadataExpiresAt() {
4005
+ return (nowSeconds() +
4006
+ AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
3934
4007
  }
3935
- /**
3936
- * Checks if a cache entry is expired based on the last updated time and cache retention days.
3937
- * @param lastUpdatedAt
3938
- * @param cacheRetentionDays
3939
- * @returns
3940
- */
3941
- function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3942
- const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3943
- return Date.now() > cacheExpirationTimestamp;
4008
+ function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4009
+ authorityMetadata.authorization_endpoint =
4010
+ updatedValues.authorization_endpoint;
4011
+ authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4012
+ authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4013
+ authorityMetadata.issuer = updatedValues.issuer;
4014
+ authorityMetadata.endpointsFromNetwork = fromNetwork;
4015
+ authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4016
+ }
4017
+ function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4018
+ authorityMetadata.aliases = updatedValues.aliases;
4019
+ authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4020
+ authorityMetadata.preferred_network = updatedValues.preferred_network;
4021
+ authorityMetadata.aliasesFromNetwork = fromNetwork;
3944
4022
  }
3945
4023
  /**
3946
- * If the current time is earlier than the time that a token was cached at, we must discard the token
3947
- * i.e. The system clock was turned back after acquiring the cached token
3948
- * @param cachedAt
3949
- * @param offset
4024
+ * Returns whether or not the data needs to be refreshed
3950
4025
  */
3951
- function wasClockTurnedBack(cachedAt) {
3952
- const cachedAtSec = Number(cachedAt);
3953
- return cachedAtSec > nowSeconds();
4026
+ function isAuthorityMetadataExpired(metadata) {
4027
+ return metadata.expiresAt <= nowSeconds();
3954
4028
  }
3955
4029
 
3956
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4030
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3957
4031
  /*
3958
4032
  * Copyright (c) Microsoft Corporation. All rights reserved.
3959
4033
  * Licensed under the MIT License.
@@ -4024,7 +4098,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4024
4098
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4025
4099
  const SetUserData = "setUserData";
4026
4100
 
4027
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4101
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4028
4102
  /*
4029
4103
  * Copyright (c) Microsoft Corporation. All rights reserved.
4030
4104
  * Licensed under the MIT License.
@@ -4047,8 +4121,7 @@ const invoke = (callback, eventName, logger, telemetryClient, correlationId) =>
4047
4121
  const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId);
4048
4122
  if (correlationId) {
4049
4123
  // Track number of times this API is called in a single request
4050
- const eventCount = eventName + "CallCount";
4051
- telemetryClient.incrementFields({ [eventCount]: 1 }, correlationId);
4124
+ telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId);
4052
4125
  }
4053
4126
  try {
4054
4127
  const result = callback(...args);
@@ -4092,8 +4165,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4092
4165
  const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId);
4093
4166
  if (correlationId) {
4094
4167
  // Track number of times this API is called in a single request
4095
- const eventCount = eventName + "CallCount";
4096
- telemetryClient.incrementFields({ [eventCount]: 1 }, correlationId);
4168
+ telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId);
4097
4169
  }
4098
4170
  return callback(...args)
4099
4171
  .then((response) => {
@@ -4119,7 +4191,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4119
4191
  };
4120
4192
  };
4121
4193
 
4122
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4194
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4123
4195
 
4124
4196
  /*
4125
4197
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4199,293 +4271,226 @@ class PopTokenGenerator {
4199
4271
  }
4200
4272
  }
4201
4273
 
4202
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4274
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4203
4275
  /*
4204
4276
  * Copyright (c) Microsoft Corporation. All rights reserved.
4205
4277
  * Licensed under the MIT License.
4206
4278
  */
4207
4279
  /**
4208
- * This class instance helps track the memory changes facilitating
4209
- * decisions to read from and write to the persistent cache
4210
- */ class TokenCacheContext {
4211
- constructor(tokenCache, hasChanged) {
4212
- this.cache = tokenCache;
4213
- this.hasChanged = hasChanged;
4214
- }
4215
- /**
4216
- * boolean which indicates the changes in cache
4217
- */
4218
- get cacheHasChanged() {
4219
- return this.hasChanged;
4220
- }
4221
- /**
4222
- * function to retrieve the token cache
4223
- */
4224
- get tokenCache() {
4225
- return this.cache;
4226
- }
4227
- }
4228
-
4229
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4230
-
4231
- /*
4232
- * Copyright (c) Microsoft Corporation. All rights reserved.
4233
- * Licensed under the MIT License.
4280
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
4281
+ * @public
4234
4282
  */
4283
+ const noTokensFound = "no_tokens_found";
4235
4284
  /**
4236
- * Create IdTokenEntity
4237
- * @param homeAccountId
4238
- * @param authenticationResult
4239
- * @param clientId
4240
- * @param authority
4285
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
4286
+ * @public
4241
4287
  */
4242
- function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
4243
- const idTokenEntity = {
4244
- credentialType: CredentialType.ID_TOKEN,
4245
- homeAccountId: homeAccountId,
4246
- environment: environment,
4247
- clientId: clientId,
4248
- secret: idToken,
4249
- realm: tenantId,
4250
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4251
- };
4252
- return idTokenEntity;
4253
- }
4288
+ const nativeAccountUnavailable = "native_account_unavailable";
4254
4289
  /**
4255
- * Create AccessTokenEntity
4256
- * @param homeAccountId
4257
- * @param environment
4258
- * @param accessToken
4259
- * @param clientId
4260
- * @param tenantId
4261
- * @param scopes
4262
- * @param expiresOn
4263
- * @param extExpiresOn
4290
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
4291
+ * @public
4264
4292
  */
4265
- function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
4266
- const atEntity = {
4267
- homeAccountId: homeAccountId,
4268
- credentialType: CredentialType.ACCESS_TOKEN,
4269
- secret: accessToken,
4270
- cachedAt: nowSeconds().toString(),
4271
- expiresOn: expiresOn.toString(),
4272
- extendedExpiresOn: extExpiresOn.toString(),
4273
- environment: environment,
4274
- clientId: clientId,
4275
- realm: tenantId,
4276
- target: scopes,
4277
- tokenType: tokenType || AuthenticationScheme$1.BEARER,
4278
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4279
- };
4280
- if (userAssertionHash) {
4281
- atEntity.userAssertionHash = userAssertionHash;
4282
- }
4283
- if (refreshOn) {
4284
- atEntity.refreshOn = refreshOn.toString();
4285
- }
4286
- /*
4287
- * Create Access Token With Auth Scheme instead of regular access token
4288
- * Cast to lower to handle "bearer" from ADFS
4289
- */
4290
- if (atEntity.tokenType?.toLowerCase() !==
4291
- AuthenticationScheme$1.BEARER.toLowerCase()) {
4292
- atEntity.credentialType =
4293
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
4294
- switch (atEntity.tokenType) {
4295
- case AuthenticationScheme$1.POP:
4296
- // Make sure keyId is present and add it to credential
4297
- const tokenClaims = extractTokenClaims(accessToken, base64Decode);
4298
- if (!tokenClaims?.cnf?.kid) {
4299
- throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
4300
- }
4301
- atEntity.keyId = tokenClaims.cnf.kid;
4302
- break;
4303
- case AuthenticationScheme$1.SSH:
4304
- atEntity.keyId = keyId;
4305
- }
4306
- }
4307
- return atEntity;
4308
- }
4293
+ const refreshTokenExpired = "refresh_token_expired";
4309
4294
  /**
4310
- * Create RefreshTokenEntity
4311
- * @param homeAccountId
4312
- * @param authenticationResult
4313
- * @param clientId
4314
- * @param authority
4295
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4296
+ * @public
4315
4297
  */
4316
- function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
4317
- const rtEntity = {
4318
- credentialType: CredentialType.REFRESH_TOKEN,
4319
- homeAccountId: homeAccountId,
4320
- environment: environment,
4321
- clientId: clientId,
4322
- secret: refreshToken,
4323
- lastUpdatedAt: Date.now().toString(),
4324
- };
4325
- if (userAssertionHash) {
4326
- rtEntity.userAssertionHash = userAssertionHash;
4327
- }
4328
- if (familyId) {
4329
- rtEntity.familyId = familyId;
4330
- }
4331
- if (expiresOn) {
4332
- rtEntity.expiresOn = expiresOn.toString();
4333
- }
4334
- return rtEntity;
4335
- }
4336
- function isCredentialEntity(entity) {
4337
- return (entity.hasOwnProperty("homeAccountId") &&
4338
- entity.hasOwnProperty("environment") &&
4339
- entity.hasOwnProperty("credentialType") &&
4340
- entity.hasOwnProperty("clientId") &&
4341
- entity.hasOwnProperty("secret"));
4342
- }
4298
+ const uxNotAllowed = "ux_not_allowed";
4343
4299
  /**
4344
- * Validates an entity: checks for all expected params
4345
- * @param entity
4300
+ * Server-originated error code indicating interaction is required to complete the request.
4301
+ * @public
4346
4302
  */
4347
- function isAccessTokenEntity(entity) {
4348
- if (!entity) {
4349
- return false;
4350
- }
4351
- return (isCredentialEntity(entity) &&
4352
- entity.hasOwnProperty("realm") &&
4353
- entity.hasOwnProperty("target") &&
4354
- (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
4355
- entity["credentialType"] ===
4356
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
4357
- }
4303
+ const interactionRequired = "interaction_required";
4358
4304
  /**
4359
- * Validates an entity: checks for all expected params
4360
- * @param entity
4305
+ * Server-originated error code indicating user consent is required.
4306
+ * @public
4307
+ */
4308
+ const consentRequired = "consent_required";
4309
+ /**
4310
+ * Server-originated error code indicating user login is required.
4311
+ * @public
4312
+ */
4313
+ const loginRequired = "login_required";
4314
+ /**
4315
+ * Server-originated error code indicating the token is invalid or corrupted.
4316
+ * @public
4317
+ */
4318
+ const badToken = "bad_token";
4319
+ /**
4320
+ * Server-originated error code indicating the user is in an interrupted state and interaction is required.
4321
+ * @public
4322
+ */
4323
+ const interruptedUser = "interrupted_user";
4324
+
4325
+ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
4326
+ __proto__: null,
4327
+ badToken: badToken,
4328
+ consentRequired: consentRequired,
4329
+ interactionRequired: interactionRequired,
4330
+ interruptedUser: interruptedUser,
4331
+ loginRequired: loginRequired,
4332
+ nativeAccountUnavailable: nativeAccountUnavailable,
4333
+ noTokensFound: noTokensFound,
4334
+ refreshTokenExpired: refreshTokenExpired,
4335
+ uxNotAllowed: uxNotAllowed
4336
+ });
4337
+
4338
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4339
+
4340
+ /*
4341
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4342
+ * Licensed under the MIT License.
4361
4343
  */
4362
- function isIdTokenEntity(entity) {
4363
- if (!entity) {
4364
- return false;
4365
- }
4366
- return (isCredentialEntity(entity) &&
4367
- entity.hasOwnProperty("realm") &&
4368
- entity["credentialType"] === CredentialType.ID_TOKEN);
4369
- }
4370
4344
  /**
4371
- * Validates an entity: checks for all expected params
4372
- * @param entity
4345
+ * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
4373
4346
  */
4374
- function isRefreshTokenEntity(entity) {
4375
- if (!entity) {
4376
- return false;
4377
- }
4378
- return (isCredentialEntity(entity) &&
4379
- entity["credentialType"] === CredentialType.REFRESH_TOKEN);
4380
- }
4347
+ const InteractionRequiredServerErrorMessage = [
4348
+ interactionRequired,
4349
+ consentRequired,
4350
+ loginRequired,
4351
+ badToken,
4352
+ uxNotAllowed,
4353
+ interruptedUser,
4354
+ ];
4355
+ const InteractionRequiredAuthSubErrorMessage = [
4356
+ "message_only",
4357
+ "additional_action",
4358
+ "basic_action",
4359
+ "user_password_expired",
4360
+ "consent_required",
4361
+ "bad_token",
4362
+ "ux_not_allowed",
4363
+ "interrupted_user",
4364
+ ];
4381
4365
  /**
4382
- * validates if a given cache entry is "Telemetry", parses <key,value>
4383
- * @param key
4384
- * @param entity
4366
+ * Error thrown when user interaction is required.
4385
4367
  */
4386
- function isServerTelemetryEntity(key, entity) {
4387
- const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
4388
- let validateEntity = true;
4389
- if (entity) {
4390
- validateEntity =
4391
- entity.hasOwnProperty("failedRequests") &&
4392
- entity.hasOwnProperty("errors") &&
4393
- entity.hasOwnProperty("cacheHits");
4368
+ class InteractionRequiredAuthError extends AuthError {
4369
+ constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
4370
+ super(errorCode, errorMessage, subError);
4371
+ Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
4372
+ this.timestamp = timestamp || "";
4373
+ this.traceId = traceId || "";
4374
+ this.correlationId = correlationId || "";
4375
+ this.claims = claims || "";
4376
+ this.name = "InteractionRequiredAuthError";
4377
+ this.errorNo = errorNo;
4394
4378
  }
4395
- return validateKey && validateEntity;
4396
4379
  }
4397
4380
  /**
4398
- * validates if a given cache entry is "Throttling", parses <key,value>
4399
- * @param key
4400
- * @param entity
4381
+ * Helper function used to determine if an error thrown by the server requires interaction to resolve
4382
+ * @param errorCode
4383
+ * @param errorString
4384
+ * @param subError
4401
4385
  */
4402
- function isThrottlingEntity(key, entity) {
4403
- let validateKey = false;
4404
- if (key) {
4405
- validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
4406
- }
4407
- let validateEntity = true;
4408
- if (entity) {
4409
- validateEntity = entity.hasOwnProperty("throttleTime");
4410
- }
4411
- return validateKey && validateEntity;
4386
+ function isInteractionRequiredError(errorCode, errorString, subError) {
4387
+ const isInteractionRequiredErrorCode = !!errorCode &&
4388
+ InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
4389
+ const isInteractionRequiredSubError = !!subError &&
4390
+ InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
4391
+ const isInteractionRequiredErrorDesc = !!errorString &&
4392
+ InteractionRequiredServerErrorMessage.some((irErrorCode) => {
4393
+ return errorString.indexOf(irErrorCode) > -1;
4394
+ });
4395
+ return (isInteractionRequiredErrorCode ||
4396
+ isInteractionRequiredErrorDesc ||
4397
+ isInteractionRequiredSubError);
4412
4398
  }
4413
4399
  /**
4414
- * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
4400
+ * Creates an InteractionRequiredAuthError
4415
4401
  */
4416
- function generateAppMetadataKey({ environment, clientId, }) {
4417
- const appMetaDataKeyArray = [
4418
- APP_METADATA,
4419
- environment,
4420
- clientId,
4421
- ];
4422
- return appMetaDataKeyArray
4423
- .join(CACHE_KEY_SEPARATOR$1)
4424
- .toLowerCase();
4425
- }
4402
+ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4403
+ return new InteractionRequiredAuthError(errorCode, errorMessage);
4404
+ }
4405
+
4406
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4407
+
4426
4408
  /*
4427
- * Validates an entity: checks for all expected params
4428
- * @param entity
4409
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4410
+ * Licensed under the MIT License.
4429
4411
  */
4430
- function isAppMetadataEntity(key, entity) {
4431
- if (!entity) {
4432
- return false;
4433
- }
4434
- return (key.indexOf(APP_METADATA) === 0 &&
4435
- entity.hasOwnProperty("clientId") &&
4436
- entity.hasOwnProperty("environment"));
4437
- }
4438
4412
  /**
4439
- * Validates an entity: checks for all expected params
4440
- * @param entity
4413
+ * Error thrown when there is an error with the server code, for example, unavailability.
4441
4414
  */
4442
- function isAuthorityMetadataEntity(key, entity) {
4443
- if (!entity) {
4444
- return false;
4415
+ class ServerError extends AuthError {
4416
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
4417
+ super(errorCode, errorMessage, subError);
4418
+ this.name = "ServerError";
4419
+ this.errorNo = errorNo;
4420
+ this.status = status;
4421
+ Object.setPrototypeOf(this, ServerError.prototype);
4445
4422
  }
4446
- return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4447
- entity.hasOwnProperty("aliases") &&
4448
- entity.hasOwnProperty("preferred_cache") &&
4449
- entity.hasOwnProperty("preferred_network") &&
4450
- entity.hasOwnProperty("canonical_authority") &&
4451
- entity.hasOwnProperty("authorization_endpoint") &&
4452
- entity.hasOwnProperty("token_endpoint") &&
4453
- entity.hasOwnProperty("issuer") &&
4454
- entity.hasOwnProperty("aliasesFromNetwork") &&
4455
- entity.hasOwnProperty("endpointsFromNetwork") &&
4456
- entity.hasOwnProperty("expiresAt") &&
4457
- entity.hasOwnProperty("jwks_uri"));
4458
- }
4423
+ }
4424
+
4425
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4426
+
4427
+ /*
4428
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4429
+ * Licensed under the MIT License.
4430
+ */
4459
4431
  /**
4460
- * Reset the exiresAt value
4432
+ * Appends user state with random guid, or returns random guid.
4433
+ * @param cryptoObj
4434
+ * @param userState
4435
+ * @param meta
4461
4436
  */
4462
- function generateAuthorityMetadataExpiresAt() {
4463
- return (nowSeconds() +
4464
- AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4465
- }
4466
- function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4467
- authorityMetadata.authorization_endpoint =
4468
- updatedValues.authorization_endpoint;
4469
- authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4470
- authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4471
- authorityMetadata.issuer = updatedValues.issuer;
4472
- authorityMetadata.endpointsFromNetwork = fromNetwork;
4473
- authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4437
+ function setRequestState(cryptoObj, userState, meta) {
4438
+ const libraryState = generateLibraryState(cryptoObj, meta);
4439
+ return userState
4440
+ ? `${libraryState}${RESOURCE_DELIM}${userState}`
4441
+ : libraryState;
4474
4442
  }
4475
- function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4476
- authorityMetadata.aliases = updatedValues.aliases;
4477
- authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4478
- authorityMetadata.preferred_network = updatedValues.preferred_network;
4479
- authorityMetadata.aliasesFromNetwork = fromNetwork;
4443
+ /**
4444
+ * Generates the state value used by the common library.
4445
+ * @param cryptoObj
4446
+ * @param meta
4447
+ */
4448
+ function generateLibraryState(cryptoObj, meta) {
4449
+ if (!cryptoObj) {
4450
+ throw createClientAuthError(noCryptoObject);
4451
+ }
4452
+ // Create a state object containing a unique id and the timestamp of the request creation
4453
+ const stateObj = {
4454
+ id: cryptoObj.createNewGuid(),
4455
+ };
4456
+ if (meta) {
4457
+ stateObj.meta = meta;
4458
+ }
4459
+ const stateString = JSON.stringify(stateObj);
4460
+ return cryptoObj.base64Encode(stateString);
4480
4461
  }
4481
4462
  /**
4482
- * Returns whether or not the data needs to be refreshed
4463
+ * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
4464
+ * @param base64Decode
4465
+ * @param state
4483
4466
  */
4484
- function isAuthorityMetadataExpired(metadata) {
4485
- return metadata.expiresAt <= nowSeconds();
4467
+ function parseRequestState(base64Decode, state) {
4468
+ if (!base64Decode) {
4469
+ throw createClientAuthError(noCryptoObject);
4470
+ }
4471
+ if (!state) {
4472
+ throw createClientAuthError(invalidState);
4473
+ }
4474
+ try {
4475
+ // Split the state between library state and user passed state and decode them separately
4476
+ const splitState = state.split(RESOURCE_DELIM);
4477
+ const libraryState = splitState[0];
4478
+ const userState = splitState.length > 1
4479
+ ? splitState.slice(1).join(RESOURCE_DELIM)
4480
+ : "";
4481
+ const libraryStateString = base64Decode(libraryState);
4482
+ const libraryStateObj = JSON.parse(libraryStateString);
4483
+ return {
4484
+ userRequestState: userState || "",
4485
+ libraryState: libraryStateObj,
4486
+ };
4487
+ }
4488
+ catch (e) {
4489
+ throw createClientAuthError(invalidState);
4490
+ }
4486
4491
  }
4487
4492
 
4488
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4493
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4489
4494
 
4490
4495
  /*
4491
4496
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4641,7 +4646,7 @@ class ResponseHandler {
4641
4646
  if (serverTokenResponse.id_token && !!idTokenClaims) {
4642
4647
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
4643
4648
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
4644
- this.logger);
4649
+ this.logger, this.performanceClient);
4645
4650
  }
4646
4651
  // AccessToken
4647
4652
  let cachedAccessToken = null;
@@ -4787,17 +4792,24 @@ class ResponseHandler {
4787
4792
  };
4788
4793
  }
4789
4794
  }
4790
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
4795
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
4791
4796
  logger?.verbose("09jz0t", correlationId);
4792
- // Check if base account is already cached
4793
- const accountKeys = cacheStorage.getAccountKeys();
4794
- const baseAccountKey = accountKeys.find((accountKey) => {
4795
- return accountKey.startsWith(homeAccountId);
4796
- });
4797
- let cachedAccount = null;
4798
- if (baseAccountKey) {
4799
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
4797
+ /*
4798
+ * Check if base account is already cached. Filter by homeAccountId (identifies
4799
+ * the user's home identity) and environment (identifies the cloud) the two
4800
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
4801
+ */
4802
+ const accountEnvironment = environment || authority.getPreferredCache();
4803
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
4804
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
4805
+ if (matchedAccounts.length > 1) {
4806
+ /*
4807
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
4808
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
4809
+ */
4810
+ logger?.warning("0x7ad1", correlationId);
4800
4811
  }
4812
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
4801
4813
  const baseAccount = cachedAccount ||
4802
4814
  createAccountEntity({
4803
4815
  homeAccountId,
@@ -4821,7 +4833,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4821
4833
  return baseAccount;
4822
4834
  }
4823
4835
 
4824
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4836
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4825
4837
  /*
4826
4838
  * Copyright (c) Microsoft Corporation. All rights reserved.
4827
4839
  * Licensed under the MIT License.
@@ -4831,7 +4843,7 @@ const CcsCredentialType = {
4831
4843
  UPN: "UPN",
4832
4844
  };
4833
4845
 
4834
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4846
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4835
4847
  /*
4836
4848
  * Copyright (c) Microsoft Corporation. All rights reserved.
4837
4849
  * Licensed under the MIT License.
@@ -4849,7 +4861,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4849
4861
  }
4850
4862
  }
4851
4863
 
4852
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4864
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4853
4865
  /*
4854
4866
  * Copyright (c) Microsoft Corporation. All rights reserved.
4855
4867
  * Licensed under the MIT License.
@@ -4870,7 +4882,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4870
4882
  };
4871
4883
  }
4872
4884
 
4873
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4885
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4874
4886
 
4875
4887
  /*
4876
4888
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4956,7 +4968,7 @@ class ThrottlingUtils {
4956
4968
  }
4957
4969
  }
4958
4970
 
4959
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4971
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4960
4972
 
4961
4973
  /*
4962
4974
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4987,7 +4999,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4987
4999
  return new NetworkError(error, httpStatus, responseHeaders);
4988
5000
  }
4989
5001
 
4990
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5002
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4991
5003
 
4992
5004
  /*
4993
5005
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5101,7 +5113,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5101
5113
  return response;
5102
5114
  }
5103
5115
 
5104
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5116
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5105
5117
  /*
5106
5118
  * Copyright (c) Microsoft Corporation. All rights reserved.
5107
5119
  * Licensed under the MIT License.
@@ -5113,7 +5125,7 @@ function isOpenIdConfigResponse(response) {
5113
5125
  response.hasOwnProperty("jwks_uri"));
5114
5126
  }
5115
5127
 
5116
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5128
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5117
5129
  /*
5118
5130
  * Copyright (c) Microsoft Corporation. All rights reserved.
5119
5131
  * Licensed under the MIT License.
@@ -5123,7 +5135,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5123
5135
  response.hasOwnProperty("metadata"));
5124
5136
  }
5125
5137
 
5126
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5138
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5127
5139
  /*
5128
5140
  * Copyright (c) Microsoft Corporation. All rights reserved.
5129
5141
  * Licensed under the MIT License.
@@ -5133,7 +5145,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5133
5145
  response.hasOwnProperty("error_description"));
5134
5146
  }
5135
5147
 
5136
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5148
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5137
5149
 
5138
5150
  /*
5139
5151
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5238,7 +5250,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5238
5250
  },
5239
5251
  };
5240
5252
 
5241
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5253
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5242
5254
 
5243
5255
  /*
5244
5256
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6058,7 +6070,7 @@ function buildStaticAuthorityOptions(authOptions) {
6058
6070
  };
6059
6071
  }
6060
6072
 
6061
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6073
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6062
6074
 
6063
6075
  /*
6064
6076
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6092,7 +6104,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6092
6104
  }
6093
6105
  }
6094
6106
 
6095
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6107
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6096
6108
 
6097
6109
  /*
6098
6110
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6352,7 +6364,7 @@ class AuthorizationCodeClient {
6352
6364
  }
6353
6365
  }
6354
6366
 
6355
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6367
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6356
6368
 
6357
6369
  /*
6358
6370
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6577,7 +6589,7 @@ class RefreshTokenClient {
6577
6589
  }
6578
6590
  }
6579
6591
 
6580
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6592
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6581
6593
 
6582
6594
  /*
6583
6595
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6686,7 +6698,7 @@ class SilentFlowClient {
6686
6698
  }
6687
6699
  }
6688
6700
 
6689
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6701
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6690
6702
 
6691
6703
  /*
6692
6704
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6701,7 +6713,7 @@ const StubbedNetworkModule = {
6701
6713
  },
6702
6714
  };
6703
6715
 
6704
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6716
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6705
6717
 
6706
6718
  /*
6707
6719
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6925,7 +6937,7 @@ function extractLoginHint(account) {
6925
6937
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6926
6938
  }
6927
6939
 
6928
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6940
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6929
6941
 
6930
6942
  /*
6931
6943
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6983,7 +6995,7 @@ class AuthenticationHeaderParser {
6983
6995
  }
6984
6996
  }
6985
6997
 
6986
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6998
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6987
6999
  /*
6988
7000
  * Copyright (c) Microsoft Corporation. All rights reserved.
6989
7001
  * Licensed under the MIT License.
@@ -7000,7 +7012,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7000
7012
  unexpectedError: unexpectedError
7001
7013
  });
7002
7014
 
7003
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7015
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7004
7016
 
7005
7017
  /*
7006
7018
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7261,7 +7273,7 @@ class ServerTelemetryManager {
7261
7273
  }
7262
7274
  }
7263
7275
 
7264
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7276
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7265
7277
 
7266
7278
  /*
7267
7279
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7282,7 +7294,7 @@ function createJoseHeaderError(code) {
7282
7294
  return new JoseHeaderError(code);
7283
7295
  }
7284
7296
 
7285
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7297
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7286
7298
  /*
7287
7299
  * Copyright (c) Microsoft Corporation. All rights reserved.
7288
7300
  * Licensed under the MIT License.
@@ -7290,7 +7302,7 @@ function createJoseHeaderError(code) {
7290
7302
  const missingKidError = "missing_kid_error";
7291
7303
  const missingAlgError = "missing_alg_error";
7292
7304
 
7293
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7305
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7294
7306
 
7295
7307
  /*
7296
7308
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7330,7 +7342,7 @@ class JoseHeader {
7330
7342
  }
7331
7343
  }
7332
7344
 
7333
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7345
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7334
7346
 
7335
7347
  /*
7336
7348
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7629,9 +7641,13 @@ class PerformanceClient {
7629
7641
  if (error) {
7630
7642
  addError(error, this.logger, rootEvent);
7631
7643
  }
7632
- // Add sub-measurement attribute to root event.
7644
+ // Add sub-measurement attribute to root event's ext field.
7633
7645
  if (!isRoot) {
7634
- rootEvent[event.name + "DurationMs"] = Math.floor(event.durationMs);
7646
+ rootEvent.ext = {
7647
+ ...rootEvent.ext,
7648
+ ...event.ext,
7649
+ };
7650
+ rootEvent.ext[event.name + "DurationMs"] = Math.floor(event.durationMs);
7635
7651
  return { ...rootEvent };
7636
7652
  }
7637
7653
  if (isRoot &&
@@ -7677,10 +7693,32 @@ class PerformanceClient {
7677
7693
  addFields(fields, correlationId) {
7678
7694
  const event = this.eventsByCorrelationId.get(correlationId);
7679
7695
  if (event) {
7680
- this.eventsByCorrelationId.set(correlationId, {
7696
+ const staticFields = {};
7697
+ const dynamicFields = {};
7698
+ for (const key in fields) {
7699
+ if (key.startsWith(EXT_FIELD_PREFIX)) {
7700
+ const dynamicKey = key.slice(EXT_FIELD_PREFIX.length);
7701
+ const value = fields[key];
7702
+ if (typeof value === "string" ||
7703
+ typeof value === "number") {
7704
+ dynamicFields[dynamicKey] = value;
7705
+ }
7706
+ }
7707
+ else {
7708
+ staticFields[key] = fields[key];
7709
+ }
7710
+ }
7711
+ const updatedEvent = {
7681
7712
  ...event,
7682
- ...fields,
7683
- });
7713
+ ...staticFields,
7714
+ };
7715
+ if (Object.keys(dynamicFields).length) {
7716
+ updatedEvent.ext = {
7717
+ ...updatedEvent.ext,
7718
+ ...dynamicFields,
7719
+ };
7720
+ }
7721
+ this.eventsByCorrelationId.set(correlationId, updatedEvent);
7684
7722
  }
7685
7723
  else {
7686
7724
  this.logger.trace("0thl6s", correlationId);
@@ -7695,13 +7733,32 @@ class PerformanceClient {
7695
7733
  const event = this.eventsByCorrelationId.get(correlationId);
7696
7734
  if (event) {
7697
7735
  for (const counter in fields) {
7698
- if (!event.hasOwnProperty(counter)) {
7699
- event[counter] = 0;
7736
+ if (counter.startsWith(EXT_FIELD_PREFIX)) {
7737
+ event.ext = event.ext || {};
7738
+ // Route to ext sub-object
7739
+ const dynamicKey = counter.slice(EXT_FIELD_PREFIX.length);
7740
+ const currentValue = event.ext[dynamicKey];
7741
+ if (currentValue === undefined) {
7742
+ event.ext[dynamicKey] = 0;
7743
+ }
7744
+ else if (isNaN(Number(currentValue))) {
7745
+ return;
7746
+ }
7747
+ event.ext[dynamicKey] =
7748
+ (Number(event.ext[dynamicKey]) || 0) +
7749
+ (fields[counter] ?? 0);
7700
7750
  }
7701
- else if (isNaN(Number(event[counter]))) {
7702
- return;
7751
+ else {
7752
+ /* eslint-disable custom-msal/no-dynamic-telemetry-fields -- internal dispatching of static fields by name */
7753
+ if (!event.hasOwnProperty(counter)) {
7754
+ event[counter] = 0;
7755
+ }
7756
+ else if (isNaN(Number(event[counter]))) {
7757
+ return;
7758
+ }
7759
+ event[counter] += fields[counter];
7760
+ /* eslint-enable custom-msal/no-dynamic-telemetry-fields */
7703
7761
  }
7704
- event[counter] += fields[counter];
7705
7762
  }
7706
7763
  }
7707
7764
  else {
@@ -7794,9 +7851,11 @@ class PerformanceClient {
7794
7851
  */
7795
7852
  truncateIntegralFields(event) {
7796
7853
  this.intFields.forEach((key) => {
7854
+ /* eslint-disable custom-msal/no-dynamic-telemetry-fields -- internal truncation of known integer fields */
7797
7855
  if (key in event && typeof event[key] === "number") {
7798
7856
  event[key] = Math.floor(event[key]);
7799
7857
  }
7858
+ /* eslint-enable custom-msal/no-dynamic-telemetry-fields */
7800
7859
  });
7801
7860
  }
7802
7861
  /**
@@ -10156,7 +10215,7 @@ const EventType = {
10156
10215
 
10157
10216
  /* eslint-disable header/header */
10158
10217
  const name = "@azure/msal-browser";
10159
- const version = "5.3.0";
10218
+ const version = "5.4.1";
10160
10219
 
10161
10220
  /*
10162
10221
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12616,9 +12675,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12616
12675
  }
12617
12676
  // Get the preferred_cache domain for the given authority
12618
12677
  const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
12619
- const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, undefined, // environment
12678
+ const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
12620
12679
  idTokenClaims.tid, undefined, // auth code payload
12621
- response.account.id);
12680
+ response.account.id, this.logger, this.performanceClient);
12622
12681
  // Ensure expires_in is in number format
12623
12682
  response.expires_in = Number(response.expires_in);
12624
12683
  // generate authenticationResult
@@ -18027,7 +18086,7 @@ async function loadExternalTokens(config, request, response, options, performanc
18027
18086
  const storage = new BrowserCacheManager(browserConfig.auth.clientId, browserConfig.cache, cryptoOps, logger, browserConfig.telemetry.client, new EventHandler(logger), buildStaticAuthorityOptions(browserConfig.auth));
18028
18087
  const authorityString = request.authority || browserConfig.auth.authority;
18029
18088
  const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), browserConfig.system.networkClient, storage, authorityOptions, logger, correlationId, performanceClient);
18030
- const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims);
18089
+ const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims, performanceClient);
18031
18090
  const idToken = await invokeAsync(loadIdToken, LoadIdToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, correlationId, storage, logger, config.auth.clientId);
18032
18091
  const accessToken = await invokeAsync(loadAccessToken, LoadAccessToken, logger, performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, options, correlationId, storage, logger, config.auth.clientId);
18033
18092
  const refreshToken = await invokeAsync(loadRefreshToken, LoadRefreshToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, kmsi, correlationId, storage, logger, config.auth.clientId, performanceClient);
@@ -18053,7 +18112,7 @@ async function loadExternalTokens(config, request, response, options, performanc
18053
18112
  * @param requestHomeAccountId
18054
18113
  * @returns `AccountEntity`
18055
18114
  */
18056
- async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims) {
18115
+ async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims, performanceClient) {
18057
18116
  logger.verbose("0ke46k", correlationId);
18058
18117
  if (request.account) {
18059
18118
  const accountEntity = createAccountEntityFromAccountInfo(request.account);
@@ -18068,7 +18127,7 @@ async function loadAccount(request, clientInfo, correlationId, storage, logger,
18068
18127
  const claimsTenantId = idTokenClaims?.tid;
18069
18128
  const cachedAccount = buildAccountToCache(storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
18070
18129
  undefined, // nativeAccountId
18071
- logger);
18130
+ logger, performanceClient);
18072
18131
  await storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
18073
18132
  return cachedAccount;
18074
18133
  }