@azure/msal-browser 5.3.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (422) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  11. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  12. package/dist/cache/AccountManager.mjs +1 -1
  13. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  14. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  15. package/dist/cache/BrowserCacheManager.mjs +4 -1
  16. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  17. package/dist/cache/CacheHelpers.mjs +1 -1
  18. package/dist/cache/CacheKeys.mjs +1 -1
  19. package/dist/cache/CookieStorage.mjs +1 -1
  20. package/dist/cache/DatabaseStorage.mjs +1 -1
  21. package/dist/cache/EncryptedData.mjs +1 -1
  22. package/dist/cache/LocalStorage.mjs +1 -1
  23. package/dist/cache/MemoryStorage.mjs +1 -1
  24. package/dist/cache/SessionStorage.mjs +1 -1
  25. package/dist/cache/TokenCache.mjs +1 -1
  26. package/dist/config/Configuration.d.ts +4 -0
  27. package/dist/config/Configuration.d.ts.map +1 -1
  28. package/dist/config/Configuration.mjs +2 -1
  29. package/dist/config/Configuration.mjs.map +1 -1
  30. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  31. package/dist/controllers/NestedAppAuthController.mjs +12 -2
  32. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  33. package/dist/controllers/StandardController.d.ts.map +1 -1
  34. package/dist/controllers/StandardController.mjs +11 -8
  35. package/dist/controllers/StandardController.mjs.map +1 -1
  36. package/dist/crypto/BrowserCrypto.mjs +1 -1
  37. package/dist/crypto/CryptoOps.mjs +1 -1
  38. package/dist/crypto/PkceGenerator.mjs +1 -1
  39. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  40. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  49. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  50. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  51. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  52. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +4 -1
  53. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  55. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  56. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  59. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  60. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  61. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  62. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  63. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  64. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  65. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  66. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  67. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  68. package/dist/custom-auth-path/controllers/StandardController.mjs +11 -8
  69. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  70. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  71. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  72. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  74. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  180. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  181. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  182. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  183. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  184. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  185. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  186. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  187. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  188. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  189. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  190. package/dist/custom-auth-path/index.d.ts +1 -1
  191. package/dist/custom-auth-path/index.d.ts.map +1 -1
  192. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  193. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  194. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  196. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  197. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +5 -5
  199. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  200. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  201. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  203. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +3 -3
  205. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  208. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +6 -1
  209. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  210. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  212. package/dist/custom-auth-path/log-strings-mapping.json +19 -3
  213. package/dist/custom-auth-path/naa/TokenRequest.d.ts +1 -0
  214. package/dist/custom-auth-path/naa/TokenRequest.d.ts.map +1 -1
  215. package/dist/custom-auth-path/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  216. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  217. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  218. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  219. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  220. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  221. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  222. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  223. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  224. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  225. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  226. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  227. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  228. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  229. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  230. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  231. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  232. package/dist/custom-auth-path/utils/BrowserUtils.mjs +12 -2
  233. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  234. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  235. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  236. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  237. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  238. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  239. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  240. package/dist/encode/Base64Decode.mjs +1 -1
  241. package/dist/encode/Base64Encode.mjs +1 -1
  242. package/dist/error/BrowserAuthError.mjs +1 -1
  243. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  244. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  245. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  246. package/dist/error/NativeAuthError.mjs +1 -1
  247. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  248. package/dist/error/NestedAppAuthError.mjs +1 -1
  249. package/dist/event/EventHandler.mjs +1 -1
  250. package/dist/event/EventMessage.mjs +1 -1
  251. package/dist/event/EventType.mjs +1 -1
  252. package/dist/index.d.ts +1 -1
  253. package/dist/index.d.ts.map +1 -1
  254. package/dist/index.mjs +2 -2
  255. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  256. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  257. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  258. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  259. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  260. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  261. package/dist/interaction_client/PopupClient.mjs +5 -5
  262. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  263. package/dist/interaction_client/RedirectClient.mjs +1 -1
  264. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  265. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  266. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  267. package/dist/interaction_client/SilentIframeClient.mjs +3 -3
  268. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  269. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  270. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  271. package/dist/interaction_client/StandardInteractionClient.mjs +6 -1
  272. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  273. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  274. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  275. package/dist/log-strings-mapping.json +23 -7
  276. package/dist/naa/BridgeError.mjs +1 -1
  277. package/dist/naa/BridgeProxy.mjs +1 -1
  278. package/dist/naa/BridgeStatusCode.mjs +1 -1
  279. package/dist/naa/TokenRequest.d.ts +1 -0
  280. package/dist/naa/TokenRequest.d.ts.map +1 -1
  281. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  282. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -1
  283. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  284. package/dist/navigation/NavigationClient.mjs +1 -1
  285. package/dist/network/FetchClient.mjs +1 -1
  286. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  287. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  288. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  289. package/dist/packageMetadata.d.ts +1 -1
  290. package/dist/packageMetadata.mjs +2 -2
  291. package/dist/protocol/Authorize.mjs +1 -1
  292. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  293. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  294. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  295. package/dist/redirect-bridge/cache/BrowserCacheManager.d.ts.map +1 -1
  296. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  297. package/dist/redirect-bridge/config/Configuration.d.ts +4 -0
  298. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  299. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  300. package/dist/redirect-bridge/controllers/NestedAppAuthController.d.ts.map +1 -1
  301. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  302. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  303. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  304. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  305. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  306. package/dist/redirect-bridge/index.d.ts +1 -1
  307. package/dist/redirect-bridge/index.d.ts.map +1 -1
  308. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  309. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  310. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  311. package/dist/redirect-bridge/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  312. package/dist/redirect-bridge/naa/TokenRequest.d.ts +1 -0
  313. package/dist/redirect-bridge/naa/TokenRequest.d.ts.map +1 -1
  314. package/dist/redirect-bridge/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  315. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  316. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  317. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  318. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  319. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  320. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  321. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  322. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  323. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  324. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts +10 -0
  325. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  326. package/dist/request/RequestHelpers.mjs +1 -1
  327. package/dist/response/ResponseHandler.mjs +1 -1
  328. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceClient.mjs +5 -1
  330. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  332. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  333. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  334. package/dist/utils/BrowserConstants.mjs +1 -1
  335. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  336. package/dist/utils/BrowserUtils.d.ts +2 -2
  337. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  338. package/dist/utils/BrowserUtils.mjs +12 -2
  339. package/dist/utils/BrowserUtils.mjs.map +1 -1
  340. package/dist/utils/Helpers.mjs +1 -1
  341. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  342. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  343. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  344. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  345. package/lib/custom-auth-path/log-strings-mapping.json +19 -3
  346. package/lib/custom-auth-path/msal-custom-auth.cjs +192 -96
  347. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  348. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  350. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  351. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  352. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  353. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  354. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  355. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  357. package/lib/custom-auth-path/types/index.d.ts +1 -1
  358. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  360. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  361. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  363. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts +1 -0
  364. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts.map +1 -1
  365. package/lib/custom-auth-path/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  366. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  367. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  368. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  369. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  370. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  371. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  372. package/lib/log-strings-mapping.json +23 -7
  373. package/lib/msal-browser.cjs +289 -108
  374. package/lib/msal-browser.cjs.map +1 -1
  375. package/lib/msal-browser.js +289 -108
  376. package/lib/msal-browser.js.map +1 -1
  377. package/lib/msal-browser.min.js +2 -2
  378. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  379. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  380. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  381. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  382. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  383. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  384. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  385. package/lib/types/config/Configuration.d.ts +4 -0
  386. package/lib/types/config/Configuration.d.ts.map +1 -1
  387. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  388. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  389. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  390. package/lib/types/index.d.ts +1 -1
  391. package/lib/types/index.d.ts.map +1 -1
  392. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  393. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  394. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  395. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  396. package/lib/types/naa/TokenRequest.d.ts +1 -0
  397. package/lib/types/naa/TokenRequest.d.ts.map +1 -1
  398. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  399. package/lib/types/packageMetadata.d.ts +1 -1
  400. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  401. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  402. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  403. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  404. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  405. package/package.json +2 -2
  406. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +34 -17
  407. package/src/broker/nativeBroker/PlatformAuthRequest.ts +1 -0
  408. package/src/cache/BrowserCacheManager.ts +4 -0
  409. package/src/config/Configuration.ts +5 -0
  410. package/src/controllers/NestedAppAuthController.ts +14 -0
  411. package/src/controllers/StandardController.ts +13 -6
  412. package/src/index.ts +1 -0
  413. package/src/interaction_client/PlatformAuthInteractionClient.ts +1 -0
  414. package/src/interaction_client/PopupClient.ts +8 -4
  415. package/src/interaction_client/SilentIframeClient.ts +4 -2
  416. package/src/interaction_client/StandardInteractionClient.ts +11 -0
  417. package/src/naa/TokenRequest.ts +1 -0
  418. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -0
  419. package/src/packageMetadata.ts +1 -1
  420. package/src/telemetry/BrowserPerformanceClient.ts +4 -0
  421. package/src/utils/BrowserUtils.ts +24 -1
  422. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.3.0 2026-02-24 */
1
+ /*! @azure/msal-browser v5.5.0 2026-03-13 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
229
229
  // Token renewal offset default in seconds
230
230
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
231
231
 
232
- /*! @azure/msal-common v16.1.0 2026-02-24 */
232
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
233
233
  /*
234
234
  * Copyright (c) Microsoft Corporation. All rights reserved.
235
235
  * Licensed under the MIT License.
@@ -277,9 +277,10 @@ const BROKER_CLIENT_ID = "brk_client_id";
277
277
  const BROKER_REDIRECT_URI = "brk_redirect_uri";
278
278
  const INSTANCE_AWARE = "instance_aware";
279
279
  const EAR_JWK = "ear_jwk";
280
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
280
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
281
+ const RESOURCE = "resource";
281
282
 
282
- /*! @azure/msal-common v16.1.0 2026-02-24 */
283
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
283
284
  /*
284
285
  * Copyright (c) Microsoft Corporation. All rights reserved.
285
286
  * Licensed under the MIT License.
@@ -310,7 +311,7 @@ function createAuthError(code, additionalMessage) {
310
311
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
311
312
  }
312
313
 
313
- /*! @azure/msal-common v16.1.0 2026-02-24 */
314
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
314
315
 
315
316
  /*
316
317
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -330,7 +331,7 @@ function createClientConfigurationError(errorCode) {
330
331
  return new ClientConfigurationError(errorCode);
331
332
  }
332
333
 
333
- /*! @azure/msal-common v16.1.0 2026-02-24 */
334
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
334
335
  /*
335
336
  * Copyright (c) Microsoft Corporation. All rights reserved.
336
337
  * Licensed under the MIT License.
@@ -410,7 +411,7 @@ class StringUtils {
410
411
  }
411
412
  }
412
413
 
413
- /*! @azure/msal-common v16.1.0 2026-02-24 */
414
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
414
415
 
415
416
  /*
416
417
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -433,7 +434,7 @@ function createClientAuthError(errorCode, additionalMessage) {
433
434
  return new ClientAuthError(errorCode, additionalMessage);
434
435
  }
435
436
 
436
- /*! @azure/msal-common v16.1.0 2026-02-24 */
437
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
437
438
  /*
438
439
  * Copyright (c) Microsoft Corporation. All rights reserved.
439
440
  * Licensed under the MIT License.
@@ -457,7 +458,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
457
458
  const authorityMismatch = "authority_mismatch";
458
459
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
459
460
 
460
- /*! @azure/msal-common v16.1.0 2026-02-24 */
461
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
461
462
  /*
462
463
  * Copyright (c) Microsoft Corporation. All rights reserved.
463
464
  * Licensed under the MIT License.
@@ -492,9 +493,11 @@ const authorizationCodeMissingFromServerResponse = "authorization_code_missing_f
492
493
  const bindingKeyNotRemoved = "binding_key_not_removed";
493
494
  const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
494
495
  const keyIdMissing = "key_id_missing";
495
- const methodNotImplemented = "method_not_implemented";
496
+ const methodNotImplemented = "method_not_implemented";
497
+ const resourceParameterRequired = "resource_parameter_required";
498
+ const misplacedResourceParam = "misplaced_resource_parameter";
496
499
 
497
- /*! @azure/msal-common v16.1.0 2026-02-24 */
500
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
498
501
 
499
502
  /*
500
503
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -689,7 +692,7 @@ class ScopeSet {
689
692
  }
690
693
  }
691
694
 
692
- /*! @azure/msal-common v16.1.0 2026-02-24 */
695
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
693
696
 
694
697
  /*
695
698
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1054,9 +1057,14 @@ function addEARParameters(parameters, jwk) {
1054
1057
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
1055
1058
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
1056
1059
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1060
+ }
1061
+ function addResource(parameters, resource) {
1062
+ if (resource) {
1063
+ parameters.set(RESOURCE, resource);
1064
+ }
1057
1065
  }
1058
1066
 
1059
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1067
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1060
1068
 
1061
1069
  /*
1062
1070
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1165,7 +1173,7 @@ function normalizeUrlForComparison(url) {
1165
1173
  }
1166
1174
  }
1167
1175
 
1168
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1176
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1169
1177
 
1170
1178
  /*
1171
1179
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1204,7 +1212,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1204
1212
  },
1205
1213
  };
1206
1214
 
1207
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1215
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1208
1216
  /*
1209
1217
  * Copyright (c) Microsoft Corporation. All rights reserved.
1210
1218
  * Licensed under the MIT License.
@@ -1465,12 +1473,12 @@ class Logger {
1465
1473
  }
1466
1474
  }
1467
1475
 
1468
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1476
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1469
1477
  /* eslint-disable header/header */
1470
1478
  const name$1 = "@azure/msal-common";
1471
- const version$1 = "16.1.0";
1479
+ const version$1 = "16.3.0";
1472
1480
 
1473
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1481
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1474
1482
  /*
1475
1483
  * Copyright (c) Microsoft Corporation. All rights reserved.
1476
1484
  * Licensed under the MIT License.
@@ -1479,7 +1487,7 @@ const AzureCloudInstance = {
1479
1487
  // AzureCloudInstance is not specified.
1480
1488
  None: "none"};
1481
1489
 
1482
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1490
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1483
1491
  /*
1484
1492
  * Copyright (c) Microsoft Corporation. All rights reserved.
1485
1493
  * Licensed under the MIT License.
@@ -1561,7 +1569,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1561
1569
  return updatedAccountInfo;
1562
1570
  }
1563
1571
 
1564
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1572
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1565
1573
 
1566
1574
  /*
1567
1575
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1641,7 +1649,7 @@ function checkMaxAge(authTime, maxAge) {
1641
1649
  }
1642
1650
  }
1643
1651
 
1644
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1652
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1645
1653
 
1646
1654
  /*
1647
1655
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1798,7 +1806,7 @@ class UrlString {
1798
1806
  }
1799
1807
  }
1800
1808
 
1801
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1809
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1802
1810
 
1803
1811
  /*
1804
1812
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1955,7 +1963,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1955
1963
  return null;
1956
1964
  }
1957
1965
 
1958
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1966
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1959
1967
  /*
1960
1968
  * Copyright (c) Microsoft Corporation. All rights reserved.
1961
1969
  * Licensed under the MIT License.
@@ -1963,7 +1971,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1963
1971
  const cacheQuotaExceeded = "cache_quota_exceeded";
1964
1972
  const cacheErrorUnknown = "cache_error_unknown";
1965
1973
 
1966
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1974
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1967
1975
 
1968
1976
  /*
1969
1977
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2001,7 +2009,7 @@ function createCacheError(e) {
2001
2009
  }
2002
2010
  }
2003
2011
 
2004
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2012
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2005
2013
 
2006
2014
  /*
2007
2015
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2039,7 +2047,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2039
2047
  };
2040
2048
  }
2041
2049
 
2042
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2050
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2043
2051
  /*
2044
2052
  * Copyright (c) Microsoft Corporation. All rights reserved.
2045
2053
  * Licensed under the MIT License.
@@ -2054,7 +2062,7 @@ const AuthorityType = {
2054
2062
  Ciam: 3,
2055
2063
  };
2056
2064
 
2057
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2065
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2058
2066
  /*
2059
2067
  * Copyright (c) Microsoft Corporation. All rights reserved.
2060
2068
  * Licensed under the MIT License.
@@ -2076,7 +2084,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2076
2084
  return null;
2077
2085
  }
2078
2086
 
2079
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2087
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2080
2088
  /*
2081
2089
  * Copyright (c) Microsoft Corporation. All rights reserved.
2082
2090
  * Licensed under the MIT License.
@@ -2100,7 +2108,7 @@ const ProtocolMode = {
2100
2108
  EAR: "EAR",
2101
2109
  };
2102
2110
 
2103
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2111
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2104
2112
  /**
2105
2113
  * Returns the AccountInfo interface for this account.
2106
2114
  */
@@ -2275,7 +2283,7 @@ function isAccountEntity(entity) {
2275
2283
  entity.hasOwnProperty("authorityType"));
2276
2284
  }
2277
2285
 
2278
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2286
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2279
2287
 
2280
2288
  /*
2281
2289
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3371,7 +3379,7 @@ class DefaultStorageClass extends CacheManager {
3371
3379
  }
3372
3380
  }
3373
3381
 
3374
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3382
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3375
3383
  /*
3376
3384
  * Copyright (c) Microsoft Corporation. All rights reserved.
3377
3385
  * Licensed under the MIT License.
@@ -3385,7 +3393,7 @@ class DefaultStorageClass extends CacheManager {
3385
3393
  const PerformanceEventStatus = {
3386
3394
  InProgress: 1};
3387
3395
 
3388
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3396
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3389
3397
 
3390
3398
  /*
3391
3399
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3440,7 +3448,7 @@ class StubPerformanceClient {
3440
3448
  }
3441
3449
  }
3442
3450
 
3443
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3451
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3444
3452
 
3445
3453
  /*
3446
3454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3523,6 +3531,7 @@ function buildAuthOptions(authOptions) {
3523
3531
  clientCapabilities: [],
3524
3532
  azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3525
3533
  instanceAware: false,
3534
+ isMcp: false,
3526
3535
  ...authOptions,
3527
3536
  };
3528
3537
  }
@@ -3534,7 +3543,7 @@ function isOidcProtocolMode(config) {
3534
3543
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3535
3544
  }
3536
3545
 
3537
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3546
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3538
3547
 
3539
3548
  /*
3540
3549
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3553,7 +3562,7 @@ class ServerError extends AuthError {
3553
3562
  }
3554
3563
  }
3555
3564
 
3556
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3565
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3557
3566
  /*
3558
3567
  * Copyright (c) Microsoft Corporation. All rights reserved.
3559
3568
  * Licensed under the MIT License.
@@ -3604,7 +3613,7 @@ const badToken = "bad_token";
3604
3613
  */
3605
3614
  const interruptedUser = "interrupted_user";
3606
3615
 
3607
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3616
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3608
3617
 
3609
3618
  /*
3610
3619
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3672,7 +3681,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
3672
3681
  return new InteractionRequiredAuthError(errorCode, errorMessage);
3673
3682
  }
3674
3683
 
3675
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3684
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3676
3685
 
3677
3686
  /*
3678
3687
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3740,7 +3749,7 @@ function parseRequestState(base64Decode, state) {
3740
3749
  }
3741
3750
  }
3742
3751
 
3743
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3752
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3744
3753
  /*
3745
3754
  * Copyright (c) Microsoft Corporation. All rights reserved.
3746
3755
  * Licensed under the MIT License.
@@ -3805,7 +3814,7 @@ function wasClockTurnedBack(cachedAt) {
3805
3814
  return cachedAtSec > nowSeconds();
3806
3815
  }
3807
3816
 
3808
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3817
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3809
3818
  /*
3810
3819
  * Copyright (c) Microsoft Corporation. All rights reserved.
3811
3820
  * Licensed under the MIT License.
@@ -3876,7 +3885,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
3876
3885
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
3877
3886
  const SetUserData = "setUserData";
3878
3887
 
3879
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3888
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3880
3889
  /*
3881
3890
  * Copyright (c) Microsoft Corporation. All rights reserved.
3882
3891
  * Licensed under the MIT License.
@@ -3899,8 +3908,7 @@ const invoke = (callback, eventName, logger, telemetryClient, correlationId) =>
3899
3908
  const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId);
3900
3909
  if (correlationId) {
3901
3910
  // Track number of times this API is called in a single request
3902
- const eventCount = eventName + "CallCount";
3903
- telemetryClient.incrementFields({ [eventCount]: 1 }, correlationId);
3911
+ telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId);
3904
3912
  }
3905
3913
  try {
3906
3914
  const result = callback(...args);
@@ -3944,8 +3952,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
3944
3952
  const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId);
3945
3953
  if (correlationId) {
3946
3954
  // Track number of times this API is called in a single request
3947
- const eventCount = eventName + "CallCount";
3948
- telemetryClient.incrementFields({ [eventCount]: 1 }, correlationId);
3955
+ telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId);
3949
3956
  }
3950
3957
  return callback(...args)
3951
3958
  .then((response) => {
@@ -3971,7 +3978,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
3971
3978
  };
3972
3979
  };
3973
3980
 
3974
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3981
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3975
3982
 
3976
3983
  /*
3977
3984
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4051,7 +4058,7 @@ class PopTokenGenerator {
4051
4058
  }
4052
4059
  }
4053
4060
 
4054
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4061
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4055
4062
  /*
4056
4063
  * Copyright (c) Microsoft Corporation. All rights reserved.
4057
4064
  * Licensed under the MIT License.
@@ -4078,7 +4085,7 @@ class PopTokenGenerator {
4078
4085
  }
4079
4086
  }
4080
4087
 
4081
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4088
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4082
4089
 
4083
4090
  /*
4084
4091
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4337,7 +4344,7 @@ function isAuthorityMetadataExpired(metadata) {
4337
4344
  return metadata.expiresAt <= nowSeconds();
4338
4345
  }
4339
4346
 
4340
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4347
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4341
4348
 
4342
4349
  /*
4343
4350
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4522,6 +4529,11 @@ class ResponseHandler {
4522
4529
  : undefined;
4523
4530
  // non AAD scenarios can have empty realm
4524
4531
  cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id);
4532
+ // Set resource (to be used for MCP scenarios)
4533
+ const resource = request.resource || null;
4534
+ if (resource) {
4535
+ cachedAccessToken.resource = resource;
4536
+ }
4525
4537
  }
4526
4538
  // refreshToken
4527
4539
  let cachedRefreshToken = null;
@@ -4673,7 +4685,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4673
4685
  return baseAccount;
4674
4686
  }
4675
4687
 
4676
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4688
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4677
4689
  /*
4678
4690
  * Copyright (c) Microsoft Corporation. All rights reserved.
4679
4691
  * Licensed under the MIT License.
@@ -4683,7 +4695,7 @@ const CcsCredentialType = {
4683
4695
  UPN: "UPN",
4684
4696
  };
4685
4697
 
4686
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4698
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4687
4699
  /*
4688
4700
  * Copyright (c) Microsoft Corporation. All rights reserved.
4689
4701
  * Licensed under the MIT License.
@@ -4701,7 +4713,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4701
4713
  }
4702
4714
  }
4703
4715
 
4704
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4716
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4705
4717
  /*
4706
4718
  * Copyright (c) Microsoft Corporation. All rights reserved.
4707
4719
  * Licensed under the MIT License.
@@ -4722,7 +4734,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4722
4734
  };
4723
4735
  }
4724
4736
 
4725
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4737
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4726
4738
 
4727
4739
  /*
4728
4740
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4808,7 +4820,7 @@ class ThrottlingUtils {
4808
4820
  }
4809
4821
  }
4810
4822
 
4811
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4823
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4812
4824
 
4813
4825
  /*
4814
4826
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4839,7 +4851,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4839
4851
  return new NetworkError(error, httpStatus, responseHeaders);
4840
4852
  }
4841
4853
 
4842
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4854
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4843
4855
 
4844
4856
  /*
4845
4857
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4953,7 +4965,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
4953
4965
  return response;
4954
4966
  }
4955
4967
 
4956
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4968
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4957
4969
  /*
4958
4970
  * Copyright (c) Microsoft Corporation. All rights reserved.
4959
4971
  * Licensed under the MIT License.
@@ -4965,7 +4977,7 @@ function isOpenIdConfigResponse(response) {
4965
4977
  response.hasOwnProperty("jwks_uri"));
4966
4978
  }
4967
4979
 
4968
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4980
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4969
4981
  /*
4970
4982
  * Copyright (c) Microsoft Corporation. All rights reserved.
4971
4983
  * Licensed under the MIT License.
@@ -4975,7 +4987,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4975
4987
  response.hasOwnProperty("metadata"));
4976
4988
  }
4977
4989
 
4978
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4990
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4979
4991
  /*
4980
4992
  * Copyright (c) Microsoft Corporation. All rights reserved.
4981
4993
  * Licensed under the MIT License.
@@ -4985,7 +4997,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4985
4997
  response.hasOwnProperty("error_description"));
4986
4998
  }
4987
4999
 
4988
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5000
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4989
5001
 
4990
5002
  /*
4991
5003
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5090,7 +5102,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5090
5102
  },
5091
5103
  };
5092
5104
 
5093
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5105
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5094
5106
 
5095
5107
  /*
5096
5108
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5910,7 +5922,7 @@ function buildStaticAuthorityOptions(authOptions) {
5910
5922
  };
5911
5923
  }
5912
5924
 
5913
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5925
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5914
5926
 
5915
5927
  /*
5916
5928
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5944,7 +5956,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5944
5956
  }
5945
5957
  }
5946
5958
 
5947
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5959
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5948
5960
 
5949
5961
  /*
5950
5962
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6064,6 +6076,7 @@ class AuthorizationCodeClient {
6064
6076
  }
6065
6077
  // Add scope array, parameter builder will add default scopes and dedupe
6066
6078
  addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
6079
+ addResource(parameters, request.resource);
6067
6080
  // add code: user set, not validated
6068
6081
  addAuthorizationCode(parameters, request.code);
6069
6082
  // Add library metadata
@@ -6204,7 +6217,7 @@ class AuthorizationCodeClient {
6204
6217
  }
6205
6218
  }
6206
6219
 
6207
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6220
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6208
6221
 
6209
6222
  /*
6210
6223
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6429,7 +6442,7 @@ class RefreshTokenClient {
6429
6442
  }
6430
6443
  }
6431
6444
 
6432
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6445
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6433
6446
 
6434
6447
  /*
6435
6448
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6485,6 +6498,13 @@ class SilentFlowClient {
6485
6498
  this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
6486
6499
  throw createClientAuthError(tokenRefreshRequired);
6487
6500
  }
6501
+ else if (request.resource) {
6502
+ // cached access token must have a resource that matches the request resource for MCP scenarios
6503
+ if (cachedAccessToken.resource !== request.resource) {
6504
+ this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
6505
+ throw createClientAuthError(tokenRefreshRequired);
6506
+ }
6507
+ }
6488
6508
  else if (cachedAccessToken.refreshOn &&
6489
6509
  isTokenExpired(cachedAccessToken.refreshOn, 0)) {
6490
6510
  // must refresh (in the background) due to the refresh_in value
@@ -6538,7 +6558,7 @@ class SilentFlowClient {
6538
6558
  }
6539
6559
  }
6540
6560
 
6541
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6561
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6542
6562
 
6543
6563
  /*
6544
6564
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6553,7 +6573,7 @@ const StubbedNetworkModule = {
6553
6573
  },
6554
6574
  };
6555
6575
 
6556
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6576
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6557
6577
 
6558
6578
  /*
6559
6579
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6579,6 +6599,7 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
6579
6599
  ...(request.extraScopesToConsent || []),
6580
6600
  ];
6581
6601
  addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
6602
+ addResource(parameters, request.resource);
6582
6603
  addRedirectUri(parameters, request.redirectUri);
6583
6604
  addCorrelationId(parameters, correlationId);
6584
6605
  // add response_mode. If not passed in it defaults to query.
@@ -6777,7 +6798,40 @@ function extractLoginHint(account) {
6777
6798
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6778
6799
  }
6779
6800
 
6780
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6801
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6802
+
6803
+ /*
6804
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6805
+ * Licensed under the MIT License.
6806
+ */
6807
+ /**
6808
+ * Helper to enforce resource parameter presence in token requests when isMcp is set in the configuration.
6809
+ * If resource parameter is set in both the request and in extraQueryParameters or extraParameters, an error will be thrown.
6810
+ * This is used for MCP flows.
6811
+ * @param isMcp - Flag indicating if application is an MCP app, from configuration
6812
+ * @param request - Auth request
6813
+ */
6814
+ function enforceResourceParameter(isMcp, request) {
6815
+ if (!isMcp) {
6816
+ return;
6817
+ }
6818
+ if (request.resource &&
6819
+ (containsResourceParam(request.extraParameters) ||
6820
+ containsResourceParam(request.extraQueryParameters))) {
6821
+ throw createClientAuthError(misplacedResourceParam);
6822
+ }
6823
+ if (!request.resource) {
6824
+ throw createClientAuthError(resourceParameterRequired);
6825
+ }
6826
+ }
6827
+ function containsResourceParam(params) {
6828
+ if (!params) {
6829
+ return false;
6830
+ }
6831
+ return Object.prototype.hasOwnProperty.call(params, "resource");
6832
+ }
6833
+
6834
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6781
6835
  /*
6782
6836
  * Copyright (c) Microsoft Corporation. All rights reserved.
6783
6837
  * Licensed under the MIT License.
@@ -6787,7 +6841,7 @@ function extractLoginHint(account) {
6787
6841
  */
6788
6842
  const unexpectedError = "unexpected_error";
6789
6843
 
6790
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6844
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6791
6845
 
6792
6846
  /*
6793
6847
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7048,7 +7102,7 @@ class ServerTelemetryManager {
7048
7102
  }
7049
7103
  }
7050
7104
 
7051
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7105
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7052
7106
 
7053
7107
  /*
7054
7108
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7069,7 +7123,7 @@ function createJoseHeaderError(code) {
7069
7123
  return new JoseHeaderError(code);
7070
7124
  }
7071
7125
 
7072
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7126
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7073
7127
  /*
7074
7128
  * Copyright (c) Microsoft Corporation. All rights reserved.
7075
7129
  * Licensed under the MIT License.
@@ -7077,7 +7131,7 @@ function createJoseHeaderError(code) {
7077
7131
  const missingKidError = "missing_kid_error";
7078
7132
  const missingAlgError = "missing_alg_error";
7079
7133
 
7080
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7134
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7081
7135
 
7082
7136
  /*
7083
7137
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7512,7 +7566,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7512
7566
 
7513
7567
  /* eslint-disable header/header */
7514
7568
  const name = "@azure/msal-browser";
7515
- const version = "5.3.0";
7569
+ const version = "5.5.0";
7516
7570
 
7517
7571
  /*
7518
7572
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8939,9 +8993,13 @@ function cancelPendingBridgeResponse(logger, correlationId) {
8939
8993
  activeBridgeMonitor = null;
8940
8994
  }
8941
8995
  }
8942
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request) {
8996
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8943
8997
  return new Promise((resolve, reject) => {
8944
8998
  logger.verbose("1rf6em", request.correlationId);
8999
+ const correlationId = request.correlationId;
9000
+ performanceClient.addFields({
9001
+ redirectBridgeTimeoutMs: timeoutMs,
9002
+ }, correlationId);
8945
9003
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8946
9004
  const channel = new BroadcastChannel(libraryState.id);
8947
9005
  let responseString = undefined;
@@ -8959,6 +9017,12 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request)
8959
9017
  };
8960
9018
  channel.onmessage = (event) => {
8961
9019
  responseString = event.data.payload;
9020
+ const messageVersion = event?.data && typeof event.data.v === "number"
9021
+ ? event.data.v
9022
+ : undefined;
9023
+ performanceClient.addFields({
9024
+ redirectBridgeMessageVersion: messageVersion,
9025
+ }, correlationId);
8962
9026
  // Clear the active monitor
8963
9027
  activeBridgeMonitor = null;
8964
9028
  clearTimeout(timeoutId);
@@ -9429,6 +9493,7 @@ class StandardInteractionClient extends BaseInteractionClient {
9429
9493
  authority: discoveredAuthority,
9430
9494
  clientCapabilities: this.config.auth.clientCapabilities,
9431
9495
  redirectUri: this.config.auth.redirectUri,
9496
+ isMcp: this.config.auth.isMcp,
9432
9497
  },
9433
9498
  systemOptions: {
9434
9499
  tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds,
@@ -9469,6 +9534,10 @@ class StandardInteractionClient extends BaseInteractionClient {
9469
9534
  */
9470
9535
  async function initializeAuthorizationRequest(request, interactionType, config, browserCrypto, browserStorage, logger, performanceClient, correlationId) {
9471
9536
  const redirectUri = getRedirectUri(request.redirectUri, config.auth.redirectUri, logger, correlationId);
9537
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
9538
+ logger.warning("08qbvw", correlationId);
9539
+ performanceClient.addFields({ isRedirectUriCrossOrigin: true }, correlationId);
9540
+ }
9472
9541
  const browserState = {
9473
9542
  interactionType: interactionType,
9474
9543
  };
@@ -15896,6 +15965,9 @@ class BrowserCacheManager extends CacheManager {
15896
15965
  : 0, base64Decode, undefined, // refreshOn
15897
15966
  result.tokenType, undefined, // userAssertionHash
15898
15967
  request.sshKid);
15968
+ if (request.resource) {
15969
+ accessTokenEntity.resource = request.resource;
15970
+ }
15899
15971
  const cacheRecord = {
15900
15972
  idToken: idTokenEntity,
15901
15973
  accessToken: accessTokenEntity,
@@ -16758,6 +16830,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16758
16830
  correlationId: this.correlationId,
16759
16831
  state: response.state,
16760
16832
  fromPlatformBroker: true,
16833
+ ...(request.resource && { resource: request.resource }),
16761
16834
  };
16762
16835
  return result;
16763
16836
  }
@@ -17486,6 +17559,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17486
17559
  tenant: "",
17487
17560
  },
17488
17561
  instanceAware: false,
17562
+ isMcp: false,
17489
17563
  };
17490
17564
  // Default cache options for browser
17491
17565
  const DEFAULT_CACHE_OPTIONS = {
@@ -17878,14 +17952,17 @@ class PlatformAuthDOMHandler {
17878
17952
  initializePlatformDOMRequest(request) {
17879
17953
  this.logger.trace("15d6yv", request.correlationId);
17880
17954
  const { accountId, clientId, authority, scope, redirectUri, correlationId, state, storeInCache, embeddedClientId, extraParameters, ...remainingProperties } = request;
17881
- const validExtraParameters = this.getDOMExtraParams(remainingProperties);
17955
+ const validExtraParameters = this.getDOMExtraParams(remainingProperties, correlationId);
17882
17956
  const platformDOMRequest = {
17883
17957
  accountId: accountId,
17884
17958
  brokerId: this.getExtensionId(),
17885
17959
  authority: authority,
17886
17960
  clientId: clientId,
17887
17961
  correlationId: correlationId || this.correlationId,
17888
- extraParameters: { ...extraParameters, ...validExtraParameters },
17962
+ extraParameters: {
17963
+ ...extraParameters,
17964
+ ...validExtraParameters,
17965
+ },
17889
17966
  isSecurityTokenService: false,
17890
17967
  redirectUri: redirectUri,
17891
17968
  scope: scope,
@@ -17939,15 +18016,27 @@ class PlatformAuthDOMHandler {
17939
18016
  };
17940
18017
  return nativeResponse;
17941
18018
  }
17942
- getDOMExtraParams(extraParameters) {
17943
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
17944
- record[key] = String(value);
17945
- return record;
17946
- }, {});
17947
- const validExtraParams = {
17948
- ...stringifiedParams,
17949
- };
17950
- return validExtraParams;
18019
+ getDOMExtraParams(extraParameters, correlationId) {
18020
+ try {
18021
+ const stringifiedProperties = {};
18022
+ for (const [key, value] of Object.entries(extraParameters)) {
18023
+ if (!value) {
18024
+ continue;
18025
+ }
18026
+ if (typeof value === "object") {
18027
+ stringifiedProperties[key] = JSON.stringify(value);
18028
+ }
18029
+ else {
18030
+ stringifiedProperties[key] = String(value);
18031
+ }
18032
+ }
18033
+ return stringifiedProperties;
18034
+ }
18035
+ catch (e) {
18036
+ this.logger.error("0eu9o3", correlationId);
18037
+ this.logger.errorPii("17rpl5", correlationId);
18038
+ return {};
18039
+ }
17951
18040
  }
17952
18041
  }
17953
18042
 
@@ -18173,7 +18262,7 @@ class PopupClient extends StandardInteractionClient {
18173
18262
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
18174
18263
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
18175
18264
  // Wait for the redirect bridge response
18176
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
18265
+ const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18177
18266
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18178
18267
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18179
18268
  }
@@ -18208,7 +18297,7 @@ class PopupClient extends StandardInteractionClient {
18208
18297
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
18209
18298
  form.submit();
18210
18299
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18211
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest);
18300
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
18212
18301
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18213
18302
  if (!serverParams.ear_jwe && serverParams.code) {
18214
18303
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -18233,7 +18322,7 @@ class PopupClient extends StandardInteractionClient {
18233
18322
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
18234
18323
  form.submit();
18235
18324
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18236
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
18325
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18237
18326
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18238
18327
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18239
18328
  }
@@ -18286,7 +18375,7 @@ class PopupClient extends StandardInteractionClient {
18286
18375
  // Open the popup window to requestUrl.
18287
18376
  const popupWindow = this.openPopup(logoutUri, popupParams);
18288
18377
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
18289
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest).catch(() => {
18378
+ await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
18290
18379
  // Swallow any errors related to monitoring the window. Server logout is best effort
18291
18380
  });
18292
18381
  if (mainWindowRedirectUri) {
@@ -19034,7 +19123,7 @@ class SilentIframeClient extends StandardInteractionClient {
19034
19123
  };
19035
19124
  await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19036
19125
  const responseType = this.config.auth.OIDCOptions.responseMode;
19037
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
19126
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
19038
19127
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19039
19128
  if (!serverParams.ear_jwe && serverParams.code) {
19040
19129
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -19083,7 +19172,7 @@ class SilentIframeClient extends StandardInteractionClient {
19083
19172
  }
19084
19173
  const responseType = this.config.auth.OIDCOptions.responseMode;
19085
19174
  // Wait for response from the redirect bridge.
19086
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
19175
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
19087
19176
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19088
19177
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19089
19178
  }
@@ -19236,6 +19325,10 @@ class SilentAuthCodeClient extends StandardInteractionClient {
19236
19325
  * Copyright (c) Microsoft Corporation. All rights reserved.
19237
19326
  * Licensed under the MIT License.
19238
19327
  */
19328
+ /**
19329
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
19330
+ * @returns Network connection information, or an empty object if not available.
19331
+ */
19239
19332
  function collectInstanceStats(currentClientId, performanceEvent, logger, correlationId) {
19240
19333
  const frameInstances =
19241
19334
  // @ts-ignore
@@ -19255,12 +19348,13 @@ function collectInstanceStats(currentClientId, performanceEvent, logger, correla
19255
19348
  * Copyright (c) Microsoft Corporation. All rights reserved.
19256
19349
  * Licensed under the MIT License.
19257
19350
  */
19258
- function preflightCheck(initialized, performanceEvent, account) {
19351
+ function preflightCheck(initialized, performanceEvent, config, request) {
19259
19352
  try {
19260
19353
  preflightCheck$1(initialized);
19354
+ enforceResourceParameter(config.auth.isMcp, request);
19261
19355
  }
19262
19356
  catch (e) {
19263
- performanceEvent.end({ success: false }, e, account);
19357
+ performanceEvent.end({ success: false }, e, request.account);
19264
19358
  throw e;
19265
19359
  }
19266
19360
  }
@@ -19361,6 +19455,7 @@ class StandardController {
19361
19455
  this.eventHandler.emitEvent(EventType.INITIALIZE_START, correlationId);
19362
19456
  // Broker applications are initialized twice, so we avoid double-counting it
19363
19457
  this.logMultipleInstances(initMeasurement, correlationId);
19458
+ initMeasurement.add({ isMcp: this.config.auth.isMcp });
19364
19459
  await invokeAsync(this.browserStorage.initialize.bind(this.browserStorage), InitializeCache, this.logger, this.performanceClient, correlationId)(correlationId);
19365
19460
  if (allowPlatformBroker) {
19366
19461
  try {
@@ -19538,6 +19633,7 @@ class StandardController {
19538
19633
  };
19539
19634
  try {
19540
19635
  redirectPreflightCheck(this.initialized, this.config);
19636
+ enforceResourceParameter(this.config.auth.isMcp, request);
19541
19637
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
19542
19638
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Redirect, request);
19543
19639
  let result;
@@ -19602,7 +19698,7 @@ class StandardController {
19602
19698
  });
19603
19699
  try {
19604
19700
  this.logger.verbose("0ch87b", correlationId);
19605
- preflightCheck(this.initialized, atPopupMeasurement, request.account);
19701
+ preflightCheck(this.initialized, atPopupMeasurement, this.config, request);
19606
19702
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN, request.overrideInteractionInProgress, correlationId);
19607
19703
  }
19608
19704
  catch (e) {
@@ -19716,7 +19812,7 @@ class StandardController {
19716
19812
  this.ssoSilentMeasurement?.add({
19717
19813
  scenarioId: request.scenarioId,
19718
19814
  });
19719
- preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
19815
+ preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
19720
19816
  this.ssoSilentMeasurement?.increment({
19721
19817
  visibilityChangeCount: 0,
19722
19818
  });
@@ -19780,7 +19876,7 @@ class StandardController {
19780
19876
  const correlationId = this.getRequestCorrelationId(request);
19781
19877
  this.logger.trace("0ch6ga", correlationId);
19782
19878
  const atbcMeasurement = this.performanceClient.startMeasurement(AcquireTokenByCode, correlationId);
19783
- preflightCheck(this.initialized, atbcMeasurement);
19879
+ preflightCheck(this.initialized, atbcMeasurement, this.config, request);
19784
19880
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Silent, request);
19785
19881
  atbcMeasurement.add({ scenarioId: request.scenarioId });
19786
19882
  try {
@@ -20282,7 +20378,7 @@ class StandardController {
20282
20378
  cacheLookupPolicy: request.cacheLookupPolicy,
20283
20379
  scenarioId: request.scenarioId,
20284
20380
  });
20285
- preflightCheck(this.initialized, atsMeasurement, request.account);
20381
+ preflightCheck(this.initialized, atsMeasurement, this.config, request);
20286
20382
  this.logger.verbose("0x1c4s", correlationId);
20287
20383
  const account = request.account || this.getActiveAccount();
20288
20384
  if (!account) {