@azure/msal-browser 5.3.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (422) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  11. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  12. package/dist/cache/AccountManager.mjs +1 -1
  13. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  14. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  15. package/dist/cache/BrowserCacheManager.mjs +4 -1
  16. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  17. package/dist/cache/CacheHelpers.mjs +1 -1
  18. package/dist/cache/CacheKeys.mjs +1 -1
  19. package/dist/cache/CookieStorage.mjs +1 -1
  20. package/dist/cache/DatabaseStorage.mjs +1 -1
  21. package/dist/cache/EncryptedData.mjs +1 -1
  22. package/dist/cache/LocalStorage.mjs +1 -1
  23. package/dist/cache/MemoryStorage.mjs +1 -1
  24. package/dist/cache/SessionStorage.mjs +1 -1
  25. package/dist/cache/TokenCache.mjs +1 -1
  26. package/dist/config/Configuration.d.ts +4 -0
  27. package/dist/config/Configuration.d.ts.map +1 -1
  28. package/dist/config/Configuration.mjs +2 -1
  29. package/dist/config/Configuration.mjs.map +1 -1
  30. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  31. package/dist/controllers/NestedAppAuthController.mjs +12 -2
  32. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  33. package/dist/controllers/StandardController.d.ts.map +1 -1
  34. package/dist/controllers/StandardController.mjs +11 -8
  35. package/dist/controllers/StandardController.mjs.map +1 -1
  36. package/dist/crypto/BrowserCrypto.mjs +1 -1
  37. package/dist/crypto/CryptoOps.mjs +1 -1
  38. package/dist/crypto/PkceGenerator.mjs +1 -1
  39. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  40. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  49. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  50. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  51. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  52. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +4 -1
  53. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  55. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  56. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  59. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  60. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  61. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  62. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  63. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  64. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  65. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  66. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  67. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  68. package/dist/custom-auth-path/controllers/StandardController.mjs +11 -8
  69. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  70. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  71. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  72. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  74. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  180. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  181. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  182. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  183. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  184. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  185. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  186. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  187. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  188. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  189. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  190. package/dist/custom-auth-path/index.d.ts +1 -1
  191. package/dist/custom-auth-path/index.d.ts.map +1 -1
  192. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  193. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  194. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  196. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  197. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +5 -5
  199. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  200. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  201. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  203. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +3 -3
  205. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  208. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +6 -1
  209. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  210. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  212. package/dist/custom-auth-path/log-strings-mapping.json +19 -3
  213. package/dist/custom-auth-path/naa/TokenRequest.d.ts +1 -0
  214. package/dist/custom-auth-path/naa/TokenRequest.d.ts.map +1 -1
  215. package/dist/custom-auth-path/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  216. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  217. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  218. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  219. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  220. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  221. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  222. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  223. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  224. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  225. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  226. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  227. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  228. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  229. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  230. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  231. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  232. package/dist/custom-auth-path/utils/BrowserUtils.mjs +12 -2
  233. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  234. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  235. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  236. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  237. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  238. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  239. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  240. package/dist/encode/Base64Decode.mjs +1 -1
  241. package/dist/encode/Base64Encode.mjs +1 -1
  242. package/dist/error/BrowserAuthError.mjs +1 -1
  243. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  244. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  245. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  246. package/dist/error/NativeAuthError.mjs +1 -1
  247. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  248. package/dist/error/NestedAppAuthError.mjs +1 -1
  249. package/dist/event/EventHandler.mjs +1 -1
  250. package/dist/event/EventMessage.mjs +1 -1
  251. package/dist/event/EventType.mjs +1 -1
  252. package/dist/index.d.ts +1 -1
  253. package/dist/index.d.ts.map +1 -1
  254. package/dist/index.mjs +2 -2
  255. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  256. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  257. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  258. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  259. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  260. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  261. package/dist/interaction_client/PopupClient.mjs +5 -5
  262. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  263. package/dist/interaction_client/RedirectClient.mjs +1 -1
  264. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  265. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  266. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  267. package/dist/interaction_client/SilentIframeClient.mjs +3 -3
  268. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  269. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  270. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  271. package/dist/interaction_client/StandardInteractionClient.mjs +6 -1
  272. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  273. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  274. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  275. package/dist/log-strings-mapping.json +23 -7
  276. package/dist/naa/BridgeError.mjs +1 -1
  277. package/dist/naa/BridgeProxy.mjs +1 -1
  278. package/dist/naa/BridgeStatusCode.mjs +1 -1
  279. package/dist/naa/TokenRequest.d.ts +1 -0
  280. package/dist/naa/TokenRequest.d.ts.map +1 -1
  281. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  282. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -1
  283. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  284. package/dist/navigation/NavigationClient.mjs +1 -1
  285. package/dist/network/FetchClient.mjs +1 -1
  286. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  287. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  288. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  289. package/dist/packageMetadata.d.ts +1 -1
  290. package/dist/packageMetadata.mjs +2 -2
  291. package/dist/protocol/Authorize.mjs +1 -1
  292. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  293. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  294. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  295. package/dist/redirect-bridge/cache/BrowserCacheManager.d.ts.map +1 -1
  296. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  297. package/dist/redirect-bridge/config/Configuration.d.ts +4 -0
  298. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  299. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  300. package/dist/redirect-bridge/controllers/NestedAppAuthController.d.ts.map +1 -1
  301. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  302. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  303. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  304. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  305. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  306. package/dist/redirect-bridge/index.d.ts +1 -1
  307. package/dist/redirect-bridge/index.d.ts.map +1 -1
  308. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  309. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  310. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  311. package/dist/redirect-bridge/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  312. package/dist/redirect-bridge/naa/TokenRequest.d.ts +1 -0
  313. package/dist/redirect-bridge/naa/TokenRequest.d.ts.map +1 -1
  314. package/dist/redirect-bridge/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  315. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  316. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  317. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  318. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  319. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  320. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  321. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  322. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  323. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  324. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts +10 -0
  325. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  326. package/dist/request/RequestHelpers.mjs +1 -1
  327. package/dist/response/ResponseHandler.mjs +1 -1
  328. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceClient.mjs +5 -1
  330. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  332. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  333. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  334. package/dist/utils/BrowserConstants.mjs +1 -1
  335. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  336. package/dist/utils/BrowserUtils.d.ts +2 -2
  337. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  338. package/dist/utils/BrowserUtils.mjs +12 -2
  339. package/dist/utils/BrowserUtils.mjs.map +1 -1
  340. package/dist/utils/Helpers.mjs +1 -1
  341. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  342. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  343. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  344. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  345. package/lib/custom-auth-path/log-strings-mapping.json +19 -3
  346. package/lib/custom-auth-path/msal-custom-auth.cjs +192 -96
  347. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  348. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  350. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  351. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  352. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  353. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  354. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  355. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  357. package/lib/custom-auth-path/types/index.d.ts +1 -1
  358. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  360. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  361. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  363. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts +1 -0
  364. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts.map +1 -1
  365. package/lib/custom-auth-path/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  366. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  367. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  368. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  369. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  370. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  371. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  372. package/lib/log-strings-mapping.json +23 -7
  373. package/lib/msal-browser.cjs +289 -108
  374. package/lib/msal-browser.cjs.map +1 -1
  375. package/lib/msal-browser.js +289 -108
  376. package/lib/msal-browser.js.map +1 -1
  377. package/lib/msal-browser.min.js +2 -2
  378. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  379. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  380. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  381. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  382. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  383. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  384. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  385. package/lib/types/config/Configuration.d.ts +4 -0
  386. package/lib/types/config/Configuration.d.ts.map +1 -1
  387. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  388. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  389. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  390. package/lib/types/index.d.ts +1 -1
  391. package/lib/types/index.d.ts.map +1 -1
  392. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  393. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  394. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  395. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  396. package/lib/types/naa/TokenRequest.d.ts +1 -0
  397. package/lib/types/naa/TokenRequest.d.ts.map +1 -1
  398. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  399. package/lib/types/packageMetadata.d.ts +1 -1
  400. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  401. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  402. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  403. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  404. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  405. package/package.json +2 -2
  406. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +34 -17
  407. package/src/broker/nativeBroker/PlatformAuthRequest.ts +1 -0
  408. package/src/cache/BrowserCacheManager.ts +4 -0
  409. package/src/config/Configuration.ts +5 -0
  410. package/src/controllers/NestedAppAuthController.ts +14 -0
  411. package/src/controllers/StandardController.ts +13 -6
  412. package/src/index.ts +1 -0
  413. package/src/interaction_client/PlatformAuthInteractionClient.ts +1 -0
  414. package/src/interaction_client/PopupClient.ts +8 -4
  415. package/src/interaction_client/SilentIframeClient.ts +4 -2
  416. package/src/interaction_client/StandardInteractionClient.ts +11 -0
  417. package/src/naa/TokenRequest.ts +1 -0
  418. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -0
  419. package/src/packageMetadata.ts +1 -1
  420. package/src/telemetry/BrowserPerformanceClient.ts +4 -0
  421. package/src/utils/BrowserUtils.ts +24 -1
  422. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.3.0 2026-02-24 */
1
+ /*! @azure/msal-browser v5.5.0 2026-03-13 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.1.0 2026-02-24 */
237
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -282,9 +282,10 @@ const BROKER_CLIENT_ID = "brk_client_id";
282
282
  const BROKER_REDIRECT_URI = "brk_redirect_uri";
283
283
  const INSTANCE_AWARE = "instance_aware";
284
284
  const EAR_JWK = "ear_jwk";
285
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
285
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
+ const RESOURCE = "resource";
286
287
 
287
- /*! @azure/msal-common v16.1.0 2026-02-24 */
288
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
288
289
  /*
289
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
290
291
  * Licensed under the MIT License.
@@ -315,7 +316,7 @@ function createAuthError(code, additionalMessage) {
315
316
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
316
317
  }
317
318
 
318
- /*! @azure/msal-common v16.1.0 2026-02-24 */
319
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
319
320
 
320
321
  /*
321
322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -335,7 +336,7 @@ function createClientConfigurationError(errorCode) {
335
336
  return new ClientConfigurationError(errorCode);
336
337
  }
337
338
 
338
- /*! @azure/msal-common v16.1.0 2026-02-24 */
339
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
339
340
  /*
340
341
  * Copyright (c) Microsoft Corporation. All rights reserved.
341
342
  * Licensed under the MIT License.
@@ -415,7 +416,7 @@ class StringUtils {
415
416
  }
416
417
  }
417
418
 
418
- /*! @azure/msal-common v16.1.0 2026-02-24 */
419
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
419
420
 
420
421
  /*
421
422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -438,7 +439,7 @@ function createClientAuthError(errorCode, additionalMessage) {
438
439
  return new ClientAuthError(errorCode, additionalMessage);
439
440
  }
440
441
 
441
- /*! @azure/msal-common v16.1.0 2026-02-24 */
442
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
442
443
  /*
443
444
  * Copyright (c) Microsoft Corporation. All rights reserved.
444
445
  * Licensed under the MIT License.
@@ -492,7 +493,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
492
493
  urlParseError: urlParseError
493
494
  });
494
495
 
495
- /*! @azure/msal-common v16.1.0 2026-02-24 */
496
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
496
497
  /*
497
498
  * Copyright (c) Microsoft Corporation. All rights reserved.
498
499
  * Licensed under the MIT License.
@@ -533,7 +534,9 @@ const noNetworkConnectivity$1 = "no_network_connectivity";
533
534
  const userCanceled = "user_canceled";
534
535
  const methodNotImplemented = "method_not_implemented";
535
536
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
536
- const platformBrokerError = "platform_broker_error";
537
+ const platformBrokerError = "platform_broker_error";
538
+ const resourceParameterRequired = "resource_parameter_required";
539
+ const misplacedResourceParam = "misplaced_resource_parameter";
537
540
 
538
541
  var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
539
542
  __proto__: null,
@@ -554,6 +557,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
554
557
  keyIdMissing: keyIdMissing,
555
558
  maxAgeTranspired: maxAgeTranspired,
556
559
  methodNotImplemented: methodNotImplemented,
560
+ misplacedResourceParam: misplacedResourceParam,
557
561
  multipleMatchingAppMetadata: multipleMatchingAppMetadata,
558
562
  multipleMatchingTokens: multipleMatchingTokens,
559
563
  nestedAppAuthBridgeDisabled: nestedAppAuthBridgeDisabled,
@@ -567,6 +571,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
567
571
  openIdConfigError: openIdConfigError,
568
572
  platformBrokerError: platformBrokerError,
569
573
  requestCannotBeMade: requestCannotBeMade,
574
+ resourceParameterRequired: resourceParameterRequired,
570
575
  stateMismatch: stateMismatch,
571
576
  stateNotFound: stateNotFound,
572
577
  tokenClaimsCnfRequiredForSignedJwt: tokenClaimsCnfRequiredForSignedJwt,
@@ -576,7 +581,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
576
581
  userCanceled: userCanceled
577
582
  });
578
583
 
579
- /*! @azure/msal-common v16.1.0 2026-02-24 */
584
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
580
585
 
581
586
  /*
582
587
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -771,7 +776,7 @@ class ScopeSet {
771
776
  }
772
777
  }
773
778
 
774
- /*! @azure/msal-common v16.1.0 2026-02-24 */
779
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
775
780
 
776
781
  /*
777
782
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1136,9 +1141,14 @@ function addEARParameters(parameters, jwk) {
1136
1141
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
1137
1142
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
1138
1143
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1144
+ }
1145
+ function addResource(parameters, resource) {
1146
+ if (resource) {
1147
+ parameters.set(RESOURCE, resource);
1148
+ }
1139
1149
  }
1140
1150
 
1141
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1151
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1142
1152
 
1143
1153
  /*
1144
1154
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1247,7 +1257,7 @@ function normalizeUrlForComparison(url) {
1247
1257
  }
1248
1258
  }
1249
1259
 
1250
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1260
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1251
1261
 
1252
1262
  /*
1253
1263
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1286,7 +1296,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1286
1296
  },
1287
1297
  };
1288
1298
 
1289
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1299
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1290
1300
  /*
1291
1301
  * Copyright (c) Microsoft Corporation. All rights reserved.
1292
1302
  * Licensed under the MIT License.
@@ -1561,12 +1571,12 @@ class Logger {
1561
1571
  }
1562
1572
  }
1563
1573
 
1564
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1574
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1565
1575
  /* eslint-disable header/header */
1566
1576
  const name$1 = "@azure/msal-common";
1567
- const version$1 = "16.1.0";
1577
+ const version$1 = "16.3.0";
1568
1578
 
1569
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1579
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1570
1580
  /*
1571
1581
  * Copyright (c) Microsoft Corporation. All rights reserved.
1572
1582
  * Licensed under the MIT License.
@@ -1586,7 +1596,7 @@ const AzureCloudInstance = {
1586
1596
  AzureUsGovernment: "https://login.microsoftonline.us",
1587
1597
  };
1588
1598
 
1589
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1599
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1590
1600
  /*
1591
1601
  * Copyright (c) Microsoft Corporation. All rights reserved.
1592
1602
  * Licensed under the MIT License.
@@ -1668,7 +1678,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1668
1678
  return updatedAccountInfo;
1669
1679
  }
1670
1680
 
1671
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1681
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1672
1682
 
1673
1683
  /*
1674
1684
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1748,7 +1758,7 @@ function checkMaxAge(authTime, maxAge) {
1748
1758
  }
1749
1759
  }
1750
1760
 
1751
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1761
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1752
1762
 
1753
1763
  /*
1754
1764
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1905,7 +1915,7 @@ class UrlString {
1905
1915
  }
1906
1916
  }
1907
1917
 
1908
- /*! @azure/msal-common v16.1.0 2026-02-24 */
1918
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1909
1919
 
1910
1920
  /*
1911
1921
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2062,7 +2072,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2062
2072
  return null;
2063
2073
  }
2064
2074
 
2065
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2075
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2066
2076
  /*
2067
2077
  * Copyright (c) Microsoft Corporation. All rights reserved.
2068
2078
  * Licensed under the MIT License.
@@ -2070,7 +2080,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2070
2080
  const cacheQuotaExceeded = "cache_quota_exceeded";
2071
2081
  const cacheErrorUnknown = "cache_error_unknown";
2072
2082
 
2073
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2083
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2074
2084
 
2075
2085
  /*
2076
2086
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2108,7 +2118,7 @@ function createCacheError(e) {
2108
2118
  }
2109
2119
  }
2110
2120
 
2111
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2121
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2112
2122
 
2113
2123
  /*
2114
2124
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2146,7 +2156,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2146
2156
  };
2147
2157
  }
2148
2158
 
2149
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2159
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2150
2160
  /*
2151
2161
  * Copyright (c) Microsoft Corporation. All rights reserved.
2152
2162
  * Licensed under the MIT License.
@@ -2161,7 +2171,7 @@ const AuthorityType = {
2161
2171
  Ciam: 3,
2162
2172
  };
2163
2173
 
2164
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2174
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2165
2175
  /*
2166
2176
  * Copyright (c) Microsoft Corporation. All rights reserved.
2167
2177
  * Licensed under the MIT License.
@@ -2183,7 +2193,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2183
2193
  return null;
2184
2194
  }
2185
2195
 
2186
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2196
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2187
2197
  /*
2188
2198
  * Copyright (c) Microsoft Corporation. All rights reserved.
2189
2199
  * Licensed under the MIT License.
@@ -2207,7 +2217,7 @@ const ProtocolMode = {
2207
2217
  EAR: "EAR",
2208
2218
  };
2209
2219
 
2210
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2220
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2211
2221
  /**
2212
2222
  * Returns the AccountInfo interface for this account.
2213
2223
  */
@@ -2382,7 +2392,7 @@ function isAccountEntity(entity) {
2382
2392
  entity.hasOwnProperty("authorityType"));
2383
2393
  }
2384
2394
 
2385
- /*! @azure/msal-common v16.1.0 2026-02-24 */
2395
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2386
2396
 
2387
2397
  /*
2388
2398
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3479,7 +3489,7 @@ class DefaultStorageClass extends CacheManager {
3479
3489
  }
3480
3490
  }
3481
3491
 
3482
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3492
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3483
3493
  /*
3484
3494
  * Copyright (c) Microsoft Corporation. All rights reserved.
3485
3495
  * Licensed under the MIT License.
@@ -3494,6 +3504,12 @@ const PerformanceEventStatus = {
3494
3504
  InProgress: 1,
3495
3505
  Completed: 2,
3496
3506
  };
3507
+ /**
3508
+ * Prefix used to mark telemetry field names as dynamic.
3509
+ * Fields with this prefix in addFields/incrementFields calls will be routed
3510
+ * to the PerformanceEvent.ext sub-object.
3511
+ */
3512
+ const EXT_FIELD_PREFIX = "ext.";
3497
3513
  const IntFields = new Set([
3498
3514
  "accessTokenSize",
3499
3515
  "durationMs",
@@ -3518,9 +3534,12 @@ const IntFields = new Set([
3518
3534
  "currRefreshCount",
3519
3535
  "expiredCacheRemovedCount",
3520
3536
  "upgradedCacheCount",
3537
+ "networkRtt",
3538
+ "redirectBridgeTimeoutMs",
3539
+ "redirectBridgeMessageVersion",
3521
3540
  ]);
3522
3541
 
3523
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3542
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3524
3543
 
3525
3544
  /*
3526
3545
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3575,7 +3594,7 @@ class StubPerformanceClient {
3575
3594
  }
3576
3595
  }
3577
3596
 
3578
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3597
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3579
3598
 
3580
3599
  /*
3581
3600
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3658,6 +3677,7 @@ function buildAuthOptions(authOptions) {
3658
3677
  clientCapabilities: [],
3659
3678
  azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3660
3679
  instanceAware: false,
3680
+ isMcp: false,
3661
3681
  ...authOptions,
3662
3682
  };
3663
3683
  }
@@ -3669,7 +3689,7 @@ function isOidcProtocolMode(config) {
3669
3689
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3670
3690
  }
3671
3691
 
3672
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3692
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3673
3693
 
3674
3694
  /*
3675
3695
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3688,7 +3708,7 @@ class ServerError extends AuthError {
3688
3708
  }
3689
3709
  }
3690
3710
 
3691
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3711
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3692
3712
  /*
3693
3713
  * Copyright (c) Microsoft Corporation. All rights reserved.
3694
3714
  * Licensed under the MIT License.
@@ -3752,7 +3772,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
3752
3772
  uxNotAllowed: uxNotAllowed
3753
3773
  });
3754
3774
 
3755
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3775
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3756
3776
 
3757
3777
  /*
3758
3778
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3820,7 +3840,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
3820
3840
  return new InteractionRequiredAuthError(errorCode, errorMessage);
3821
3841
  }
3822
3842
 
3823
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3843
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3824
3844
 
3825
3845
  /*
3826
3846
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3888,7 +3908,7 @@ function parseRequestState(base64Decode, state) {
3888
3908
  }
3889
3909
  }
3890
3910
 
3891
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3911
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3892
3912
  /*
3893
3913
  * Copyright (c) Microsoft Corporation. All rights reserved.
3894
3914
  * Licensed under the MIT License.
@@ -3953,7 +3973,7 @@ function wasClockTurnedBack(cachedAt) {
3953
3973
  return cachedAtSec > nowSeconds();
3954
3974
  }
3955
3975
 
3956
- /*! @azure/msal-common v16.1.0 2026-02-24 */
3976
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3957
3977
  /*
3958
3978
  * Copyright (c) Microsoft Corporation. All rights reserved.
3959
3979
  * Licensed under the MIT License.
@@ -4024,7 +4044,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4024
4044
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4025
4045
  const SetUserData = "setUserData";
4026
4046
 
4027
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4047
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4028
4048
  /*
4029
4049
  * Copyright (c) Microsoft Corporation. All rights reserved.
4030
4050
  * Licensed under the MIT License.
@@ -4047,8 +4067,7 @@ const invoke = (callback, eventName, logger, telemetryClient, correlationId) =>
4047
4067
  const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId);
4048
4068
  if (correlationId) {
4049
4069
  // Track number of times this API is called in a single request
4050
- const eventCount = eventName + "CallCount";
4051
- telemetryClient.incrementFields({ [eventCount]: 1 }, correlationId);
4070
+ telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId);
4052
4071
  }
4053
4072
  try {
4054
4073
  const result = callback(...args);
@@ -4092,8 +4111,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4092
4111
  const inProgressEvent = telemetryClient.startMeasurement(eventName, correlationId);
4093
4112
  if (correlationId) {
4094
4113
  // Track number of times this API is called in a single request
4095
- const eventCount = eventName + "CallCount";
4096
- telemetryClient.incrementFields({ [eventCount]: 1 }, correlationId);
4114
+ telemetryClient.incrementFields({ [`ext.${eventName}CallCount`]: 1 }, correlationId);
4097
4115
  }
4098
4116
  return callback(...args)
4099
4117
  .then((response) => {
@@ -4119,7 +4137,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4119
4137
  };
4120
4138
  };
4121
4139
 
4122
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4140
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4123
4141
 
4124
4142
  /*
4125
4143
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4199,7 +4217,7 @@ class PopTokenGenerator {
4199
4217
  }
4200
4218
  }
4201
4219
 
4202
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4220
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4203
4221
  /*
4204
4222
  * Copyright (c) Microsoft Corporation. All rights reserved.
4205
4223
  * Licensed under the MIT License.
@@ -4226,7 +4244,7 @@ class PopTokenGenerator {
4226
4244
  }
4227
4245
  }
4228
4246
 
4229
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4247
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4230
4248
 
4231
4249
  /*
4232
4250
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4485,7 +4503,7 @@ function isAuthorityMetadataExpired(metadata) {
4485
4503
  return metadata.expiresAt <= nowSeconds();
4486
4504
  }
4487
4505
 
4488
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4506
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4489
4507
 
4490
4508
  /*
4491
4509
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4670,6 +4688,11 @@ class ResponseHandler {
4670
4688
  : undefined;
4671
4689
  // non AAD scenarios can have empty realm
4672
4690
  cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id);
4691
+ // Set resource (to be used for MCP scenarios)
4692
+ const resource = request.resource || null;
4693
+ if (resource) {
4694
+ cachedAccessToken.resource = resource;
4695
+ }
4673
4696
  }
4674
4697
  // refreshToken
4675
4698
  let cachedRefreshToken = null;
@@ -4821,7 +4844,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4821
4844
  return baseAccount;
4822
4845
  }
4823
4846
 
4824
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4847
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4825
4848
  /*
4826
4849
  * Copyright (c) Microsoft Corporation. All rights reserved.
4827
4850
  * Licensed under the MIT License.
@@ -4831,7 +4854,7 @@ const CcsCredentialType = {
4831
4854
  UPN: "UPN",
4832
4855
  };
4833
4856
 
4834
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4857
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4835
4858
  /*
4836
4859
  * Copyright (c) Microsoft Corporation. All rights reserved.
4837
4860
  * Licensed under the MIT License.
@@ -4849,7 +4872,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4849
4872
  }
4850
4873
  }
4851
4874
 
4852
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4875
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4853
4876
  /*
4854
4877
  * Copyright (c) Microsoft Corporation. All rights reserved.
4855
4878
  * Licensed under the MIT License.
@@ -4870,7 +4893,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4870
4893
  };
4871
4894
  }
4872
4895
 
4873
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4896
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4874
4897
 
4875
4898
  /*
4876
4899
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4956,7 +4979,7 @@ class ThrottlingUtils {
4956
4979
  }
4957
4980
  }
4958
4981
 
4959
- /*! @azure/msal-common v16.1.0 2026-02-24 */
4982
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4960
4983
 
4961
4984
  /*
4962
4985
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4987,7 +5010,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4987
5010
  return new NetworkError(error, httpStatus, responseHeaders);
4988
5011
  }
4989
5012
 
4990
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5013
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4991
5014
 
4992
5015
  /*
4993
5016
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5101,7 +5124,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5101
5124
  return response;
5102
5125
  }
5103
5126
 
5104
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5127
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5105
5128
  /*
5106
5129
  * Copyright (c) Microsoft Corporation. All rights reserved.
5107
5130
  * Licensed under the MIT License.
@@ -5113,7 +5136,7 @@ function isOpenIdConfigResponse(response) {
5113
5136
  response.hasOwnProperty("jwks_uri"));
5114
5137
  }
5115
5138
 
5116
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5139
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5117
5140
  /*
5118
5141
  * Copyright (c) Microsoft Corporation. All rights reserved.
5119
5142
  * Licensed under the MIT License.
@@ -5123,7 +5146,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5123
5146
  response.hasOwnProperty("metadata"));
5124
5147
  }
5125
5148
 
5126
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5149
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5127
5150
  /*
5128
5151
  * Copyright (c) Microsoft Corporation. All rights reserved.
5129
5152
  * Licensed under the MIT License.
@@ -5133,7 +5156,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5133
5156
  response.hasOwnProperty("error_description"));
5134
5157
  }
5135
5158
 
5136
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5159
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5137
5160
 
5138
5161
  /*
5139
5162
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5238,7 +5261,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5238
5261
  },
5239
5262
  };
5240
5263
 
5241
- /*! @azure/msal-common v16.1.0 2026-02-24 */
5264
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5242
5265
 
5243
5266
  /*
5244
5267
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6058,7 +6081,7 @@ function buildStaticAuthorityOptions(authOptions) {
6058
6081
  };
6059
6082
  }
6060
6083
 
6061
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6084
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6062
6085
 
6063
6086
  /*
6064
6087
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6092,7 +6115,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6092
6115
  }
6093
6116
  }
6094
6117
 
6095
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6118
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6096
6119
 
6097
6120
  /*
6098
6121
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6212,6 +6235,7 @@ class AuthorizationCodeClient {
6212
6235
  }
6213
6236
  // Add scope array, parameter builder will add default scopes and dedupe
6214
6237
  addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
6238
+ addResource(parameters, request.resource);
6215
6239
  // add code: user set, not validated
6216
6240
  addAuthorizationCode(parameters, request.code);
6217
6241
  // Add library metadata
@@ -6352,7 +6376,7 @@ class AuthorizationCodeClient {
6352
6376
  }
6353
6377
  }
6354
6378
 
6355
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6379
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6356
6380
 
6357
6381
  /*
6358
6382
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6577,7 +6601,7 @@ class RefreshTokenClient {
6577
6601
  }
6578
6602
  }
6579
6603
 
6580
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6604
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6581
6605
 
6582
6606
  /*
6583
6607
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6633,6 +6657,13 @@ class SilentFlowClient {
6633
6657
  this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
6634
6658
  throw createClientAuthError(tokenRefreshRequired);
6635
6659
  }
6660
+ else if (request.resource) {
6661
+ // cached access token must have a resource that matches the request resource for MCP scenarios
6662
+ if (cachedAccessToken.resource !== request.resource) {
6663
+ this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
6664
+ throw createClientAuthError(tokenRefreshRequired);
6665
+ }
6666
+ }
6636
6667
  else if (cachedAccessToken.refreshOn &&
6637
6668
  isTokenExpired(cachedAccessToken.refreshOn, 0)) {
6638
6669
  // must refresh (in the background) due to the refresh_in value
@@ -6686,7 +6717,7 @@ class SilentFlowClient {
6686
6717
  }
6687
6718
  }
6688
6719
 
6689
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6720
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6690
6721
 
6691
6722
  /*
6692
6723
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6701,7 +6732,7 @@ const StubbedNetworkModule = {
6701
6732
  },
6702
6733
  };
6703
6734
 
6704
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6735
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6705
6736
 
6706
6737
  /*
6707
6738
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6727,6 +6758,7 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
6727
6758
  ...(request.extraScopesToConsent || []),
6728
6759
  ];
6729
6760
  addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
6761
+ addResource(parameters, request.resource);
6730
6762
  addRedirectUri(parameters, request.redirectUri);
6731
6763
  addCorrelationId(parameters, correlationId);
6732
6764
  // add response_mode. If not passed in it defaults to query.
@@ -6925,7 +6957,40 @@ function extractLoginHint(account) {
6925
6957
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6926
6958
  }
6927
6959
 
6928
- /*! @azure/msal-common v16.1.0 2026-02-24 */
6960
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6961
+
6962
+ /*
6963
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6964
+ * Licensed under the MIT License.
6965
+ */
6966
+ /**
6967
+ * Helper to enforce resource parameter presence in token requests when isMcp is set in the configuration.
6968
+ * If resource parameter is set in both the request and in extraQueryParameters or extraParameters, an error will be thrown.
6969
+ * This is used for MCP flows.
6970
+ * @param isMcp - Flag indicating if application is an MCP app, from configuration
6971
+ * @param request - Auth request
6972
+ */
6973
+ function enforceResourceParameter(isMcp, request) {
6974
+ if (!isMcp) {
6975
+ return;
6976
+ }
6977
+ if (request.resource &&
6978
+ (containsResourceParam(request.extraParameters) ||
6979
+ containsResourceParam(request.extraQueryParameters))) {
6980
+ throw createClientAuthError(misplacedResourceParam);
6981
+ }
6982
+ if (!request.resource) {
6983
+ throw createClientAuthError(resourceParameterRequired);
6984
+ }
6985
+ }
6986
+ function containsResourceParam(params) {
6987
+ if (!params) {
6988
+ return false;
6989
+ }
6990
+ return Object.prototype.hasOwnProperty.call(params, "resource");
6991
+ }
6992
+
6993
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6929
6994
 
6930
6995
  /*
6931
6996
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6983,7 +7048,7 @@ class AuthenticationHeaderParser {
6983
7048
  }
6984
7049
  }
6985
7050
 
6986
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7051
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6987
7052
  /*
6988
7053
  * Copyright (c) Microsoft Corporation. All rights reserved.
6989
7054
  * Licensed under the MIT License.
@@ -7000,7 +7065,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7000
7065
  unexpectedError: unexpectedError
7001
7066
  });
7002
7067
 
7003
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7068
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7004
7069
 
7005
7070
  /*
7006
7071
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7261,7 +7326,7 @@ class ServerTelemetryManager {
7261
7326
  }
7262
7327
  }
7263
7328
 
7264
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7329
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7265
7330
 
7266
7331
  /*
7267
7332
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7282,7 +7347,7 @@ function createJoseHeaderError(code) {
7282
7347
  return new JoseHeaderError(code);
7283
7348
  }
7284
7349
 
7285
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7350
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7286
7351
  /*
7287
7352
  * Copyright (c) Microsoft Corporation. All rights reserved.
7288
7353
  * Licensed under the MIT License.
@@ -7290,7 +7355,7 @@ function createJoseHeaderError(code) {
7290
7355
  const missingKidError = "missing_kid_error";
7291
7356
  const missingAlgError = "missing_alg_error";
7292
7357
 
7293
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7358
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7294
7359
 
7295
7360
  /*
7296
7361
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7330,7 +7395,7 @@ class JoseHeader {
7330
7395
  }
7331
7396
  }
7332
7397
 
7333
- /*! @azure/msal-common v16.1.0 2026-02-24 */
7398
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7334
7399
 
7335
7400
  /*
7336
7401
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7629,9 +7694,13 @@ class PerformanceClient {
7629
7694
  if (error) {
7630
7695
  addError(error, this.logger, rootEvent);
7631
7696
  }
7632
- // Add sub-measurement attribute to root event.
7697
+ // Add sub-measurement attribute to root event's ext field.
7633
7698
  if (!isRoot) {
7634
- rootEvent[event.name + "DurationMs"] = Math.floor(event.durationMs);
7699
+ rootEvent.ext = {
7700
+ ...rootEvent.ext,
7701
+ ...event.ext,
7702
+ };
7703
+ rootEvent.ext[event.name + "DurationMs"] = Math.floor(event.durationMs);
7635
7704
  return { ...rootEvent };
7636
7705
  }
7637
7706
  if (isRoot &&
@@ -7677,10 +7746,32 @@ class PerformanceClient {
7677
7746
  addFields(fields, correlationId) {
7678
7747
  const event = this.eventsByCorrelationId.get(correlationId);
7679
7748
  if (event) {
7680
- this.eventsByCorrelationId.set(correlationId, {
7749
+ const staticFields = {};
7750
+ const dynamicFields = {};
7751
+ for (const key in fields) {
7752
+ if (key.startsWith(EXT_FIELD_PREFIX)) {
7753
+ const dynamicKey = key.slice(EXT_FIELD_PREFIX.length);
7754
+ const value = fields[key];
7755
+ if (typeof value === "string" ||
7756
+ typeof value === "number") {
7757
+ dynamicFields[dynamicKey] = value;
7758
+ }
7759
+ }
7760
+ else {
7761
+ staticFields[key] = fields[key];
7762
+ }
7763
+ }
7764
+ const updatedEvent = {
7681
7765
  ...event,
7682
- ...fields,
7683
- });
7766
+ ...staticFields,
7767
+ };
7768
+ if (Object.keys(dynamicFields).length) {
7769
+ updatedEvent.ext = {
7770
+ ...updatedEvent.ext,
7771
+ ...dynamicFields,
7772
+ };
7773
+ }
7774
+ this.eventsByCorrelationId.set(correlationId, updatedEvent);
7684
7775
  }
7685
7776
  else {
7686
7777
  this.logger.trace("0thl6s", correlationId);
@@ -7695,13 +7786,32 @@ class PerformanceClient {
7695
7786
  const event = this.eventsByCorrelationId.get(correlationId);
7696
7787
  if (event) {
7697
7788
  for (const counter in fields) {
7698
- if (!event.hasOwnProperty(counter)) {
7699
- event[counter] = 0;
7789
+ if (counter.startsWith(EXT_FIELD_PREFIX)) {
7790
+ event.ext = event.ext || {};
7791
+ // Route to ext sub-object
7792
+ const dynamicKey = counter.slice(EXT_FIELD_PREFIX.length);
7793
+ const currentValue = event.ext[dynamicKey];
7794
+ if (currentValue === undefined) {
7795
+ event.ext[dynamicKey] = 0;
7796
+ }
7797
+ else if (isNaN(Number(currentValue))) {
7798
+ return;
7799
+ }
7800
+ event.ext[dynamicKey] =
7801
+ (Number(event.ext[dynamicKey]) || 0) +
7802
+ (fields[counter] ?? 0);
7700
7803
  }
7701
- else if (isNaN(Number(event[counter]))) {
7702
- return;
7804
+ else {
7805
+ /* eslint-disable custom-msal/no-dynamic-telemetry-fields -- internal dispatching of static fields by name */
7806
+ if (!event.hasOwnProperty(counter)) {
7807
+ event[counter] = 0;
7808
+ }
7809
+ else if (isNaN(Number(event[counter]))) {
7810
+ return;
7811
+ }
7812
+ event[counter] += fields[counter];
7813
+ /* eslint-enable custom-msal/no-dynamic-telemetry-fields */
7703
7814
  }
7704
- event[counter] += fields[counter];
7705
7815
  }
7706
7816
  }
7707
7817
  else {
@@ -7794,9 +7904,11 @@ class PerformanceClient {
7794
7904
  */
7795
7905
  truncateIntegralFields(event) {
7796
7906
  this.intFields.forEach((key) => {
7907
+ /* eslint-disable custom-msal/no-dynamic-telemetry-fields -- internal truncation of known integer fields */
7797
7908
  if (key in event && typeof event[key] === "number") {
7798
7909
  event[key] = Math.floor(event[key]);
7799
7910
  }
7911
+ /* eslint-enable custom-msal/no-dynamic-telemetry-fields */
7800
7912
  });
7801
7913
  }
7802
7914
  /**
@@ -8717,9 +8829,13 @@ function cancelPendingBridgeResponse(logger, correlationId) {
8717
8829
  activeBridgeMonitor = null;
8718
8830
  }
8719
8831
  }
8720
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request) {
8832
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8721
8833
  return new Promise((resolve, reject) => {
8722
8834
  logger.verbose("1rf6em", request.correlationId);
8835
+ const correlationId = request.correlationId;
8836
+ performanceClient.addFields({
8837
+ redirectBridgeTimeoutMs: timeoutMs,
8838
+ }, correlationId);
8723
8839
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8724
8840
  const channel = new BroadcastChannel(libraryState.id);
8725
8841
  let responseString = undefined;
@@ -8737,6 +8853,12 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request)
8737
8853
  };
8738
8854
  channel.onmessage = (event) => {
8739
8855
  responseString = event.data.payload;
8856
+ const messageVersion = event?.data && typeof event.data.v === "number"
8857
+ ? event.data.v
8858
+ : undefined;
8859
+ performanceClient.addFields({
8860
+ redirectBridgeMessageVersion: messageVersion,
8861
+ }, correlationId);
8740
8862
  // Clear the active monitor
8741
8863
  activeBridgeMonitor = null;
8742
8864
  clearTimeout(timeoutId);
@@ -10156,7 +10278,7 @@ const EventType = {
10156
10278
 
10157
10279
  /* eslint-disable header/header */
10158
10280
  const name = "@azure/msal-browser";
10159
- const version = "5.3.0";
10281
+ const version = "5.5.0";
10160
10282
 
10161
10283
  /*
10162
10284
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -11471,6 +11593,9 @@ class BrowserCacheManager extends CacheManager {
11471
11593
  : 0, base64Decode, undefined, // refreshOn
11472
11594
  result.tokenType, undefined, // userAssertionHash
11473
11595
  request.sshKid);
11596
+ if (request.resource) {
11597
+ accessTokenEntity.resource = request.resource;
11598
+ }
11474
11599
  const cacheRecord = {
11475
11600
  idToken: idTokenEntity,
11476
11601
  accessToken: accessTokenEntity,
@@ -12023,6 +12148,7 @@ class StandardInteractionClient extends BaseInteractionClient {
12023
12148
  authority: discoveredAuthority,
12024
12149
  clientCapabilities: this.config.auth.clientCapabilities,
12025
12150
  redirectUri: this.config.auth.redirectUri,
12151
+ isMcp: this.config.auth.isMcp,
12026
12152
  },
12027
12153
  systemOptions: {
12028
12154
  tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds,
@@ -12063,6 +12189,10 @@ class StandardInteractionClient extends BaseInteractionClient {
12063
12189
  */
12064
12190
  async function initializeAuthorizationRequest(request, interactionType, config, browserCrypto, browserStorage, logger, performanceClient, correlationId) {
12065
12191
  const redirectUri = getRedirectUri(request.redirectUri, config.auth.redirectUri, logger, correlationId);
12192
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
12193
+ logger.warning("08qbvw", correlationId);
12194
+ performanceClient.addFields({ isRedirectUriCrossOrigin: true }, correlationId);
12195
+ }
12066
12196
  const browserState = {
12067
12197
  interactionType: interactionType,
12068
12198
  };
@@ -12740,6 +12870,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12740
12870
  correlationId: this.correlationId,
12741
12871
  state: response.state,
12742
12872
  fromPlatformBroker: true,
12873
+ ...(request.resource && { resource: request.resource }),
12743
12874
  };
12744
12875
  return result;
12745
12876
  }
@@ -13468,6 +13599,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
13468
13599
  tenant: "",
13469
13600
  },
13470
13601
  instanceAware: false,
13602
+ isMcp: false,
13471
13603
  };
13472
13604
  // Default cache options for browser
13473
13605
  const DEFAULT_CACHE_OPTIONS = {
@@ -13860,14 +13992,17 @@ class PlatformAuthDOMHandler {
13860
13992
  initializePlatformDOMRequest(request) {
13861
13993
  this.logger.trace("15d6yv", request.correlationId);
13862
13994
  const { accountId, clientId, authority, scope, redirectUri, correlationId, state, storeInCache, embeddedClientId, extraParameters, ...remainingProperties } = request;
13863
- const validExtraParameters = this.getDOMExtraParams(remainingProperties);
13995
+ const validExtraParameters = this.getDOMExtraParams(remainingProperties, correlationId);
13864
13996
  const platformDOMRequest = {
13865
13997
  accountId: accountId,
13866
13998
  brokerId: this.getExtensionId(),
13867
13999
  authority: authority,
13868
14000
  clientId: clientId,
13869
14001
  correlationId: correlationId || this.correlationId,
13870
- extraParameters: { ...extraParameters, ...validExtraParameters },
14002
+ extraParameters: {
14003
+ ...extraParameters,
14004
+ ...validExtraParameters,
14005
+ },
13871
14006
  isSecurityTokenService: false,
13872
14007
  redirectUri: redirectUri,
13873
14008
  scope: scope,
@@ -13921,15 +14056,27 @@ class PlatformAuthDOMHandler {
13921
14056
  };
13922
14057
  return nativeResponse;
13923
14058
  }
13924
- getDOMExtraParams(extraParameters) {
13925
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
13926
- record[key] = String(value);
13927
- return record;
13928
- }, {});
13929
- const validExtraParams = {
13930
- ...stringifiedParams,
13931
- };
13932
- return validExtraParams;
14059
+ getDOMExtraParams(extraParameters, correlationId) {
14060
+ try {
14061
+ const stringifiedProperties = {};
14062
+ for (const [key, value] of Object.entries(extraParameters)) {
14063
+ if (!value) {
14064
+ continue;
14065
+ }
14066
+ if (typeof value === "object") {
14067
+ stringifiedProperties[key] = JSON.stringify(value);
14068
+ }
14069
+ else {
14070
+ stringifiedProperties[key] = String(value);
14071
+ }
14072
+ }
14073
+ return stringifiedProperties;
14074
+ }
14075
+ catch (e) {
14076
+ this.logger.error("0eu9o3", correlationId);
14077
+ this.logger.errorPii("17rpl5", correlationId);
14078
+ return {};
14079
+ }
13933
14080
  }
13934
14081
  }
13935
14082
 
@@ -14173,7 +14320,7 @@ class PopupClient extends StandardInteractionClient {
14173
14320
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
14174
14321
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14175
14322
  // Wait for the redirect bridge response
14176
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
14323
+ const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14177
14324
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14178
14325
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14179
14326
  }
@@ -14208,7 +14355,7 @@ class PopupClient extends StandardInteractionClient {
14208
14355
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
14209
14356
  form.submit();
14210
14357
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14211
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest);
14358
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
14212
14359
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14213
14360
  if (!serverParams.ear_jwe && serverParams.code) {
14214
14361
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -14233,7 +14380,7 @@ class PopupClient extends StandardInteractionClient {
14233
14380
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
14234
14381
  form.submit();
14235
14382
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14236
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
14383
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14237
14384
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14238
14385
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14239
14386
  }
@@ -14286,7 +14433,7 @@ class PopupClient extends StandardInteractionClient {
14286
14433
  // Open the popup window to requestUrl.
14287
14434
  const popupWindow = this.openPopup(logoutUri, popupParams);
14288
14435
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14289
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest).catch(() => {
14436
+ await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
14290
14437
  // Swallow any errors related to monitoring the window. Server logout is best effort
14291
14438
  });
14292
14439
  if (mainWindowRedirectUri) {
@@ -15034,7 +15181,7 @@ class SilentIframeClient extends StandardInteractionClient {
15034
15181
  };
15035
15182
  await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15036
15183
  const responseType = this.config.auth.OIDCOptions.responseMode;
15037
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
15184
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15038
15185
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15039
15186
  if (!serverParams.ear_jwe && serverParams.code) {
15040
15187
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -15083,7 +15230,7 @@ class SilentIframeClient extends StandardInteractionClient {
15083
15230
  }
15084
15231
  const responseType = this.config.auth.OIDCOptions.responseMode;
15085
15232
  // Wait for response from the redirect bridge.
15086
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
15233
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15087
15234
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15088
15235
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15089
15236
  }
@@ -15236,6 +15383,22 @@ class SilentAuthCodeClient extends StandardInteractionClient {
15236
15383
  * Copyright (c) Microsoft Corporation. All rights reserved.
15237
15384
  * Licensed under the MIT License.
15238
15385
  */
15386
+ /**
15387
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
15388
+ * @returns Network connection information, or an empty object if not available.
15389
+ */
15390
+ function getNetworkInfo() {
15391
+ if (typeof window === "undefined" || !window.navigator) {
15392
+ return {};
15393
+ }
15394
+ const connection = "connection" in window.navigator
15395
+ ? window.navigator.connection
15396
+ : undefined;
15397
+ return {
15398
+ effectiveType: connection?.effectiveType,
15399
+ rtt: connection?.rtt,
15400
+ };
15401
+ }
15239
15402
  function collectInstanceStats(currentClientId, performanceEvent, logger, correlationId) {
15240
15403
  const frameInstances =
15241
15404
  // @ts-ignore
@@ -15255,12 +15418,13 @@ function collectInstanceStats(currentClientId, performanceEvent, logger, correla
15255
15418
  * Copyright (c) Microsoft Corporation. All rights reserved.
15256
15419
  * Licensed under the MIT License.
15257
15420
  */
15258
- function preflightCheck(initialized, performanceEvent, account) {
15421
+ function preflightCheck(initialized, performanceEvent, config, request) {
15259
15422
  try {
15260
15423
  preflightCheck$1(initialized);
15424
+ enforceResourceParameter(config.auth.isMcp, request);
15261
15425
  }
15262
15426
  catch (e) {
15263
- performanceEvent.end({ success: false }, e, account);
15427
+ performanceEvent.end({ success: false }, e, request.account);
15264
15428
  throw e;
15265
15429
  }
15266
15430
  }
@@ -15361,6 +15525,7 @@ class StandardController {
15361
15525
  this.eventHandler.emitEvent(EventType.INITIALIZE_START, correlationId);
15362
15526
  // Broker applications are initialized twice, so we avoid double-counting it
15363
15527
  this.logMultipleInstances(initMeasurement, correlationId);
15528
+ initMeasurement.add({ isMcp: this.config.auth.isMcp });
15364
15529
  await invokeAsync(this.browserStorage.initialize.bind(this.browserStorage), InitializeCache, this.logger, this.performanceClient, correlationId)(correlationId);
15365
15530
  if (allowPlatformBroker) {
15366
15531
  try {
@@ -15538,6 +15703,7 @@ class StandardController {
15538
15703
  };
15539
15704
  try {
15540
15705
  redirectPreflightCheck(this.initialized, this.config);
15706
+ enforceResourceParameter(this.config.auth.isMcp, request);
15541
15707
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
15542
15708
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
15543
15709
  let result;
@@ -15602,7 +15768,7 @@ class StandardController {
15602
15768
  });
15603
15769
  try {
15604
15770
  this.logger.verbose("0ch87b", correlationId);
15605
- preflightCheck(this.initialized, atPopupMeasurement, request.account);
15771
+ preflightCheck(this.initialized, atPopupMeasurement, this.config, request);
15606
15772
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN, request.overrideInteractionInProgress, correlationId);
15607
15773
  }
15608
15774
  catch (e) {
@@ -15716,7 +15882,7 @@ class StandardController {
15716
15882
  this.ssoSilentMeasurement?.add({
15717
15883
  scenarioId: request.scenarioId,
15718
15884
  });
15719
- preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
15885
+ preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
15720
15886
  this.ssoSilentMeasurement?.increment({
15721
15887
  visibilityChangeCount: 0,
15722
15888
  });
@@ -15780,7 +15946,7 @@ class StandardController {
15780
15946
  const correlationId = this.getRequestCorrelationId(request);
15781
15947
  this.logger.trace("0ch6ga", correlationId);
15782
15948
  const atbcMeasurement = this.performanceClient.startMeasurement(AcquireTokenByCode, correlationId);
15783
- preflightCheck(this.initialized, atbcMeasurement);
15949
+ preflightCheck(this.initialized, atbcMeasurement, this.config, request);
15784
15950
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, request);
15785
15951
  atbcMeasurement.add({ scenarioId: request.scenarioId });
15786
15952
  try {
@@ -16282,7 +16448,7 @@ class StandardController {
16282
16448
  cacheLookupPolicy: request.cacheLookupPolicy,
16283
16449
  scenarioId: request.scenarioId,
16284
16450
  });
16285
- preflightCheck(this.initialized, atsMeasurement, request.account);
16451
+ preflightCheck(this.initialized, atsMeasurement, this.config, request);
16286
16452
  this.logger.verbose("0x1c4s", correlationId);
16287
16453
  const account = request.account || this.getActiveAccount();
16288
16454
  if (!account) {
@@ -16738,6 +16904,7 @@ class NestedAppAuthAdapter {
16738
16904
  platformBrokerId: request.account?.homeAccountId,
16739
16905
  clientId: this.clientId,
16740
16906
  authority: request.authority,
16907
+ resource: request.resource,
16741
16908
  scope: scopes.join(" "),
16742
16909
  correlationId,
16743
16910
  claims: !StringUtils.isEmptyObj(claims) ? claims : undefined,
@@ -17008,6 +17175,7 @@ class NestedAppAuthController {
17008
17175
  const atPopupMeasurement = this.performanceClient.startMeasurement(AcquireTokenPopup, correlationId);
17009
17176
  atPopupMeasurement.add({ nestedAppAuthRequest: true });
17010
17177
  try {
17178
+ enforceResourceParameter(this.config.auth.isMcp, validRequest);
17011
17179
  const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
17012
17180
  const reqTimestamp = nowSeconds();
17013
17181
  const response = await this.bridgeProxy.getTokenInteractive(naaRequest);
@@ -17074,6 +17242,7 @@ class NestedAppAuthController {
17074
17242
  nestedAppAuthRequest: true,
17075
17243
  });
17076
17244
  try {
17245
+ enforceResourceParameter(this.config.auth.isMcp, validRequest);
17077
17246
  const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
17078
17247
  naaRequest.forceRefresh = validRequest.forceRefresh;
17079
17248
  const reqTimestamp = nowSeconds();
@@ -17208,6 +17377,14 @@ class NestedAppAuthController {
17208
17377
  this.logger.verbose("18egye", correlationId);
17209
17378
  return Promise.resolve(null);
17210
17379
  }
17380
+ else if (authRequest.resource) {
17381
+ const requestedResource = authRequest.resource;
17382
+ const cachedResource = cachedAccessToken.resource;
17383
+ if (!cachedResource || cachedResource !== requestedResource) {
17384
+ this.logger.verbose("0qraxd", correlationId);
17385
+ return Promise.resolve(null);
17386
+ }
17387
+ }
17211
17388
  const cachedIdToken = this.browserStorage.getIdToken(currentAccount, authRequest.correlationId, tokenKeys, currentAccount.tenantId);
17212
17389
  if (!cachedIdToken) {
17213
17390
  this.logger.verbose("0d68kd", correlationId);
@@ -18377,11 +18554,14 @@ class BrowserPerformanceClient extends PerformanceClient {
18377
18554
  return {
18378
18555
  ...inProgressEvent,
18379
18556
  end: (event, error, account) => {
18557
+ const networkInfo = getNetworkInfo();
18380
18558
  const res = inProgressEvent.end({
18381
18559
  ...event,
18382
18560
  startPageVisibility,
18383
18561
  endPageVisibility: this.getPageVisibility(),
18384
18562
  durationMs: getPerfDurationMs(startTime),
18563
+ networkEffectiveType: networkInfo.effectiveType,
18564
+ networkRtt: networkInfo.rtt,
18385
18565
  }, error, account);
18386
18566
  void browserMeasurement?.then((measurement) => measurement.endMeasurement());
18387
18567
  this.deleteIncompleteSubMeasurements(inProgressEvent);
@@ -18553,6 +18733,7 @@ exports.StubPerformanceClient = StubPerformanceClient;
18553
18733
  exports.WrapperSKU = WrapperSKU;
18554
18734
  exports.createNestablePublicClientApplication = createNestablePublicClientApplication;
18555
18735
  exports.createStandardPublicClientApplication = createStandardPublicClientApplication;
18736
+ exports.enforceResourceParameter = enforceResourceParameter;
18556
18737
  exports.isPlatformBrokerAvailable = isPlatformBrokerAvailable;
18557
18738
  exports.loadExternalTokens = loadExternalTokens;
18558
18739
  exports.stubbedPublicClientApplication = stubbedPublicClientApplication;